Hacking a Knockoff Google Chromecast - Firmware Extraction

I wish these videos were longer, i would love to sit here and listen for hours to you rambling about the innerworkings of a device nobody has ever heard of

I love your videos man but they are just too damn short! I would happily sit here listening for a few hours whilst you ramble on figuring out how to extract the firmware.

14:47 At the bottom it says LZMA compressed data

16:58, there's reference to SC16550UART so there's good possibility of a UART output somewhere on that board for the bootloader

binwalker said on the bottom that there's LZMA compressed data. Uncompressed size is 7M! probably squashfs!

Great work and thanks for sharing, Matt:) Side-note, Tip, Womansplaining: Calipers 4TheWin! So you can measure the dimensions of the package. Works when soldered in and after some time you memorize the dimensions of TSSOP/SSOP/SOP/etc anyways. "To measure is to know!" And as a poor-(wo)men's-alternative: Print out a sheet with the whole zoo of electronics packages in the scale of 1:1

@17:23 it clearly says HDCP :D "HDCP stands for High-bandwidth Digital Content Protection. The purpose of HDCP is to protect digital copyrighted content as it travels from a device to your TV, usually through an HDMI, DVI or DisplayPort connection." You might be able to interface that programmer with flashrom, I'm not sure if it is but it should be possible to implement! I own a "Willem EPROM Programmer", it also supports SPI flash memory like these but these days I generally use a very cheap ch341a_spi USB device.

I really enjoy seeing how you methodically figure out how things tic and then bypass the security like its not even there. Firmware should be open, so we may use hardware as we see fit.

There's seem to be a compressed LZMA region, i'm pretty sure it's what you seen as high entropy, i'd bet it's the compressed rootfs mounted by the bootloader. Many times the MAC address is the one injected for the Wifi, as those modules don't have any hardcoded, Really interested to see your deep dive analysis. I'll join your discord, hopefully i can find the dump and analyze it myself also. I'd buy one of these if these if there's the possibility of a custom Firmware.

My new favorite tech channel! Can't wait for the next hack adventure!

I like how you spend way too much time going over all the laymen stuff like how to solder then jump through all the coding log processes and writing…lol

I love this kind of videos where you showcase your adventure! Hope to see some in depth analysis in the future regarding the fw :D ty Matt

Thanks Matt for your great video. I love to see how you can pull these out and get the information from it.

Great video I just subscribed. I really enjoyed the one shot approach. Nice job. I am fixing to check out the second part!

Watching SMD's getting soldered onto PCB's is so satisfying... don't judge, I'm just saying what everyone's thinking. BTW, @Matt Brown, I switched to those little foam tipped eye makeup brushes which really elevated my flux clean up game over the Q tips, give 'em shot.

great stuff bro! been so much into software have been slacking on the hardware firmware side of things, good to have this under my belt especially with todays supply chain being chip tainted

Cool stuff! Thank you for sharing your electronic adventures!

@Matt Brown good sir. you are on fire lately. another awesome video.

The silkscreen of footprint on the board is a bit akward due to it being a fairly universal footprint. I do agree with you about the lead free solder, its definitely leaded solder seeing how easy it melted. No issues with using leaded solder in in China.

love your videos, i also think there too short... i enjoy complete and in-depth look into IoT