[DEV] Intercept chromecast whitelist with MITM (and update) - Google Chromecast

Hi All,
I've just managed to successfully intercept and change the whitelist for a flashed chromecast.
Steps:
Load custom cert onto device (replace nssdb with custom one) - nssdb I used and certs available here https://mega.co.nz/#!05wmDR4T!OMkBXwfO9D1wktt2bQpSwjNZ_Y9PB8q_Ryk3zSx4k1c
Load MITM on a linux host, route default gateway at linux host.
Route just google range towards MITM (so nothing else gets caught and just gets redirected)
iptables -t nat -A PREROUTING -p tcp -s 192.168.178.146 -m iprange --dst-range 74.125.237.0-74.125.237.255 -j REDIRECT --to-port 8080
load mitmproxy with
"mitmproxy -T --host -s chromefree.py"
chromefree.py is available https://mega.co.nz/#!doJX1YDS!TT3lolbgXta24QOpbj40PBAYRetZkH1s9cIvQBslBN8
note that chromefree.py refrences json.dat (which requires a gzip'd json file)
example json files are available here https://mega.co.nz/#!ghwAEI7D!a-HwECm4w_8XKfdaaZOLgFrVTx9B8xLMOYJchi1PAUY
(with this I redirected youtube to a local news site, so attempting to cast to youtube pulls up stuff.co.nz)

Appears to work well, here's a picture of my TV running the revision 3 app
http://i.imgur.com/nhLI0oC.jpg

While I applaud this news, this could likely be the reason why Google has been slow to throw the doors open. The big name media providers are probably really leaning on Google to make sure these kinds of hacks can't possibly take place.
While everyone knows that no system is infallible, I'm sure that Google is under pressure to make sure that the device is as airtight as it can possibly be, and then some, before permitting the SDK to be formally released to the public.

mkhopper said:
While I applaud this news, this could likely be the reason why Google has been slow to throw the doors open. The big name media providers are probably really leaning on Google to make sure these kinds of hacks can't possibly take place.
While everyone knows that no system is infallible, I'm sure that Google is under pressure to make sure that the device is as airtight as it can possibly be, and then some, before permitting the SDK to be formally released to the public.
Click to expand...
Click to collapse
Do you really think that people would be spending so much time trying to circumvent the whitelisting if the content was available from the get go. I was very optimistic at the start but losing patience now. I bought three and was ready to buy more, but will wait and see what happens. Don't want to invest more money and time into something that might not have a future. It is sad because it has the unprecedented potential for so many different uses.

Can this be dumbed down for the newbs

ramirez3805 said:
Can this be dumbed down for the newbs
Click to expand...
Click to collapse
I plan to have a service available for rooted chromecast in the next few days that allows access to non-google approved applications.

Kyonz said:
I plan to have a service available for rooted chromecast in the next few days that allows access to non-google approved applications.
Click to expand...
Click to collapse
Cant wait!!!:good:

networx2002 said:
Cant wait!!!:good:
Click to expand...
Click to collapse
You don't have to! I just released last night http://forum.xda-developers.com/showthread.php?t=2516164

Kyonz said:
Appears to work well, here's a picture of my TV running the revision 3 app
http://i.imgur.com/nhLI0oC.jpg
Click to expand...
Click to collapse
What did you use as the sender app?

so i have a question how do you load up an app for use in chromecast now that i have done this ? sorry for sounding so noobish but just wondering.

ahecht said:
What did you use as the sender app?
Click to expand...
Click to collapse
I used the demo html app sender to launch it (sorry not entirely sure on the name as I haven't started developing for chromecast yet). I'd really like to see someone try to reverse engineer the data that the receivers require and build apps out for these though.

BurnOmatic said:
so i have a question how do you load up an app for use in chromecast now that i have done this ? sorry for sounding so noobish but just wondering.
Click to expand...
Click to collapse
This really is a DEV thread in that it provided the exploit for chromecast, app launching would be through the demo dev apps - please check out Kyocast (http://forum.xda-developers.com/showthread.php?t=2516164) if you haven't and note that there are better things coming

Kyonz said:
I used the demo html app sender to launch it (sorry not entirely sure on the name as I haven't started developing for chromecast yet). I'd really like to see someone try to reverse engineer the data that the receivers require and build apps out for these though.
Click to expand...
Click to collapse
I must be dense, as I can't make heads or tails of the Chromecast API (I usually can't understand Google's documentation for the Android API either, but there are plenty of third-party resources for that). What do you use for Launch Parameters in the demo app?

Which boot loader number is vulnerable ? I can#t find the infos :/

12alex21 said:
Which boot loader number is vulnerable ? I can#t find the infos :/
Click to expand...
Click to collapse
Only build 12072 has a vulnerable bootloader. You have to boot into the stock OS and set the Chromecast up (on a Wi-Fi network which doesn't connect to the internet or else it will update automatically) to check the build number.

Related

Ad sponsered free apps increasing, Any type of firewall?

