Modders unlock Google Chromecast bootloader with Google TV

A number of modders have successfully unlocked the bootloader of a Google Chromecast with Google TV. This allows users, for example, to install other operating systems on the media player, such as LineageOS and Ubuntu 20.10.

Google itself does not offer the ability to unlock the bootloader of its Chromecast with Google TV, unlike with its Pixel smartphones. As a result, the developers had to use a number of exploits, in particular a previous bootROM bug in the device’s Amlogic soc, which was discovered in October by security researcher Frederic Basse. Those exploits made it possible to run an unsigned code on the media player, XDA-Developers also writes.

The media player must be manufactured before December 2020 and must have a Google TV firmware version before February. This is because Google has fixed the bootROM issue in newer hardware revisions. Google implemented software mitigations in its February 2021 software update.

The developers have published their findings in a repository on GitHub. Users with a vulnerable Chromecast model can unlock the bootloader there by pressing the button on the Chromecast device while plugging in a USB-C to A cable and running the necessary scripts from a PC. Users need a 64-bit Linux installation for that. The procedure will most likely void the device’s warranty, although developers report that users will be able to flash the original bootloader back.

One of the people involved, security researcher Nolen Johnson, reports that LineageOS builds will be available “soon” for the Chromecast with Google TV, writes XDA-Developers. Johnson is listed on the LineageOS wiki as a trusted reviewer and developer relations manager. Frederic Basse, who discovered the initial bootROM exploit, managed to install Ubuntu 20.10 on a Chromecast with Google TV earlier this year.