Google OnHub Can Has Root

It’s always nice to get down to the root directory of a device, especially if the device in question is one that you own. It’s no huge surprise that a Google product allows access to the root directory but the OnHub requires locating the hidden “developer mode” switch which [Maximus64] has done. The Google engineers have been sneaky with this button, locating it at the bottom of a threaded screw hole. Has anyone seen this implemented on other hardware before?

There isn’t a blog post regarding this, however [Maximus64] shared a video on YouTube walking us through the steps to root and un-root Google’s OnHub, which is embedded after the break. He also states “wiki coming soon” in the description of the video, so we’ll keep eye on it for an update.

We covered the product announcement back in August and have heard a few reviews/opinions about the device but not enough to make an opinionated assumption. Rooting the device doesn’t seem to increase the OnHub’s number of LAN ports but we think it’s still worth the effort.

26 thoughts on “Google OnHub Can Has Root

  1. I haven’t heard of the reset button under a threaded screw hole before, but I’ve experienced screw holes blocked with a plastic washer, and the Hot Wheels Radar Gun has plugs shaped to the slope and the same color of the surface plugging its screw holes.

    1. You have me interest now. What do I gain by locating these plugs? Is it just access to disassemble, or some cool way to interface with the radar gun? I have one and would love to tinker, but keep the original functionality. We use it for a surprising amount of things.

  2. I don’t know about root, but don’t some Chromebooks have a screw making electrical contact with a write-protect function on their firmware? I could have sworn I read that recently, but I can’t find where.

    1. The Samsung ARM Chromebook has a separated pad on the motherboard that is connected to the write protect line on the firmware EEPROM. There’s supposed to be a conductive sticker that bridges the pad and prevents software from modifying the first stage bootloader, but curiously my unit shipped without one. Unfortunately it was never clear to me how to build my own firmware that would only boot my own signed kernel images and bypass the obnoxious developer mode warning message and beep on boot. Secure boot is a good thing, but there’s seemingly not enough information out there to enable people to use it properly.

      See also: http://www.flashrom.org/pipermail/flashrom/2013-December/011932.html

  3. The engineer that decided on the placement of the developer switch is a genius.

    I view it as both and acknowledgement as well as an invitation to hack. It’s almost an artistic statement in a way- to hack it is to take it apart, to take it apart you remove screws but once it’s known it becomes a single screw hack. Somewhat minimalist if you think about it.

    1. manufacturers should make there devices like a bomb , so it takes skill to root it . anyone who does deserves it. and you get a name tag on the manufacturer webpage who rooted it first.

      then you make one that cant be rooted = profit $$$

      1. why to all of it, why? (or even more importantly how?)
        a non rootable device is like nonburnable wood, it might technically be fire retardant but throw it into the sun and it will burn all the same.

      2. I’m not really sure that creating two marketing streams for consumer items would be profitable. The person who roots the “bomb” is likely to publish the process, negating the need for the manufacturer to create another product. Announcing such an award a manufacturer would be admitting they released a product that could be compromised, not great for sales most likely. Then again I might not be understanding your thought process.

  4. It seems to be confounding accessing ‘root directory’ with gaining ‘root access’. I’m sure you get the difference but the way you wrote the article sounds weird.

    No offence, I appreciate the article, thanks.

  5. Not specifically a root switch, but I’ve seen (and made!) industrial data loggers that use this mechanism for the power switch. Typically the device is a sealed box with the special screw removed or backed out a bit. Screwing it in all the way closes a lever switch inside and activates the device. It’s a very cheap way to make a weatherproof, vibrations resistant switch while avoiding openings on the enclosure. Most of these devices are fairly set-n-forget, so you don’t want people randomly fiddling with the switch before it’s time to collect the data anyway.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.