Bootloader exploit for Google Nest Hub (2nd Gen) (elaine)
- Google Nest Hub (2nd Gen)
- Raspberry Pi Pico
- Powered USB hub or USB Y cable
- pico-sdk (see Getting Started guide for installation instructions)
- factory firmware (2020/12) - U-Boot 2019.01-gbfc19012ea-dirty (Dec 11 2020 - 04:19:32 )
- factory firmware (2022/01, 2022/02) - U-Boot 2019.01-g9542d3593d-dirty (May 21 2021 - 20:52:42 )
export PICO_SDK_PATH=<pico-sdk>/
mkdir build
cd build
cmake ..
make- Boot Pico in bootloader mode (hold down BOOTSEL button)
- Copy file chipicopwn.uf2 to Pico flash drive
- Prepare USB flash disk as described in elaine-bootimg
- Remove the lid underneath the Nest Hub base to expose USB port
- Connect the Raspberry Pico to Nest Hub (through powered-hub or Y-cable because the USB port does not provide power)
- Hold Volume Down + Volume Up + Mute buttons while powering on the Nest Hub
- Once CHIPICOPWN logo appears on screen, replace the Raspberry Pico with USB flash drive
- Logo CHIPICOPWN : CC BY-NC 4.0 - created by HotPot.ai