I have read that google wilp be adding screenmirroring for chromecast but my chromwcast has not gotten any updates since i unboxed it. And i know they havenot enabled mirroring yet but i think there was a recent update wasmt there?
My chromecast is not rooted or anything
Sent from my One S using xda app-developers app
cannondaleV2000 said:
I have read that google wilp be adding screenmirroring for chromecast but my chromwcast has not gotten any updates since i unboxed it. And i know they havenot enabled mirroring yet but i think there was a recent update wasmt there?
My chromecast is not rooted or anything
Click to expand...
Click to collapse
Android screen mirroring has not arrived yet. And by the looks of it, the device side will have to be supplied by OEMs, most likely baked into ROMs. I could see screen mirroring easily being used by malware, so this is probably a security measure.
bhiga said:
Android screen mirroring has not arrived yet. And by the looks of it, the device side will have to be supplied by OEMs, most likely baked into ROMs. I could see screen mirroring easily being used by malware, so this is probably a security measure.
Click to expand...
Click to collapse
So is it already there on the android side? With the cast screen thing in settings? And will it work with roms like cm slim omni etc?
Sent from my One S using xda app-developers app
cannondaleV2000 said:
So is it already there on the android side? With the cast screen thing in settings? And will it work with roms like cm slim omni etc?
Sent from my One S using xda app-developers app
Click to expand...
Click to collapse
It's available in the AOSP SDK for KitKat.
Which means it is possible that they have plans to implement it in the future if the Manufacturers want to.
But it appears to be nothing much more than a way of doing Miracast with a Chromecast.
And I'm willing to bet that for the security reasons bhiga mentioned it will only work as a Radio to Radio connection in the same way Miracast does.
That will solve the issues of malware since it would really only work to send to a CCast very close and near to the unit.
Asphyx said:
It's available in the AOSP SDK for KitKat.
Which means it is possible that they have plans to implement it in the future if the Manufacturers want to.
But it appears to be nothing much more than a way of doing Miracast with a Chromecast.
And I'm willing to bet that for the security reasons bhiga mentioned it will only work as a Radio to Radio connection in the same way Miracast does.
That will solve the issues of malware since it would really only work to send to a CCast very close and near to the unit.
Click to expand...
Click to collapse
I hope it's not just radio-to-radio as it would be restrictive for some apps, but at least limiting the functionality to OEM manufacturers means no third-party apps could silently launch screen-mirroring. Assuming you trust your OEM manufacturer, at least.
bhiga said:
I hope it's not just radio-to-radio as it would be restrictive for some apps, but at least limiting the functionality to OEM manufacturers means no third-party apps could silently launch screen-mirroring. Assuming you trust your OEM manufacturer, at least.
Click to expand...
Click to collapse
I would think that if a Manufacturer could add something to the ROM to make it work there is no reason why an app couldn't do the same thing especially one that intended to do something you shouldn't.
I'm not all up on Miracast (since I don't have a device that supports it , I do have a dongle though) but I'm betting you can connect to Miracast without losing Internet and if that is true then thats probably how CCast mirroring will work because the only way to be sure it is secure is to limit what it can broadcast to. And Radio Range would seem to be the best method for that. Means the Spy would have to be in radio range to intercept the stream.
But I'm with you I hope not!
Would much prefer it worked on PIN PAIR method (Like Bluetooth) where you add the CCast as a Display device, You enter a Pin code to pair them and Mirroring only works with devices your paired to.
Thats best protected in the OS and would work because Apps couldn't then pair with anything other than your own screen....
But that doesn't mean the Divorce rate won't go up! LOL
Asphyx said:
I would think that if a Manufacturer could add something to the ROM to make it work there is no reason why an app couldn't do the same thing especially one that intended to do something you shouldn't.
Click to expand...
Click to collapse
Koush said the API isn't available to non OEMs. So it would take some kind of exploit, which would then be very device and configuration specific, so fairly safe. Likely there's some signing process as well.