Well been doing alot of study lately and it seems ALOT of apps on the market that are full versions and are "free" seem to have ad sponsored elements in them. Sending your GPS data to whoever or other various things. Now while if the dev mentions on the description that their "Paid" version is ad free. Least its up front and honest about it. However alot of Apps I found out hide this info it seems. Is this going to be the new "Kazaa" on the G1? Back when Kazaa came out, is when the influx of "Spyware" was increasing. Im worried is this happening to the G1 now? While I can understand devs choosing this to make their app free and gain from it a lil. Whats to say other devs wont use this for other intentions that may have some negative impact?
Just wondering tho.. for modded G1s. Is there some sorta firewall app or so yet that might be useful? Anyways just thought I would post for discussion case I am worried over nothing.
Install AdFree from the Market.
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Mysticales said:
Cool ill try that. Still tho some discussion would be good. Cause I don't know if this should be something to start getting concerned on. Apps running in background draining battery, and reporting info possibly and so. Or am I getting concerned over nothing?
Click to expand...
Click to collapse
A little paranoia is a healthy thing, too much is bad, but these ads collect all sorts of location information to profile you and provide relevent advertising, but who knows what else happens with the data etc etc etc
PS you need root access on your phone to use AdFree
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account? Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS.. not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Mysticales said:
Yea Im fully rooted, No worries there. =) Thanks for this heads up. I use host files as well on my PC.. since then never had a issue with spyware again. Any news on if he would let us update the host file ourselves? Id love to use the file I have on my PC. Heh.
Click to expand...
Click to collapse
You can use your own hosts file on your own phone, AdFree just automates the process, if you look at this thread it started off describing how to do things manually.
Anyways as for discussion goes. Can these ads know your G1 email, or linked email account?
Click to expand...
Click to collapse
Possibly, I haven't looked into accessing the google credentials from the android APIs so I don't know for certain, might be a private API google only shares with it's own apps, that doesn't mean someone won't figure out how to access them however.
Next off, is there a ability that these ads could read your personal data as text msgs, contacts (to spam phone calls) or anything like that? Android being a new OS..
Click to expand...
Click to collapse
When you install an app there is a screen displayed of the permissions the apps ask for, read/write contacts, calendars etc will all be displayed, you should be able to see the permissions an app will have access to after it's installed as well from memory.
not sure what devs and ads can do with access to a phone. Its like a new gateway has been opened.
Click to expand...
Click to collapse
You should be more worried what google will do with all the info it collects to be honest, but that's another issue altogether.
Kinda wish a dev could comment if the G1 would even have this ability and if it could be a bad thing.
Click to expand...
Click to collapse
You are prompted during install as to what the app will be able to access, google leaves it up to you to accept it or not.
Edit: Good question, this Ad Free, is it like if you add a hosts file in a router? Like if I use the G1 to tether, is it blocking the ad banners even on tethered connections? Would be interesting to know for sure since imagine a built in firewall that protects tethered PCs too.
Click to expand...
Click to collapse
Depends how the tethered setup gets DNS info, if it uses the information from the hosts file then yes, but this is dependent on what the tether setup does.
Mysticales said:
Its like a new gateway has been opened.
Click to expand...
Click to collapse
Only if you never bothered reading the permissions requests when installing an app. They clearly describe what permissions an app wants to use and you can cancel the installation if you feel you don't want to give an app the right to access your personal info. So if you install a game that says it wants access to your Google Account info (which would include your email and thus all your associated google services) then you have only yourself to blame if the dev sends you a ton of spam or sells your email address.
Bottom line is read the permissions requested carefully and decide whether you trust the company/entity that created the app before installing it. Also, i'd be very wary installing any root apps, since root apps by their very nature can operate outside of dalvik sandbox and do practically anything they want to your system. I'm only running two root apps right now: Market Enabler and Wifi Tether. They are both open source.
Well of course I read the permissions thing. However still I would still wonder about things.
Mysticales said:
Well of course I read the permissions thing. However still I would still wonder about things.
Click to expand...
Click to collapse
Google actually closed up some of the loop holes that apps were using on Android 1.0/1.1 to enable wifi etc.
jashsu said:
They are both open source.
Click to expand...
Click to collapse
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Its not anything malicious and you can easily see the permissions when installing.
People all like free apps instead of paying a few dollars, but when an ad is added people try to get rid of it... Havent you all ever wondered why the ads are there? Just like on a forum as the one you are on right now? Right they generate at least a little bit of money for a dev that doesnt want to charge the users directly by letting them pay, but spends almost all his free time to keep apps updated, write new once and answering questions.
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
delta_foxtrot2 said:
Unless you audit the code and compile it yourself, you have no idea what the binary is actually doing.
Click to expand...
Click to collapse
It's not difficult to get the code from svn and compile it. Pretty effortless.
rogro82 said:
As soon as there is virtually no way too make money on a market, the market will die as developers/companies will move over to an other platform of development.
Click to expand...
Click to collapse
Many people don't like to view ads on their computers, let alone their mobile phone. Thus if people can block the ads easily, they will. Content producers and software developers will simply have to find a new business model to pursue. Maybe that's a free/premium differentiation model or maybe its microtransactions. That or they will have to deal with a percentage of their userbase blocking ads.
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Now again, I said I understand why they are there for free apps. Its just that as a user myself.. I like to know Im protected from potential hazards. Also alot of devs like to make something hot to use on later resumes and projects. Ive worked with alot of devs in my time start with nothing and grow to get bigger jobs in RL cause of the project. =)
jashsu said:
It's not difficult to get the code from svn and compile it. Pretty effortless.
Click to expand...
Click to collapse
I didn't say it was hard to get or compile it, but auditing the code to make sure nothing malicious is going on can be very difficult at times. There is a code obfustication competition each year and it's extrodinary what some can do and you'd never know unless it was pointed out to you.
Mysticales said:
Well I am sure most devs Block ads too, either on their mobile or pc.. no one wants any type of issue.
Click to expand...
Click to collapse
It's not just "issues" too many ads tick a certain segment of the population off to the point that they go to these lengths to get rid of them.
This is of course before you factor in this segment of the population are usually the least to click on ads, usually for ethical/moral reasons, so them getting rid of ads is usually no big loss.
Last time I checked AdFree was downloaded less than 5,000 times, now compare this to a speedometer app I made which anyone can run and it's been downloaded over 10,000 times I highly doubt any dev relying on ads will actually loose out by the people that can and are blocking them.
rogro82 said:
Location data is only used for serving the right banners and calculate the profits the banner view/click has depending on the location (country) of the viewer.
Click to expand...
Click to collapse
The meta data that can be gleened from this sort of advertising can have all sorts of flow on effects and unintended consequences.
I see the world and potential pitfalls in things differently than others, I don't know why, but the more data collected the worst things can be.
If you are interested in what country they are from/in just pull the country code from the SIM card, why narrow it down to within a few metres?
Well since I have been using Adfree. Let me say this. My G1 seems to be running faster! I dont get as many force close/wait errors. Certain apps like atrackdog for one RUN faster. I mean without the ads running, it seems my apps speed through their task and do what they are supposed to. Kinda interesting note oddly.
Also lets say a app you know would be using GPS to locate you on a map. Thus triggering "Give app permission to use your GPS" which you know why it needs it. But does the app also tell you that it uses the GPS for Ads? So I dont always trust what it says when it comes to permissions as it doesnt mean in the underline that its not using the same permission to do other things. Would be nice if the G1 had a notice that the app uses Ad support.
Linux is a wonderful and powerful operating system that can do just about anything you can possibly dream of.
First, the hosts file hack is a piece of crap since all it does is it points potentially malicious domain names back to self. It doesn't take into account connections that are ip address based... those will still go through and there is nothing that can be put in the hosts file to stop that.
iptables on the other hand.... included in 1.0 and 1.1, and several custom 1.5's, can do many strong things; block by ip address (including if it tries to lookup by dns), block by port, *BLOCK BY USER ID*.
The latter is particularly interesting since each program installed on android is assigned its own userid. That means that with the correct iptables rule, you can block all network traffic for THAT PARTICULAR PROGRAM. Or you can blacklist/whitelist servers for that program, etc.
http://www.cyberciti.biz/tips/block...ingle-user-from-my-server-using-iptables.html
http://www.cyberciti.biz/tips/linux...ng-access-to-selectedspecific-ip-address.html
For example, when I issue this command:
iptables -A OUTPUT -o tiwlan0 -m owner --uid-owner 10017 -j DROP
My browser is no longer able to connect (since it is uid=10017) using wifi (tiwlan0 is wifi). Note: leave out the entire "-o tiwlan0" argument and it should block all outgoing on all devices for that userid.
To find the userid for a particular program, do "ls -l /data/data/program'sdatadirectory"
So on JF 1.51 is this ability already there? Yea I know Linux is great for iptables. Always is, even in routers hehe.
If its not in there already, Debian, how well does that work on the G1?

