

Chromecast: Exploiting the Newest Device By Google - backrage
http://blog.gtvhacker.com/2013/chromecast-exploiting-the-newest-device-by-google/

======
randallu
It's a pity that GoogleTV (which the Chromecast OS appears to be derived from)
is such a messed up platform. They really wanted to be able to run Chrome,
before Chrome had been ported to bionic/Android...

So, they ported Android to glibc instead! If you poke around on a Google TV
device, you'll notice that the Chrome build they include links to GTK+ 2,
which renders the scrollbars (that you can't use with a remote on a TV...).

I have no idea why if porting Chrome to bionic was so hard, they didn't use a
regular Android build but run Chrome using ld-linux and glibc (and the rest of
the system with bionic). You'd have to write something to bridge Chrome's
content to the outer system via shared memory and IPC but (having done so once
myself) this is much less work than hacking up a whole operating system!

Porting code to it which already ran on Android and Linux was a pain because
it was somewhere in between (lots of Android library stuff, no bionic
hackery). If it had looked like regular Linux, or looked like regular Android
I would have had an easier time.

Anyway, I hope that Chromecast stays unlocked and that a bunch of OSes get
ported to it. It's like a super souped up Raspberry Pi that even comes with a
case...

~~~
DannyBee
"I have no idea why if porting Chrome to bionic was so hard, they didn't use a
regular Android build but run Chrome using ld-linux and glibc (and the rest of
the system with bionic). You'd have to write something to bridge Chrome's
content to the outer system via shared memory and IPC but (having done so once
myself) this is much less work than hacking up a whole operating system!"

Just so i'm clear, your suggestion would be to use a completely hacked up
libc, running on a platform not made for it, using shared memory and IPC hacks
as well, for an app made to run as part of a TV 24/7?

I'm not sure i'd agree with your engineering choices. :)

"They really wanted to be able to run Chrome, before Chrome had been ported to
bionic/Android..."

It's weird that you assume this is the issue, and then explain why it probably
wasn't.

I can assure the the platform was not built on glibc solely because of the
need to run chrome :)

The reasons GTV was such a "messed up platform" are entirely mundane (IMHO).

~~~
jessaustin
_The reasons GTV was such a "messed up platform" are entirely mundane (IMHO)._

What were those reasons?

~~~
DannyBee
Sadly, HN is too public for this kind of conversation.

------
kanzure
"By holding down the single button, while powering the device, the Chromecast
boots into USB boot mode. USB boot mode looks for a signed image at 0×1000 on
the USB drive. When found, the image is passed to the internal crypto hardware
to be verified, but after this process the return code is never checked!
Therefore, we can execute any code at will."

~~~
jevinskie
I thought the device received power over USB. Do you need a hub to both power
the Chromecast and connect the USB flash drive?

~~~
stedaniels
Read the article, it uses a powered USB OTG connector.

------
SpikedCola
tl;dr

"By holding down the single button, while powering the device, the Chromecast
boots into USB boot mode. USB boot mode looks for a signed image at 0×1000 on
the USB drive. When found, the image is passed to the internal crypto hardware
to be verified, but after this process the return code is never checked!
Therefore, we can execute any code at will."

That's a pretty big screw-up on someone's part - it seems strange that no one
tested "does this unsigned image boot".

~~~
oakwhiz
It's amusing, and perhaps a bit distressing, that all the work put into using
hardware crypto was defeated by such a simple failure like that.

~~~
hrkristian
One will never know if it might've been done on purpose.

------
beedogs
That took about as long as I figured it would.

------
fsckin
Site is really slow, failed to load a few times for me.

Mirror: [http://blog.gtvhacker.com.nyud.net/2013/chromecast-
exploitin...](http://blog.gtvhacker.com.nyud.net/2013/chromecast-exploiting-
the-newest-device-by-google/)

------
ivanbrussik
GTVhacker - you are a badass mofo

