ADT-1 Android TV
Although the information we release has been verified and shown to work to the best our knowledge, we cant be held accountable for bricked devices or roots gone wrong. GTV_Hacker:General_disclaimer This page will be dedicated to a general overview of descriptions and information related to the ADT-1 Android TV.
The ADT-1 is not available for purchase and is only obtained through purchase from individuals who obtained a unit at Google IO or through the official "Request an ADT-1" page.
The ADT-1 Android TV is pretty easy to get apart once all the clips holding the case together are undone. In this tear down we used a razor blade but a guitar pick or similar small and durable piece of plastic is recommended.
- The bootloader on the ADT-1 distributed from Google IO comes unlocked. Below is the process on accessing fastboot interface.
Steps to enter recovery mode
- Hold reset button on back of ADT-1 for approximately 10 seconds or until device reboots.
- Screen will display fastboot options as seen in picture to the left. A short click of the reset button navigates while a long click selects.
On the ADT-1 the standard "Android Recovery (3e)" is used. The menu for this mode is hidden behind Auto-Recovery functionality which clears the user-data and cache partitions.
Steps to enter recovery mode
- Through adb using "adb reboot recovery"
- Through the fastboot menu accessed with the process above.
- By holding the reset button for roughly 20 seconds.
- A list of the bootloader variables obtained from using fastboot and issuing "fastboot getvar all" can be found at ADT-1 Fastboot Bootloader Variables
- A sample build.prop from an Android TV ADT-1 device can be found at ADT-1 Android TV Sample Build.prop
- UART console output as well as access to the FIQ Debugger is available by connecting a UART adapter to the ADT-1.
- SysRq is available with the following commands.
SysRq : HELP : loglevel(0-9) reBoot Crash terminate-all-tasks(E) memory-full-oom-kill(F) kill-all-tasks(I) thaw-filesystems(J) show-backtrace-all-active-cpus(L) show-memory-usage(M) nice-all-RT-tasks(N) powerOff show-registers(P) show-all-timers(Q) Sync show-task-states(T) Unmount show-blocked-tasks(W) dump-ftrace-buffer(Z)
- FIQ Debugger is available with the following commands.
debug> help FIQ Debugger commands: pc PC status regs Register dump allregs Extended Register dump bt Stack trace reboot [<c>] Reboot with command <c> reset [<c>] Hard reset with command <c> irqs Interupt status sleep Allow sleep while in FIQ nosleep Disable sleep while in FIQ console Switch terminal to console cpu Current CPU cpu <number> Switch to CPU<number> ps Process list sysrq sysrq options sysrq <param> Execute sysrq with <param>
(@GiantPune) on our IRC channel #Exploiteers rooted his ADT-1 using the Android Futex kernel exploit and dumped his boot.img. You can use this with fast-boot to root your ADT-1.
Along with the initial OTA another file was transmitted just prior to the OTA update.