Chromecast "emulator"

Since chromecast simply get an url or data to play content already "on the cloud", it will be possibile to emulate its behaviour with a chrome extension or something like that?
I'd love to use a chromecast-like interface on my desktop pc...
p.nightmare said:
Since chromecast simply get an url or data to play content already "on the cloud", it will be possibile to emulate its behaviour with a chrome extension or something like that?
I'd love to use a chromecast-like interface on my desktop pc...
Click to expand...
Click to collapse
I'd second that. I'd love to see the ability to chrome cast TO a (widows) chrome browser.
I have a number of MCE PC's connected to HD TV's and computer with monitors throughout the house that would be great as the recipients of "casting".
At work I'd like to be able to look something up on my phone and then sent it to my nearest PC browser...
htcsens2 said:
I'd second that. I'd love to see the ability to chrome cast TO a (widows) chrome browser.
I have a number of MCE PC's connected to HD TV's and computer with monitors throughout the house that would be great as the recipients of "casting".
At work I'd like to be able to look something up on my phone and then sent it to my nearest PC browser...
Click to expand...
Click to collapse
You mean like this? - http://goo.gl/NOoel
You won't be able to push Netflix to the browser the same way, but you can certainly do so with web content.
Jason_V said:
You mean like this? - http://goo.gl/NOoel
You won't be able to push Netflix to the browser the same way, but you can certainly do so with web content.
Click to expand...
Click to collapse
Yeah kind of like that but completely integrated into he chrome cast infrastructure and APIs so that it is compatible across all apps and is just one click on the new "cast" buttons that are cropping up at the top of all my Android apps now .... (Netflix, Youtube, Google music etc.)
There has been talk of 3rd party hardware makers being encouraged to support the standard so shouldn't be too hard to do proper chrome browser integration as a target.
I can't believe no one has thought of it yet :fingers-crossed:
here
p.nightmare said:
I can't believe no one has thought of it yet :fingers-crossed:
Click to expand...
Click to collapse
Here you go github.com/dz0ny/leapcast
dz0ny said:
Here you go github.com/dz0ny/leapcast
Click to expand...
Click to collapse
awesome! I will definitely keep an eye on that :good: :good:
Nodecast is also an option
p.nightmare said:
awesome! I will definitely keep an eye on that :good: :good:
Click to expand...
Click to collapse
Beside Leapcast (which is implemented in python), there is a JavaScript-/Node.js-Port in Git-Hub available. The port was made by Sebastian Mauer, the guy who wrote Cheapcast.
I spend the last weekend exeperimenting with both Nodecast and Cheapcast. Now Nodecast runs here in a Windows 8.1 virtual machine - and I'm able to stream from other Windows and Android-devices.
I wrote a few tutorials, how to setup Nodecast on Windows (it also possible to use similar steps in Mac OS X or Linux). The tutorial is currently only in German - but Google translate shall do the job.
Nodecast setup for Windows-tutorial: http://goo.gl/2ZU5Mm
Maybe it helps
Leapcast 2.0?
Anyone still working on Leapcast now that the 2.0 SDK came out? Lots of changes like going from DIAL to mDNS for one. Leapcast was very handy for running on a PC that was already connected to the TV. Sadly, all the apps compiled against the newer SDK won't work with it. They won't even discover it as a Chromecast now.
https://chrome.google.com/webstore/...oakcolegkcddbk?utm_source=chrome-app-launcher
This was an attempt to do this but I never got it to work on my side.
Unfortunately, SDK 2.0 requires the Chromecast to calculate key using certificate issued by Google. We will probably wait a long time to see leapcast, CheapCast and NodeCast working again. It might not be even possible at all.
Johny_G said:
Unfortunately, SDK 2.0 requires the Chromecast to calcate key using certificate issued by Google. We will probably wait a long time to see leapcast, CheapCast and NodeCast working again. It might not be even possible at all.
Click to expand...
Click to collapse
Not the best news, but thanks Johny for the insight.
If all the rooted ROMs can handle SDK 2.0 and Google's new authentication, there's probably a way to get the emulators up and running with it. Just a matter of time and determination I hope. I wish Google was a bit more open on the software side for the Chromecast. Having the new SDK for sender/receiver apps is great, but allowing companie/people to recreate the piece in the middle would also benefit them I would think. It would be tough for people to beat the Chromecast's price tag, but having other options would be good.
Averix said:
Not the best news, but thanks Johny for the insight.
If all the rooted ROMs can handle SDK 2.0 and Google's new authentication, there's probably a way to get the emulators up and running with it. Just a matter of time and determination I hope. I wish Google was a bit more open on the software side for the Chromecast. Having the new SDK for sender/receiver apps is great, but allowing companie/people to recreate the piece in the middle would also benefit them I would think. It would be tough for people to beat the Chromecast's price tag, but having other options would be good.
Click to expand...
Click to collapse
I wouldn't hold my breath. The ROMs get the upgrade essentially "for free" as it's part of the stock ROM code. Maybe the desktop players can take advantage of that, probably not, especially if it's a binary or relying on some kind of TPM or other function in the Chromecast hardware itself.
Having options is good for the consumer, but for a manufacturer, more options = more competition = more mouths to feed = lower margins = more work to keep competitive. One of the reasons Apple is so aggressive about protecting the exclusivity of its platform.
Warning! TL;DR below!
The point is, that every single Chromecast device has its unique ID, its unique MAC Address, and its (unique?) signed certificate. Also, it might have some kind of ID generated when you set the device up (similar to Push ID used in Google Cloud Messaging). Some of those (maybe all of them) have to play together to calculate the key. As soon as you pull the certificate out and put it in different environment, the result of the calculation won't match the SDK's expectations. So there is pretty good chance, that bypassing the key might be completely impossible without modifying the SDK itself (and it would require the developers to actually invest some effort to support these alternatives) and maybe the Chromecast device software as well. But who knows, the guys involved in those "emulators" are way smarter than most of us and might figure something out .
This is the biggest issue. The other one is, that everything has changed in the new SDK/API, and all of the methods used in those emulators are now deprecated and need to be implemented all over again in a different fashion to work with 2.0. This might actually be a good thing, since developers involved in testing of the way-too-rushed 1.0 seemed not to have a lot of kind words to say about it. I have attended one Chromcast block on a local conference, and it was basically 2 hours of swearing.
I've stumbled upon these issues today (and a bit of yesterday), trying to get my app working in the office (I forgot my Chromecast at home - again), and here are some sources if you are more interested in the topic:
https://plus.google.com/+SebastianMauer/posts/83hTniKEDwN
https://github.com/dz0ny/leapcast/issues/29#issuecomment-37288608
https://github.com/dz0ny/leapcast/issues/96
As a developer, I have to say, that Google is making things awfully difficult lately, and the "don't be evil" policy seems to slowly fade away. They put way too much effort into marketing decisions, and have no time to properly test APIs and SDKs before they spit them out . Mostly, when trying some new Android-related technology (to be honest, its mostly Google Play Services technology these days, so AOSP starts to be completely useless), I spend most of the time working around things that nobody thought of (i.e. the Translucency API in KitKat was obviously tailored for Google Now Launcher, and is a huge PITA tu be used elsewhere) and fixing the broken samples that come with them. It might seem weird, but sometimes (say hello to Play Games Services and in-app billing v1+v2!) the sample is inseparable part of the final implementation, so you have to fix their rushed code anyway. I shouldn't be complaining, since things like that raise the value of developers willing to go through all of this in their spare time, but the change of philosophy still bugs me a lot. Google and Android used to be strongly community-oriented, and now the marketing is pulling it all away.
Should the goal really be to emulate a Chromecast or should the effort be geared toward supporting DIAL protocol?
I would think the latter is the better option because you could support whatever the hardware supports without the limitations imposed on us from CCast Hardware.
Maybe I'm wrong but I always looked at DIAL as an extension of UPnP and separate from the CCast itself and the Chromecast SDK as not much more than a kit to add DIAL support to Android (and iOS) not meant to build anything on the CCast side at all.
Other companies like Roku are planning some DIAL support and I doubt highly they will have a CCast ID and Certificate.
In the end I think we will get something similar to this functionality from a player app like VLC on PC and MAC, or perhaps in Chrome itself.
Cause I think (and I may be totally wrong here) that it isn't the Apps we use that checks the Whitelist and IDs it is the CCast itself that when invoked to load a player app to stream it also checks the whitelist and tests security before it plays.
SO if someone created a program for PC that made the PC announce itself as a DIAL capable device that when connected to loads the app into Chrome, I bet most of it would work.
Might not work with any of the DRM sites like Netflix and Hulu but for things like local content and unprotected streams I see no reason why it wouldn't.
In fact I bet the trouble some are having with Channels in Plex and others would go away because a PC Chrome instance would be able to play many more Transport types than a CCast can currently.
Asphyx said:
Should the goal really be to emulate a Chromecast or should the effort be geared toward supporting DIAL protocol?
I would think the latter is the better option because you could support whatever the hardware supports without the limitations imposed on us from CCast Hardware.
Maybe I'm wrong but I always looked at DIAL as an extension of UPnP and separate from the CCast itself and the Chromecast SDK as not much more than a kit to add DIAL support to Android (and iOS) not meant to build anything on the CCast side at all.
.......
Click to expand...
Click to collapse
I agree with you. I could actually care less about emulating the specifics of what's in the Chromecast hardware. What I do want is the ability for those unrestricted apps (ie not Netflix) to be able to use their Cast button to find, connect to, and use whatever the emulator is. The new CC SDK doesn't use DIAL to do the initial search any longer. It now uses mDNS. All of the previous apps (YouTube, Pandora, etc.) are still using the old API and DIAL discovery which appears to be backward compatible with the new Chromecast stick software. If you look at the debug logs of the stick, both the v1 and v2 APIs are accounted for. As for Roku, my guess (I haven't started digging in on what they're up to yet) is that they have an app that is using DIAL for discovering the Roku and then just acting as a remote control for all the box functions. Chromecast was a bit more unique since it could basically load up anything from the web as a receiver/playback client since the software is just basically a Chrome browser with some wrappers around it. That's what made it much more dynamic without having to load "channels" in the box within a custom framework like Roku does.
And Bhiga, as for economics on Google providing the software to other hardware makers, I think it it would actually be in their best interest. The Chromecast right now has to be either close to at cost for them or a loss leader. If they can get the Cast API to become a default standard on new consumer devices, that would help them take over that space. To me, that is such a better proposition for them than trying to get the complexities of something like GoogleTV into TVs.
Averix said:
And Bhiga, as for economics on Google providing the software to other hardware makers, I think it it would actually be in their best interest. The Chromecast right now has to be either close to at cost for them or a loss leader. If they can get the Cast API to become a default standard on new consumer devices, that would help them take over that space. To me, that is such a better proposition for them than trying to get the complexities of something like GoogleTV into TVs.
Click to expand...
Click to collapse
mDNS actually makes discovery a lot easier - mDNS = Bonjour = what Apple and TiVo use for discovery already.
I agree with you that adoption of the API and protocols is the goal. At this stage an Android emulator probably would help adoption, but my point was that a desktop emulator doesn't necessarily add to the rate. If someone starts looking to using a desktop because they think they don't need a Google Cast device, they'll likely runs across Plex and Miracast and may decide they don't need Google Cast at all.
bhiga said:
I agree with you that adoption of the API and protocols is the goal.
Click to expand...
Click to collapse
I wish Google agreed with us.
Averix said:
I wish Google agreed with us.
Click to expand...
Click to collapse
I bet anything there are some at Google who do agree with us but when your as BIG a company as Google is it takes forever to get everyone on board and thinking along the same lines enough to manifest it into an end product.
In the end what all if this really tells us is how much DLNA Consortium has failed to standardize Media Distribution by not going far enough and thinking of it from the end user ergonomic experience.
If this discovery and launch capability was more fleshed out in the DLNA specs we might not be talking about DIAL and mDNS right now.
At some point all these protocols (DLNA, UPnP, DIAL) should be merged into one standardized protocol that any platform can use.
Probably years away though...
Asphyx said:
If this discovery and launch capability was more fleshed out in the DLNA specs we might not be talking about DIAL and mDNS right now.
At some point all these protocols (DLNA, UPnP, DIAL) should be merged into one standardized protocol that any platform can use.
Probably years away though...
Click to expand...
Click to collapse
My concern is that unless Google is willing to push this as a standard rather than just apps for one dongle, it will only be a matter of time before the giant (un)friendly fruit company swoops in and AirPlay becomes the defacto standard that all TV makers, set top makers, and anyone else are forced to build in. It's not quite the same as how DLNA and UPnP have become sort of irrelevant, but it could pan out that way for the Google Cast API without more hardware devices having the capability built in. Time and market pressure will tell I guess.

[Q] Rooted chromecast and beta tester program

I have an issue accessing to a beta tester program with a rooted Chromecast. I'm not sure if this is the expected behavior, for this reason I'm asking here.
First I want to expose the current escenario.
A few days ago a spanish web aplication es.wuaki.tv started a promotion with a Chromecast involved. The objective was to participate like a beta tester in the service. It's possible to acces to the service via browser (chrome extension) or with a native android aplication. The right app version is only accesible after registering like a beta tester. For no compatible devices there is a link to the apk file (no external link allowed).
They (the technical support from wuaki.tv) say that the chromecast that they shipped with the promotion is registered for accessing to service.
There's a option to register a chromecast that was no shipped by they. In this case you have to send the chromecast's serial number and activate the "send serial number for updates" checkbox in chromecast configuration.
And now, the problem.
I have an Chromecast imported from USA. It's rooted and I have installed the last Eureka room.
I have made all the steps. I have verified with the technical support that my serial number was registered and correct.
But I can't make it works. Neither with the android app or the chrome extension. The cast button it's not showed.
I have changed the settings for rooted chromecast to 'defaults'. That is:
* Google Whitelist
* Google DNS
I have played other configs (I believe that ALL the possible configs) without success.
My thoughts.
I expected to find some reference to the service in the google whitelist, but I didn't see anything in the next files
From Google:
http://click.xda-developers.com/api...clients3.google.com/cast/chr...ice/baseconfig
http://click.xda-developers.com/api...clients3.google.com/cast/chr.../device/config
From Eureka:
http://click.xda-developers.com/api...rs&txt=http://pwl.team-eureka.com/applist.php
In the source code from webpage, pe:
Code:
view-source:https://es.wuaki.tv/movies/la-vida-secreta-de-walter-mitty
you can find:
Code:
<script src='https://www.gstatic.com/cv/js/sender/v1/cast_sender.js' type='text/javascript'></script>
<script>
//<![CDATA[
window.LaunchCastData = {
appid: "D383FA1E",
hasSelectedStream: false,
listStreamsUrl: "https://api.wuaki.tv/movies/4607",
reqParams: {
auth_token: "WM6qW3y1hM5xnRvyWDAq",
device: 'cast'
},
selectedStream: {}
}
//]]>
</script>
I think that, in my case, the whitelisting proccess works for individual chromecast (with the S/N) and maybe this is the reason that I can't find references to aplication in the whitelist files. I don't know.
But, finally, the question that I want to make is:
it's possible to access to that kind of 'beta tester' program with a rooted Chromecast?
Thanks in advance.
PD: sorry, I can't post external links (new user limitation)
The reason your device is unable to pull the configuration is because when using Eureka-ROM, your serial # is not sent to our server, or googles, when set as the whitelist as we use a backend application to do the calls. If you need to use your device to testing applications, I recommend flashing our rooted stock ROM we offer at: http://forum.xda-developers.com/showthread.php?t=2638103 as it does not modify the way whitelists are pushed to the device.
I will look into supporting this though in Eureka-ROM when the Whitelist provider is set to google, and hopefully I can get it ready for the next ROM release.
ddggttff3 said:
The reason your device is unable to pull the configuration is because when using Eureka-ROM, your serial # is not sent to our server, or googles, when set as the whitelist as we use a backend application to do the calls. If you need to use your device to testing applications, I recommend flashing our rooted stock ROM we offer at: http://forum.xda-developers.com/showthread.php?t=2638103 as it does not modify the way whitelists are pushed to the device.
Click to expand...
Click to collapse
Thank you very much for your answer. I had thought a lot of possibilities, but I had not considered the most obvious one: a rooted chromecast will not send his S/N.
I'll take a look at that rooted ROM, but since I do not have the right wires, I think for now keep the current ROM.
ddggttff3 said:
I will look into supporting this though in Eureka-ROM when the Whitelist provider is set to google, and hopefully I can get it ready for the next ROM release.
Click to expand...
Click to collapse
Thank you very much for taking into consideration my case. It would be nice to have the option.
And, now that you mention, do you have planned out a new version? Or are you referring to the next official version?
Thanks for solving my doubt.
javicalle said:
Thank you very much for taking into consideration my case. It would be nice to have the option.
And, now that you mention, do you have planned out a new version? Or are you referring to the next official version?
Thanks for solving my doubt.
Click to expand...
Click to collapse
I am referring to the next official update to Eureka-ROM, which I do not have an ETA for. We normally only rollout updates when things break, or theres a new feature that's worth an update. There may be a minor update in the near future though, so I will see if I can get this added.
tl;dr it all varies, and depends on what else is getting updated.
Thanks to @Kyonz, the next OTA will allow for you to use your device as a development device!
ddggttff3 said:
Thanks to @Kyonz, the next OTA will allow for you to use your device as a development device!
Click to expand...
Click to collapse
GREAT NEWS!!!
Thanks to both of you for taking care of 'suggestions'.
javicalle said:
GREAT NEWS!!!
Thanks to both of you for taking care of 'suggestions'.
Click to expand...
Click to collapse
No problem, this is something we overlooked when creating the whitelist generation and it's important to us that we support features existing and that you benefit from having a rooted device!

TowelRoot???

So I just saw the the little news about towelroot on the xda front page I'm wondering if that would work with the chromecast? Should I unplug this thing to stop updates or what?
Asadullah said:
So I just saw the the little news about towelroot on the xda front page I'm wondering if that would work with the chromecast? Should I unplug this thing to stop updates or what?
Click to expand...
Click to collapse
Sadly, I don't think it has any effect on Chromecast.
The trouble is that towelroot is an APK.
Chromecast won't let you sideload APKs due to whitelist.
Non-vulnerable Chromecast won't load unsigned code from bootloader/recovery.
Because you can't "just run an app" the way to get root on Chromecast is by flashing a pre-rooted ROM.
The only way to flash a ROM is to use FlashCast, which requires a vulnerable bootloader, because FlashCast is not signed by Google.
Non-vulnerable bootloaders will only run Google-signed code.
Thus, the existing root methods for Chromecast remain:
FlashCast on vulnerable bootloaders only
Replace the firmware/bootloader via physical chip removal and reprogramming
Once the bootloader gets (auto) updated, you can't flash anything because the bootloader will not execute FlashCast.
Another possibility would be to use a Chrome sandbox escape vulnerability and try to execute the kernel exploit this way - good luck with that :/
deeper-blue said:
Another possibility would be to use a Chrome sandbox escape vulnerability and try to execute the kernel exploit this way - good luck with that :/
Click to expand...
Click to collapse
That's an idea, but the trick is getting Chrome to execute the exploit to begin with... Essentially the Chromecast whitelist acts like parental control on a router - Chromecast can only access approved addresses unless it's been made a developer unit.
bhiga said:
That's an idea, but the trick is getting Chrome to execute the exploit to begin with... Essentially the Chromecast whitelist acts like parental control on a router - Chromecast can only access approved addresses unless it's been made a developer unit.
Click to expand...
Click to collapse
And even if you could manage to get it to run inside CCast Chrome...I'm sure the Sandbox seals it off from making any changes to the root or bootloader status.
bhiga said:
That's an idea, but the trick is getting Chrome to execute the exploit to begin with... Essentially the Chromecast whitelist acts like parental control on a router - Chromecast can only access approved addresses unless it's been made a developer unit.
Click to expand...
Click to collapse
There is one thing that comes to mind. The Netflix client on the Chromecast runs as native code out of /netflix/. I have a feeling there is some sort of vulnerability exposed there
neobear said:
There is one thing that comes to mind. The Netflix client on the Chromecast runs as native code out of /netflix/. I have a feeling there is some sort of vulnerability exposed there
Click to expand...
Click to collapse
possible... but you gotta find it, use it, then hope the big G doesn't push an update to fix it soon after.
-= this post enhanced with bonus mobile typos =-
neobear said:
There is one thing that comes to mind. The Netflix client on the Chromecast runs as native code out of /netflix/. I have a feeling there is some sort of vulnerability exposed there
Click to expand...
Click to collapse
Still have the issue being that the only way to launch it is via Netflix...
bhiga said:
possible... but you gotta find it, use it, then hope the big G doesn't push an update to fix it soon after.
-= this post enhanced with bonus mobile typos =-
Click to expand...
Click to collapse
even if they do it can be rooted therefore and updates blocked.. hence mission accomplished... like Sony's ps3.. I think sunny finally had given up now...
Sent from my Nexus 5 using Tapatalk
persianrisk said:
even if they do it can be rooted therefore and updates blocked.. hence mission accomplished... like Sony's ps3.. I think sunny finally had given up now...
Click to expand...
Click to collapse
Yes, much like the current bootloader exploit that FlashCast uses. It becomes major cat-and-mouse because Chromecast auto-updates without waiting for user intervention though.
Sony can give up more easily because a game console's success is not as heavily tied to content providers. Chromecast, on the other hand, would be sunk without any apps. Let's face, Chromecast for YouTube alone just won't cut it, even at $35.
bhiga said:
Yes, much like the current bootloader exploit that FlashCast uses. It becomes major cat-and-mouse because Chromecast auto-updates without waiting for user intervention though.
Sony can give up more easily because a game console's success is not as heavily tied to content providers. Chromecast, on the other hand, would be sunk without any apps. Let's face, Chromecast for YouTube alone just won't cut it, even at $35.
Click to expand...
Click to collapse
I understand. but Sony is equally tied to game content and also other media providers - hence when it was hacked its a bigger problem as some choose not to purchase their games whereas with rooted Chromecast you are still paying for the services even if using a proxy...
Sent from my Nexus 5 using Tapatalk
persianrisk said:
I understand. but Sony is equally tied to game content and also other media providers - hence when it was hacked its a bigger problem as some choose not to purchase three have whereas with rooted Chromecast you are still paying for the second albeit unusually through a proxy...
Click to expand...
Click to collapse
True, it does create an interesting secondary market.

