Related
Google blocks Chromecast app that let you stream your own videos...
"Google hasn't provided a clear answer on whether Chromecast will eventually let users stream their own local videos and music to the TV screen. But if early updates for the $35 dongle are any indication, the company doesn't want third-party developers trying to deliver that functionality. The most recent Chromecast update has broken support for AllCast, an Android application that previously allowed users to stream their personal media to a TV. AllCast (also known as AirCast thanks to a trademark dispute) could play back files stored in a phone's gallery, Dropbox, or Google Drive. Developer Koushik Dutta accomplished the feat by reverse engineering the Chromecast's code. He'd released several betas of the app, even planning a release on Google Play, before Google's latest software update broke things — "intentionally" in Dutta's opinion."
Read more...
http://www.theverge.com/2013/8/25/4...chromecast-app-that-let-you-stream-own-videos
They blocked these two apps so far:
https://plus.google.com/110558071969009568835/posts/G3jF2JynLc2
https://plus.google.com/117916055521642810655/posts/23BrB267QHJ
Let Google know exactly how you feel about this issue. If you're not happy downgrade and comment on their official Chromecast app.
https://play.google.com/store/apps/details?id=com.google.android.apps.chromecast.app&hl=en
xuser said:
They blocked these two apps so far:
https://plus.google.com/110558071969009568835/posts/G3jF2JynLc2
https://plus.google.com/117916055521642810655/posts/23BrB267QHJ
Click to expand...
Click to collapse
Those apps were never approved and on the app whitelist. ALL apps are blocked by default. Only approved apps will run on the Chromecast. What those apps were doing was reverse engineering the Chromecast and using a hack to get around it. Google fixed that hack.
New names for Chromecast:
iCast
Castrate
ClosedCast
CastOff
OutCast
Sucks that now only YouTube and Netflix are the only things that'll play. Enjoyed the ability to play local media.
xuser said:
New names for Chromecast:
iCast
Castrate
ClosedCast
CastOff
OutCast
Click to expand...
Click to collapse
I'm calling mine Ebaycast.
I've got a Roku3 that does everything I need..
Very disappointing! I was at a friend's home and he was showing off mirroring his iclone through Apple tv. Was hoping Chromecast would top that.
Sent from my EVO using xda app-developers app
After getting Aircast and fling to work, I ordered 2 more Chromecast dongles. Just cancelled them.
Hopefully Google is just temp blocking until ready to officially supporti 3rd party apps. If not, back to Roku.
I don't know if anyone else noticed but casting a local video file from a chrome browser tab actually plays smoother now. But aircast provided the easiest way to cast a video file from an Android phone.
After getting Aircast and fling to work, I ordered 2 more Chromecast dongles. Just cancelled them.
Click to expand...
Click to collapse
I have no interest in buying another Chromecast until this gets sorted out either.
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me
Click to expand...
Click to collapse
Mostly because it was more useful when AllCast and Fling worked. Kind of back in the ballpark with Google TV now in that it doesn't do a lot (for me anyway). Nothing more, nothing less.
Disappointed
akellar said:
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
Click to expand...
Click to collapse
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
akellar said:
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
Click to expand...
Click to collapse
It may never have been announced to be able to do it, but to most it was obvious that the device was capable of doing it and that with dev support a lot was possible. It is disappointing to see how restrictive Google is being in taking away support for a function that the chromecast can handle. That being said, there will always be a way to accomplish this, it is just a matter of how inconvenient Google is going to make it.
While Google is within their own rights to change parts of the software that was never intended to be used for 3rd party, it's a massive mistake for Google to do this just to kill off those 3rd party apps. There must be a good reason for it and Google should make a public announcement as to why. There's probably a good % of sales of Chromecast specifically because of the functionality AirCast gave. I was going to buy a ChromeCast only because of the functionality AirCast gave but without this, a ChromeCast is useless for me.
I won't be buying until this functionality is officially supported or Google provides an official API/support for 3rd party applications that do provide this functionality.
Such a shame as Google had some much promise behind this product but that seems to have disappeared.
Hey
Just discovered an app that streams local content to any dnla player - wiTV. It offers mostly russian online contant but.. It also offers streaming local content from all of your devices including apple pc and Android. It creates a dnla local server on mobile devices and you can launch local media playback and scroll through it on the mobile device plays well on my old asus oplay r3 and samsung tv
Have fun and screw u Google! I can't believe i paid $100 to buy junk
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
jamosjamos said:
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
Click to expand...
