Skip to content

Latest commit

 

History

History
35 lines (33 loc) · 2.23 KB

README.md

File metadata and controls

35 lines (33 loc) · 2.23 KB

This is a set of tools to work with Chromecast boot image files. Most of the tools are just helper scripts that simplify common operations; the one exception is cc-mangle-bootimg, which takes an Android boot image file (generated by mkbootimg, generally) and manipulates its header so that Chromecasts with a vulnerable bootloader will interpret it as a signed image and boot it.

Tools

  • cc-mangle-bootimg: Alters a boot image's header to make it look like a Marvell cryptographic header. If the Chromecast is running a vulnerable bootloader, this is all that is needed to boot the image--no signature check is actually performed. An unfortunate side-effect of the mangling is that any kernel command line specified in the Android header will be overwritten. Thus, any required kernel parameters must be compiled into the kernel image. The key ID embedded in the cryptographic header should be 0x02 for NAND boot and 0x82 for USB boot. cc-make-bootimg wraps this program, so you won't usually need to manually invoke it.
  • cc-make-bootimg: Uses Android's mkbootimg to pack the given kernel and optional initramfs into an Android boot image, then runs cc-mangle-bootimg on the generated image to make it bootable on the Chromecast. Takes a type argument of usb or nand which specifies whether the image will be booted from a USB drive or the Chromecast's internal storage. The image will fail to boot if the wrong type is used. If the type is usb, the generated image can be flashed to a USB drive using cc-flash-bootimg.
  • cc-pack-bootimg: Wraps cc-make-bootimg, packing the contents of the given directory to create the initramfs.
  • cc-strip-bootimg: Removes the Marvell cryptographic header from an official boot image so that it can be recognized and parsed by standard tools such as abootimg.
  • cc-flash-bootimg: Writes a mangled bootimg to a USB drive at the correct offset for the Chromecast to boot from. Does not affect partition table.
  • cc-flash-rootfs: Creates an ext2 filesystem on the given partition and extracts the given tar file to that filesystem. If an overlay directory is given, copies its contents to the filesystem as the last step.