[FAQ] Rooting with FlashCast Mini-FAQ - Google Chromecast

This mini-FAQ is intended to avoid clutter in the FlashCast thread.
If you have specific questions/comments/suggestions for FlashCast itself or its developer, or want to get the newest FlashCast, please use the main FlashCast thread.
Likewise, if you have questions/comments/suggestions for Eureka-ROM, its developers, or want to get the newest Eureka-ROM, please use the main Eureka-ROM thread.
IMPORTANT NOTE
The HubCap exploit has been patched in firmware build 19084. This means yet again, only certain Chromecasts can have root. It didn't take long - only about a month from the exploit's release and 2-3 weeks from the source release before a patch arrived.
If your Chromecast is on firmware build 19084 or newer, it is not rootable.
Available root methods depend on what firmware your Chromecast is running:
Original build 12072 (old US released Chromecasts only - see Rootable Serial Numbers thread for guidance)
Hardware requirements:
Powered USB OTG cable
USB flash drive 256MB or larger
Instructions: Continue reading below, past this list
If you really want to, you can use the HubCap root below instead, but it's fewer parts to try the original FlashCast method first.
Build earlier than 19084 (newer US release Chromecasts and all international release Chromecasts)
Hardware requirements:
real (does not work through hubs!) powered USB OTG cable
USB flash drive 1GB or larger
Teensy 2.0 or 2.0++ development board
USB A to Mini B cable (to connect Teensy to PC)
Instructions: Stop reading this thread. Go to HubCap thread for instructions.
The information below pertains to the original FlashCast root method for Chromecasts with the original 12072 bootloader.
First, understand how FlashCast works, and when it doesn't...
FlashCast is not really a "root tool" but rather a ROM/mod flashing utility, similar to CWM or TWRP recoveries in the phone/tablet realm. Thus, "rooting a Chromecast with FlashCast" really means flashing a rooted ROM image using FlashCast.
Currently, FlashCast will only run on Chromecasts that have the original build 12072 bootloader.
Newer Chromecasts shipped from the factory with newer bootloaders, so except for rare exceptions, only initial-release Chromecast units came with build 12072.
The serial number provides a reasonable guess at the build on an unopened, unused Chromecast - see the Rootable Serial Numbers thread
To further complicate matters, Chromecast automatically updates itself once set up, so even if you have a serial number in the range, if it has been set up with Internet access, most likely it has already been updated and FlashCast won't work on it. It is safe to try FlashCast even if you don't think your Chromecast has root potential - either FlashCast will run and you have the option to flash a rooted ROM, or it won't and you don't have root potential.
Second, check the flowcharts for First boot of a newly-prepared FlashCast stick and Flashing Eureka-ROM with FlashCast USB stick
Remember, you need a powered USB OTG cable - it needs to provide power to the OTG host (upstream, not just to OTG devices) as Chromecast needs power to operate.
REMEMBER: For a just-written or re-written FlashCast USB stick, the first boot with it does not root your Chromecast, because it does not write a ROM (which is what preserves root) until the second round, after you load the eureka_image.zip onto the stick. If you haven't put a eureka_image.zip onto the FlashCast USB stick, you have not applied a ROM yet and you are still at risk of losing root (unless you're just applying a mod or new ROM over an existing root-preserving ROM).
If you need to know why you should or shouldn't root, and why you need to decide before you start using Chromecast, check Root Mini-FAQ: What's the big deal with root?
Use of wall (utility) power is highly recommended for flashing - TV USB ports, USB power packs, and other uncontrolled or potentially-non-constant power sources can cause problems if they turn off or give out in the middle of a flash.
If you run into trouble, see below.
FlashCast doesn't show up at all.
Your Chromecast is not rootable, your OTG cable is miswired or defective, your USB stick was not imaged properly, or your USB stick is not compatible.
See these:
Piecing OTG together with Y-cable and adapter
Pictures
Long thread on OTG piecemeal workarounds
Guidelines
on proper OTG wiring/assembly if you aren't using an assembled powered OTG cable.
Here are tips for potentially writing the FlashCast image from your Android device, though using a computer is still recommended.
FlashCast shows up but only get red LED on Chromecast
FlashCast did not find your eureka_image.zip, it is corrupt, or your USB stick has errors
Windows users - make 100% sure that your file is named exactly eureka_image.zip not eureka_image.zip.zip
By default, Windows hides file extensions and this can cause misnamed files.
See this explanatory image
Also check your OTG cable - a flakey OTG cable can let FlashCast start but fail to flash too. See previous links for OTG cable assembly guidance.
FlashCast shows up, the LED is white, but all I see is the line of dots after the reboot
Check that the button on the Chromecast is not stuck down. On some units the plastic button-pusher can get wedged down. Gently but firmly push the button all the way down and wiggle it on release. If that doesn't work, try flicking the button to dislodge it.
I reached "Sorry, your Chromecast is not rootable" in the flowchart.
Try the HubCap exploit.

bhiga said:
This mini-FAQ is intended to avoid clutter in the FlashCast thread.
If you have specific questions/comments/suggestions for FlashCast itself or its developer, or want to get the newest FlashCast, please use the main FlashCast thread.
Likewise, if you have questions/comments/suggestions for Eureka-ROM, its developers, or want to get the newest Eureka-ROM, please use the main Eureka-ROM thread.
IMPORTANT NOTE
The HubCap exploit has been patched in firmware build 19084. This means yet again, only certain Chromecasts can have root. It didn't take long - only about a month from the exploit's release and 2-3 weeks from the source release before a patch arrived.
If your Chromecast is on firmware build 19084 or newer, it is not rootable.
Available root methods depend on what firmware your Chromecast is running:
Original build 12072 (old US released Chromecasts only - see Rootable Serial Numbers thread for guidance)
Hardware requirements:
Powered USB OTG cable
USB flash drive 256MB or larger
Instructions: Continue reading below, past this list
If you really want to, you can use the HubCap root below instead, but it's fewer parts to try the original FlashCast method first.
Build earlier than 19084 (newer US release Chromecasts and all international release Chromecasts)
Hardware requirements:
real (does not work through hubs!) powered USB OTG cable
USB flash drive 1GB or larger
Teensy 2.0 or 2.0++ development board
USB A to Mini B cable (to connect Teensy to PC)
Instructions: Stop reading this thread. Go to HubCap thread for instructions.
The information below pertains to the original FlashCast root method for Chromecasts with the original 12072 bootloader.
First, understand how FlashCast works, and when it doesn't...
FlashCast is not really a "root tool" but rather a ROM/mod flashing utility, similar to CWM or TWRP recoveries in the phone/tablet realm. Thus, "rooting a Chromecast with FlashCast" really means flashing a rooted ROM image using FlashCast.
Currently, FlashCast will only run on Chromecasts that have the original build 12072 bootloader.
Newer Chromecasts shipped from the factory with newer bootloaders, so except for rare exceptions, only initial-release Chromecast units came with build 12072.
The serial number provides a reasonable guess at the build on an unopened, unused Chromecast - see the Rootable Serial Numbers thread
To further complicate matters, Chromecast automatically updates itself once set up, so even if you have a serial number in the range, if it has been set up with Internet access, most likely it has already been updated and FlashCast won't work on it. It is safe to try FlashCast even if you don't think your Chromecast has root potential - either FlashCast will run and you have the option to flash a rooted ROM, or it won't and you don't have root potential.
Second, check the flowcharts for First boot of a newly-prepared FlashCast stick and Flashing Eureka-ROM with FlashCast USB stick
Remember, you need a powered USB OTG cable - it needs to provide power to the OTG host (upstream, not just to OTG devices) as Chromecast needs power to operate.
REMEMBER: For a just-written or re-written FlashCast USB stick, the first boot with it does not root your Chromecast, because it does not write a ROM (which is what preserves root) until the second round, after you load the eureka_image.zip onto the stick. If you haven't put a eureka_image.zip onto the FlashCast USB stick, you have not applied a ROM yet and you are still at risk of losing root (unless you're just applying a mod or new ROM over an existing root-preserving ROM).
If you need to know why you should or shouldn't root, and why you need to decide before you start using Chromecast, check Root Mini-FAQ: What's the big deal with root?
Use of wall (utility) power is highly recommended for flashing - TV USB ports, USB power packs, and other uncontrolled or potentially-non-constant power sources can cause problems if they turn off or give out in the middle of a flash.
If you run into trouble, see below.
FlashCast doesn't show up at all.
Your Chromecast is not rootable, your OTG cable is miswired or defective, your USB stick was not imaged properly, or your USB stick is not compatible.
See these:
Piecing OTG together with Y-cable and adapter
Pictures
Long thread on OTG piecemeal workarounds
Guidelines
on proper OTG wiring/assembly if you aren't using an assembled powered OTG cable.
Here are tips for potentially writing the FlashCast image from your Android device, though using a computer is still recommended.
FlashCast shows up but only get red LED on Chromecast
FlashCast did not find your eureka_image.zip, it is corrupt, or your USB stick has errors
Windows users - make 100% sure that your file is named exactly eureka_image.zip not eureka_image.zip.zip
By default, Windows hides file extensions and this can cause misnamed files.
See this explanatory image
Also check your OTG cable - a flakey OTG cable can let FlashCast start but fail to flash too. See previous links for OTG cable assembly guidance.
FlashCast shows up, the LED is white, but all I see is the line of dots after the reboot
Check that the button on the Chromecast is not stuck down. On some units the plastic button-pusher can get wedged down. Gently but firmly push the button all the way down and wiggle it on release. If that doesn't work, try flicking the button to dislodge it.
I reached "Sorry, your Chromecast is not rootable" in the flowchart.
Try the HubCap exploit.
Click to expand...
Click to collapse
thnx:good:

My Chromecast is running the latest firmware, so it's not rootable. But out of curiosity, aside from developers, what would be the benefit of rooting Chromecast?

@Laserbeak43 - see [FAQ] Root Mini-FAQ: What's the big deal with root?

Hello everyone, I have question is there also something for this for the chromecast 2 where you can cast and make the setup without any internetconnection ? I hope somebody can help me with this. already thanks for the reply.

Related

HOWTO: Force Chromecast to Boot from USB (Possible Brick Recovery Method)