Click to collapse
The SDK isn't final. And in this case the developer hacked around one of the most essential parts (the app whitelist). No offense, but I don't want Netflix, HBO, etc to pull their content off the Chromecast so Google can let hackers design apps to stream content from my phone in a non-standard way that was never intented. How about we all wait until the SDK is final before judging Google. All they did was fix a security hole in the device.
Techno79 said:
While Google is within their own rights to change parts of the software that was never intended to be used for 3rd party, it's a massive mistake for Google to do this just to kill off those 3rd party apps. There must be a good reason for it and Google should make a public announcement as to why. There's probably a good % of sales of Chromecast specifically because of the functionality AirCast gave. I was going to buy a ChromeCast only because of the functionality AirCast gave but without this, a ChromeCast is useless for me.
I won't be buying until this functionality is officially supported or Google provides an official API/support for 3rd party applications that do provide this functionality.
Such a shame as Google had some much promise behind this product but that seems to have disappeared.
Click to expand...
Click to collapse
I agree.
I purchased the ChromeCast only for the purpose of wireless playing movies from my laptop to my HDTV. I currently use a HDMI cable, but thought wireless would be ideal.
I never use Netflix.
I never use Utube.
I wasted $35 plus shipping, because google refuses to allow me to use the hardware I purchased the way I want to.
It just arrived a few days ago, and I can root it.
But I don't think rooting it will help.
It's just a paperweight now.
Maybe I can return it to Google for a full refund?
ddiehl said:
I'm calling mine Ebaycast.
I've got a Roku3 that does everything I need..
Click to expand...
Click to collapse
Yeah, I just love DLNA support on my Roku3.
jamosjamos said:
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
Click to expand...
Click to collapse
I hope you sent this as feedback, very well put. The corporate device manufacture, including Google has benefited from free private development. A lot of the features that come on devices today started with the devs witch in turn busted sales from their innovation and put android where it is today.
Sent from my EVO using xda app-developers app
I don't under stand what the problem was. I mean, I was just using AllCast to watch videos of my kids on the TV. I'm not willing to spend time to upload videos to YouTube just to do that (nevermind privacy concerns and the fact the world doesn't care about my kid doing backflips off the couch).
I already have an HTPC for media playback, there's only personal content on my phone.
This was probably disabled because it wasn't using the actual SDK and was more of a hack. Was neat while it lasted.
Well, will this work? I can get prime videos to play through mobile firefox, but that is as far as I've gotten. I've tried but I don't know that I am using it right. Is there some way, with the new apps, to get Amazon Prime video streaming from my phone/tablet to my chromecast?
primetime34 said:
Well, will this work? I can get prime videos to play through mobile firefox, but that is as far as I've gotten. I've tried but I don't know that I am using it right. Is there some way, with the new apps, to get Amazon Prime video streaming from my phone/tablet to my chromecast?
Click to expand...
Click to collapse
I'm betting for now that the answer is NO...But there may be ways with a Hacked Rooted CCast.
I would be guessing but I expect there to be DRM in those that requires a player that can decode the DRM stream.
Netflix has one for the CCast and until Amazon supports CCast natively I wouldn't expect it to work without direct streaming whatever is on the Tablet screen directly to the CCast via Allcast or some other app that requires a Rooted CCast..
You can use vget with the full version of Avia
Sent from my EndeavorU using Tapatalk 2
drivenby said:
You can use vget with the full version of Avia
Sent from my EndeavorU using Tapatalk 2
Click to expand...
Click to collapse
I have the full version of Avia. How can I use it with Amazon prime videos?
Sent from my GT-N8013 using Tapatalk 4
primetime34 said:
I have the full version of Avia. How can I use it with Amazon prime videos?
Sent from my GT-N8013 using Tapatalk 4
Click to expand...
Click to collapse
You probably can't, I'm guessing it has some kind of drm.
I meant using vget for sites like putlocker or other storage sites.
What I do is use vget as a dlna server and read it through avia.
Works as a charm MOST times.
For some reason some files won't play through dlna or streaming, and I have to download them with vget
Sent from my EndeavorU using Tapatalk 2
As far as I know...Anything that can only be played through a proprietary portal and their proprietary software (This includes NetFlix, GPlay, and Amazon) are most likely protected with DRM so that they can only be played on their proprietary player.
