What is the Best Third-Party Camera App for Android?

When it comes to Camera apps, there are dozens of great options to choose … more

Google to Acquire XDA, Dev Rewards & Policy Changes

We are delighted to announce that starting on April 20th, a finalized deal with … more

Hi Locker to Help You With Lockscreen Headache

The lockscreen is a part of the OS that we see hundreds of times every day, whether … more

Must Have App Review: Spider Squisher Pro Extreme

Here on XDA TV we have a series we like to call Must Have Apps. These are apps that we … more
Post Reply Subscribe to Thread Email Thread

Root for updated w/out OTG cable?

14th July 2014, 06:22 AM |#21  
bhiga's Avatar
Recognized Contributor
Thanks Meter: 928
 
2,307 posts
Join Date:Joined: Oct 2010
Donate to Me
More
Quote:
Originally Posted by GameExpertNetwork

Use a method similar to FlashCast(via OTG cable), then, well, run it.

  1. Non-vulnerable bootloaders will only run Google-signed code.
    Thus, FlashCast requires a vulnerable bootloader, and the scenario here is that the unit has already been updated and therefore does not have a vulnerable bootloader.
  2. OTG storage is not accessible in the stock kernel
  3. You cannot sideload apps on a non-rooted Chromecast, so you can't load exploit apps/software.
  4. Apps you can run all must be approved through the Google whitelist.
  5. Apps to gain root violate the terms of the Cast SDK, so don't expect them to get or stay on the whitelist.
  6. ADB, Telnet and SSH are all disabled without root.

So...
  1. Boot from OTG and do something, anything
    See #1
  2. Run an exploit from OTG in normal mode
    See #2 and #4
  3. Use a root exploit app like Towelroot, Master Key exploit, etc
    See #2 and #3
  4. Release an exploiter app
    See #4 and #5
  5. Root from PC
    See #6
  6. Flash a pre-rooted ROM
    See #1

So regardless of what internal vulnerabilities may exist, if you can't get to those vulnerabilities, they don't matter.
Much like having a weak front door lock on a house in a fortress. Easy to get through the door, but you have to penetrate the fortress first.

That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).
The Following 3 Users Say Thank You to bhiga For This Useful Post: [ View ]
14th July 2014, 06:48 PM |#22  
Senior Member
Thanks Meter: 334
 
1,935 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by GameExpertNetwork

Use a method similar to FlashCast(via OTG cable), then, well, run it.

You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------

Quote:
Originally Posted by bhiga

[list=1]That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).

yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!
14th July 2014, 07:10 PM |#23  
mdamaged's Avatar
Senior Member
Flag South of Heaven
Thanks Meter: 1,192
 
1,804 posts
Join Date:Joined: Oct 2013
More
Quote:
Originally Posted by Asphyx

You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------



yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!



I'm actually considering yanking my chromecast off the network right now just in case.
4th August 2014, 06:30 PM |#24  
OP Junior Member
Thanks Meter: 0
 
19 posts
Join Date:Joined: Jun 2014
Prompt
Quote:
Originally Posted by mdamaged


I'm actually considering yanking my chromecast off the network right now just in case.

:3. U know, I discovered an exploit in google play that allows you to download removed apps..

Quote:
Originally Posted by Asphyx

You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------



yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!

Good point. G+ Might be the road for exploits. again, Just hack the router it's on(provided you have permission or you own it) and try to redirect it to a server holding the root exploit.
Last edited by GameExpertNetwork; 4th August 2014 at 06:33 PM. Reason: Don't wanna get banned. Gonna post some details to stop me from getting banned.
4th August 2014, 06:44 PM |#25  
bhiga's Avatar
Recognized Contributor
Thanks Meter: 928
 
2,307 posts
Join Date:Joined: Oct 2010
Donate to Me
More
Quote:
Originally Posted by GameExpertNetwork

Good point. G+ Might be the road for exploits. again, Just hack the router it's on(provided you have permission or you own it) and try to redirect it to a server holding the root exploit.

As long as it's not HTTPS traffic... That was the trouble with whitelist redirection - Chromecast only accepts the Google certificates, and adding another certificate to the cert store, of course, requires root.
4th August 2014, 11:56 PM |#26  
Senior Member
Thanks Meter: 334
 
1,935 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by mdamaged


I'm actually considering yanking my chromecast off the network right now just in case.

You know it might not be a bad idea as we get closer to the hack release...LOL
Or at least keep it disconnected until you need it for something...
24th August 2014, 09:23 PM |#27  
OP Junior Member
Thanks Meter: 0
 
19 posts
Join Date:Joined: Jun 2014
And... with great timing... a new root method has been discovered for the latest software!!!!!
24th August 2014, 09:28 PM |#28  
bhiga's Avatar
Recognized Contributor
Thanks Meter: 928
 
2,307 posts
Join Date:Joined: Oct 2010
Donate to Me
More
In case it isn't at/near the top, here it is:
http://forum.xda-developers.com/hard...lease-t2855893

Note that it requires additional hardware as well as the powered OTG cable.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes