Hello everyone, I'm new on here. I have been an Android user since 2010. I recently purchased a Chromecast to use with my Nexus 5 however I was struggling to get it to work with some apps, including Netflix.
It occurred to me that every time I connect a new device to my home, I am redirected to a page which let's me set up the new device on the network. I realised that Chromecast would lack the ability to navigate through this set up process and the process was preventing the device from working correctly...
Sure enough, I went into my router admin settings and disabled the 'Smart Setup' and my Chromecast immediately allowed me to cast Netflix. So check your router settings! Hope this helps!
Related
"Rickroll Innocent Televisions With This Google Chromecast Hack"
http://www.wired.com/2014/07/rickroll-innocent-televisions-with-this-google-chromecast-hack/
In short the video shows:
- remote device forces disconnect of Chromecast by sending deauth command over WiFi
- Chromecast reverts to Reconnect Me mode with its own WiFi
- remote device connects and takes over Chromecast
But if I'm not mistaken, this won't work without being able to see the access code displayed by the Chromecast on the TV screen, right?
The article also mentions another possible buffer-overrun vulnerability in the DIAL protocol, but I don't see any evidence that this is any more than speculation.
DJames1 said:
"Rickroll Innocent Televisions With This Google Chromecast Hack"
In short the video shows:
- remote device forces disconnect of Chromecast by sending deauth command over WiFi
- Chromecast reverts to Reconnect Me mode with its own WiFi
- remote device connects and takes over Chromecast
But if I'm not mistaken, this won't work without being able to see the access code displayed by the Chromecast on the TV screen, right?
The article also mentions another possible buffer-overrun vulnerability in the DIAL protocol, but I don't see any evidence that this is any more than speculation.
Click to expand...
Click to collapse
Hey! This is Dan, the researcher behind the story. To answer some of your questions:
The "access code" that the Chromecast shows is never actually used to authenticate people on the Wi-Fi. its only purpose is to make sure users don't accidentally connect to their neighbor's chromecast on accident. You can verufy this yourself: If you go into the Chromecast Android app and reconfigure your own Chromecast, you'll see that the app pops up with a message that says "Do you see the code 'X1B8'" (or whatever). You can just say "yes" and ignore it. The user never has to enter and verify the code itself.
As for the buffer overflow, it's true that there's no good evidence of it yet. I just haven't finished exploiting the vulnerability. Until I actually have a working exploit, there's no way to be sure that it really exists. The buffer overflow for sure exists, and it's in a remotely accessible location. But who knows, maybe there's some other wrinkle that keeps it from being exploitable. Exect to see more on that soon.
Hope that helps!
yep that PIN system they have is a pretty useless one considering it is more of a CHECK than a security feature....
If it was like a BT PIN where you had to enter the pin you see on the screen before you could connect it would be a real security system.
I wonder why Google hasn't thought of that,
Yup, any Chromecast is vulnerable to "takeover" whenever it gets disconnected from its configured WiFi AP.
Why? Because its setup mode is completely open and requires no challenge, just a response. It's like if you call a credit card company, put in a number that isn't yours, then the agent comes on the line and asks
"Are you Joe Smith?" [Yes]
"Is your password 'ChocolateMilkGivesMeGas'?" [Yes]
Because a simple reconfiguration does not seem to delete the existing WiFi supplicant data (Google could easily fix this by erasing the stored WiFi credentials once a device connects for setup), if the noted buffer overrun bug or another exploit could gain root, user's WiFi credentials are easily accessed.
Factory reset does delete the stored WiFi credentials, but nobody's going to factory-reset their Chromecast until it's already too late.
This particular issue is an issue for those running rooted Chromecasts, as all the attacker needs is a way in (which includes the Team Eureka Web Panel for those running Eureka-ROM, as the current web panel is not secured).
IMO, Google needs to make the setup more secure - ease of use should never data trump security.
Ah, so it's not an access code, it's just an ID to help you match up the Chromecast the app sees on WiFi with the one you see on the TV screen. That certainly seems insecure, especially since there are so many other devices and apps that link up securely via a very similar-appearing access code.
Maybe Google figures that the vulnerability is not significant if it can only be used for a harmless prank to display a different media stream, and the user could just do a reset to take back control.
DJames1 said:
Maybe Google figures that the vulnerability is not significant if it can only be used for a harmless prank to display a different media stream, and the user could just do a reset to take back control.
Click to expand...
Click to collapse
Yeah, Google seems to think being on the WiFi network is "secure" enough and anything else public/school/hotel is not the place for Chromecast... that logic may work in a single-family living situation, but it definitely does not work in a shared environment, and the fact that it automatically goes into Setup mode when it loses its configured AP is where the risk lies, since someone can reconfigure it to connect to their WiFi network and it still has the original user's AP credentials stored.
Google can lock things down by changing the behavior so either
Clear the stored WiFi credentials when the setup process begins, before Chromecast connects to another network
This wouldn't stop some kind of remote-access exploit that can break in during setup mode, but it does stop any normal-mode exploits.
Require a factory reset to enter Setup mode when Chromecast is configured to connect to a WiFi network.
IMO the second one is more of the expected user behavior - when it arrives it has no credentials stored so it automatically proceeds to setup mode, but once configured it stays configured and requires reset to start configuration again.
Right now it says configured but can be reconfigured - by anyone any time the configured AP goes unavailable.
DJames1 said:
Ah, so it's not an access code, it's just an ID to help you match up the Chromecast the app sees on WiFi with the one you see on the TV screen. That certainly seems insecure, especially since there are so many other devices and apps that link up securely via a very similar-appearing access code.
Maybe Google figures that the vulnerability is not significant if it can only be used for a harmless prank to display a different media stream, and the user could just do a reset to take back control.
Click to expand...
Click to collapse
Yeah if the made the Pin System an integral part of allowing connection then it would be MUCH more secure even if it was in open AP mode because you would still need to be in front of the TV it is plugged into to see the pin!
Odd isn't it how Google seems to have spent so much effort and time into securing what can RUN on the damn device yet took little to no interest in who could connect to it!
The fact that the worst thing possible is a bad Video Picture being displayed I guess they thought it wasn't worth the effort and was maybe too difficult for an idiot to use if it was secure!
Chromecast, stock build 22062. Was working fine a couple of days ago. Then all of the sudden one night from my phone (rooted Galaxy S3, Likewise S5 ROM) I could see the cast button in RealPlayer Cloud, but when I pushed it it would act like it was connecting for a while, and then the cast button would disappear and reappear. However, there was no change on the TV screen - it stayed on the Chromecast background. Doing some more investigation I found that none of the Chromecast apps would connect to it (Netflix, Youtube, etc.). If I go into the actual Chromecast app it would see my Chromecast, and I can see all of the info about it, but if I click on "Backdrop" it scans the network and then says "No Chromecasts found."
I could go onto my Nexus 7, and everything worked fine - I could cast from everything perfectly. However, after I rebooted the Nexus, it started having the same problem as well. I can not cast from anything. It sees the Chromecast, but cannot connect. Now none of my Android devices work with it.
I tried factory resetting the Chromecast. I could connect to the Chromecast and set it up, but it did not solve my problem. The only thing that does work is casting a tab from my laptop.
My thought is this has something to do with my router setup. I have a Watchguard XTM-25, and I am outside the US blocking Google DNS requests. About a week ago I made some configuration changes on my router (bridged two interfaces together) but this should not have affected the Chromecast - it and all the devices go through one access point on the same side of the bridge). Indeed, everything worked after I made the change. I have, however, reverted to the previous setup just in case and still nothing works. It worked for more than a year with this setup.
Any ideas on where I should start looking to fix this? It almost seems that the Chromecast is only able to communicate in one direction - it can't receive anything from any Android device (although it does from my laptop), but it is sending out the signal saying it is there. It is basically useless as it is.
Thanks in advance!
Update: If I connect to a different subnet which goes through a VPN everything works fine, so I am sure it is in router settings. However, I still don't know what to look for.
Matthew Carson said:
Chromecast, stock build 22062. Was working fine a couple of days ago. Then all of the sudden one night from my phone (rooted Galaxy S3, Likewise S5 ROM) I could see the cast button in RealPlayer Cloud, but when I pushed it it would act like it was connecting for a while, and then the cast button would disappear and reappear. However, there was no change on the TV screen - it stayed on the Chromecast background. Doing some more investigation I found that none of the Chromecast apps would connect to it (Netflix, Youtube, etc.). If I go into the actual Chromecast app it would see my Chromecast, and I can see all of the info about it, but if I click on "Backdrop" it scans the network and then says "No Chromecasts found."
I could go onto my Nexus 7, and everything worked fine - I could cast from everything perfectly. However, after I rebooted the Nexus, it started having the same problem as well. I can not cast from anything. It sees the Chromecast, but cannot connect. Now none of my Android devices work with it.
I tried factory resetting the Chromecast. I could connect to the Chromecast and set it up, but it did not solve my problem. The only thing that does work is casting a tab from my laptop.
My thought is this has something to do with my router setup. I have a Watchguard XTM-25, and I am outside the US blocking Google DNS requests. About a week ago I made some configuration changes on my router (bridged two interfaces together) but this should not have affected the Chromecast - it and all the devices go through one access point on the same side of the bridge). Indeed, everything worked after I made the change. I have, however, reverted to the previous setup just in case and still nothing works. It worked for more than a year with this setup.
Any ideas on where I should start looking to fix this? It almost seems that the Chromecast is only able to communicate in one direction - it can't receive anything from any Android device (although it does from my laptop), but it is sending out the signal saying it is there. It is basically useless as it is.
Thanks in advance!
Update: If I connect to a different subnet which goes through a VPN everything works fine, so I am sure it is in router settings. However, I still don't know what to look for.
Click to expand...
Click to collapse
I've had exactly the same issues with my HTC One Max and HTC EVO LTE. Daughters GS4 works with the 6.5.87 version on my WIFI and my HTC does not work on her home WIFI. After doing everything you've described with no help, I noticed this occured with a recent update of Google Play Services to 6.5.87. I uninstalled it and sideloaded an older version from apkmirror.com (6.1.88) and my Chromecast world was right again. Unfortunatley Google would do a "stealth" upgrade within 24hr back to 6.5.87. So I tried sideloading the newest version (6.5.88). Now You Tube and Google Play Music work fine but the cast button doesn't even show up on the 3rd party apps (TuneIn, Pocket Casts, NetFlix etc.). Don't know what it means, maybe an API incomptability? Hoping for some updates to Services or the apps that will fix this.
retired129 said:
I've had exactly the same issues with my HTC One Max and HTC EVO LTE. Daughters GS4 works with the 6.5.87 version on my WIFI and my HTC does not work on her home WIFI. After doing everything you've described with no help, I noticed this occured with a recent update of Google Play Services to 6.5.87. I uninstalled it and sideloaded an older version from apkmirror.com (6.1.88) and my Chromecast world was right again. Unfortunatley Google would do a "stealth" upgrade within 24hr back to 6.5.87. So I tried sideloading the newest version (6.5.88). Now You Tube and Google Play Music work fine but the cast button doesn't even show up on the 3rd party apps (TuneIn, Pocket Casts, NetFlix etc.). Don't know what it means, maybe an API incomptability? Hoping for some updates to Services or the apps that will fix this.
Click to expand...
Click to collapse
Thanks. I tried going back to 6.5.86 but unfortunately it didn't fix it in my case.
Matthew Carson said:
Thanks. I tried going back to 6.5.86 but unfortunately it didn't fix it in my case.
Click to expand...
Click to collapse
I think if you try 6.1.88 you'll find it will work. My question is why and how to fix it.
Same happened to me this week, my SG3 works fine as always with the Chromecast but my SGN 10.1 suddenly stopped working. Cast button is on and Chromecast app can see it but it never connects.
Sent from my GT-N8013 using XDA Free mobile app
somehow magically my rooted chromecast no longer appears as a device I can cast to.
yet the device shows in the chromecast app ?
i can view the webpage for it .. see the status etc.
steps I have taken :
I have power cycled the router
and the chromecast
the chromecast gets power from a wall usb not the tv
I have moved it to the tv next to the router within 2 feet
I have reset and reconfigured the chromecast multiple times
I have reflashed it with the OTG cable
no idea what to try next
ideas ?
beside going back to stock FW
You are not alone. Check http://forum.xda-developers.com/showthread.php?t=2578653&page=150 from post 1499 onwards.
I'm in the same boat too.
Others have reported switching from Eureka whitelist to Google whitelist has fixed it for them. Not sure if there was some bad download of the Eureka whitelist or something, still odd that it isn't affecting all Eureka-ROM Chromecasts, even on the same build.
Same problem brought me here. Switched to google and back working.
Sent from my SM-G900W8 using XDA Free mobile app
How do I switch from eureka to Google white list?
From a browser point it to the ip address of your Chromecast, that will load the eureka control panel. From there find the option for the whitelist, change to google then reboot the Chromecast.
Should do it.
Sent from my SM-G900W8 using XDA Free mobile app
I've been looking for a fix for this. The things I've done to get it to show and had no success.
I've...
Factory reset it.
Re-installed the Team-Eureka Firmware.
Installed custom firmware on my main router to change hidden settings (had a new router and thought it was the router).
Changed to 2 other routers and installed custom firmware on them because it was still not showing.
I was thinking my Chromecast was dead and was just about to order another one before I had one last check on the forums and saw this thread. Thank you everyone for letting us know what the problem is. I hope people see this thread before they do all what I did that can be fixed with a few clicks of a mouse.
Hello!
I'm trying to use Youtube Tv from outside the US.
Worked great until last Saturday when Google somehow implemented location features to the cast devices.
I can still start the app and view stuff on my tablet by spoofing the GPS and it used to be that was enough to be able to start a cast of whatever programming I wanted.
Since the new location feature came in I can't cast anymore, I get a message that the app is not supported in my country.
I figure (without having a way to be sure) that the Chromecast devices (and Nexus Player) now use wifi assisted location to get a position.
I have tried to put the chromecast behind a vpn, then factory defaulting it, then get it directly to exit in Chicago but nothing works, telling me it's likely not an IP or DNS issue.
I obviously have no way to make sure that every wifi access point the Chromecast sees gets registered with a spoofed location.
So I'm at a bit of a loss as to how I'd be able to circumvent this.
I have a Chromecast 1st gen, a Chromecast Ultra and a Nexus Player on Nougat.
Tablet is Nexus 7 (2013) running Pure Nexus Nougat build.
So as the title says, I can't use the cast/screen mirroring feature in phone. I just cannnot connect to any tv
Whenever I try to cast, it doesn't show any devices at all. Null. and using the button from the notification dropdown, it just searches endlessly.
Some notes:
1. No problem with network. No problem with TV. Other phones work just fine, and doesn't take more than a minute to find device.
2. I tried not only on my TV but on other TV's as well with cast feature. My TV is Hisense smart 39", 39A5605.
3. Already did several restarts, disabled active apps (like adguard), still same.
4. My phone is using the latest PIE update (official update but sideloaded)
5. Already tried connecting on the same WiFi network. Still didn't work. Other devices can connect to the TV without the need to connect on the same wifi network.
6. Already tried turning both mobile data and wifi while scanning. still nothing.
7. Already tried disconnecting current wifi connection (set network to 'forget) but left wifi on while scanning. Still no device found.
8. Already tried installing some apps (like Google Home app and other cast app). Nothing.
9. Already went to developer options and turned on 'Wireless Display Certification', but no additional options show up on my cast screen (like listening mode etc). Just plain nothing.
10. There's no three-dot menu on the cast screen that will show 'enable wireless display.' just a search icon on the top right and nothing more.
I really wanted to find a solution, but can't find a specific fix. I hope somebody here will help. Please. Please I'm desparate.
By the way, I know some will say I should do a factory resetting, but please understand if I say no for now. Because if I do, I'll lose a lot of settings and configuration (system-level and app-level), among other hassle it may incur.