[ROOT] New Chromecast Root Method! (8/17/2014)

Search This thread

Restorer

Senior Member
Dec 14, 2007
1,341
529
Yep thats kind of what I thought...I have never really played with one but looking at their site seems like it might have some good entertainment value outside of this hack.
I suspect the release will have all the programming included to load into so it's still going to be snap.

---------- Post added at 05:21 PM ---------- Previous post was at 05:19 PM ----------



No not really...If the device can see the internet to load the receiver apps (so it can be used) then it sees enough to update...
Best bet is to just unplug it until you have rooted it unless your fine with just buying a new one in box to root later...Considering the price it's not all that crazy of an idea.

Thankfully I have 2 already and am happy to do a bit of swapping around if needed during the wait,

Is there much evidence out there that Google would be working flat out to kill this thing the minute it is released? And in any case I wonder how easy that would be for them? I wonder also how much stomach Google devs would have for this kind of fight?
 

ClearD

Inactive Recognized Developer
Jan 10, 2009
3,261
1,443
36
Gallipolis
At $16, I'm gonna try to order a teensy 2.0 when I get a little disposable income. Buying a house in less than a week though, so might be a while lol. CC already unplugged.
 

Luxferro

Senior Member
Nov 19, 2009
1,511
434
Long Island, NY
Yep thats kind of what I thought...I have never really played with one but looking at their site seems like it might have some good entertainment value outside of this hack.
I suspect the release will have all the programming included to load into so it's still going to be snap.

---------- Post added at 05:21 PM ---------- Previous post was at 05:19 PM ----------



No not really...If the device can see the internet to load the receiver apps (so it can be used) then it sees enough to update...
Best bet is to just unplug it until you have rooted it unless your fine with just buying a new one in box to root later...Considering the price it's not all that crazy of an idea.

You might be able to get away with filtering out :

Code:
*googletv-eureka/stable-channel/ota*.zip

I have no idea if it works. But looks like all the OTA update URLs are the same with exception to the zip name.
 

Asphyx

Senior Member
Dec 19, 2007
2,145
373
Thankfully I have 2 already and am happy to do a bit of swapping around if needed during the wait,

Is there much evidence out there that Google would be working flat out to kill this thing the minute it is released? And in any case I wonder how easy that would be for them? I wonder also how much stomach Google devs would have for this kind of fight?

Yes they have a vested interest in keeping the unit as locked down as possible because the content providers are scared to death of Piracy. If they think the device is not secure they could refuse to support the device which would limit it's usefulness (and sales) in the long run.
Remember Google is a monster Huge company and they employ some of the smartest people and programmers on the planet.

Just maybe not as smart as some of the folks who come up with these hacks and post them here at XDA... LOL

You might be able to get away with filtering out :

Code:
*googletv-eureka/stable-channel/ota*.zip

I have no idea if it works. But looks like all the OTA update URLs are the same with exception to the zip name.

What would be looking at these files to filter them? Certainly not a router...
 

Luxferro

Senior Member
Nov 19, 2009
1,511
434
Long Island, NY
What would be looking at these files to filter them? Certainly not a router...

Sure they would. Lots of routers having blocking by url or keywords in the url. It's one of the methods people are using to block Amazon Fire TV OTA's, which I use myself.

http://forum.xda-developers.com/showthread.php?t=2760884

Now I'm not sure if all work with wildcards, but if not you can just use:

Code:
http://dl.google.com/googletv-eureka/stable-channel/ota

Chromecast OTA URLs are listed here: http://forum.xda-developers.com/wiki/Google_Chromecast
 

Kyonz

Senior Member
Jun 7, 2010
191
273
Auckland, New Zealand
Yes they have a vested interest in keeping the unit as locked down as possible because the content providers are scared to death of Piracy. If they think the device is not secure they could refuse to support the device which would limit it's usefulness (and sales) in the long run.

This is why I generally stay the heck away from the Netflix binaries on the Chromecast, I know better than to poke the bear ;)
 

Asphyx

Senior Member
Dec 19, 2007
2,145
373
This is why I generally stay the heck away from the Netflix binaries on the Chromecast, I know better than to poke the bear ;)

LOL yeah but I would love to be able to rip their app apart to try and cobble together a DTS capable default player app for CCast! LOL
Perhaps one without the sandbox!
 

az1324

Member
Jul 18, 2010
8
1
Uses LUFA? Source code will be available? Maybe can be ported to all those PS3 dongles out there? Or not enough memory?
 
  • Like
Reactions: titusseid

Asphyx

Senior Member
Dec 19, 2007
2,145
373
Well I just got home and found a teensy little package waiting for me...
I'm going to look through the project list on their site and see if I can program it to Mute my neighbors dog after I root my CCast! LOL
 

JayDee78

Member
May 3, 2011
28
6
Any chance that the new flashcast image can be released before the exploit project for the teensy? Or are there clues in there that can lead to the exploit being closed if released before the exploit?

Got a feeling that there will be some traffic on the flashcast links once it is released and if i understand the video right it will be ~100-130mb in size(flashcast+eureka_rom), so just spreading the traffic out a few days ahead of time might be good idea if it will get the amount of hits it deserves :)

Just curios and in standby mode for when it is released :)
 

mildlydisturbed

Senior Member
Oct 28, 2010
615
101
Nashville
Any chance that the new flashcast image can be released before the exploit project for the teensy? Or are there clues in there that can lead to the exploit being closed if released before the exploit?

Got a feeling that there will be some traffic on the flashcast links once it is released and if i understand the video right it will be ~100-130mb in size(flashcast+eureka_rom), so just spreading the traffic out a few days ahead of time might be good idea if it will get the amount of hits it deserves :)

Just curios and in standby mode for when it is released :)

Or they could release it as a torrent and the more popular it got the faster everyone would get it.
 

ddggttff3

Inactive Recognized Developer
Dec 13, 2009
815
1,542
Minnesota
Any chance that the new flashcast image can be released before the exploit project for the teensy? Or are there clues in there that can lead to the exploit being closed if released before the exploit?

Got a feeling that there will be some traffic on the flashcast links once it is released and if i understand the video right it will be ~100-130mb in size(flashcast+eureka_rom), so just spreading the traffic out a few days ahead of time might be good idea if it will get the amount of hits it deserves :)

Just curios and in standby mode for when it is released :)

The flashcast image for this root is actually custom, as it includes the ability to downgrade the bootloader as well as install the latest Eureka-ROM (17977.001). As for bandwidth, it shouldent be much of an issue :)

Or they could release it as a torrent and the more popular it got the faster everyone would get it.
Hmm, never thought of this to be honest... Might be a good idea as a backup plan.
 
  • Like
Reactions: gdude and JayDee78

mildlydisturbed

Senior Member
Oct 28, 2010
615
101
Nashville
T
Hmm, never thought of this to be honest... Might be a good idea as a backup plan.

Better for a primary plan - your users can (and will,) donate their bandwidth, after a few people have it it becomes incredibly fast. Let's say your point of torrent hosting has a failure, bam, goes right on as long as users are hosting it.

Torrent protocol checks as it's transmitting (or after it's done) that the file is intact and proper - no need to compare against an MD5. Nobody will ever receive a bad copy.

People can download 200 meg torrents on their cell phones using uTorrent. Just try getting a 200 meg file via Android download manager...

Traditional method: gosh, everyone's downloading at the same time, this will take FOREVER (followed by the file host saying they're working on fixing some issue)
Torrent: Gosh, everyone's downloading at the same time, this will take NO TIME

xda even put in a half assed effort at getting torrent distribution mainstream.

If you want it hosted for torrent, just pm me a download link, I'll pm you a magnet link you can post in the op. I've got a few 100 meg connections available ;)
 

theronkinator

Senior Member
Apr 16, 2011
526
214
Do we think other hardware will work? I remember when the first hardware PS3 jailbreak came out and people were getting it running on calculators and mobile phones, will this be similar? I have a raspberry Pi, or should I just buy a teensy? Just will take a while to come and I'll never use it again.

Will this work:
Digispark - The tiny, Arduino enabled, usb dev board!

Fair bit cheaper than the teensy, can get it for $6.
 
Last edited:

Sotolotl

New member
Aug 21, 2014
3
0
Do we think other hardware will work? I remember when the first hardware PS3 jailbreak came out and people were getting it running on calculators and mobile phones, will this be similar? I have a raspberry Pi, or should I just buy a teensy? Just will take a while to come and I'll never use it again.

Will this work:
Digispark - The tiny, Arduino enabled, usb dev board!

Fair bit cheaper than the teensy, can get it for $6.

