Related
Ok... I have tried and tried to get this working.
Citrix opens up just fine for me and I am able to add applications that I want to connect to. I then click on a application and it tells me that I have not chosen to trust a register.com certificate.
Its not a self signed certificate so i dont see why its not trusting it and wont let it install on the device. This is super frustrating because we have clients that are going to the iPads because i cant seem to show them a working model using a android device. If anyone could please help that would be amazing. how in the world do i install a stinkin certificate on this device!? and why in the world would it work on iPad and not a android device.
Thank you for all your help in advance. I have found some solutions but they involve doing something in a text editor and uploading it or something... Something that just seems way to complicated to make this work. Thank you
Have you checked with your business with Citrix setup?
I know we had to modify a few things/settings to get the Citrix receiver working on android.
After doing so it works flawless for me on my Xoom.
Try this..
Go to Settings->Location & Security
Make sure "Use secure credentials" is enabled. I believe you have to set a password for the certificate store before you can enable it.
what would I need to enable on the citrix side of things. We run their it department and set up the citrix server. I just don't understand why if it is a trusted certificate from a trusted authority why it would not install itself.
I also went ahead and enabled the password for store for applications to use it. Now how do I if I need to install the certificate on the device. I click install from USB storage after moving the cert'to the internal storage and it says no certificate found.
anyone else been able to get this working? I am really struggling with this one. I have a .cer if i really need one but i have not a clue on how to convert it. One person said i need to modify citrix settings to get this to work but i dont know what to edit. please help...
I have it running... no certificates needed
Sent from my Xoom using XDA App
This is how I solved the geotrust cert issue on my droid2 which might help here:
http://jeftek.com/664/updated-geotrust-rootca-certificate-for-the-droid2-android-phone/
Sent from my Xoom using Tapatalk
This worked for me on a GTab and ATrix
http://forum.xda-developers.com/showthread.php?t=952041
B3ATTY said:
This worked for me on a GTab and ATrix
http://forum.xda-developers.com/showthread.php?t=952041
Click to expand...
Click to collapse
Does your device have to be rooted to do this? I think this might work
Is there anyway of installing an OTA update from a different OTA server? Maybe routing the OTA server's address to a local personal OTA server address and forcing the Chromecast to install a rooted ROM?
Yes, but you have to be rooted to do it.
MadBob said:
Yes, but you have to be rooted to do it.
Click to expand...
Click to collapse
Hence the chicken-and-egg scenario...
The OTA server communication goes through HTTPS, so Chromecast has its security certificate.
If you were to do a MITM attack, you don't have Google's certificate, so the HTTPS request will fail.
It would be easy if you could add your server's certificate to Chromecast.
But that requires having root, which we don't have.
Also, the secure bootloader will only load Google-signed code.
So you'd need to have Google's private key, which nobody but Google has.
Running a custom player app (that runs on Chromecast) to find a vulnerability is challenging too.
In order to run a "custom" player app, you need to sign up to be a Google dev.
The player app will only run for your registered Chromecast(s), not anyone else's.
Adding to that, almost all apps run in a Chrome sandbox.
In order for a player app to run for everybody, it Google has to put it on their whitelist.
Which essentially means even if you were to find a vulnerability, Google would be able to yank your player app almost immediately.
Then Google would patch the exploit and release a new firmware...
Stock Chromecasts auto-update and you can't (yet) choose not to accept the update, so you can't avoid the update while still being able to use Chromecast (this might be possible through router blocking/redirection - not sure).
So what does that leave?
A client-side app that somehow takes advantage of a vulnerability in an existing Chromecast player app or service.
Google would still be able to force the developer to update the app, or they themselves could update the firmware, but at least a client-side app could be available for Chromecasts with builds still vulnerable to it, similar to how FlashCast is available for Chromecasts that still have the vulnerable bootloader.
...and of course the existing FlashCast for those few Chromecasts that still have the vulnerable bootloader.
Wish I was artsy enough to make an infographic, heh.
...
bhiga said:
In order for a player app to run for everybody, it Google has to put it on their whitelist.
Which essentially means even if you were to find a vulnerability, Google would be able to yank your player app almost immediately.
Click to expand...
Click to collapse
You know that fact poses an interesting question....
We already have people redirecting DNS to change location...
How hard would it be to redirect a call to the Whitelist server and redirect it to another that has a Whitelist that is not controlled by Google?
It would have to be done at the router since you can't change it in the CCast without root but it should be possible to redirect the link to some other Whitelist that we could add any app we wanted to it.
Are there any other security checks tat would prevent it? I tend to doubt it as we have been able to download the App list via PC and I'm pretty sure that App list is the main Whitelist (I could be dead wrong here)
Asphyx said:
You know that fact poses an interesting question....
We already have people redirecting DNS to change location...
How hard would it be to redirect a call to the Whitelist server and redirect it to another that has a Whitelist that is not controlled by Google?
It would have to be done at the router since you can't change it in the CCast without root but it should be possible to redirect the link to some other Whitelist that we could add any app we wanted to it.
Are there any other security checks tat would prevent it? I tend to doubt it as we have been able to download the App list via PC and I'm pretty sure that App list is the main Whitelist (I could be dead wrong here)
Click to expand...
Click to collapse
Essentially it's the same problem as redirecting the Google OTA server.
It's HTTPS and therefore requires that Chromecast has the server's certificate, adding the certificate requires root.
I do not believe HTTPS can be redirected in a simple rerouted response manner.
bhiga said:
Essentially it's the same problem as redirecting the Google OTA server.
It's HTTPS and therefore requires that Chromecast has the server's certificate, adding the certificate requires root.
I do not believe HTTPS can be redirected in a simple rerouted response manner.
Click to expand...
Click to collapse
Yes but server certificates are enforced on the server side aren't they?
Perhaps not....
Just to add to @bhiga's excellent explanation: it is actually possible to run a custom web-based player on an unrooted Chromecast, since several whitelisted apps (for example, Google's "TicTacToe" demo app) are served over plain, unencrypted HTTP. That means that a potential root exploit has the ability to load arbitrary HTML/JavaScript on the device. However, this gets us nowhere because of web apps' inherent lack of trust and Google's extensive sandboxing to prevent accidental vulnerabilities (I wrote more on this here).
With regard to the original question, even if we were able to bypass the HTTP certificate checking of the updater, the Chromecast's recovery would still refuse to apply our rooted update since it wouldn't be signed with Google's keys. If this weren't the case, we would simply be able to craft an update file that installed the original, vulnerable bootloader to the device and from there use FlashCast like we do now.
---------- Post added at 05:34 PM ---------- Previous post was at 05:25 PM ----------
Asphyx said:
Yes but server certificates are enforced on the server side aren't they?
Perhaps not....
Click to expand...
Click to collapse
The Chromecast contains a list of trusted certificates for "google.com" locally, and only Google has the private keys which allow them to serve files using those certificates (I'm simplifying quite a bit here; if you're interested in the actual "certificate authority" system used, Wikipedia has a good overview) . We can't modify the trusted certificate list without root, and we can't get root (using any of the methods discussed here, at least) without having the private key to a trusted certificate for "google.com". So it's a chicken-and-egg problem, just like any well-designed security model is. (If you already have the keys to the kingdom, it's easy to do whatever you want. Getting the keys is the hard part.)
tchebb said:
The Chromecast contains a list of trusted certificates for "google.com" locally, and only Google has the private keys which allow them to serve files using those certificates (I'm simplifying quite a bit here; if you're interested in the actual "certificate authority" system used, Wikipedia has a good overview) . We can't modify the trusted certificate list without root, and we can't get root (using any of the methods discussed here, at least) without having the private key to a trusted certificate for "google.com". So it's a chicken-and-egg problem, just like any well-designed security model is. (If you already have the keys to the kingdom, it's easy to do whatever you want. Getting the keys is the hard part.)
Click to expand...
Click to collapse
Thanks. I was under the (false apparently) impression that the Server was the one that did Cert checks not the client and if the client did not have the proper cert the Server could send one or deny sending it data.
But I guess your saying that the CCast will also check to see if the Cert is valid on the server side before it will accept communication.
Which would require a Google Cert on the Server side.
I'd like to hook the query() method in ContentProvider in order to get to know which applications are accessing the personal information(e.g: contacts, sms) stored in the device. By reading the tutorial, we know that we can hook methods in app packages. However, what can we do when the methods we want to hook are in those system components? Any suggestion is appreciated.
x11911778 said:
I'd like to hook the query() method in ContentProvider in order to get to know which applications are accessing the personal information(e.g: contacts, sms) stored in the device. By reading the tutorial, we know that we can hook methods in app packages. However, what can we do when the methods we want to hook are in those system components? Any suggestion is appreciated.
Click to expand...
Click to collapse
Well first off, you can't hook ContentProvider.query() because it's an abstract method (at least one of the two variants). So you would have to hook the subclasses that provide an implementation for this method.
You would also need to clarify what you mean with "system components". I think some of these providers are implemented in system apps, so you would hook them like any other app. Others might be part of the system process (system_server), which also hosts all the system services like package manager etc. Simply use the special package name "android" for these, otherwise handle it like a normal app. And then there might be cases where you want to hook a Android framework method on the whole system. You would do that in initZygote().
In all cases, you would first have do identify a good place to hook into, then find out when to place the hook (as described above) and then use findAndHookMethod().
rovo89 said:
Well first off, you can't hook ContentProvider.query() because it's an abstract method (at least one of the two variants). So you would have to hook the subclasses that provide an implementation for this method.
You would also need to clarify what you mean with "system components". I think some of these providers are implemented in system apps, so you would hook them like any other app. Others might be part of the system process (system_server), which also hosts all the system services like package manager etc. Simply use the special package name "android" for these, otherwise handle it like a normal app. And then there might be cases where you want to hook a Android framework method on the whole system. You would do that in initZygote().
In all cases, you would first have do identify a good place to hook into, then find out when to place the hook (as described above) and then use findAndHookMethod().
Click to expand...
Click to collapse
Thanks a lot, that really helps~
Problem
would you mind give me a example (like a code) about how to hook the query() method? I really confused about that. Thanks a lot!!!!
Hi,
I was thinking about something.
1. know were chromecast gets the update file (url checking for updates)
2. redirect your modem so it goes to another server to get an updatefile
3. updatefile is a eureka file
4. let chromecast think its original and updates the CC with this file
Maybe you can just fool the CC to update from another url with a modified image.
This would be the easiest way to hack it.
Let me know if its possible
I think it won't be possible, because of firmware keys, and security. It will check if the firmware has a digital signature. But I'm not 100% sure about that.
At the least you'd need to match the Google signature before it would install... which is much harder than it sounds.
1024 bit key, so you've got to guess a password that's 128^256 or a hella bunch of potential passwords on the apk signature.
That also assumes that only the update file is signature checked - there might be some negotiation between the Chromecast and the mothership which involves other layers.
Basically with current computing capabilities and only a signature check you're probably looking at a minimum of a few years to crack the current signature unless I did the maths wrong.
mildlydisturbed said:
At the least you'd need to match the Google signature before it would install... which is much harder than it sounds.
1024 bit key, so you've got to guess a password that's 128^256 or a hella bunch of potential passwords on the apk signature.
That also assumes that only the update file is signature checked - there might be some negotiation between the Chromecast and the mothership which involves other layers.
Basically with current computing capabilities and only a signature check you're probably looking at a minimum of a few years to crack the current signature unless I did the maths wrong.
Click to expand...
Click to collapse
It's even worse than that!
It will only take updates over HTTPS which means you need to have a server running that has Google Security certificate or nothing happens!
..
Asphyx said:
It's even worse than that!
It will only take updates over HTTPS which means you need to have a server running that has Google Security certificate or nothing happens!
Click to expand...
Click to collapse
Ok, so to update with other fw is not possible.
Did somebody even checked this possebility?
phantmbox said:
Ok, so to update with other fw is not possible.
Did somebody even checked this possebility?
Click to expand...
Click to collapse
Yep!
The last exploit took advantage of a vulnerability in the USB startup that would allow you to create multiple USB Hubs and overflow the unit to put it back into a Factory Flash mode. Once there you could load up your own rom. This is why the Teensy was required to send commands to the CCast and break it's boot cycle.
Google Patched that rather quickly!
And once the device boots there are several more layers of protection including using the aforementioned HTTPS to ensure all updates are coming from google and only google.
If you folks really want root the best way to go is to buy a NIB unit and make sure you disconnect Internet access until you have successfully rooted and flashed Eureka.
Considering the low price $35 you can recoup some of that money by selling the one that updated to a friend or relative. Even Ebay I suppose but you probably won't get full price there.
And I would do it sooner rather than Later because at some point Google will start shipping Units with the unrootable ROM in it out of the box.
Then you will have to wait until (and hope) another Exploit is found.
Part of me thinks this is a dumb question, and the reason I can't find where these files are located is because root is needed for it, but I guess it's worth a shot...
I purchased NBA JAM from the Google Play Store, and have it installed on my Turbo. It doesn't really work well on it, so I want to play it on my tablet (Nexus 9). However, I can't download it for the N9 via the Play Store as it shows as incompatible. I wanted to extract the apk file from my phone and then sideload it to the N9, but I haven't been able to locate the apk file on my phone.
Sorry for wasting anyone's time whose reading this and thinking "that's what root is for, n00b!", I hope you can at least get a chuckle at my expense
You can use myappsharer for to send the apk file for Bluetooth to your tablet use it it's very handy
elgringoloco77 said:
You can use myappsharer for to send the apk file for Bluetooth to your tablet use it it's very handy
Click to expand...
Click to collapse
Thanks! Will give it a try when I get home today. Much appreciated.
PS- Was my inkling about needing root for what I was attempting to do (locate the file) accurate?
thegeneralfamily said:
Thanks! Will give it a try when I get home today. Much appreciated.
PS- Was my inkling about needing root for what I was attempting to do (locate the file) accurate?
Click to expand...
Click to collapse
I use this. It creates a folder called App_Backup_Restore on you phone and from there I
can copy my files to my computer for safekeeping.
If you cannot see the folder from your pc, you can move it with a file manager to a location that can be accessed from your computer.
Thank you both - I went with myappsharer and was able to beam it over (it didn't work, I guess it really wasn't compatible after all, but the file got sent). It was my first time ever beaming - kinda slow and quirky but I guess it's not supposed to be for big files typically.
Thanks!