Root for updated w/out OTG cable?

Search This thread
By:
Advanced…
bhiga

bhiga

Inactive Recognized Contributor
Oct 13, 2010
2,501
1,018
GameExpertNetwork said:
Use a method similar to FlashCast(via OTG cable), then, well, run it.
Click to expand...
Click to collapse
  1. Non-vulnerable bootloaders will only run Google-signed code.
    Thus, FlashCast requires a vulnerable bootloader, and the scenario here is that the unit has already been updated and therefore does not have a vulnerable bootloader.
  2. OTG storage is not accessible in the stock kernel
  3. You cannot sideload apps on a non-rooted Chromecast, so you can't load exploit apps/software.
  4. Apps you can run all must be approved through the Google whitelist.
  5. Apps to gain root violate the terms of the Cast SDK, so don't expect them to get or stay on the whitelist.
  6. ADB, Telnet and SSH are all disabled without root.

So...
  • Boot from OTG and do something, anything
    See #1
  • Run an exploit from OTG in normal mode
    See #2 and #4
  • Use a root exploit app like Towelroot, Master Key exploit, etc
    See #2 and #3
  • Release an exploiter app
    See #4 and #5
  • Root from PC
    See #6
  • Flash a pre-rooted ROM
    See #1

So regardless of what internal vulnerabilities may exist, if you can't get to those vulnerabilities, they don't matter.
Much like having a weak front door lock on a house in a fortress. Easy to get through the door, but you have to penetrate the fortress first.

That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).
 
  • Like
Reactions: mdamaged, Asphyx and takota6
A

Asphyx

Senior Member
Dec 19, 2007
2,158
378
Android Wear
Google Pixel Watch
GameExpertNetwork said:
Use a method similar to FlashCast(via OTG cable), then, well, run it.
Click to expand...
Click to collapse

You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------
bhiga said:
  1. That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).
Click to expand...
Click to collapse


  1. yes lets hope we have enough time to use it before Google patches it!

    We will have to wait until Google allows some further customization to the unit.

    They are proposing to allow you to use your G+ Photo Album for the Default screen.
    Perhaps that will allow you to load some exploit.
    But it would be a longshot!
 
mdamaged

mdamaged

Senior Member
Oct 16, 2013
2,109
1,448
South of Heaven
Moto G5 Plus
Google Pixel 4a
Asphyx said:
You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------



yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!
Click to expand...
Click to collapse

I'm actually considering yanking my chromecast off the network right now just in case.
 
G

GameExpertNetwork

Member
Jun 16, 2014
30
1
mdamaged said:


I'm actually considering yanking my chromecast off the network right now just in case.
Click to expand...
Click to collapse
:3. U know, I discovered an exploit in google play that allows you to download removed apps..

Asphyx said:
You just don't get it do you?
You can't even load Flashcast anymore unless you get a brand new LOW SERIAL NUMBER model straight out of the box without any google updates having been installed!

What you propose is kind of like saying Why can't we kill Hitler and get around WWII in the same way they Killed Lincoln!

because that opportunity is no longer available to you?
You MISSED that put something on the unit to hack it opportunity!

---------- Post added at 05:48 PM ---------- Previous post was at 05:45 PM ----------



yes lets hope we have enough time to use it before Google patches it!

We will have to wait until Google allows some further customization to the unit.

They are proposing to allow you to use your G+ Photo Album for the Default screen.
Perhaps that will allow you to load some exploit.
But it would be a longshot!
Click to expand...
Click to collapse

Good point. G+ Might be the road for exploits. again, Just hack the router it's on(provided you have permission or you own it) and try to redirect it to a server holding the root exploit.
 
Last edited:
bhiga

bhiga

Inactive Recognized Contributor
Oct 13, 2010
2,501
1,018
GameExpertNetwork said:
Good point. G+ Might be the road for exploits. again, Just hack the router it's on(provided you have permission or you own it) and try to redirect it to a server holding the root exploit.
Click to expand...
Click to collapse

As long as it's not HTTPS traffic... That was the trouble with whitelist redirection - Chromecast only accepts the Google certificates, and adding another certificate to the cert store, of course, requires root.
 
You must log in or register to reply here.

Similar threads

Team-Eureka
[ROOT] HubCap Chromecast Root Release!
Replies
1K
Views
514K
qin11152
qin11152
Team-Eureka
  • Sticky
[ROM] [44433.001 - 2015-11-15] Eureka-ROM - Based on OTA 44433
Replies
2K
Views
557K
OctaneZ
OctaneZ
HomerSp
[App] Cast Receiver app for Android
Replies
481
Views
322K
Vortell
Vortell
varun.c.jain
[HOWTO] Chromecast/Netflix outside USA without VPN
Replies
555
Views
419K
D
Danny94
Y
Flashcast without externally powered OTG cable (No invasive cable cutting required!)
Replies
42
Views
45K
E
ethanhunteg

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 3
    bhiga
    bhiga
    GameExpertNetwork said:
    Use a method similar to FlashCast(via OTG cable), then, well, run it.
    Click to expand...
    Click to collapse
    1. Non-vulnerable bootloaders will only run Google-signed code.
      Thus, FlashCast requires a vulnerable bootloader, and the scenario here is that the unit has already been updated and therefore does not have a vulnerable bootloader.
    2. OTG storage is not accessible in the stock kernel
    3. You cannot sideload apps on a non-rooted Chromecast, so you can't load exploit apps/software.
    4. Apps you can run all must be approved through the Google whitelist.
    5. Apps to gain root violate the terms of the Cast SDK, so don't expect them to get or stay on the whitelist.
    6. ADB, Telnet and SSH are all disabled without root.

    So...
    • Boot from OTG and do something, anything
      See #1
    • Run an exploit from OTG in normal mode
      See #2 and #4
    • Use a root exploit app like Towelroot, Master Key exploit, etc
      See #2 and #3
    • Release an exploiter app
      See #4 and #5
    • Root from PC
      See #6
    • Flash a pre-rooted ROM
      See #1

    So regardless of what internal vulnerabilities may exist, if you can't get to those vulnerabilities, they don't matter.
    Much like having a weak front door lock on a house in a fortress. Easy to get through the door, but you have to penetrate the fortress first.

    That said, there was mention that some exploit for Chromecast is to be released at DefCon, but we'll have to wait to see whether it's an exploit that allows root (hopefully so), and if Google discovers and patches that exploit before then (hopefully not).
    View
    1
    bhiga
    bhiga
    GameExpertNetwork said:
    Mmmmm master key exploit anyone?
    Chromecast is part android
    Click to expand...
    Click to collapse
    The problem isn't so much the exploit, it's getting unsigned/unapproved code to run on Chromecast at all.

    See this recent post for more details:
    TowelRoot???
    View

New posts