I think the teensy is used because it allows for full control of its USB port, which can be used to trick the Chromecast into thinking it's some official device. Arduino and Arduino compatible clones can't control their USB port, they have a serial-usb converter built in; so all they can really do is send serial commands over usb. It may be possible with a USB shield for the Arduino, but that is starting to get expensive, and isnt as easily sourced as a stock teensy. Maybe once the exploit is released it may be ported to Arduino /w USB shield
 

az1324

Member
Jul 18, 2010
8
1
I think the teensy is used because it allows for full control of its USB port, which can be used to trick the Chromecast into thinking it's some official device. Arduino and Arduino compatible clones can't control their USB port, they have a serial-usb converter built in; so all they can really do is send serial commands over usb. It may be possible with a USB shield for the Arduino, but that is starting to get expensive, and isnt as easily sourced as a stock teensy. Maybe once the exploit is released it may be ported to Arduino /w USB shield

Arduino Leonardo and pro micro use the same chip.
 

fabi280

Senior Member
Oct 20, 2010
347
365
Karlsruhe
I think the teensy is used because it allows for full control of its USB port, which can be used to trick the Chromecast into thinking it's some official device. Arduino and Arduino compatible clones can't control their USB port, they have a serial-usb converter built in; so all they can really do is send serial commands over usb. It may be possible with a USB shield for the Arduino, but that is starting to get expensive, and isnt as easily sourced as a stock teensy. Maybe once the exploit is released it may be ported to Arduino /w USB shield

"Modern" Arduinos don't use this "technique" anymore, Leonardo can be used as any USB Device as you want. Even the Uno R3 doesn't use a simple serial-usb converter, its a ATMega 16u2 which can also be reprogrammed to act like any other USB Device.

You can probably use any ATMega32U4 or AT90USB1286. Maybe even other devices - but you'll have to port it without any sourcecode as they probably won't release their sources to slow down Google a bit.
The thing is, its much easier to develop something on a "defined" platform which is available for everyone that doesnt cost much than saying something like you'll have to get an ATMega32U4, a 16MHz clock source, resistors, voltage regulators,...
Users would have problems with that, especially if their soldering skills would suck. Additionally I guess the teensy provides it's own library like the arduinos have them. There are a lot of people that use cheap arduinos for their projects instead of the bulk blank chip.
 
  • Like
Reactions: Kurre

Sotolotl

New member
Aug 21, 2014
3
0
"Modern" Arduinos don't use this "technique" anymore, Leonardo can be used as any USB Device as you want. Even the Uno R3 doesn't use a simple serial-usb converter, its a ATMega 16u2 which can also be reprogrammed to act like any other USB Device.

You can probably use any ATMega32U4 or AT90USB1286. Maybe even other devices - but you'll have to port it without any sourcecode as they probably won't release their sources to slow down Google a bit.
The thing is, its much easier to develop something on a "defined" platform which is available for everyone that doesnt cost much than saying something like you'll have to get an ATMega32U4, a 16MHz clock source, resistors, voltage regulators,...
Users would have problems with that, especially if their soldering skills would suck. Additionally I guess the teensy provides it's own library like the arduinos have them. There are a lot of people that use cheap arduinos for their projects instead of the bulk blank chip.

Wow, I didn't realise I'd fallen so far behind the times. I need to brush up on my embedded systems!

On a side note, do we have an expected release date for the new root method?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 43
    Dear XDA Users,

    We’re happy to announce that fail0verflow, GTVHacker, and Team-Eureka have jointly discovered and exploited a new vulnerability in the Chromecast which allows root access on the current software build (17977) as well as new in box devices (proof). This is not a purely software-based exploit; to take advantage of it, you’ll need to have a Teensy++ 2.0 or a Teensy 2.0 development board as well as the powered USB OTG cable required to use FlashCast.

    Although we’re not quite ready to release an exploit package yet, we’re giving you this information early so that you can acquire the needed hardware ahead of time, as we predict you won’t have much time to root your device before Google releases a patch. When we release the exploit package in the near future, we’ll post updates both to this board and to our Twitter feeds (below). Until then, we suggest that you let your device update to build 16664 or above and then disconnect it from the internet to prevent further updates.

    Exploit Demo: https://www.youtube.com/watch?v=S2K72qNv1_Q

    Twitter
    @fail0verflow
    @gtvhacker
    @Dev_Team_Eureka

    Update: Root is out at http://forum.xda-developers.com/hardware-hacking/chromecast/root-hubcap-chromecast-root-release-t2855893
    6
    after watching the video, I'm kinda dissapointed that a nice fancy teensy 2.0++ is used but not a single pin is connected to anything. was looking forward to taking a soldering iron to the chromecast.


    Don't let the video stop you, the video has the suggested method of installing the root - feel free to solder everything to everything else, I heard if you do it right you unlock a superroot.
    3
    I would like to point out that fail0verflow and Team-Eureka put a large amount of time into getting this working properly, and in the end it will be incredible. Great work guys!
    3
    Yes they have a vested interest in keeping the unit as locked down as possible because the content providers are scared to death of Piracy. If they think the device is not secure they could refuse to support the device which would limit it's usefulness (and sales) in the long run.

    This is why I generally stay the heck away from the Netflix binaries on the Chromecast, I know better than to poke the bear ;)