Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,742,742 Members 37,479 Now Online
XDA Developers Android and Mobile Development Forum

Root for updated w/out OTG cable?

Tip us?
 
bhiga
Old
#21  
bhiga's Avatar
Recognized Contributor
Thanks Meter 763
Posts: 2,060
Join Date: Oct 2010

 
DONATE TO ME
Quote:
Originally Posted by GameExpertNetwork View Post
Use a method similar to FlashCast(via OTG cable), then, well, run it.
  1. Non-vulnerable bootloaders will only run Google-signed code.
    Thus, FlashCast requires a vulnerable bootloader, and the scenario here is that the unit has already been updated and therefore does not have a vulnerable bootloader.
  2. OTG storage is not accessible in the stock kernel
  3. You cannot sideload apps on a non-rooted Chromecast, so you can't load exploit apps/software.
  4. Apps you can run all must be approved through the Google whitelist.
  5. Apps to gain root violate the terms of the Cast SDK, so don't expect them to get or stay on the whitelist.
  6. ADB, Telnet and SSH are all disabled without root.

So...
  1. Boot from OTG and do something, anything
    See #1
  2. Run an exploit from OTG in normal mode
    See #2 and #4
  3. Use a root exploit app like Towelroot, Master Key exploit, etc
    See #2 and #3
  4. Release an exploiter app
    See #4 and #5
  5. Root from PC
    See #6
  6. Flash a pre-rooted ROM
    See #1

So regardless of what internal vulnerabilities may exist, if you can't get to those vulnerabilities, they don't matter.
Much like having a weak front door lock on a house in a fortress. Easy to get through the door, but you have to penetrate the fortress first.

That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).
Chromecast threads: FAQ - READ THIS FIRST! / Rootable Serial Numbers | Root Mini-FAQ | FlashCast flashing Mini-FAQ
BYO powered OTG cable | WiFi Bandwidth and Router considerations | Not all 1080p/720p is same
Search Tip: Google search terms site:forum.xda-developers.com for only XDA forum results. Example
Follow the rules / Use 'Search' before posting / Post in the correct sections / Do not spam the board / Press thanks, don't post 'Thanks'
The Following 3 Users Say Thank You to bhiga For This Useful Post: [ Click to Expand ]
 
Asphyx
Old
#22  
Senior Member
Thanks Meter 253
Posts: 1,643
Join Date: Dec 2007
Quote:
Originally Posted by GameExpertNetwork View Post
Use a method similar to FlashCast(via OTG cable), then, well, run it.
You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------

Quote:
Originally Posted by bhiga View Post
[list=1]That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).
yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!
 
mdamaged
Old
#23  
mdamaged's Avatar
Senior Member
Thanks Meter 892
Posts: 1,424
Join Date: Oct 2013
Location: South of Heaven

 
DONATE TO ME
 
Quote:
Originally Posted by Asphyx View Post
You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------



yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!


I'm actually considering yanking my chromecast off the network right now just in case.
Kenneth, what is the frequency? Set a fire for a man, and he will stay warm for a night. Set a man on fire, and he will stay warm for the rest of his life.
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Slide Dial Replacement Dialer Lets You Make Calls from Anywhere

If you frequently make phone calls, your dialer (aka phone app)is one of the … more

Navigate with Your Samsung Gear 2 Using DMA Navi Watch

Whether you’re travelling to a new destination or exploring some previously … more

Xperia Z1 Stereo Speaker Mod, Cell Phone Unlocking Legal Again! – XDA Developer TV

Cell Phone Unlocking is legal again!! That and much … more