Rooting beenfits

Hi all
Think it would be about £25-£30 to get all the kit to root the Chromecast, which then will most probably not be used again. Can anyone please explain the benefits of rooting? Such as what the rooted ROM's will give me over official firmware. For example am I able to run XBMC from it?
I have most probably been lucky in the past because it has cost nowt to root my smartphones, tablets etc?
I am all for rooting Chromecast but not sure of the benefits.
Regards
fs1023
fs1023 said:
Hi all
Think it would be about £25-£30 to get all the kit to root the Chromecast, which then will most probably not be used again. Can anyone please explain the benefits of rooting? Such as what the rooted ROM's will give me over official firmware. For example am I able to run XBMC from it?
I have most probably been lucky in the past because it has cost nowt to root my smartphones, tablets etc?
I am all for rooting Chromecast but not sure of the benefits.
Regards
fs1023
Click to expand...
Click to collapse
No it won't let you run XBMC....
Two most noteworthy benefits to root...One may actually be something you might like.
1 - You get to use the Eureka Whitelist which can allow some apps to work earlier than they they would because Google has delayed whitelisting it. (Screen Mirroring was available to rooted users even before Google announced it because rooted users had it whitelisted while Google waiting until Google IO) What those Apps are varies as they are released and as Google adds them to their list so a comprehensive list is not really possibe.
2 - (And the one that might interest you most since you appear to be in the UK)...Rooted makes it much easier to use VPNs and custom DNS settings so you can access region blocked content without the need for complex settings changes on your router which can sometimes affect other services. As time goes on this may be the most used feature for those not in the US and want to access full content from Netflix and Hulu. or even those in the US who would like access to content that is blacked out in the US and only available in Europe.
In time as more people are able to get root you might find some more developers willing to create apps that take advantage of the rooted CCast but there are Millions of units sold and I'm not sure but I'm betting less than 100K actually have achieved root in the initial hack and perhaps now many more will be able to boost those numbers.
Is that £25-30 including the Chromecast price. Because if you have a memory stick already, the teensy and usb otg Y cable is about £10.
Asphyx said:
No it won't let you run XBMC....
Two most noteworthy benefits to root...One may actually be something you might like.
1 - You get to use the Eureka Whitelist which can allow some apps to work earlier than they they would because Google has delayed whitelisting it. (Screen Mirroring was available to rooted users even before Google announced it because rooted users had it whitelisted while Google waiting until Google IO) What those Apps are varies as they are released and as Google adds them to their list so a comprehensive list is not really possibe.
2 - (And the one that might interest you most since you appear to be in the UK)...Rooted makes it much easier to use VPNs and custom DNS settings so you can access region blocked content without the need for complex settings changes on your router which can sometimes affect other services. As time goes on this may be the most used feature for those not in the US and want to access full content from Netflix and Hulu. or even those in the US who would like access to content that is blacked out in the US and only available in Europe.
In time as more people are able to get root you might find some more developers willing to create apps that take advantage of the rooted CCast but there are Millions of units sold and I'm not sure but I'm betting less than 100K actually have achieved root in the initial hack and perhaps now many more will be able to boost those numbers.
Click to expand...
Click to collapse
Asphyx thanks for your knowledgeable reply, you have convinced me to root.
theronkinator said:
Is that £25-30 including the Chromecast price. Because if you have a memory stick already, the teensy and usb otg Y cable is about £10.
Click to expand...
Click to collapse
theronkinator thanks as well for your reply. Looked at prices in OP and they seemed to be more that £10. Thanks anyway I will shop around.
Will this product do the same as the Teensy? A-Star 32U4 Micro
fs1023 said:
Will this product do the same as the Teensy? A-Star 32U4 Micro
Click to expand...
Click to collapse
I managed to root my four chromecasts using an A-Star 32U4 micro.
The LEDs don't light up at all during the process and there's no reset button so you have a short a couple of pins, but apart from that it works fine.
Tim
ClarkyCat said:
I managed to root my four chromecasts using an A-Star 32U4 micro.
The LEDs don't light up at all during the process and there's no reset button so you have a short a couple of pins, but apart from that it works fine.
Tim
Click to expand...
Click to collapse
Thanks for the reply Tim. No sure what you mean by " there's no reset button so you have a short a couple of pins". I have tried to put the teensy hex file on it but it does not work. Do I need to do this part of rooting? Can you please explain the process of how you rooted your 4 casts?
Regards
fs1023
fs1023 said:
Thanks for the reply Tim. No sure what you mean by " there's no reset button so you have a short a couple of pins". I have tried to put the teensy hex file on it but it does not work. Do I need to do this part of rooting? Can you please explain the process of how you rooted your 4 casts?
Regards
fs1023
Click to expand...
Click to collapse
You need to get the A-Star into bootloader mode in order to load in the HubCap teensy files (I used regular_16664.hex). There's no reset button on the board so you have to short the GND and RST pins twice within 750ms. The board LED kind of pulses when it's in bootloader mode.
Have a read of the docs here: http://www.pololu.com/docs/0J61/5.3
I programmed the board using:
Code:
avrdude -p atmega32u4 -c avr109 -P /dev/ttyACM0 -U flash:w:regular_16664.hex
Perform the root in exactly the same way as in the youtube vid. The only difference is that the LED on the A-Star doesn't flash in the same way as the teensy++ in the vid does. You just have to watch for the Chromecast LED colour change.
Cheers,
Tim
ClarkyCat said:
The only difference is that the LED on the A-Star doesn't flash in the same way as the teensy++ in the vid does. You just have to watch for the Chromecast LED colour change.
Click to expand...
Click to collapse
Actually, try the hex files I attached to my post on the HubCap thread.
I've rebuilt them with A-Star 32u4 LED support, so it blinks the same way as the teensy2++ does in the vid.
Tim
ClarkyCat said:
You need to get the A-Star into bootloader mode in order to load in the HubCap teensy files (I used regular_16664.hex). There's no reset button on the board so you have to short the GND and RST pins twice within 750ms. The board LED kind of pulses when it's in bootloader mode.
Have a read of the docs here: http://www.pololu.com/docs/0J61/5.3
I programmed the board using:
Code:
avrdude -p atmega32u4 -c avr109 -P /dev/ttyACM0 -U flash:w:regular_16664.hex
Perform the root in exactly the same way as in the youtube vid. The only difference is that the LED on the A-Star doesn't flash in the same way as the teensy++ in the vid does. You just have to watch for the Chromecast LED colour change.
Cheers,
Tim
Click to expand...
Click to collapse
Once again thanks Tim your help is much appreciated.
Not really sure what I am doing here but I have installed the Winavr software. When I click on run I get dialogue box error message - Error loading "C:WinAVR-20100110/bin/avr-gcc.exe": not in executable format: File format not recognised.-
Any idea what i am doing wrong?
Regards
fs1023
fs1023 said:
Once again thanks Tim your help is much appreciated.
Not really sure what I am doing here but I have installed the Winavr software. When I click on run I get dialogue box error message - Error loading "C:WinAVR-20100110/bin/avr-gcc.exe": not in executable format: File format not recognised.-
Any idea what i am doing wrong?
Regards
fs1023
Click to expand...
Click to collapse
I used linux, so I'm not sure about using winavr - is it supposed to provide some kind of cygwin-ish shell? Perhaps you need to run it with Admin privileges?
You'll need to change the -P parameter to whatever format windows needs. The user guide suggests "\\\\.\\USBSER000".
Tim
ClarkyCat said:
I used linux, so I'm not sure about using winavr - is it supposed to provide some kind of cygwin-ish shell? Perhaps you need to run it with Admin privileges?
You'll need to change the -P parameter to whatever format windows needs. The user guide suggests "\\\\.\\USBSER000".
Tim
Click to expand...
Click to collapse
Ok thanks Tim. I will buy a Teensy as this looks easier to work from. Would have bought one in first place but hard to find online for UK.
Regards
fs1023
Hello people, quick noob question.
I can stream something from a website to my phone but when I mirror my phone to tv, the tv screen goes blank and just hear the sound.
Is this something I can fix with rooting chromecast?
Sent from my LG-D802 using XDA Free mobile app
reggaetonero said:
Hello people, quick noob question.
I can stream something from a website to my phone but when I mirror my phone to tv, the tv screen goes blank and just hear the sound.
Is this something I can fix with rooting chromecast?
Sent from my LG-D802 using XDA Free mobile app
Click to expand...
Click to collapse
Hi reggaetonero
I have not yet rooted the Chromecast so I don't know what root brings. Sorry I can't help. You might be best either starting a new thread with with your question or maybe posting it here.
http://forum.xda-developers.com/har.../root-hubcap-chromecast-root-release-t2855893
Regards
fs1023
reggaetonero said:
Hello people, quick noob question.
I can stream something from a website to my phone but when I mirror my phone to tv, the tv screen goes blank and just hear the sound.
Is this something I can fix with rooting chromecast?
Click to expand...
Click to collapse
Rooting Chromecast won't help in this case as the problem is likely some capability missing from your phone or its ROM.
ClarkyCat said:
Actually, try the hex files I attached to my post on the HubCap thread.
I've rebuilt them with A-Star 32u4 LED support, so it blinks the same way as the teensy2++ does in the vid.
Tim
Click to expand...
Click to collapse
hey, is there any chance you could help me by showing which section you altered in the source to change the LED pin ?
as im trying to get a sparkfun board LED going ! cheers
EDIT cannot see where to delete post, as i think you just answered this in a dif thread ! as i posted this ... Thankyou EDIT
Deleted. It was a bit OTT, have had a bad day. Sorry if I offended anyone who has previously helped.
fs1023 said:
What a waste of money to root this thing. £20 odd for the teensy £5 odd for the OTG cable. I have sent various posts asking how you view eureka whitelist after root, as well how you use ssh and what the cc password is because when i have tried ssh in putty it asks me for username then password. I may as well have saved my money because all i have are the same apps as what i can get from google. total wast of money.
Click to expand...
Click to collapse
think yourve missed the point a bit then !
plus you didnt HAVE to spend that amount to get it going,
a under £10 ATmega 32U4 equiv is ok, plus you can make a OTG cable for free...
plus its future proofing IF sothing come out later
and its a great hobby too !

Categories

Resources