Which means it is pretty much up to them to incorporate Casting to CCast before you can cast those content items.
No way around it that I can think of.
Netflix activates an app on the CCast that knows how to decode their DRM encryption to play.it's streams.
It's a safe bet GPlay does this too and Amazon will need to create the same system they use.
While we all want Screen Mirroring and Local casting...The truth is the DIAL technology was always meant to be used in the way NetFlix uses it.
Thankfully it is flexible enough that we can get those other things as well.
Asphyx said:
As far as I know...Anything that can only be played through a proprietary portal and their proprietary software (This includes NetFlix, GPlay, and Amazon) are most likely protected with DRM so that they can only be played on their proprietary player.
Which means it is pretty much up to them to incorporate Casting to CCast before you can cast those content items.
No way around it that I can think of.
Netflix activates an app on the CCast that knows how to decode their DRM encryption to play.it's streams.
It's a safe bet GPlay does this too and Amazon will need to create the same system they use.
While we all want Screen Mirroring and Local casting...The truth is the DIAL technology was always meant to be used in the way NetFlix uses it.
Thankfully it is flexible enough that we can get those other things as well.
Click to expand...
Click to collapse
That makes sense. I just hope that sooner, rather than later, Amazon decides to open up their videos to all the android users...I mean for crying out loud, there is an app for the Wii and nothing for Android yet. Ridiculous.
primetime34 said:
That makes sense. I just hope that sooner, rather than later, Amazon decides to open up their videos to all the android users...I mean for crying out loud, there is an app for the Wii and nothing for Android yet. Ridiculous.
Click to expand...
Click to collapse
Yeah, I'm waiting for Amazon too... can already do it on my TV, but my TV's interface is klunky.
I think they will get there but it's a huge company whose software divisions are pretty much focused on their Kindle and Internal stuff.
Unfortunately I don't see them listed under the Dial Registry Database at all right now...
http://www.dial-multiscreen.org/dial-registry/namespace-database
Now that posting could be out of date and it may not mean they aren't working on it just that they haven't registered their Name yet.
They may be waiting for the public release of the SDK. Not sure how close they are with Google as far as development goes to be right on top of it.
I tend to avoid buying any music or content with DRM. I would rather buy the disc and rip it into a DRM free format so I can keep it on the Media Server or NAS.
Asphyx said:
I tend to avoid buying any music or content with DRM. I would rather buy the disc and rip it into a DRM free format so I can keep it on the Media Server or NAS.
Click to expand...
Click to collapse
Totally my attitude as well though recent life changes have pushed me to more of a "wherever, however" methodology, heh. Still won't pay for DRMed stuff as I've been burned too many times in the past, but I'll rent/subscribe for streaming now. Scary. I finally subscribed to Netflix... but mainly because I had the code from Chromecast. Nice bonus, the $8.99 1-month DVD+streaming gift card I bought years ago redeemed for two months of streaming service ($15.98 value). :victory:
bhiga said:
Totally my attitude as well though recent life changes have pushed me to more of a "wherever, however" methodology, heh. Still won't pay for DRMed stuff as I've been burned too many times in the past, but I'll rent/subscribe for streaming now. Scary. I finally subscribed to Netflix... but mainly because I had the code from Chromecast. Nice bonus, the $8.99 1-month DVD+streaming gift card I bought years ago redeemed for two months of streaming service ($15.98 value). :victory:
Click to expand...
Click to collapse
Netflix is a pretty good value when you get right down to it. I just signed up for the first time last month as well. Not sure I'll keep it but at the time Plex didn't support CCast! LOL
Truth is I got it as much for my Mother to use the account as for me! I may only keep as long as the MidSeason Break is on because there is nothing but crap on until January! LOL
Netflix is worth every penny imho.
Well, American Netflix. The other ones ain't so hot but if you have an open mind, there's plenty to watch.
If you are more of a 'up to date' guy, then Hulu might be the better alternative.
Sent from my EndeavorU using Tapatalk 2
So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Sent from my Nexus 5 using Tapatalk
Android might be too open for Google's liking.
Allowing free streaming of audio and video would only cement Apple's good standing with companies more comfortable with controllable DRM.
Also, Android is seen as a highly vulnerable platform.
No one can have two masters.
Google can't make money on advertising alone.
Alas, only time will tell...
Sent from Tapatalk using Xperia Z1 (C6906)
rans0m00 said:
So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Click to expand...
Click to collapse
Two of ways to look at it...
Google never intended for root to happen, initial bootloader vulnerability was an engineering version released by accident
Google loves us and released vulnerable bootloader on purpose, but that jeopardized their agreements with Netflix, Hulu, HBO, etc so they had to patch the hole
I think both have something do with it.
Given Hollywood's fear and lack of understanding of technlogy, they probably heard "rooted" and immediately called the lawyers. Doesn't matter that Chromecast doesn't actually download and store the content, so root really doesn't help in terms of "they have a copy that they can decrypt" - it's just fear.
From a business perspective Google's really pushing this mass market. So if that was the reason, the choice became "We lock it down, make the content providers happy and sell millions - or we don't lock it down, lose the content providers, and have a $35 Google TV that can't even access anything more than YouTube" well....
It's one thing to stand your ground and alienate a large group while still having functionality but standing your ground, alienating a large group and ending up with a fairly useless and unmarketable device is a recipe for angry stockholders.
tl;dr - blame the ignorant content industry decision-makers that think all we want to do is pirate stuff.
Well how willing would a company like Netflix be to support a device that once rooted could be used to steal their encryption and Auth methods So you could steal their content?
A rooted CCast could be programmed to off load the players and content it uses locally,
The content creators and providers know this which is why most content related apps are set up to refuse to work in the presence of root on a device.
Google doesn't really care if your device is rooted or not but the people they want to support the CCast care.
Remember the failure of GoogleTV, The TV Networks blacklisted the device because they believed it would be used to pirate their material and wanted to charge you or google to see it!
Unless you went directly to their site where they could count you as a view and make the money from advertising.
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Click to expand...
Click to collapse
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
bhiga said:
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
Click to expand...
Click to collapse
Hopefully so. At this price point for the item if they can get most apps to use it then they will sell tons of them.
rans0m00 said:
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
actually there is nothing about root other than bypassing the whitelist that lets you play more stuff.
To put it another way....
Would rooting your TV make it do something more than it already does? No it wouldn't would it?
It'a nothing more than who has access to control the hardware but the hardware doesn't do any more than it already does and it still won't play an AVI natively without transcoding so your not really gaining capability, Just removing restrictions that are there to keep control of DRM content to keep Content providers and creators happy.
If they let it stay uncontrolled then devices like this would be supported while Content providers stayed away from CCast due to it's uncontrolled environment.
http://www.webpronews.com/ces-2014-netgear-announces-hdmi-dongle-chromecast-competitor-2014-01
And rooting our androids have opened up plenty of possibilities that otherwise wouldn't be available. Like customs roms and kernels. Which then open the door to tons of stuff.... Its been a minute but I think it was custom kernels that allowed us to use exfat instead of fat32? Currently the chromecast rooted only runs a custom whitelist and a handful of other things. Because that is all we have the option with the only custom rom out. If they figure out how to start adding different functions I don't know what would be possible but yes... From rooting this opened the door to all of this being possible.
Sent from my Nexus 5 using Tapatalk
Asphyx said:
A rooted CCast could be programmed to off load the players and content it uses locally
Click to expand...
Click to collapse
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
hp420 said:
Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yes, and then the Hollywood lawyers would try to stop your coffee maker's maker from making coffee makers. Whoa, that's a lot of makers...
hp420 said:
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Asphyx said:
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Click to expand...
Click to collapse
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
The chromecast was never advertised as an open source device.
Maybe it's time people realize that Google isn't synonymous with 'free, good or open source' .
They are a company and they are here to make money.
Honestly, I'm already set with the chromecast.
Netfliz+Hulu + avia + showbox +vget +plex + tab casting = my money's worth
Sent from my HTC One X using Tapatalk 2
I agree with people have said here.... I can see both sides for the argument as being valid.
I prefer full control of my device but I also realize my type is a very small portion of the people needed to make this device appealing enough for developers to write code to
allow ccast to work.
I'm hoping that root is found occasionally to still keep the devs interested but spread out enough to keep people like netflix and hulu Happy.
Sent from my Nexus 5 using Tapatalk
hp420 said:
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
Click to expand...
Click to collapse
So given a choice of having Media available for a Media device or Rooted device that does nothing you want the Rooted paperweight....
Good for you!
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Rans...Don't get me wrong I don't really have a problem with Root but there comes a point where having control over a device thats express purpose is to stream media and send content to a screen makes having content available more important than having control over Root access to a device that won't do what it is intended to do once you get it!
This is not a phone that you can sideload programs to and make it do something it wasn't intended to do.
It is like saying I want complete control over my TV Operating system and don't care if everyone who makes TV content available won't suppot my device making it a nice peice of electronics you can hack but serves no other purpose.
If rooting lost you Netflix, Plex, aVia and all the other content provider support what good would all that root access get you?
Are developers going to start making movies for you to watch as well?
Or are you just getting root to make your TV an Android box when an Android Stick would do the same thing for you?
Right now the only reason to have root is to Run Team Eureka's rom, And it is well worth having for that!
But if Netflix, Hulu and anyone else who has content to use on the device did a Root Check and stopped supporting your rooted device you would have nothing more than a nice Splash screen on your TV...
It's one thing to be a control freak about your devices...
Just remember the folks who make the content you want to see on your devices have the same desire (and RIGHT) to want to control who sees their content and who doesn't!
And you will blame them for not trusting you not yourself on insisting to have root on a device whose sole purpose is to display someone else's content!
We would all love to have root access to everything in life....
And thinking your going to get more just because you have more control is foolish because we have seen Root get you less from those who HAVE the content you really want.
If all this device could display was stuff you owned no one would need it because there are about 100 different devices that can already do it an better!
I actually think with enough dev support people could figure out how to make the chromecast into quite a bit more. I am not familiar with the limitations of the device itself though.
Before coming to Android I had an iPhone and I had my phone jail broke. Certain apps would not work if it was detected to be jail broken. Usually the devs found a work around and still had the content.
I'm still sticking with best case scenario is this turns out to be an apple vs jail break scene. They keep patching it but devs keep working to find holes and increasing the options users have with their device. This might keep the content providers happy since google would be patching the holes when they are presented.
And when it comes down to other devices doing it better.... Yeah there is always a different options... With the current state of things honestly I still prefer the rokus over the chromecast.
Sent from my Nexus 5 using Tapatalk
Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
r3pwn said:
Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
Click to expand...
Click to collapse
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
bhiga said:
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
Click to expand...
Click to collapse
The whitelist still exists? I had thought they removed that with the SDK.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
The whitelist still exists? I had thought they removed that with the SDK.
Click to expand...
Click to collapse
According to this in the developer's guide you still have to allow your Chromecast to send its serial number, register your app which gives you an API key, and register your device so it can receive the app.
Only "published" apps will be available without registering your device, so still sounds like Google is the gatekeeper to publicly-available apps.
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Click to expand...
Click to collapse
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
bhiga said:
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
Click to expand...
Click to collapse
I don't think I want to spend that much. If I don't find something else by then, I could just go to GameStop in the mall (right across the street from my school) and get a $15 one.
Sent from my Nexus 7 using Tapatalk
Walmart also sells play cards!
Sent from my SPH-L710 using xda app-developers app
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
We need to get Chainfire to do the rooting stuff.
Asphyx said:
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
Click to expand...
Click to collapse
I was actually thinking that to myself. There has to be some sort of thing to root the device other than the 2nd stage bootloader exploit that was patched already.
Sent from my iPod touch using Tapatalk
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
cmstlist said:
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Sent from my iPod touch using Tapatalk
r3pwn said:
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Click to expand...
Click to collapse
Well the exploit I was referring to would not be in an APK at all...
It would be on the App server CCast loads it's player's from.
The APKs that support CCast do not have any access to the filesystem of the CCast but the Player Apps CCast loads are on the device and the exploit would attack a vulnerability of that app to do something on the unit that the player app never considered.
Sort of like the old WMV exploit to launch web pages inside a Video that if existed as a capability in a CCast loaded Player App could launch a browser operation to a page with the Exploit code.
I'm sure Google has thought about all of that in their implementations but perhaps the 3rd Party Developers have not been so diligent about it.
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Asphyx said:
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Click to expand...
Click to collapse
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
bhiga said:
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
Click to expand...
Click to collapse
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
bhiga said:
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
Click to expand...
