
Chromecast Rooted - CSDude
http://forum.xda-developers.com/hardware-hacking/chromecast/root-hubcap-chromecast-root-release-t2855893
======
thibauts
One thing it may allow is grabbing the private key it uses for Device
Authentication and emulate a Chromecast on other devices. It would enable
streaming from Chrome to anything using the Chromecast protocol. See [1]. I
had a go at implementing the protocol server-side on node, so it's basically
waiting for a valid cert. I couldn't test it much though it should work. See
[2] and [3]. Any help welcome.

[1] [https://github.com/thibauts/node-
castv2/issues/2](https://github.com/thibauts/node-castv2/issues/2)

[2] [https://github.com/thibauts/node-
castv2](https://github.com/thibauts/node-castv2)

[3] [https://github.com/thibauts/node-
castv2/blob/master/lib/serv...](https://github.com/thibauts/node-
castv2/blob/master/lib/server.js)

~~~
dooptroop
This is interesting. Never understood why this was a dedicated hardware-
dongle, rather than an app for any number of HDMI-out capable android devices.

------
userbinator
_exploited a new vulnerability in the Chromecast which allows root access_

Normally, vulnerabilities would be considered a bad thing. Heartbleed is a
great example of that. But in cases like these, it's a very good thing. This
is why I always like to remind those whose goal is to build more secure
systems to consider the implications of their work, lest our devices become
even more secure _against_ us. They usually have in mind a world where
everyone has full control of their devices which are then highly secure
against attacks by others, and that's a good thing; but I think it's far more
likely to turn into one where corporations have all the control and devices
are secure against their owners, especially as typical users continue to
choose security over freedom.

~~~
TazeTSchnitzel
I'd say users choose _convenience_ over freedom, the security is in the back
of their minds. Make a more convenient but free phone and people will use it.

~~~
TeMPOraL
_This_. I'd say they care about freedom more-less as much as about security,
i.e. not at all. They just choose more convenient over less convenient. And
honestly, it's perfectly understandable.

------
err4nt
What would the capabilities of a rooted Chromecast be? I finally just got
mine, and it's still new in box.

~~~
michaelx386
One thing which comes to mind is the DNS settings on the Chromecast can't be
modified so being able to change them could help get around regional
restrictions.

~~~
drdaeman
It could also be fixed at the router by forcibly redirecting the DNS traffic
to another DNS server.

Like in `iptables -t nat -I PREROUTING -p udp -s 192.168.1.100 --dport 53 -j
DNAT --to 192.168.1.2`

------
mcescalante
Does anybody know anything more than I about what this will enable (now)? Or
is this just the first step of many in creating a hacker community around the
Chromecast and software is to come? I've got one, and I'd love to make better
use of it, or even help develop some stuff for it if it's that time :)

~~~
nmjohn
For me, it's a modified home screen.

If I get around to it I am going to port a dashboard I built for the
chromecast to act as the normal home screen.

The problem with how it works now is you would manually have to re-cast the
dashboard when you turn it on, or after you were done casting anything else. I
did that for the first day, but after that it just didn't really seem to be as
worthwhile.

------
ftoma
Sorry for being stupid but what effect does this have on a regular chromecast?

~~~
smtddr
Not stupid at all; that should be the first question anyone asks. As far as I
know, the Chromecast doesn't allow for discovering & streaming files via
DLNA/UPnP. That feature alone is worth the rooting even if I "lost"[1] Netflix
& Youtube support.

1\. "Lost" is relative for a device that cost $35. I could just... buy another
one.

~~~
muaddirac
It doesn't directly, but for example I run plex on my network and I can stream
all of my local files to the chromecast with the plex iOS app.

~~~
XorNot
Which is still absurd. There is absolutely no reason this function shouldn't
be built into the Chromecast.

------
darklajid
Anyone having a Chromecast and able to tell me what I'm missing? Currently
I've got xbmc running on a Raspberry Pi. Connected via HDMI, online via wifi
and I can stream more or less everything (videos, images, music) from my phone
to that thing - not sure if there's a decent way to do that from my laptop
running Linux.

What are Chromecasts used for? Should I buy one?

~~~
TD-Linux
Google wanted an Airplay competitor, and for whatever reason wanted to hobble
it with the same restrictions as Airplay - a proprietary protocol to only let
certain (closed source) programs stream to it, and prevent those programs from
streaming to non-Google targets.

~~~
higherpurpose
It's not "whatever reason". Google is in the content selling business now -
which means they are going to add as much DRM and restrictions to their
operating systems, browsers, and devices as possible, to either try to
"protect it" (which I think we all know it never works), or to please their
content suppliers.

This is not just a constant thing we're seeing either. Expect Google to become
ever more restrictive and anti-piracy, as they delve deeper into the content
selling business. The days of the "Open Google" are long gone now, and they're
never coming back.

------
Jemaclus
Not super related to the rooting (which is awesome), but I have a Chromecast
question:

I have a Chromecast and I love it, but the one thing I want to use it for that
I haven't been able to figure out how is to show a dashboard at work. We have
these giant TVs that are basically off all the time, except when there's a
football game or something on, and I want to put up my stats dashboard for our
app. Chromecast should theoretically make it easy for me to just stream the
dashboard to the screen, but what I've found happens is that it goes to sleep
after 10 minutes or so.

I don't want to spend hours and hours rooting around and figuring out
application IDs and stuff. I just wanna click some buttons and have my
dashboard show up and stay up all day. Are there any resources for that?

Or is Chromecast just the wrong tool for the job?

~~~
bdpuk
[http://greenscreen.io/](http://greenscreen.io/) Any good to you?

~~~
Jemaclus
Oh neat. Thanks!

------
kusuriya
35 dollars for an android device that can now be turned into an XBMC device
with netflix.... I think I may give the chromecast a second swing...

~~~
fpgaminer
Is it just me, or is it odd that we rejoice when things like this happen? It
just doesn't feel right to reward companies who release locked-down hardware.
Don't get me wrong, I share in the excitement for a $35 XBMC capable android
device. But on the other hand, it seems a better idea to spend money on a
product that isn't locked down in the first place.

I haven't followed the Chromecast, but why is it locked in the first place!?

~~~
chii
what can you buy with $35 that has the capabilities of the chromecast?

~~~
Ecio78
I think there's probably not a device with the same set of capabilities of the
chromecast at the same price, but on the other hand the chromecast is missing
features that you can have on other devices that cost more or less the same
(take rPi or one of the thousands of android usb stick) e.g. being able to
play avi/divx files (it supports h264 in mp4 and mkv) or audio tracks in ac3
or dts (it supports mp3, vorbis and aac) without transcoding, or use some
android apps like p2p streaming apps (sopcast). So the problem is that you can
some things really easily (e.g. netflix or sharing from phone) but you miss
some other that somebody is looking for (e.g. use it a good mediaplayer having
quite an old pc and phone that can't be used for transcoding sources).

I've found some of these here[1] but owning no chromecast I can't do any test
by myself.

[1]
[http://www.reddit.com/r/Chromecast/comments/1umk7t/lets_make...](http://www.reddit.com/r/Chromecast/comments/1umk7t/lets_make_this_the_last_how_do_i_play_local/)

------
tuxidomasx
The biggest problem I've had with Chromecast was using it in a hotel that had
wifi login pages.

The device is ideal for hotels since you usually get a nice HD TV in the room.
But half the time I can't stream from Chromecast because of the wifi login.

A rooted Chromecast would essentially let me log in to the hotel wifi like I
would on my laptop or phone. Then I can stream away.

~~~
defen
I've solved this problem for Apple TVs by spoofing the device's MAC address on
my laptop, using the laptop browser to accept the WiFi ads or login or
whatever, and then resetting my laptop address and plugging the device in.

~~~
drcross
smart but only works if the hotel NAC uses mac whitelisting and not more
advanced techniques like browser posturing.

~~~
defen
Is "browser posturing" a typo for something else? That term doesn't ring any
bells and there are no google results, and I can't think of what you may have
meant. Just using a cookie or something?

