Google Chromecast hacked: here’s how

People will hack anything, especially if it’s a US$35 media streamer called Chromecast. No-one’s ever happy with what they’ve got, which partly explains the success of the iPhone, still — what to with a hacked Chromecast? Before we explain, there’s something you should know: most of you will get very little joy out of the Google Chromecast hack: it’s aimed at developers looking to create and run custom software on the HDMI wunder-dongle. But this is step one as hack creators GTV say. With this tool, the smartest of us will be able to get inside the inner workings of this very new and very mysterious. First off, here’s proof of concept, presented below in this awfully quiet video:

Secondly, here’s what we know about Chromecast so far. It’s not ChromeOS, it’s a “modified” version of Google TV, with most of the juicy parts stripped down to the very core. So while installing an Android app (APK) is impossible, the bootloader, kernel, init scripts and binaries of Google TV are all front and present.

A flaw in logic

Chromecast has some exploitable bugs and by holding down the single button on the device, GTV’s unsigned kernal will replace the official system files with the rooted ones. Once all is said and done, you can telnet to the root shell of Chromecast on port 23. It’s less complicated than it sounds, and all you need is a USB cable, Chromecast and a memory stick. Onto the hack, as detailed by GTV’s wiki page.

Items Needed:

• Blank USB Flash drive (at least 128MB) –Your drive will be erased–
• Our USB Image
• Google Chromecast
• Powered Micro USB OTG Cable
• If not a Powered Micro USB OTG Cable, then find a way to rig up a cable that does just this. We will not provide instructions, it’s simple, but still. Just buy the cable.

Pre-Setup:

1. Download .zip and extract the “gtvhacker-chromecast.bin” file.
2. Install our USB image as a whole to your USB flash drive with dd:

Syntax:   dd if=gtvhacker-chromecast.bin of=/dev/sdX bs=1024

Root Process:

1. Plug the flash drive into one female “A” end of the USB OTG cable
2. Plug the other end into the Chromecast
3. Hold down the button on the Chromecast while plugging in the power cord.
4. Watch the screen, and any blinking light on your flash drive. The Chromecast will power up, execute our unsigned kernel, kick off to a script that replaces /system with a rooted one. It will then wipe /data, and reboot back to the normal system. All of this should take about a minute. Don’t unplug anything while it is installing.
5. When it is complete, your box will reboot, and you will see a new splash screen, and then the Setup screen. Just re-set up your Chromecast, and you can telnet to get a root shell on your Chromecast on port 23!

Again, and for now, only developers need apply. GTV also notes that at “any time” an update could be pushed through that negates their hack. Good luck, and get creative.