Click to collapse
Not that I don't disagree, but for the sake of argument, I think that is Google's cop-out. They haven't concerned themselves with this in prior endeavors, although I'm sure the poor showing of GoogleTV had to smart. The truth as I see it: Google wants the data (sigint, if you will) our 'casting' provides, THAT is why it's walled. They may want to couch it with 'quality, content provider compliance,etc.', but only so far as it maintains THEIR sigint. After all, the content providers will always constrain their content as they see fit...it must be on their servers/cdn networks by their own hand. CC is a protocol, and now cannot be enjoyed without their sigint (framework/Play version). Google's modus is provide convenience products for the non-free price of your sigint data, so you can be sold to advertisers.
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
My explanation above offers a possible reason.
edit: apologies to OP for accidentally steering into non-root discussion!
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
Could be a requirement from the providers due to copyright concerns.
What is the likelihood of Google going all "Anti-Root" on the ChromeCast like Apple does with iOS? I mean just about every android device has been and is currently rootable for the most part. I knows rooting can be considered a "security threat if misused and all.
~SG
They fixed the first hole pretty fast, so I guess they will do the same with the 2nd hole.
An open media player can be difficult due to licencing issues...
I agree with the previous post on that Google will try to block Chromecast root. But, anyway, I think it's still an awesome device.
I would imagine companies like Netflix prefer the CC locked.
If you ask me...Google has definitely been diligent at securing the device from being rooted. I mean it's almost a year since the last root window opened up and closed.
They definitely learned a thing or two from Motorola about locking up devices!
They have to at least appear to be doing something about securing the device since support from the various content providers is dependent on that security.
A lesson they learned with the Google TV debacle.
Unlike Google TV without content this CCast dongle is worthless!
So yes they will try and do whatever they can to patch up any root exploit they can.
As long as the content providers remain paranoid about piracy, the big G will have to do what they need to in order to make sure there's still content to play via Chromecast.
bhiga said:
As long as the content providers remain paranoid about piracy, the big G will have to do what they need to in order to make sure there's still content to play via Chromecast.
Click to expand...
Click to collapse
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
~SG
SomeGuy2008 said:
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
Click to expand...
Click to collapse
A tablet and phone can do other things than simply play media.
Chromecast minus the media leaves screen mirroring - but only for semi-recent and supported devices. That's not a market of millions of units, otherwise the folks selling Miracast devices would be rich and making shinier products.
(Stock) Chromecast has no interface, no way to sideload apps, and requires applications to support it in their code. Take the Chromecast-enabled apps away and you don't have much left, especially up against the Miracast devices.
SomeGuy2008 said:
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
~SG
Click to expand...
Click to collapse
The chromecast is built for, and solely marketed as a online media streaming stick. Google needs to show content providers that they are passionate about making their device a secure hardware solution for online media, otherwise if new content providers do not develop for the Chromecast, or current ones opt out Google would have lost the sole purpose of their device.
Android itself is generally easy to unlock devices bootloaders, gain root access and install custom roms, it was designed like that. While the chromecast was locked down. Google are taking a completely different approach to the Chromecast, than they did for their nexus line or Stock android in general.
It really comes down to numbers vs risk.
The solution is to use DRM to protect the content. Pretty easy on a Phone/Tab due to it's beefier processor but not so much on a CCast other than using the built in DRM which could be vulnerable if someone with root access messed with it. On a phone you could create your own DRM system inside the app and even run a root check to deny the app from running which many have chosen to do. In essence that is precisely what Netflix does! And it should be noted that Netflix runs differently on CCast than all the other Receiver apps we see.
While they would probably be more comfortable not supporting Android due to it's rootable nature, when 85% of your target audience is running it it's a little difficult to ignore. Not so much the case with CCast at this point. and without their support it never will capture a majority of the audience.
Truth is the major holdup to content support seems to be the duality required to make CCast work. Not only do you have to code a receiver app for the CCast but you have to build the control and Dial functions into the Mobile app as well to send content to it.
Most media companies aren't this savvy to wrap their heads around that which makes CCast support almost an afterthought.
But back to your question...Yes they are plenty concerned with root on phones and tabs but to deny them means cutting off the lionshare of your target audience. Not the case with CCast at this point and since content is all it does they have some leverage to ignore it if they want until they are sure it is piracy proof.