Hotlist This exploit lets you unlock the bootloader of the Google Chromecast with Google TV

PHCRACKERS

FORUM ADMIN
Staff member
Cracker Owner
PHC Points
145
Followers
23
The Google Chromecast with Google TV is one of the
Please, Log in or Register to view URLs content!
out there. The little piece of hardware not only unlocks 4K video Stréäm!ng at 60fps for connected devices, but it also brings support for HDR content, Dolby Vision, and Dolby Atmos audio. The device can even be considered a capable gaming console
Please, Log in or Register to view URLs content!
cloud gaming service. Now, developers have been able to successfully unlock its bootloader, opening up even more possibilities.

Unlike with the Pixel smartphone lineup, Google doesn’t offer an official bootloader unlock method for the Chromecast with Google TV. As a result, the modding community had to rely on security vulnerabilities to craft an unofficial bootloader unlock method. In a recent forum post, security researchers Nolen Johnson and Jan Altensen, AKA XDA Recognized Developers
Please, Log in or Register to view URLs content!
and
Please, Log in or Register to view URLs content!
respectively, highlighted the exploit chain used to unlock the bootloader of the Google Chromecast with Google TV. The method, which makes use of
Please, Log in or Register to view URLs content!
originally discovered by another security researcher by the name of Frederic Basse, requires you to boot the dongle to Amlogic’s USB burning mode and then boot a set of modified bootloader images.


To begin with, the target Chromecast with Google TV unit must be manufactured before December 2020 and the running firmware version needs to be below the February 2021 patch level. This is because newer units come with a bootROM password protection mechanism, and Google enabled a similar mitigation policy on older units in the February 2021 software update.

If your device is vulnerable, then you’ll have to unplug it from the HDMI port and trigger the Amlogic USB burning mode by holding down the button on the rear of the device while plugging the USB-C end of a USB-A to USB-C cable into the dongle. The unlocker script, which communicates with the target through the libusb-dev library, requires a 64-bit Linux environment.

In a nutshell, the process involves downloading the unlocker suite, connecting the Google Chromecast with Google TV to a PC running Linux with a USB cable, and running a shell script that executes the exploit chain. Booting the modded bootloader essentially modifies the contents of the /env partition and puts the device in a state where it’s capable of ignoring the anti-rollback check and the signature on the U-Boot in order to declare itself as bootloader-unlocked. For more details, you can read the full writeup from Nolen Johnson and Jan Altensen at the GitHub repo linked below.

Please, Log in or Register to view URLs content!

An unlocked bootloader is key to boot an aftermarket operating system, and you won’t have to wait long before you can flash a custom ROM onto it. Johnson says that
Please, Log in or Register to view URLs content!
builds are coming soon for the Chromecast with Google TV (Johnson is
Please, Log in or Register to view URLs content!
as a “trusted reviewer” and contributor to LineageOS). In case you want to try something else, then you’ll be happy to know that Frederic has already
Please, Log in or Register to view URLs content!
from an external USB flash drive.


Since the process is a bit tricky and requires devices manufactured before a certain timeline, it’s safe to say that the exploit isn’t meant for beginners and will most definitely void the warranty. Nonetheless, it is possible re-lock the bootloader by flashing a stock firmware package crafted by the developers. As a precautionary measure against forced updates, you’re advised to block Google’s OTA servers via your router’s DNS settings, and if possible, get rid of the “SetupWraith” application from the stock firmware. Users are also advised to steer clear of Magisk for now, because
Please, Log in or Register to view URLs content!
will soft-brick the system.

Please, Log in or Register to view URLs content!


The post
Please, Log in or Register to view URLs content!
appeared first on
Please, Log in or Register to view URLs content!
.

Please, Log in or Register to view URLs content!
 

Facebook Group


Most followers

Top