Just a few days after Google released a $35 device for streaming internet video to your TV, hackers have figured out how to run unsigned code on the Google Chromecast. The folks at GTV Hacker have released an exploit package that lets you access a root shell on a Chromecast device.

Right now there’s not much that casual users can do with root access. But this is the first step toward developers creating custom apps, mods, or even custom ROMs for Chromecast.

Update: Google has already patched the security vulnerability GTV Hacker used to root the Chromecast.

Chromecast custom code

The Chromecast features a single core Marvell processor, 512MB of RAM and 4GB of storage. It’s designed to let you pick videos, music, or other content on your phone, tablet, or computer and send it to your television screen.

Officially, Google says Chromecast is running a modified version of Chrome OS, with each video basically opening in a Chrome browser window. But GTV Hacker discovered that the device actually seems to be running a modified version of the software developed for Google TV devices.

In other words, it’s basically a very, very stripped down version of Android. The bootloader, binaries, and many other bits look like Android. On the other hand, there’s no Dalvik virtual machine, which means that there’s currently on way to install and run existing Android apps.

This is all pretty good news for folks hoping to hack the Chromecast. Independent developers have been playing with Android source code for a few years now, which should make the Chromecast software somewhat familiar. In the video below, you can see a modified version of the Chromecast software running, complete with a custom boot logo and root shell.

Again, there’s not much reason for casual users to exploit a Chromecast at this point. In fact, the initial GTV Hacker exploit could easily be patched by a software update from Google. But the door now appears to be open for independent development for the platform.

Folks at the XBMC forum are already discussing ways to get the popular open source media center software to play well with Chromecast. It’s not clear if the $35 device really has the hardware to run a full XBMC installation reliably, but there’s a chance that the Google Cast protocol could be added to XBMC eventually. That would allow you to pull up a video using XBMC on your PC, tablet, or other device and then send it to a TV with a Chromecast plugged in.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,532 other subscribers

5 replies on “Google Chromecast exploit: run a root shell on Google’s $35 media streamer”

  1. I’d prefer it the other way around: hack ChromeCast capability into Android sticks.

    1. Yeah I know GTV will get “cast” receiver capabilities, but I agree, it would be useful for android sticks, and even phones/tablets that are connected to a TV.

Comments are closed.