29 Jul '13, 4pm

Chromecast bootloader exploit

Chromecast bootloader exploit

So far this is just getting your foot in the door by rooting the device. In addition to walking through the exploit the wiki instructions give us a lot more pictures of the internals than we saw from the teardown in yesterday’s links post . There’s an unpopulated pad with seventeen connections on the PCB. You can patch into the serial connections this way, running at a 115200 8n1. But you won’t have terminal access out of the box. The exploit uses a vulnerability in the bootloader to flash a hacked system folder which provides root. After wiping the cache it reboots like normal but now you can access a root shell on port 23.

Full article: http://hackaday.com/2013/07/29/chromecast-bootloader-expl...

Tweets