Sent from a device with no keyboard. Please forgive typos, they may not be my own.
bhiga said:
Koush said the API isn't available to non OEMs. So it would take some kind of exploit, which would then be very device and configuration specific, so fairly safe. Likely there's some signing process as well.
Sent from a device with no keyboard. Please forgive typos, they may not be my own.
Click to expand...
Click to collapse
Yes but I'm betting that it may need the OEMs to add drivers for the support which is why it's done there but not as part of android.
Which is why I fear it working like Miracast does. The API is there but the OEMs need to make drivers that will allow simultaneous Network and Mirroring via Radio.
Related
These images are outdated! do not use them anymore!
there are much more useful roms and mods for the chromecast now made my devs who actually own the device. go use them. I am no longer doing anything at all with the chromecast. (I haven't found one at any local store with a serial number in the rootable range, and I have no use for a stock one.)
rooted images for the chromecast that will remove google's ability to update anything at will. Use this to save your open bootloader.
Discussion started in here: http://forum.xda-developers.com/showthread.php?t=2387392
Split off to make it easier to find for new users.
download:
build 13300: http://forum.xda-developers.com/showthread.php?t=2453097 not my image. Made by someone who actually owns a chromecast.
build 12940: https://dl.dropboxusercontent.com/u/19978192/gtvhacker-chromecast-12940.bin.gz
build 12840: https://dl.dropboxusercontent.com/u/19978192/gtvhacker-chromecast.bin.gz
Thanks to:
GTVHacker - original root image
Google - for making the h2g2-42
ellen - putting up with me making these instead of watching chick flics with her
reserved for later use
reserved because I like reserving posts
tvall said:
reserved because I like reserving posts
Click to expand...
Click to collapse
I like that you're reserving posts! ...especially this kind of post! lol
If I factory reset my chromecast with this firmware will it upgrade or keep this firmware?
extrem0 said:
If I factory reset my chromecast with this firmware will it upgrade or keep this firmware?
Click to expand...
Click to collapse
A factory reset will just wipe the data partition, so the device will still be safe from self-upgrading.
This is great man, I just got my cable today and my chromecast a couple days ago, I refrained from plugging it in, so unless its been updated already it should be on!
So do I need to flash the original GTVHacker bin and then your 12940 bin?
Thanks for the great work and thanks to GTVHackers and XDA.
You can just flash mine
twist said:
This is great man, I just got my cable today and my chromecast a couple days ago, I refrained from plugging it in, so unless its been updated already it should be on!
So do I need to flash the original GTVHacker bin and then your 12940 bin?
Thanks for the great work and thanks to GTVHackers and XDA.
Click to expand...
Click to collapse
Flash tvall's image if you don't want it to auto-update and loose root..
Wisiwyg said:
Flash tvall's image if you don't want it to auto-update and loose root..
Click to expand...
Click to collapse
So we only need to flash one of these two images, correct? I'm assuming it's the first one, right? "gtvhacker-chromecast-12940.bin.gz" is tvall's image that we need to flash? After flashing that image, we'll be rooted, on the most current version, AND auto-updates will be disabled?
jsdecker10 said:
So we only need to flash one of these two images, correct? I'm assuming it's the first one, right? "gtvhacker-chromecast-12940.bin.gz" is tvall's image that we need to flash? After flashing that image, we'll be rooted, on the most current version, AND auto-updates will be disabled?
Click to expand...
Click to collapse
Correct
It is my understanding that one of Google's OTA's blocks local files streaming like Fling. Does your image contain the update that broke Fling?
dmcccdmn said:
It is my understanding that one of Google's OTA's blocks local files streaming like Fling. Does your image contain the update that broke Fling?
Click to expand...
Click to collapse
IIRC, it wasn't an OTA update that broke Fling. Google made some changes server-side that broke it. The ChromeCast connects to Google servers (or 'phones home') during use. The developer of Fling used unsupported API calls in the app, which was built using the preview SDK. Google's updates invalidated those calls, essentially rendering the app useless. Google has stated that the breaking of local media casting was unintentional, and they do plan on allowing support in the future. At the moment, the ChromeCast can still be considered a device in testing. I don't think the official SDK is out yet.
AirCast was "reverse engineered" though, right? So if it didn't have that "time bomb" in it, it should still work, right?
Sent from my VZW Galaxy S3 using Tapatalk 4 Beta
jsdecker10 said:
AirCast was "reverse engineered" though, right? So if it didn't have that "time bomb" in it, it should still work, right?
Sent from my VZW Galaxy S3 using Tapatalk 4 Beta
Click to expand...
Click to collapse
Aircast is dead. Fling is dead. Rooting does not help. These are dead until some day Google decides to allow it. Google allows only a few apps : Netflix, YouTube, and Google provided content. Google could have decided that allcast and fling were so popular that permitting it like Netflix is permitted will increase sales. Google could have decided to permit allcast and fling, but decided against it.
So, you might have purchased the chromecast after reading about allcast as I did, and am disappointed with having purchased a device whose very few apps are uninteresting to me.
There are only a few choices :
1. Wait and hope google will permit allcast and Fling in the future.
2. Wait and see if developers will provide this functionality for rooted devices.
3. Sell the chromecast to someone who loves Netflix and netflix alone - who isn't interested in connectivity to the many other Internet content providers - like one has access to via Roku.
Actually, stores have many devices, either standalone or built into blu ray players which provides Netflix along with far more choices for Internet provided media. Google's chromecast looks very inferior to me.
In its current form, chromecast is probably a big disappointment to most people who have purchased it. The only hope is that it will become something better in the future - either directly from Google, or via developers.
At this time, rooting gets us nothing, except hope.
Anyone want to write some detailed instructions on how to use this?
I just make the images, I don't know exactly how to use them
tim is so helpful
tvall said:
Anyone want to write some detailed instructions on how to use this?
I just make the images, I don't know exactly how to use them
Click to expand...
Click to collapse
tvall...man, lemme tell ya...i'm impressed. You're sittin there making images for our Chromecasts and you aren't even able to see if they work or not and you aren't even getting to enjoy this toy. I wouldn't have NEAR the patience that you must have, especially if I wasn't even able to enjoy what I had worked on. I dunno how you do it man, but congratulations! you're officially DA BOMB!! lol We all appreciate everything you've done for us here and look forward to MANNNYYYYY more updates from you! Thank You!
deepdespair said:
IIRC, it wasn't an OTA update that broke Fling. Google made some changes server-side that broke it. The ChromeCast connects to Google servers (or 'phones home') during use. The developer of Fling used unsupported API calls in the app, which was built using the preview SDK. Google's updates invalidated those calls, essentially rendering the app useless. Google has stated that the breaking of local media casting was unintentional, and they do plan on allowing support in the future. At the moment, the ChromeCast can still be considered a device in testing. I don't think the official SDK is out yet.
Click to expand...
Click to collapse
That's very odd. I didn't think that Fling would need to connect to Google servers in order to function. Shouldn't everything just work locally? If I unhook my cable modem and leave my router on, wouldn't Fling still function without the internet?
dmcccdmn said:
That's very odd. I didn't think that Fling would need to connect to Google servers in order to function. Shouldn't everything just work locally? If I unhook my cable modem and leave my router on, wouldn't Fling still function without the internet?
Click to expand...
Click to collapse
See here:
http://forum.xda-developers.com/showthread.php?p=45011314
Sent from my TF300T using Tapatalk 4
Hi this is great news! Chromecast is getting its turn with a brand new User Experience Guide!
I read this article in androidpolice.com in this link:
http://www.androidpolice.com/2013/1...lopers-still-no-word-on-the-whitelist-policy/
The guide is here:
https://developers.google.com/cast/design_consider
Google Cast is a technology that allows Android and iOS mobile apps and Chrome web apps to “cast” content - like video, audio, and screen sharing (mirroring) - to Cast-ready devices like Google Chromecast.
Click to expand...
Click to collapse
(Emphasis added)
Screen sharing must be coming!!
bhiga said:
(Emphasis added)
Screen sharing must be coming!!
Click to expand...
Click to collapse
Koush saw it in the source code of KitKat so yes it will be coming but it may be restricted. and dependent on the Unit Manufacturer for implementation.
Which suggests it may not work for apps (they would use the current methods) and be a Device and ROM specific feature.
The fact that it will be possible will make those restriction more like Guidelines than rules once Devs get their hands on how it works.
I am loving where this is all going! As I always say..it is only a matter of time.
Sent from my SCH-R970 using Tapatalk 2
shelby04861 said:
I am loving where this is all going! As I always say..it is only a matter of time.
Sent from my SCH-R970 using Tapatalk 2
Click to expand...
Click to collapse
Amen!
Also the guide makes it clear that the current Chromecast is only one implementation. I think the rumors of a Nexus TV being announced early next year are probably true and it will include native Cast support.
bozzykid said:
Also the guide makes it clear that the current Chromecast is only one implementation. I think the rumors of a Nexus TV being announced early next year are probably true and it will include native Cast support.
Click to expand...
Click to collapse
Yes I can see some Smart TVs adding this capability natively at some point. Biggest user complaint they get is they hate the Menu and navigation on the TV and this might make it easier to create an App that would do all this for their TVs in a much better way!
The good news on this Google release is it seems to suggest the SDK is about to drop to the FULL PUBLIC...
It was invitation only before the Hackathon and I think the Hackathon was really meant to test the SDK to see if it was ready for Public consumption...
Once it goes full public expect to see a FLOOD of Apps supporting CCast maybe even Games where the video displays on the TV but the phone or tablet just has control functions. Would open the door to much more sophisticated control options in the vain of what PC has been able to do via it's keyboard.
Asphyx said:
Yes I can see some Smart TVs adding this capability natively at some point. Biggest user complaint they get is they hate the Menu and navigation on the TV and this might make it easier to create an App that would do all this for their TVs in a much better way!
.
Click to expand...
Click to collapse
Yes, indeed. Lately, I have found myself wanting to use YouTube more and more on a big screen and, even though my TV is only 2 years old, navigating to the TV app is a painful experience.
I bought my Chromecast specifically for YouTube and for me it was worth the $35 just to be able to access it without having to trawl through the clunky TV menus Everything that came last week and the features still to come have been a has been a great bonus .
Restorer said:
Yes, indeed. Lately, I have found myself wanting to use YouTube more and more on a big screen and, even though my TV is only 2 years old, navigating to the TV app is a painful experience.
I bought my Chromecast specifically for YouTube and for me it was worth the $35 just to be able to access it without having to trawl through the clunky TV menus Everything that came last week and the features still to come have been a has been a great bonus .
Click to expand...
Click to collapse
I tell my friends that if they can find one to avoid buying a smart TV since there are so many better ways to get that capability including just hooking a Computer to the Monitor.
But try and find a TV without it! LOL
So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Sent from my Nexus 5 using Tapatalk
Android might be too open for Google's liking.
Allowing free streaming of audio and video would only cement Apple's good standing with companies more comfortable with controllable DRM.
Also, Android is seen as a highly vulnerable platform.
No one can have two masters.
Google can't make money on advertising alone.
Alas, only time will tell...
Sent from Tapatalk using Xperia Z1 (C6906)
rans0m00 said:
So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Click to expand...
Click to collapse
Two of ways to look at it...
Google never intended for root to happen, initial bootloader vulnerability was an engineering version released by accident
Google loves us and released vulnerable bootloader on purpose, but that jeopardized their agreements with Netflix, Hulu, HBO, etc so they had to patch the hole
I think both have something do with it.
Given Hollywood's fear and lack of understanding of technlogy, they probably heard "rooted" and immediately called the lawyers. Doesn't matter that Chromecast doesn't actually download and store the content, so root really doesn't help in terms of "they have a copy that they can decrypt" - it's just fear.
From a business perspective Google's really pushing this mass market. So if that was the reason, the choice became "We lock it down, make the content providers happy and sell millions - or we don't lock it down, lose the content providers, and have a $35 Google TV that can't even access anything more than YouTube" well....
It's one thing to stand your ground and alienate a large group while still having functionality but standing your ground, alienating a large group and ending up with a fairly useless and unmarketable device is a recipe for angry stockholders.
tl;dr - blame the ignorant content industry decision-makers that think all we want to do is pirate stuff.
Well how willing would a company like Netflix be to support a device that once rooted could be used to steal their encryption and Auth methods So you could steal their content?
A rooted CCast could be programmed to off load the players and content it uses locally,
The content creators and providers know this which is why most content related apps are set up to refuse to work in the presence of root on a device.
Google doesn't really care if your device is rooted or not but the people they want to support the CCast care.
Remember the failure of GoogleTV, The TV Networks blacklisted the device because they believed it would be used to pirate their material and wanted to charge you or google to see it!
Unless you went directly to their site where they could count you as a view and make the money from advertising.
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Click to expand...
Click to collapse
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
bhiga said:
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
Click to expand...
Click to collapse
Hopefully so. At this price point for the item if they can get most apps to use it then they will sell tons of them.
rans0m00 said:
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
actually there is nothing about root other than bypassing the whitelist that lets you play more stuff.
To put it another way....
Would rooting your TV make it do something more than it already does? No it wouldn't would it?
It'a nothing more than who has access to control the hardware but the hardware doesn't do any more than it already does and it still won't play an AVI natively without transcoding so your not really gaining capability, Just removing restrictions that are there to keep control of DRM content to keep Content providers and creators happy.
If they let it stay uncontrolled then devices like this would be supported while Content providers stayed away from CCast due to it's uncontrolled environment.
http://www.webpronews.com/ces-2014-netgear-announces-hdmi-dongle-chromecast-competitor-2014-01
And rooting our androids have opened up plenty of possibilities that otherwise wouldn't be available. Like customs roms and kernels. Which then open the door to tons of stuff.... Its been a minute but I think it was custom kernels that allowed us to use exfat instead of fat32? Currently the chromecast rooted only runs a custom whitelist and a handful of other things. Because that is all we have the option with the only custom rom out. If they figure out how to start adding different functions I don't know what would be possible but yes... From rooting this opened the door to all of this being possible.
Sent from my Nexus 5 using Tapatalk
Asphyx said:
A rooted CCast could be programmed to off load the players and content it uses locally
Click to expand...
Click to collapse
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
hp420 said:
Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yes, and then the Hollywood lawyers would try to stop your coffee maker's maker from making coffee makers. Whoa, that's a lot of makers...
hp420 said:
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Asphyx said:
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Click to expand...
Click to collapse
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
The chromecast was never advertised as an open source device.
Maybe it's time people realize that Google isn't synonymous with 'free, good or open source' .
They are a company and they are here to make money.
Honestly, I'm already set with the chromecast.
Netfliz+Hulu + avia + showbox +vget +plex + tab casting = my money's worth
Sent from my HTC One X using Tapatalk 2
I agree with people have said here.... I can see both sides for the argument as being valid.
I prefer full control of my device but I also realize my type is a very small portion of the people needed to make this device appealing enough for developers to write code to
allow ccast to work.
I'm hoping that root is found occasionally to still keep the devs interested but spread out enough to keep people like netflix and hulu Happy.
Sent from my Nexus 5 using Tapatalk
hp420 said:
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
Click to expand...
Click to collapse
So given a choice of having Media available for a Media device or Rooted device that does nothing you want the Rooted paperweight....
Good for you!
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Rans...Don't get me wrong I don't really have a problem with Root but there comes a point where having control over a device thats express purpose is to stream media and send content to a screen makes having content available more important than having control over Root access to a device that won't do what it is intended to do once you get it!
This is not a phone that you can sideload programs to and make it do something it wasn't intended to do.
It is like saying I want complete control over my TV Operating system and don't care if everyone who makes TV content available won't suppot my device making it a nice peice of electronics you can hack but serves no other purpose.
If rooting lost you Netflix, Plex, aVia and all the other content provider support what good would all that root access get you?
Are developers going to start making movies for you to watch as well?
Or are you just getting root to make your TV an Android box when an Android Stick would do the same thing for you?
Right now the only reason to have root is to Run Team Eureka's rom, And it is well worth having for that!
But if Netflix, Hulu and anyone else who has content to use on the device did a Root Check and stopped supporting your rooted device you would have nothing more than a nice Splash screen on your TV...
It's one thing to be a control freak about your devices...
Just remember the folks who make the content you want to see on your devices have the same desire (and RIGHT) to want to control who sees their content and who doesn't!
And you will blame them for not trusting you not yourself on insisting to have root on a device whose sole purpose is to display someone else's content!
We would all love to have root access to everything in life....
And thinking your going to get more just because you have more control is foolish because we have seen Root get you less from those who HAVE the content you really want.
If all this device could display was stuff you owned no one would need it because there are about 100 different devices that can already do it an better!
I actually think with enough dev support people could figure out how to make the chromecast into quite a bit more. I am not familiar with the limitations of the device itself though.
Before coming to Android I had an iPhone and I had my phone jail broke. Certain apps would not work if it was detected to be jail broken. Usually the devs found a work around and still had the content.
I'm still sticking with best case scenario is this turns out to be an apple vs jail break scene. They keep patching it but devs keep working to find holes and increasing the options users have with their device. This might keep the content providers happy since google would be patching the holes when they are presented.
And when it comes down to other devices doing it better.... Yeah there is always a different options... With the current state of things honestly I still prefer the rokus over the chromecast.
Sent from my Nexus 5 using Tapatalk
Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
r3pwn said:
Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
Click to expand...
Click to collapse
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
bhiga said:
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
Click to expand...
Click to collapse
The whitelist still exists? I had thought they removed that with the SDK.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
The whitelist still exists? I had thought they removed that with the SDK.
Click to expand...
Click to collapse
According to this in the developer's guide you still have to allow your Chromecast to send its serial number, register your app which gives you an API key, and register your device so it can receive the app.
Only "published" apps will be available without registering your device, so still sounds like Google is the gatekeeper to publicly-available apps.
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Click to expand...
Click to collapse
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
bhiga said:
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
Click to expand...
Click to collapse
I don't think I want to spend that much. If I don't find something else by then, I could just go to GameStop in the mall (right across the street from my school) and get a $15 one.
Sent from my Nexus 7 using Tapatalk
Walmart also sells play cards!
Sent from my SPH-L710 using xda app-developers app
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
We need to get Chainfire to do the rooting stuff.
Asphyx said:
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
Click to expand...
Click to collapse
I was actually thinking that to myself. There has to be some sort of thing to root the device other than the 2nd stage bootloader exploit that was patched already.
Sent from my iPod touch using Tapatalk
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
cmstlist said:
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Sent from my iPod touch using Tapatalk
r3pwn said:
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Click to expand...
Click to collapse
Well the exploit I was referring to would not be in an APK at all...
It would be on the App server CCast loads it's player's from.
The APKs that support CCast do not have any access to the filesystem of the CCast but the Player Apps CCast loads are on the device and the exploit would attack a vulnerability of that app to do something on the unit that the player app never considered.
Sort of like the old WMV exploit to launch web pages inside a Video that if existed as a capability in a CCast loaded Player App could launch a browser operation to a page with the Exploit code.
I'm sure Google has thought about all of that in their implementations but perhaps the 3rd Party Developers have not been so diligent about it.
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Asphyx said:
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Click to expand...
Click to collapse
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
bhiga said:
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
Click to expand...
Click to collapse
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
bhiga said:
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
Click to expand...
Click to collapse
Not that I don't disagree, but for the sake of argument, I think that is Google's cop-out. They haven't concerned themselves with this in prior endeavors, although I'm sure the poor showing of GoogleTV had to smart. The truth as I see it: Google wants the data (sigint, if you will) our 'casting' provides, THAT is why it's walled. They may want to couch it with 'quality, content provider compliance,etc.', but only so far as it maintains THEIR sigint. After all, the content providers will always constrain their content as they see fit...it must be on their servers/cdn networks by their own hand. CC is a protocol, and now cannot be enjoyed without their sigint (framework/Play version). Google's modus is provide convenience products for the non-free price of your sigint data, so you can be sold to advertisers.
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
My explanation above offers a possible reason.
edit: apologies to OP for accidentally steering into non-root discussion!
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
Could be a requirement from the providers due to copyright concerns.
..... Are there way to many local media casting apps?
It seems another one pops up every few days.
I am all for a free market but, c'mon, let's get some originality!
Sent from my Nexus 7 using Tapatalk
Nothing wrong with it, in my opinion. One of them might come up as the ultimate Chromecast app. So far for me, top stop is reserved for BubbleUPnP, but I would change in the heartbeat if something better comes out (tough ask).
abuttino said:
..... Are there way to many local media casting apps?
It seems another one pops up every few days.
I am all for a free market but, c'mon, let's get some originality!
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
I was about to post the same thing. So far it has been very redundant and underwhelming. We need mirroring ASAP. And I'm still waiting for that app that makes me say, "Wow, I never thought of using the chromecast that way!"
Don't get me wrong, I love my chromecast. Best bang for the buck in the history of computers/electronics. I'm just spoiled. LOL!
I've never been opposed to choice. In fact it's why I own Android products and not an iPhone.
Sent from my Nexus 7 (2013) using xda-developers app
I stated that in my post. I am all for free market.
I would just hope that someone can think of something better than all these local media streamers.
Sent from my DROID RAZR HD using Tapatalk
abuttino said:
..... Are there way to many local media casting apps?
It seems another one pops up every few days.
I am all for a free market but, c'mon, let's get some originality!
Click to expand...
Click to collapse
I think it's just a matter of those apps being the most logical early adopters for CCast support cause once one media player supports CCast the rest have to make sure to follow or lose marketshare.
And I wouldn't discount Google and the Whitelisting for reasons why we aren't seeing more innovative Apps for the CCast.
Players are pretty straight forward and other Apps are probably getting a bit more scrutiny from Google before getting approved for Whitelisting since those operations actually require a more complex code on the CCast side than the Local Player apps do.
The only thing that I'm disappointed in is the fact that none of the Local Stream Devs are doing much to expand the capabilities of the player on the CCast side. Bubble has probably done the most with it's subtitle support, and Plex's latest release has added a ton of features including Music Photo and some Eye Candy during navigation.
The Most popular Android player apps were popular due to the extra container and codec support they had but unless they can add that support to the CCast side player (difficult I know) their supporting CCast really isn't going to help them retain Market.
As for Mirroring you probably have two forces at play holding it up.
First the Operating System support has to be there which means only devices with 4.2.x or higher will likely be able to run it,
and Second would be the security issues (@bhiga mentioned early on) that could be triggered by some malware that could trigger your unit to mirror to someone else and violate privacy.
Even if someone finds a way to do Mirroring well I would expect Google to go over it with a fine tooth comb before they whitelisted it and lets be honest they may NEVER allow 3rd party Mirroring Apps and prefer to control that function all on their own. Perhaps as part of future versions of Android which currently the SDK seems to have the code for it but is not being used by anyone at the moment.