WARNING: This should be the VERY VERY VERY VERY (Am I clear enough about this?) LAST thing you do to try and fix a chromecast. This can possibly fry a chromecast for good, so know going into this that it may not work!
Because of this, Me, XDA, and all other users are NOT RESPONSIBLE for any damage, problems, or issues that may arise from using this method. By using this tutorial, you agree and understand the above warning.
So, I had a Chromecast that I got stuck in "backupsys" boot mode, where it would try to boot the backupsys partition. Issue is, it would not boot, and you can't force it to boot from jumpdrive while it is in "recovery" or "backupsys" mode.
Well after tearing the thing down and getting UART setup, I started messing around, and found a way to FORCE the device to read from USB, regardless to the bootmode.
How this works is during the boot process, you jump 2 select pins on the PCB by the CPU, which causes the device to have a block read error while reading the system flash. When this happens, the device falls back into USB read mode.
Because this causes a read interrupt, it "MAY" have unknown effects on the longevity of your device, so like I said before, this should be a LAST RESORT OPTION ONLY.
What You Need:
Chromecast with Rootable Bootloader
Paper Clip/Needle to jump some TINY pins
UART hooked up to your computer
Jump Drive with the Root Image & USB OTG Cable
Process:
Step 1: Tear down your device, and have it hooked up to UART on your computer.
Step 2: Have the USB OTG Cable and Jump Drive with the root image plugged into the chromecast. Do not have it plugged into power yet.
Step 3: On the top side of the chromecast (Not the side with the UART Pins), carefully remove the RF shield to reveal the WiFi Chip and CPU.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Step 4: Have putty open and connected to your UART COM port. Also have "reboot recovery" in your clipboard. (Copy that command so you can right-click in putty to send it quick)
Step 5: Now, prepare to jump pin #26 (shown in photo below, marked with red square on right side of CPU) when you plug in the chromecast to power it.
Step 6: Plug in the chromecast power, and watch the UART output. Once the Chromecast LED turns read, use the paper clip to short pin #26 and you should get the following outout:
Code:
sys_init start. boot_strap=0x00000080 (source=NAND), boot_state=0x0
PG868: leakage=208 vcore=10 sysctl=59
Customer key found, loading customer key...
Loading Secure Customer Key Store is finished
Loading Secure Customer Key Store is finished
Finish loading Customer Key store
bootloader image verified, start...
eureka-b3 BG2CD [Jun 6 2013 12:07:51] ver:9086b04-dirty
OTP status=0x000000FF lkg curr=208 mA
nand_randomizer_init_by_flash_type(chip_id = 0x2C48044AA500): !!! RANDOMIZED !!!
[FASTLOGO] init.
[FASTLOGO] Set CPCB1 output reso 8.[SHOWLOGO] start
showlogo_init_irq, Enable IRQ_dHubIntrAvio0(0x20) for cpu 0
[FASTLOGO] done.
fts: v155 loaded from 0x00268000
Read failed @ 0x7814c000
ERROR: Failed to read CPU image ret -1
Booting from NAND failed, booting from USB....!
timer_clk_freq = 0x47868c0
USB: Register 10011 NbrPorts 1
USB EHCI 1.00
scanning bus for devices... 2 USB Device(s) found
scanning bus for storage devices... 1 Storage Device(s) found
If you do not see "Booting from NAND failed, booting from USB....!", unplug the chromecast, and try again.
Step 7: The chromecast will now try and boot the Jump Drive image. During this, there will be a root shell hiding under all the output. You need to QUICKLY and repeatedly press Enter until you see "/ # " flash on the screen. Once you see that flash, QUICKLY press right-click so putty pastes your clipboard, and then press enter. If you do this fast enough, the kernel will run "reboot recovery" and restart.
Step 8: The device will now try to boot the normal recovery partition. This is fine, because even if it fails, the bootloader will detect this and reset the device to normal boot mode after a few power cycles. After a few power cycles, the chromecast should eventually show the following over UART:
Code:
sys_init start. boot_strap=0x00000080 (source=NAND), boot_state=0x0
PG868: leakage=208 vcore=10 sysctl=59
Customer key found, loading customer key...
Loading Secure Customer Key Store is finished
Loading Secure Customer Key Store is finished
Finish loading Customer Key store
bootloader image verified, start...
eureka-b3 BG2CD [Jun 6 2013 12:07:51] ver:9086b04-dirty
OTP status=0x000000FF lkg curr=208 mA
nand_randomizer_init_by_flash_type(chip_id = 0x2C48044AA500): !!! RANDOMIZED !!!
[FASTLOGO] init.
[FASTLOGO] Set CPCB1 output reso 8.[SHOWLOGO] start
showlogo_init_irq, Enable IRQ_dHubIntrAvio0(0x20) for cpu 0
[FASTLOGO] done.
fts: v168 loaded from 0x0029c000
[SHOWLOGO] stopped
Boot normal GTV image
fts: record v169 commited @ 0x002a0000
Uncompressing Linux... done, booting the kernel.
And congrats, the device is now back to Normal Boot Mode! You can now hold the power button during power on to properly flash the rooted image, and your device should be good to go!
DEVS: If you want to help make this easier, can you make a USB image that just boots the kernel and stops at command line? Would make this process easier.
FAQ:
Q: Why do I need this? I can just hold down the button to boot from a Jump Drive.
A: This is true, but if a Chromecast is in any other boot mode besides normal, then it will be unable to boot from USB. This is just how the bootloader is coded. (I submitted a patch to google regarding this, even though it would never help us out thanks to the updated locked bootloader).
Q: Will this allow be to Downgrade/Root my device?
A: Answer is Probably not, even though this is untested. This is because the bootloader is still loading from the device, so it will still probably check the USB Drives image for a valid signature.
Q: I tried this, but my device still won't boot.
A: Well then there is probably not much else you can do, besides looking for a fix yourself. Remember, its a $35 dollar device so it may just be best to buy a new one.
Reserved
This reminds me of what people did for the xbox 360 with the dual nand chips, or what Adam Outler did with the galaxy camera. He had a switch that would choose whether to boot the default eMMC or a SD card.
Aaron Swartz, Rest in Pixels.
ddggttff3 said:
Reserved
Click to expand...
Click to collapse
Can you explain why you chose pin 26?
Thanks
zackoch said:
Can you explain why you chose pin 26?
Thanks
Click to expand...
Click to collapse
In all honesty, trial and error with a device I didn't think would ever work again.
EDIT: Also, getting very very lucky.
jamcar said:
This reminds me of what people did for the xbox 360 with the dual nand chips, or what Adam Outler did with the galaxy camera. He had a switch that would choose whether to boot the default eMMC or a SD card.
Aaron Swartz, Rest in Pixels.
Click to expand...
Click to collapse
In case anyone didn't pick on my meaning, it would be cool if we could use a switch to boot from USB or eMMC.
Aaron Swartz, Rest in Pixels.
jamcar said:
In case anyone didn't pick on my meaning, it would be cool if we could use a switch to boot from USB or eMMC.
