Chromecast Secure Boot Exploit and Root
The Google Chromecast is shaping up to be quite a popular device. Largely due to its price point, adoption of Google’s latest media streamer has been so high as to exhaust Google’s free Netflix promotion. As exciting as the new device is, it’s hard to disagree that the included feature set could be a bit better. However, as with all limited devices, it was only a matter of time before someone rooted it, and that’s exactly what the folks over at GTV Hacker have done.
So how does it work? You first must get your device into USB boot mode, which is accomplished by holding down the single button as the device powers on. Then you use a powered mini USB OTG cable to provide the device with a signed image at a specific address on the USB drive. This firmware is passed along to the device’s cryptography hardware to be verified. However, due to problems with the device’s image signature verification, return code is simply not checked. Thus, you are able to run your own code at will. One thing to keep in mind, though, is that this security hole could be closed with any update at any time, so it’s likely not to be available for too long.
So what can you do with this? Right now, not a whole lot. In fact, if you’re not thinking of developing for the device, we’d recommend not doing this due to the inherent risks. However, the groundwork has been laid for future developments that will build upon this and add more functionality to the admittedly spartan device. I mean after all, who wouldn’t want Miracast support on the Chromecast? Seems like a match made in heaven.
To learn more head over to the GTV Hacker Wiki and also read their coverage of the exploit. And when you’re ready to get in on the Chromecast fun yourself, be sure to head over to the newly created Google Chromecast forum.