Originally Posted by Johan1976
Is there no way to trick chromecast to update from an own updateserver with modified firmware?
As I understand it, problems with that are
- Chromecast uses its own (Google's) DNS, not what DHCP provides
- Communication with Google servers is via HTTPS
- Non-vulnerable bootloader won't run unsigned code
So you'd need to be able to spoof the Google DNS server, spoof the update server and sign the update with a Google-blessed certificate.
PwnedCast takes care of #1 and #2 by using DHCP-provided DNS and using its own update server with modified firmware versions
FlashCast takes care of #3 by preserving the vulnerable bootloader
all of the above requires having vulnerable bootloader to begin with
So once the bootloader is patched (by application of any stock update past 12072, or at factory if it shipped with newer firmware than 12072), no more root ability.
At least not until someone posts/discovers a different root method.