Aaron Swartz, Rest in Pixels.
Click to expand...
Click to collapse
technically this may be possible, but I am not a developer but don't quote me. The fact that we can load a kernel off a jump drive though should mean we have the ability to load and run a system image off of a jump drive.
I just got a second chromecast and am awaiting my USB OTG power cable, I do plan to root this one and work on seeing if my idea is possible.
Aaron Swartz, Rest in Pixels.
How did you get the remainder of the shield off? I got the covers off but I can't get the shield off.
EDIT: I got it. Another question: do you leave your chromecast "naked" or?
jamcar said:
How did you get the remainder of the shield off? I got the covers off but I can't get the shield off.
EDIT: I got it. Another question: do you leave your chromecast "naked" or?
Click to expand...
Click to collapse
You should put the RF shields back on after you do this modification, as they prevent interference and issues. During the dissection of my device though, I fully removed the shields (including the sides), so I have no choice but to run that one naked, but it is sitting on the side as I have another rooted chromecast I use for day to day usage.
Short pin 26 to Ground?
Sent from my XT897 using XDA Premium 4 mobile app
rbeavers said:
Short pin 26 to Ground?
Sent from my XT897 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
To be more clear, you should jump both pins at point 26. I am planning on re-doing this thread now that flashcast is out, and can make this a hell of a lot easier.
Have not used my chromecast since I bought it, prob early August. Used it the first day and put it back in the box. Decided to play with it again and root it. Problem is as soon as you plug it into the TV it starts to update (have/had wifi off just in case). So I assume it downloaded the update way back when I first used it. Not sure if this update patches the root exploit or not and I don't want to find out. Will this method get make out of "update mode"? Anything else I can try? You mentioned Flashcast any way to use it?
Thanks
BB
Bad Bimr said:
Have not used my chromecast since I bought it, prob early August. Used it the first day and put it back in the box. Decided to play with it again and root it. Problem is as soon as you plug it into the TV it starts to update (have/had wifi off just in case). So I assume it downloaded the update way back when I first used it. Not sure if this update patches the root exploit or not and I don't want to find out. Will this method get make out of "update mode"? Anything else I can try? You mentioned Flashcast any way to use it?
Thanks
BB
Click to expand...
Click to collapse
First off, any official OTA for the chomecast will patch the root exploit, so if that update goes through you will be unable to root your chromecast.
As for this method working for you, if you follow the jumping method as stated in OP, then yes, this method would force your chromecast to boot from the USB Cable.
As for using flashcast, thanks to tchebb's help, if you just boot flashcast 1.1.1 on a jumpdrive, it will automatically delete the OTA from the device, and reset the boot mode back to normal. So the need to use UART is no longer required!
ddggttff3 said:
First off, any official OTA for the chomecast will patch the root exploit, so if that update goes through you will be unable to root your chromecast.
As for this method working for you, if you follow the jumping method as stated in OP, then yes, this method would force your chromecast to boot from the USB Cable.
As for using flashcast, thanks to tchebb's help, if you just boot flashcast 1.1.1 on a jumpdrive, it will automatically delete the OTA from the device, and reset the boot mode back to normal. So the need to use UART is no longer required!
Click to expand...
Click to collapse
I've tried doing the root method posted here:
http://forum.xda-developers.com/showthread.php?t=2529903
When I connect the CS to the usb side of the OTG cable it flashs red and then white and that's it.
Might I be doing something wrong?
Thanks
BB
Bad Bimr said:
I've tried doing the root method posted here:
http://forum.xda-developers.com/showthread.php?t=2529903
When I connect the CS to the usb side of the OTG cable it flashs red and then white and that's it.
Might I be doing something wrong?
Thanks
BB
Click to expand...
Click to collapse
Is your device rootable? if it has taken any official google OTA yet, then the device will be unable to use or boot flashcast as google patched the root exploit.
Next time please try to keep questions to the relevant thread, thanks.
ddggttff3 said:
First off, any official OTA for the chomecast will patch the root exploit, so if that update goes through you will be unable to root your chromecast.
As for this method working for you, if you follow the jumping method as stated in OP, then yes, this method would force your chromecast to boot from the USB Cable.
As for using flashcast, thanks to tchebb's help, if you just boot flashcast 1.1.1 on a jumpdrive, it will automatically delete the OTA from the device, and reset the boot mode back to normal. So the need to use UART is no longer required!
Click to expand...
Click to collapse
IIRC, in another thread it was stated that Flashcast made no changes to the Chromecast, it was just to setup the USB drive to flash the Chromcast and it was the Pwnedcast ROM that made the needed changes to prevent the OTA from taking place.
It's mentioned in this post:http://forum.xda-developers.com/showpost.php?p=46307051&postcount=124 or am I misunderstanding what you mean?
wptski said:
IIRC, in another thread it was stated that Flashcast made no changes to the Chromecast, it was just to setup the USB drive to flash the Chromcast and it was the Pwnedcast ROM that made the needed changes to prevent the OTA from taking place.
It's mentioned in this post:http://forum.xda-developers.com/showpost.php?p=46307051&postcount=124 or am I misunderstanding what you mean?
Click to expand...
Click to collapse
That is correct, flashcast makes no changes, but it DOES reset the boot mode of the device back to normal. this is done to ensure that no device gets stuck in recovery mode forever, as well as deletes /cache/ota.zip so if a official google OTA is on the device, it gets deleted.
ddggttff3 said:
That is correct, flashcast makes no changes, but it DOES reset the boot mode of the device back to normal. this is done to ensure that no device gets stuck in recovery mode forever, as well as deletes /cache/ota.zip so if a official google OTA is on the device, it gets deleted.
Click to expand...
Click to collapse
Deleting /cache/ota.zip isn't considered a change? So, if ALL that is done to a 12072 build is to setup the Flashcast USB drive, it can't be updated by Google?
wptski said:
Deleting /cache/ota.zip isn't considered a change? So, if ALL that is done to a 12072 build is to setup the Flashcast USB drive, it can't be updated by Google?
Click to expand...
Click to collapse
No, the device will still be able to update from google if flashcast is ran, flashcast just deletes any already downloaded OTA that has yet to be installed.

[FLASHER] [v1.3 - 2014-07-07] FlashCast: Quickly and easily mod your Chromecast

{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What is it?
FlashCast is a USB image that provides a standardized way to mod your Chromecast. Think of it like a recovery which runs off of a USB drive. No more struggling with the limitations of the GTVHacker image, which is hard to modify and can only flash the /system partition. FlashCast is based on shell scripts, so it you can use it to do anything you can do with a root shell. It also comes with a comprehensive suite of helper functions, so many tasks actually become much easier than they would be using a regular shell.
How do I use it?
If you prefer to follow a video tutorial, @ddggttff3 has made one here. Otherwise, read on for written instructions.
Preparation
Before you begin, you'll need some materials:
A Chromecast with a vulnerable bootloader. (For the bootloader to be vulnerable, the Chromecast must have never been connected to the internet and have a rootable serial number.)
The latest version of FlashCast (the download link is at the bottom of this post).
A USB drive (minimum size 256MB) which you are willing to have erased.
A powered Micro-USB OTG cable such as this one. (Alternatively, an unpowered USB hub and unpowered OTG cable can be used as shown here. I have not tested this method and cannot help you if your USB drive is not detected.)
Installation
Once you've gathered everything required, you can install FlashCast to your USB drive. To do so, you need to write the .bin file contained in the FlashCast .zip file you've downloaded to your drive. Simply using a file explorer to drag the .bin file to your USB drive is not correct and will not work. The specifics of doing a low-level write differ depending on OS, but, in general, Linux and OS X users should use dd and Windows users should use Win32DiskImager. This operation will erase your flash drive.
After you've written the .bin file to your USB drive, your computer will no longer recognize a filesystem on it. This is normal. In order for FlashCast to set up the drive's filesystem, you need to boot your Chromecast from the drive. To do this, perform the following steps:
Connect the male end of your Micro-USB OTG cable to your Chromecast.
Plug your USB drive into the USB-A female connector of the OTG cable.
Simultaneously hold the button on your Chromecast and connect the Micro-USB power connector to the female Micro-USB port of the OTG cable.
The power must be connected last. If it is not, your Chromecast may fail to detect the USB drive and boot up normally. If this happens, simply repeat the process, making sure to perform the steps in the correct order.
If FlashCast was copied correctly, you will see a red light on your Chromecast for approximately 9 seconds. It will then turn white and your TV will display a screen containing the FlashCast logo (shown at the top of this post) and various instructions. Once you see this screen, you may release the button. The screen will appear for another 9 seconds or so, after which your Chromecast will reboot on its own to the stock image. After it has rebooted (you may disconnect the power when it starts to boot into the stock image if you're worried about it updating), FlashCast is installed on your USB drive and ready for use. Your device is NOT rooted at this point and can still be updated by Google. To root, you need to flash a mod such as Team Eureka's Eureka-ROM. When you plug the drive into your computer, it should appear as an empty drive which you can copy files to.
Usage
FlashCast-compatible mods are distributed as .zip files. To flash a mod, simply copy it to the USB drive with the name eureka_image.zip. Do NOT use dd as you did in the previous section. If you do, you will have to repeat the whole process. Instead, just copy it onto the drive's filesystem as you would any other file. FlashCast is also capable of flashing a GTVHacker-style raw system image; if there are no native FlashCast mods present and the system image is in a file called Chromecast-Rooted-System-GTVHacker-cj_000-July27-635PM.bin, it will be flashed. This method of flashing is very inflexible and is not recommended.
How do I develop for it?
If you are interested in creating mods for FlashCast, please see the developer thread.
Who made it?
FlashCast is based on a generic Buildroot Linux image. Its mod framework was written entirely by me, but I couldn't have done it without the help of various individuals. Thanks, @cj_000, for helping me and putting up with my stupid questions in IRC. And thank you, @tvall, for releasing your update-free images so promptly up until now. Without those, FlashCast would have a much smaller potential user base.
Where do I get it?
Downloads and source code are available at FlashCast's GitHub repository. The latest version is currently v1.3.
Cool! First
Sent from my SCH-I605 using Tapatalk 4
Oh yeah, finally we can update kernels! Thanks for this, got some work to do now.
tchebb, awesome work. Your flasher seems so much more flexible than what we put out (but hell, we did it in 3 days), and it's never a problem to help out. In fact, we LOVE it when someone actually picks up on what we did and makes it so much better.
Can't wait to give it a try, once I get some free time!
CJ
vulnerable bootloader ?
How do I know if I have A Chromecast with a vulnerable bootloader ?
Looks super cool man, I am about to check it out and update my chromecasts now! Great work!!
just flashed over, working great. thanks so much!
stewwmann said:
How do I know if I have A Chromecast with a vulnerable bootloader ?
Click to expand...
Click to collapse
The initial software which the Chromecast shipped with, build 12072, had a vulnerable bootloader. In all following software versions (12840, 12940, and 13300), the vulnerability is patched and FlashCast can't be used. If your Chromecast has been allowed to access the internet, it will have updated itself and will not be vulnerable. If you have not set up your Chromecast and it still has the software from the factory, it may or may not be vulnerable, depending on when you bought it. To check, you can plug it in (but not set it up), and check its "Build" in the Chromecast app. Alternatively, you can simply try to boot FlashCast on it. If it's patched, nothing bad will happen; the USB drive will simply fail to boot.
tchebb said:
The initial software which the Chromecast shipped with, build 12072, had a vulnerable bootloader. In all following software versions (12840, 12940, and 13300), the vulnerability is patched and FlashCast can't be used. If your Chromecast has been allowed to access the internet, it will have updated itself and will not be vulnerable. If you have not set up your Chromecast and it still has the software from the factory, it may or may not be vulnerable, depending on when you bought it. To check, you can plug it in (but not set it up), and check its "Build" in the Chromecast app. Alternatively, you can simply try to boot FlashCast on it. If it's patched, nothing bad will happen; the USB drive will simply fail to boot.
Click to expand...
Click to collapse
I just got 2 units this week from Amazon and they have not been updated from the factory and thus, vulnerable.
tchebb said:
The initial software which the Chromecast shipped with, build 12072, had a vulnerable bootloader. In all following software versions (12840, 12940, and 13300), the vulnerability is patched and FlashCast can't be used. If your Chromecast has been allowed to access the internet, it will have updated itself and will not be vulnerable. If you have not set up your Chromecast and it still has the software from the factory, it may or may not be vulnerable, depending on when you bought it. To check, you can plug it in (but not set it up), and check its "Build" in the Chromecast app. Alternatively, you can simply try to boot FlashCast on it. If it's patched, nothing bad will happen; the USB drive will simply fail to boot.
Click to expand...
Click to collapse
damm, i have this 13300 version. and this will never happen or is there a way?
Updated 3 Chromecasts, thanks for the excellent work!
raydekok said:
damm, i have this 13300 version. and this will never happen or is there a way?
Click to expand...
Click to collapse
Currently there are no other known exploits.
ddggttff3 said:
Currently there are no other known exploits.
Click to expand...
Click to collapse
that is to bad. i'm hoping that it will not take to long.
raydekok said:
that is to bad. i'm hoping that it will not take to long.
Click to expand...
Click to collapse
@cammykool has been hoping that since Google forced 12840 upon him. He has given up hope.
I just finished using FlashCast on 2 ChromeCasts and everything went smooth and great! I could really see FlashCast evolving into a full blown recovery for ChromeCast!
I am thoroughly impressed with FlashCast, amazing work man, well done!
Hey guys, what's the purpose of this? Does it mean we can then use 3rd party developed apps? Apps that allow us to play local videos, etc.?
Thank You, Thank You very much....
Thanks for all the responses, I found a local Best Buy that has one, and I have put it on in store pickup for tomorrow. So if I do end up with one that has original fw, and am successful in installing flashcast, I can use the device as normal after that? no worries of it being locked back down? if we are not sure ,I just will continue using my updated one until then
stewwmann said:
Thanks for all the responses, I found a local Best Buy that has one, and I have put it on in store pickup for tomorrow. So if I do end up with one that has original fw, and am successful in installing flashcast, I can use the device as normal after that? no worries of it being locked back down? if we are not sure ,I just will continue using my updated one until then
Click to expand...
Click to collapse
If it comes with the original version, and you install an image that doesn't update, you can use it as normal and not worry about it being locked down.
cool
:good: *fingers crossed*
So if my Chromecast had been connected to my TV since release date I'm screwed huh
Sent from my Nexus 7 using Tapatalk 2

USB Host / OTG

Since there is no confirmed information stated anywhere on the web about S5 Mini supporting / not supporting USB OTG, I tried it myself.
Bought a cable, tried it, and was left dissapointed. Did not work.
So, can anyone else confirm USB OTG working / not working on a S5 Mini ( G800F )?
P.S. Flash stick and USB OTG cable I used work perfectly on a couple of tablets I managed to test in the meantime.
Confirmed. No support for USB OTG. Lock.
Yea... No support
The G800F is capable of USB OTG. It simply is not enabled in the stock firmware. I build a custom kernel with USB OTG enabled and it works.
It even powers the USB device so no external power source is required.
So far I tried keyboard, mouse and USB-audio. Everything works. I haven't tried USB storage so far as the power consumption is much higher than for other devices - it might work but it can also damage your phone.
At the moment I cannot create a new thread to post the kernel (10 posts are needed before this is possible). So I will do this later.
I wonder why Samsung disabled this feature - and if they will enable it with later firmware releases. Maybe there really are power issues.
---------- Post added at 05:16 AM ---------- Previous post was at 04:17 AM ----------
Also my tivizen USB-OTG DVB-T stick works
I got this bundled with an EDD-D200B docking station for 17€. First I was disappointed as neither the docking station nor the DVB-T stick worked with the stock firmware. With the stock kernel, the DVB-T stick is not recognized. Now it works just fine.
With the stock kernel also the docking station is useless. Nothing happens if you put the phone on the dock. It does not even charge the phone. This is because the dock usb port is connected to a resistor on the OTG ID-pin. As the stock kernel is not compiled properly, the G800F recognizes the dock station to support dock mode but it does not switch to this mode.
In my kernel, dock and car dock support is still disabled. Maybe I will enable this tonight in the kernel. Would be interesting if it charges then or even routes audio to the audio connector in the back of the dock.
Great news. Later you can do for g800h?
Hi da_jok3r,
I don't have a G800H so I will not try it. But if I have some time, I will write down the steps to perform to enable USB OTG.
This way it might be possible to port the changes to the G800H. But as totally different SoCs are used in G800F and G800H chances are not that high, that the same fix will work on the G800H too.
Some more update:
USB-OTG mass storage works. Tested it with a USB flash stick and I can browse the files.
Enabled desk dock support in the kernel and now the EDD-D200B dock charges the phone. No need to remove the dock's internal resistor anymore. Unfortunately, audio is not redirected to the dock's audio connector. The sound still comes from the phone's speaker. Either the soundchip's audio pins are not connected to the sm5502 USB-switch or there is some software component missing.
Here the dmesg output after connecting the dock:
[ 485.951912] [0] 834 muic-sm5502:sm5502_muic_detect_dev dev[1:0x0, 2:0x40, 3:0x10], adc:0x1a, vbvolt:0x2
[ 485.952006] [0] 834 muic-sm5502 : DESKDOCK DETECTED
[ 485.952056] [0] 834 muic-sm5502:attach_deskdock vbus(2)
[ 485.952817] [0] 834 muic-sm5502:switch_to_dock_audio
[ 485.953797] [0] 834 muic-sm5502:set_com_sw reg_val(0x49)!=MANSW1 reg(0x1), update reg
[ 485.955550] [0] 834 muic-sm5502:muic_dock_cb MUIC dock type=1
[ 485.956488] [0] 834 muic-sm5502:attach_charger new_dev(6)
[ 485.956572] [0] 834 muic-sm5502:muic_charger_cb 6
If audio routing through the dock is not supported, maybe I will just use USB-audio to get the audio through.
If you remove all the necessary files from the firmware G800h and act as a tester?
The processor also depends also support OTG? (Qualcomm - Exynos)
Love to here more on this
da_jok3r said:
If you remove all the necessary files from the firmware G800h and act as a tester?
The processor also depends also support OTG? (Qualcomm - Exynos)
Click to expand...
Click to collapse
Hi there
Music to my ears. I have a S5 Min 800F and am desperate to get the OTG working. Just invested in OTG cable ANT+ stick and new ANT+ enabled Cycle computer and I had no idea that OTG was not operational.
With my old Samsung S2 I routed and change the software to KitKat but this one is still new. Does it involve route and wipe and start again or is there an easy way?
Love to hear more please
thanks:good:
PhotoRepair said:
Music to my ears. I have a S5 Min 800F and am desperate to get the OTG working. Just invested in OTG cable ANT+ stick and new ANT+ enabled Cycle computer and I had no idea that OTG was not operational.
Click to expand...
Click to collapse
Does that mean, you have not tried so far if OTG works for you? At least with my firmware (G800FXXU1ANJ2) it did not work - but it is possible (but unlikely) that official firmwares exist that already support OTG. Maybe you can test if OTG works and post your firmware version here.
PhotoRepair said:
With my old Samsung S2 I routed and change the software to KitKat but this one is still new. Does it involve route and wipe and start again or is there an easy way?
Click to expand...
Click to collapse
My smartphone is rooted but it should also work without root. You have to flash a new kernel (contained in a boot.img file) with Odin. Although this does not root your device it will probably trigger the KNOX counter and void your warranty. As only the kernel is replaced, the Android system and your data will survive - so you don't have to start again. But I would recommend to safe your data before, just in case flashing the kernel fails.
hennymcc said:
Does that mean, you have not tried so far if OTG works for you? At least with my firmware (G800FXXU1ANJ2) it did not work - but it is possible (but unlikely) that official firmwares exist that already support OTG. Maybe you can test if OTG works and post your firmware version here.
Click to expand...
Click to collapse
OTG not working with firmware (G800FXXU1ANJ2) exactly same as yours.
hennymcc said:
My smartphone is rooted but it should also work without root. You have to flash a new kernel (contained in a boot.img file) with Odin. Although this does not root your device it will probably trigger the KNOX counter and void your warranty. As only the kernel is replaced, the Android system and your data will survive - so you don't have to start again. But I would recommend to safe your data before, just in case flashing the kernel fails.
Click to expand...
Click to collapse
Why should we suffer an inferior phone when the OTG is there and just needs switching on! So Id have to find a Kernel with the OTG enabled? Or do you have one?
Thanks so much for your help
PhotoRepair said:
Why should we suffer an inferior phone when the OTG is there and just needs switching on! So Id have to find a Kernel with the OTG enabled? Or do you have one?
Click to expand...
Click to collapse
I already built a kernel with OTG support for the G800F. I will post the link and some notes as soon as I can open a new thread.
da_jok3r said:
If you remove all the necessary files from the firmware G800h and act as a tester?
The processor also depends also support OTG? (Qualcomm - Exynos)
Click to expand...
Click to collapse
If you already rooted your G800H you could check which USB switch is built-into your device. Connect to your device via ssh or adb shell as root. Then connect an OTG cable (with a keyboard, mouse, ... plugged in) with your G800H. On the shell execute "dmesg" and search for lines with "OTG", "OTG DETECTED", "muic-sm5502", "muic" or "5502". If you have lines with "muic-sm5502" then at least you have the same USB-switch built-in. You can also put (parts of) the dmesg output in some pastebin and post the link here. Then I can have a quick look at it.
hennymcc said:
I already built a kernel with OTG support for the G800F. I will post the link and some notes as soon as I can open a new thread.
Click to expand...
Click to collapse
Awesome thanks! :0)
An instruction how to flash the OTG kernel image is here:
[KERNEL][G800F][exynos][G800FXXU1ANG1] USB-OTG enabled kernel
hennymcc said:
If you already rooted your G800H you could check which USB switch is built-into your device. Connect to your device via ssh or adb shell as root. Then connect an OTG cable (with a keyboard, mouse, ... plugged in) with your G800H. On the shell execute "dmesg" and search for lines with "OTG", "OTG DETECTED", "muic-sm5502", "muic" or "5502". If you have lines with "muic-sm5502" then at least you have the same USB-switch built-in. You can also put (parts of) the dmesg output in some pastebin and post the link here. Then I can have a quick look at it.
Click to expand...
Click to collapse
please see
There are references to the OTG
And here is the link to the OpenSource for g800h
http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=SM-G800H
hello, sorry for asking, but...
i have a g800f (normal s5mini) with firmware g800fxxu1ang7, no updates since start. i have flashed this firmware and rooted with cf. but i miss the otg-option, so what to do and what are the experiences so far?
can i flash your kernel to my handy or do i have to flash first a special firmware? do i lose my settings etc. and have to set up the handy after flashing again? what if i want to go "back" for e.g. i recognize that your kernel has some side effects that i dont want do?
sorry for asking, but im not sure about flashing, actually my handy works like a charm but i want to have the otg.feature. btw...if the otg is enabled after flashing what when the handy falls in to water? at usb-connector should now be 5volt which is sure not good in water..maybe this is the cause why samsung disabled it - or was ist maybe of the android 4.4. rules (heard otg should no longer be supported)
pls...lighten my darkness
thean9el said:
hello, sorry for asking, but...
i have a g800f (normal s5mini) with firmware g800fxxu1ang7, no updates since start. i have flashed this firmware and rooted with cf. but i miss the otg-option, so what to do and what are the experiences so far?
can i flash your kernel to my handy or do i have to flash first a special firmware? do i lose my settings etc. and have to set up the handy after flashing again? what if i want to go "back" for e.g. i recognize that your kernel has some side effects that i dont want do?
sorry for asking, but im not sure about flashing, actually my handy works like a charm but i want to have the otg.feature. btw...if the otg is enabled after flashing what when the handy falls in to water? at usb-connector should now be 5volt which is sure not good in water..maybe this is the cause why samsung disabled it - or was ist maybe of the android 4.4. rules (heard otg should no longer be supported)
pls...lighten my darkness
Click to expand...
Click to collapse
I want it toooooooo!!!!!!!!!!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I wonder if anybody can test one of these OTG Y-cables without this patch and see if it works.
Perhaps they've only disabled the otg power out pins. It would make sense that they'd do that since we don't have the highly convenient port flaps unlike the s5. Without the flaps, the circuits would probably just bleed to death from short circuit or something.
Well, it works on the nexus where google disabled OTG
mahirh said:
I wonder if anybody can test one of these OTG Y-cables without this patch and see if it works.
Perhaps they've only disabled the otg power out pins. It would make sense that they'd do that since we don't have the highly convenient port flaps unlike the s5. Without the flaps, the circuits would probably just bleed to death from short circuit or something.
Well, it works on the nexus where google disabled OTG
Click to expand...
Click to collapse
You can try it - but it won't work. Without the patch the USB-OTG cable is detected by the kernel but the USB-host drivers are simply not loaded (because software support is deactivated).
In addition i don't know if such a cable will hurt the smartphone. I think I already used such a cable with my phone without damaging it but who knows (and you don't really need it because the phone powers the devices itself).

[ROOT] HubCap Chromecast Root Release!

Dear XDA Users,
We’re happy to announce that fail0verflow, GTVHacker, and Team-Eureka have jointly discovered and exploited a new vulnerability in the Chromecast which allows root access on the current software build (17977) as well as new in box devices (proof).
Requirements
Chromecast Device
Teensy 2 or 2++
Teensy 2 - https://www.pjrc.com/store/teensy.html
Teensy 2++ - https://www.pjrc.com/store/teensypp.html
Teensy Loader - https://www.pjrc.com/teensy/loader.html
1GB+ Flashdrive
The files included in the zip
Instructions
Install the appropriate Teensy Root Package on your device.
If New In Box device, use 12940 otherwise use 16664.
Use plusplus_*.hex for 2++ model, regular_*.hex for 2 model
Using Win32DiskImager or dd, install the Flashcast Image to the 1G+ Flashdrive.
Plug in the Teensy to a USB OTG Cable, and plug it into the Chromecast while holding down the reset button.
The Teensy light should start flashing. If not, try the process again. After 30 seconds, it should go solid orange and the Chromecast LED sould turn white.
Unplug the Teensy, then plug in the flashdrive loaded with Flashcast into the OTG cable, and then press the Chromecast button again.
If you used the 12940 image, the LED should turn white. If you used the 16664 image, the LED should stay dim red.
After about 5 minutes, the Chromecast should reboot and your device should now be rooted!
Having Problems?
“I am using a USB hub with a OTG cable, why is it not working?”
This root method requires a powered OTG cable and will not work over a USB hub. This is because the teensy needs to be directly connected to the Chromecast to work and can not go over a USB hub.
“How can I tell if the root is running?”
If the Chromecast is plugged into a TV, you should see a Flashcast message telling you your device is being rooted. If you do not see this message, unplug the Chromecast and try again.
Created By
@fail0verflow
@gtvhacker
@Dev_Team_Eureka
Shoutouts
Google Inc. - Thanks for the awesome device, now add fastboot support
XDA-Developers - For being the home of Chromecast Development
Download
Exploit Demo: https://www.youtube.com/watch?v=S2K72qNv1_Q
Download: http://download.gtvhacker.com/file/chromecast/HubCap.zip
Source:
GitHub: https://github.com/axoltl/HubCap
Brilliant -- working through the steps now!
One bit of missing hardware that may seem obvious: you'll need a USB-to-MiniUSB cable to program the Teensy. It doesn't ship with one and it wasn't shown in the video. I had a spare, so I'm in business and will edit my post once I'm able to successfully flash my Chromecast, but it may need to be put down on the required parts list.
UPDATE: worked like a charm!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The rooted device was purchased from Amazon two days ago with Prime shipping. It's S/N begins 3C24***. I couldn't tell you how happy I am to have not missed root this time around.
Thanks again for all your work, guys!
Awesome, thanks! Downloading now and will update!
Edit: flawless victory! Rooted 2 CC, one new in box and the other on latest firmware. Great work! Can't wait to see the source to understand how the exploit took place.
Amazing! Thanks!
Yea! I have a rooted CCast....
Just a note for Windows users who use win32mage....the flashcast image doesn't show using the browse because it's a BIN not an IMG file...
Just remove the file filter to *.* to see the proper image to burn to the USB Jump Drive.
Congrats to the team!
Gonna get my teensy asap! CC unplugged until then. Thank you so much, team!!
is this persistent and does it block OTA's?
Hmm, had success on a shiny, new 3C*** serial, but my older 36*** won't root.
It just sits forever at a black screen. I have a Teensy++ and have tried both the plusplus_16664.hex boot code that worked for my 3C*** serial and the plusplus_12940.hex version. Both Chromecasts were on the same Google OTA build. Is it possible this exploit doesn't work on the 36*** serials?
I can't SSH to it, neither during the blank screen (which I let sit for 20+ minutes) nor upon rebooting (no root), so I can't give you the flashcast.log file, sorry.
Thoughts?
psouza4 said:
Hmm, had success on a shiny, new 3C*** serial, but my older 36*** won't root.
It just sits forever at a black screen. I have a Teensy++ and have tried both the plusplus_16664.hex boot code that worked for my 3C*** serial and the plusplus_12940.hex version. Both Chromecasts were on the same Google OTA build. Is it possible this exploit doesn't work on the 36*** serials?
I can't SSH to it, neither during the blank screen (which I let sit for 20+ minutes) nor upon rebooting (no root), so I can't give you the flashcast.log file, sorry.
Thoughts?
Click to expand...
Click to collapse
Not sure but one of the ones I just rooted was 37*** that was on the latest ota.
I used the 16664 with a 2++
Sent from my 831C using Tapatalk
psouza4 said:
Hmm, had success on a shiny, new 3C*** serial, but my older 36*** won't root.
It just sits forever at a black screen. I have a Teensy++ and have tried both the plusplus_16664.hex boot code that worked for my 3C*** serial and the plusplus_12940.hex version. Both Chromecasts were on the same Google OTA build. Is it possible this exploit doesn't work on the 36*** serials?
I can't SSH to it, neither during the blank screen (which I let sit for 20+ minutes) nor upon rebooting (no root), so I can't give you the flashcast.log file, sorry.
Thoughts?
Click to expand...
Click to collapse
The exploit should still work on the older 36** serial device with the 16664 hex file. Double check to make sure the firmware on it is 16664 or greater. You won't be able to SSH into the device unless the root flashcast image is running.
Awesome! ill keep my chromecast off the Internets till i get the board :good:
they have it on adafruit which is where i got my pi and adruino stuff
ddggttff3 said:
The exploit should still work on the older 36** serial device with the 16664 hex file. Double check to make sure the firmware on it is 16664 or greater. You won't be able to SSH into the device unless the root flashcast image is running.
Click to expand...
Click to collapse
I am an idiot and didn't press the button on the Chromecast the second time to initiate payload from the flash drive. This is TWICE I did it and forgot about it both times.
Thanks!
Will this work with a Teensy 3.0?
mazzanet said:
Will this work with a Teensy 3.0?
Click to expand...
Click to collapse
Nope, only the Teensy 2 and Teensy++ 2 are supported (and there are separate images for both).
http://forum.xda-developers.com/showpost.php?p=54885650&postcount=9
Rooted one of my chromecasts. Thanks!
psouza4 said:
Hmm, had success on a shiny, new 3C*** serial, but my older 36*** won't root.
It just sits forever at a black screen. I have a Teensy++ and have tried both the plusplus_16664.hex boot code that worked for my 3C*** serial and the plusplus_12940.hex version. Both Chromecasts were on the same Google OTA build. Is it possible this exploit doesn't work on the 36*** serials?
I can't SSH to it, neither during the blank screen (which I let sit for 20+ minutes) nor upon rebooting (no root), so I can't give you the flashcast.log file, sorry.
Thoughts?
Click to expand...
Click to collapse
I found it difficult to power up the system and hold the CCast button down while doing it...
Figured out that if I POWER up the OTG cab;e and Teensy First it was much easier to hold the button and plug the CCast power in.
Try that....The Teensy should flash, if it doesn't reprogram it.
Make sure you use the Flashcast in the Hub release not the original found elsewhere on XDA
Asphyx said:
I found it difficult to power up the system and hold the CCast button down while doing it...
Figured out that if I POWER up the OTG cab;e and Teensy First it was much easier to hold the button and plug the CCast power in.
Try that....The Teensy should flash, if it doesn't reprogram it.
Make sure you use the Flashcast in the Hub release not the original found elsewhere on XDA
Click to expand...
Click to collapse
This is already resolved (posted above): I had forgotten to hit the button a second time for the flash drive payload.
psouza4 said:
I am an idiot and didn't press the button on the Chromecast the second time to initiate payload from the flash drive. This is TWICE I did it and forgot about it both times.
Thanks!
Click to expand...
Click to collapse
I often wish there was something like the Teensy loader to upload code to my own head so I wouldn't forget to do things! LOL!
i have a unopened 39xxxxxx
should i update it to 16664+ b4 rooting
don't know the version it comes with

Aussies - Can't root Chromecast (serial 4711----) w/ Hubcap root method

Hi guys,
I bought my Chromecast new in box from **** Smith a few weeks back when it was on sale. I had troubles following the HubCap root method. Through some help I have found a solution:
1. I first plugged the CC into my TV, connected to it via smartphone (over WIFI) and disabled my home internet in my router (to ensure no updates are installed), to confirm my firmware was 15098, which I am told was ROOTABLE
2. Instead of following precise instructions - such as using the Teensy 2.0 with the CORRECT corresponding HEX file for "new in box" (regular_12940.hex), I was told to use the other file, which you would only OTHERWISE use if you've played with it, installed updates (used; that file being 'regular_16664.hex'). If you use Teensy++, these are the wrong files...
3. Resumed following the documented procedure (confirmed by watching a couple of YouTube videos) and the good news is the light on the Chromecast NOW blinks when the Teensy flashing is done. Also, my USB flash drive (which has its own inbuilt LED) as well as Chromecast LED also look to flash as they communicate with each other I click the final button on the Chromecast.
From there, I was good to go!
Bottom line? Update the main thread to only use the 1664.hex files, as the others seem to be a blatant waste of time. Guide needs to be updated
I may be the only spaz, but hopefully it helps someone.
RoOSTA
The serial number is irrelevant at this stage, it's the firmware that matters and you're on a rootable firmware, just because you're doing it wrong, don't post it as fact.

Categories

Resources