Nvidia and Robotics w/ Barrett Williams – XDA:DevCon 2014

Robotics continues to dominate our videos from this years XDA:DevCon 2014 in … more

Speed Up Deodexing with JoelDroid Batch Deodexer

Android 5.0 Lollipop brings many under-the-hood changes like changing the default compiler … more

Top 5 Apps for 2014 + Top Xposed Mod of 2014 – XDA TV

Its that time of year where you look back and remember the things that happened … more

NVIDIA SHIELD Tablet Gets Android 5.0.1, OTA Available

The NVIDIA SHIELD Tablet is the latest Android-powered device released by famed GPU … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

Root for updated w/out OTG cable?

OP GameExpertNetwork

14th July 2014, 07:22 AM   |  #21  
bhiga's Avatar
Recognized Contributor
Thanks Meter: 883
 
2,248 posts
Join Date:Joined: Oct 2010
Donate to Me
More
Quote:
Originally Posted by GameExpertNetwork

Use a method similar to FlashCast(via OTG cable), then, well, run it.

  1. Non-vulnerable bootloaders will only run Google-signed code.
    Thus, FlashCast requires a vulnerable bootloader, and the scenario here is that the unit has already been updated and therefore does not have a vulnerable bootloader.
  2. OTG storage is not accessible in the stock kernel
  3. You cannot sideload apps on a non-rooted Chromecast, so you can't load exploit apps/software.
  4. Apps you can run all must be approved through the Google whitelist.
  5. Apps to gain root violate the terms of the Cast SDK, so don't expect them to get or stay on the whitelist.
  6. ADB, Telnet and SSH are all disabled without root.

So...
  1. Boot from OTG and do something, anything
    See #1
  2. Run an exploit from OTG in normal mode
    See #2 and #4
  3. Use a root exploit app like Towelroot, Master Key exploit, etc
    See #2 and #3
  4. Release an exploiter app
    See #4 and #5
  5. Root from PC
    See #6
  6. Flash a pre-rooted ROM
    See #1

So regardless of what internal vulnerabilities may exist, if you can't get to those vulnerabilities, they don't matter.
Much like having a weak front door lock on a house in a fortress. Easy to get through the door, but you have to penetrate the fortress first.

That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).
The Following 3 Users Say Thank You to bhiga For This Useful Post: [ View ]
14th July 2014, 07:48 PM   |  #22  
Senior Member
Thanks Meter: 327
 
1,899 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by GameExpertNetwork

Use a method similar to FlashCast(via OTG cable), then, well, run it.

You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------

Quote:
Originally Posted by bhiga

[list=1]That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).

yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!
14th July 2014, 08:10 PM   |  #23  
mdamaged's Avatar
Senior Member
Flag South of Heaven
Thanks Meter: 1,077
 
1,676 posts
Join Date:Joined: Oct 2013
More
Quote:
Originally Posted by Asphyx

You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------



yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!



I'm actually considering yanking my chromecast off the network right now just in case.
4th August 2014, 07:30 PM   |  #24  
OP Junior Member
Thanks Meter: 0
 
19 posts
Join Date:Joined: Jun 2014
Prompt
Quote:
Originally Posted by mdamaged


I'm actually considering yanking my chromecast off the network right now just in case.

:3. U know, I discovered an exploit in google play that allows you to download removed apps..

Quote:
Originally Posted by Asphyx

You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------



yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!

Good point. G+ Might be the road for exploits. again, Just hack the router it's on(provided you have permission or you own it) and try to redirect it to a server holding the root exploit.
Last edited by GameExpertNetwork; 4th August 2014 at 07:33 PM. Reason: Don't wanna get banned. Gonna post some details to stop me from getting banned.
4th August 2014, 07:44 PM   |  #25  
bhiga's Avatar
Recognized Contributor
Thanks Meter: 883
 
2,248 posts
Join Date:Joined: Oct 2010
Donate to Me
More
Quote:
Originally Posted by GameExpertNetwork

Good point. G+ Might be the road for exploits. again, Just hack the router it's on(provided you have permission or you own it) and try to redirect it to a server holding the root exploit.

As long as it's not HTTPS traffic... That was the trouble with whitelist redirection - Chromecast only accepts the Google certificates, and adding another certificate to the cert store, of course, requires root.
5th August 2014, 12:56 AM   |  #26  
Senior Member
Thanks Meter: 327
 
1,899 posts
Join Date:Joined: Dec 2007
Quote:
Originally Posted by mdamaged


I'm actually considering yanking my chromecast off the network right now just in case.

You know it might not be a bad idea as we get closer to the hack release...LOL
Or at least keep it disconnected until you need it for something...
24th August 2014, 10:23 PM   |  #27  
OP Junior Member
Thanks Meter: 0
 
19 posts
Join Date:Joined: Jun 2014
And... with great timing... a new root method has been discovered for the latest software!!!!!
24th August 2014, 10:28 PM   |  #28  
bhiga's Avatar
Recognized Contributor
Thanks Meter: 883
 
2,248 posts
Join Date:Joined: Oct 2010
Donate to Me
More
In case it isn't at/near the top, here it is:
http://forum.xda-developers.com/hard...lease-t2855893

Note that it requires additional hardware as well as the powered OTG cable.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes