[ROOT] New Chromecast Root Method! (8/17/2014)

Team-Eureka

Senior Member
Dec 30, 2013
105
318
0
www.team-eureka.com
Dear XDA Users,

We’re happy to announce that fail0verflow, GTVHacker, and Team-Eureka have jointly discovered and exploited a new vulnerability in the Chromecast which allows root access on the current software build (17977) as well as new in box devices (proof). This is not a purely software-based exploit; to take advantage of it, you’ll need to have a Teensy++ 2.0 or a Teensy 2.0 development board as well as the powered USB OTG cable required to use FlashCast.

Although we’re not quite ready to release an exploit package yet, we’re giving you this information early so that you can acquire the needed hardware ahead of time, as we predict you won’t have much time to root your device before Google releases a patch. When we release the exploit package in the near future, we’ll post updates both to this board and to our Twitter feeds (below). Until then, we suggest that you let your device update to build 16664 or above and then disconnect it from the internet to prevent further updates.

Exploit Demo: https://www.youtube.com/watch?v=S2K72qNv1_Q

Twitter
@fail0verflow
@gtvhacker
@Dev_Team_Eureka

Update: Root is out at http://forum.xda-developers.com/hardware-hacking/chromecast/root-hubcap-chromecast-root-release-t2855893
 
Last edited:

ddggttff3

Inactive Recognized Developer
Dec 13, 2009
801
1,534
0
Minnesota
  • Like
Reactions: extrem0

tvall

Senior Member
Oct 10, 2010
2,228
792
0
25
Springfield
yay! now I can finally buy a chromecast, and have an excuse to use to justify a teensy purchase to my wife :)

when will it be released? I just ordered my teensy a moment ago, so i have like a week before its in my hands.

edit: after watching the video, I'm kinda dissapointed that a nice fancy teensy 2.0++ is used but not a single pin is connected to anything. was looking forward to taking a soldering iron to the chromecast.
 
Last edited:
  • Like
Reactions: Kyonz and extrem0

Kyonz

Senior Member
Jun 7, 2010
191
272
0
Auckland, New Zealand
after watching the video, I'm kinda dissapointed that a nice fancy teensy 2.0++ is used but not a single pin is connected to anything. was looking forward to taking a soldering iron to the chromecast.

Don't let the video stop you, the video has the suggested method of installing the root - feel free to solder everything to everything else, I heard if you do it right you unlock a superroot.
 

GateheaD

Member
Sep 1, 2010
10
0
0
hopefully we can use this to change the DNS and we wont have to have people outside of USA have a dd-wrt dns redirect for 8.8.8.8 and 8.8.4.4 to use netflix
 

Asphyx

Senior Member
Dec 19, 2007
2,145
373
0
Great job by all on this....
I just ordered my Teensy and unplugged the CCast!
Finally I will get to have some fun with Team Eureka! LOL
 
  • Like
Reactions: Kyonz

rumblpak

Member
Dec 5, 2013
8
2
0
Great job, even better considering I have a couple of teensys already. While I am not part of the team at all, I'm going to take a guess that this attack has something to do with mishandling the usb stack similar to the ps3 descriptor hack, though I could be completely wrong.
 

Kurre

Senior Member
Aug 10, 2010
1,368
974
113
Could we use any usb dev board with AT90USB1286 or ATmega32u4 chip on it?

Not that Teensy boards would be overly expensive (at least if you have some other use for those boards too), but to have broader selection of choices to choose from. Of course Teensy boards would probably be only "officially" supported boards, but for enthusiasts other boards could be potential choice.

Anyway, I'm gonna order Teensy board and unplug my CC..now :)
 
Last edited: