So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Sent from my Nexus 5 using Tapatalk
Android might be too open for Google's liking.
Allowing free streaming of audio and video would only cement Apple's good standing with companies more comfortable with controllable DRM.
Also, Android is seen as a highly vulnerable platform.
No one can have two masters.
Google can't make money on advertising alone.
Alas, only time will tell...
Sent from Tapatalk using Xperia Z1 (C6906)
rans0m00 said:
So I searched and came up empty.
Why would google stop the rooting of the chromecast? It's not like we can do anything too crazy with it..
Just whitelist and change the dns... So I don't get it.
One of the biggest reasons I bailed from Apple products to Android products was the ease of making it work how I wanted it to work thanks to all the devs.
Click to expand...
Click to collapse
Two of ways to look at it...
Google never intended for root to happen, initial bootloader vulnerability was an engineering version released by accident
Google loves us and released vulnerable bootloader on purpose, but that jeopardized their agreements with Netflix, Hulu, HBO, etc so they had to patch the hole
I think both have something do with it.
Given Hollywood's fear and lack of understanding of technlogy, they probably heard "rooted" and immediately called the lawyers. Doesn't matter that Chromecast doesn't actually download and store the content, so root really doesn't help in terms of "they have a copy that they can decrypt" - it's just fear.
From a business perspective Google's really pushing this mass market. So if that was the reason, the choice became "We lock it down, make the content providers happy and sell millions - or we don't lock it down, lose the content providers, and have a $35 Google TV that can't even access anything more than YouTube" well....
It's one thing to stand your ground and alienate a large group while still having functionality but standing your ground, alienating a large group and ending up with a fairly useless and unmarketable device is a recipe for angry stockholders.
tl;dr - blame the ignorant content industry decision-makers that think all we want to do is pirate stuff.
Well how willing would a company like Netflix be to support a device that once rooted could be used to steal their encryption and Auth methods So you could steal their content?
A rooted CCast could be programmed to off load the players and content it uses locally,
The content creators and providers know this which is why most content related apps are set up to refuse to work in the presence of root on a device.
Google doesn't really care if your device is rooted or not but the people they want to support the CCast care.
Remember the failure of GoogleTV, The TV Networks blacklisted the device because they believed it would be used to pirate their material and wanted to charge you or google to see it!
Unless you went directly to their site where they could count you as a view and make the money from advertising.
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
Hopefully more apps pick up on this or it will just be another device google tried to get rolling and failed at.
Click to expand...
Click to collapse
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
bhiga said:
I think they will and are. Android mirroring will help a lot, but even now there are many "hidden gems" like Vbukit that could really take off once Google lets up on the reins.
Click to expand...
Click to collapse
Hopefully so. At this price point for the item if they can get most apps to use it then they will sell tons of them.
rans0m00 said:
Hmm the possible using root to offload the videos makes sense. Seems like it would take some effort but could be as easy as some code a powered USB driver.
I think about it different... Rooted more options to make it stream more stuff... Not more options to snag stuff.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
actually there is nothing about root other than bypassing the whitelist that lets you play more stuff.
To put it another way....
Would rooting your TV make it do something more than it already does? No it wouldn't would it?
It'a nothing more than who has access to control the hardware but the hardware doesn't do any more than it already does and it still won't play an AVI natively without transcoding so your not really gaining capability, Just removing restrictions that are there to keep control of DRM content to keep Content providers and creators happy.
If they let it stay uncontrolled then devices like this would be supported while Content providers stayed away from CCast due to it's uncontrolled environment.
http://www.webpronews.com/ces-2014-netgear-announces-hdmi-dongle-chromecast-competitor-2014-01
And rooting our androids have opened up plenty of possibilities that otherwise wouldn't be available. Like customs roms and kernels. Which then open the door to tons of stuff.... Its been a minute but I think it was custom kernels that allowed us to use exfat instead of fat32? Currently the chromecast rooted only runs a custom whitelist and a handful of other things. Because that is all we have the option with the only custom rom out. If they figure out how to start adding different functions I don't know what would be possible but yes... From rooting this opened the door to all of this being possible.
Sent from my Nexus 5 using Tapatalk
Asphyx said:
A rooted CCast could be programmed to off load the players and content it uses locally
Click to expand...
Click to collapse
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
hp420 said:
Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yes, and then the Hollywood lawyers would try to stop your coffee maker's maker from making coffee makers. Whoa, that's a lot of makers...
hp420 said:
So can linux box, an android, a flashed ps3, a flashed xbox360, and anything else running a linux based distro which has access to netflix through web browsers or otherwise. Hell, with a little code, a raspberry pi could do it! Put a qualcomm chip, wifi capability and a touchscreen on my coffee maker and I could make the damn thing gain unauthorized access to netflix.
Click to expand...
Click to collapse
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Asphyx said:
Yep and why do you think Netflix upgrades sometimes won't play on your rooted device?
What is more important to you...
having content to view or access to make the unit play any content you wanted if only there was content available for it!
Click to expand...
Click to collapse
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
The chromecast was never advertised as an open source device.
Maybe it's time people realize that Google isn't synonymous with 'free, good or open source' .
They are a company and they are here to make money.
Honestly, I'm already set with the chromecast.
Netfliz+Hulu + avia + showbox +vget +plex + tab casting = my money's worth
Sent from my HTC One X using Tapatalk 2
I agree with people have said here.... I can see both sides for the argument as being valid.
I prefer full control of my device but I also realize my type is a very small portion of the people needed to make this device appealing enough for developers to write code to
allow ccast to work.
I'm hoping that root is found occasionally to still keep the devs interested but spread out enough to keep people like netflix and hulu Happy.
Sent from my Nexus 5 using Tapatalk
hp420 said:
Honestly?? Having root is more important to me. I've never used any of the services we're talking about (hulu, netflix, amazon, etc.) I use other means to get my video streaming accomplished, and prefer to have full control of my device without some corporate shmuck who doesn't even know what a rooted phone can do stepping in and saying I'm breaking their tos by tampering with open source firmware installed on hardware I own outright. This is why I choose to use alternatives
Click to expand...
Click to collapse
So given a choice of having Media available for a Media device or Rooted device that does nothing you want the Rooted paperweight....
Good for you!
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
rans0m00 said:
In defense... The rooted paperweight wouldn't be correct. With a strong enough dev environment we would have more options. Would seriously take a strong dev following though, since they would be responsible for keeping it from being a paperweight.
Anyways I got my answer from this thread. Which is my views are I like everything being as open as possible.
I understand now why google has to keep or attempt to keep the platform locked down for it to be a success. Maybe in the future google will find a balance of more options while still keeping the lawyers Happy.
Till then let's hope the chromecast just gets better support from app developers and increasing in popularity.... Which I think will bring more devs and possibly more chances for getting root and other roms.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
Rans...Don't get me wrong I don't really have a problem with Root but there comes a point where having control over a device thats express purpose is to stream media and send content to a screen makes having content available more important than having control over Root access to a device that won't do what it is intended to do once you get it!
This is not a phone that you can sideload programs to and make it do something it wasn't intended to do.
It is like saying I want complete control over my TV Operating system and don't care if everyone who makes TV content available won't suppot my device making it a nice peice of electronics you can hack but serves no other purpose.
If rooting lost you Netflix, Plex, aVia and all the other content provider support what good would all that root access get you?
Are developers going to start making movies for you to watch as well?
Or are you just getting root to make your TV an Android box when an Android Stick would do the same thing for you?
Right now the only reason to have root is to Run Team Eureka's rom, And it is well worth having for that!
But if Netflix, Hulu and anyone else who has content to use on the device did a Root Check and stopped supporting your rooted device you would have nothing more than a nice Splash screen on your TV...
It's one thing to be a control freak about your devices...
Just remember the folks who make the content you want to see on your devices have the same desire (and RIGHT) to want to control who sees their content and who doesn't!
And you will blame them for not trusting you not yourself on insisting to have root on a device whose sole purpose is to display someone else's content!
We would all love to have root access to everything in life....
And thinking your going to get more just because you have more control is foolish because we have seen Root get you less from those who HAVE the content you really want.
If all this device could display was stuff you owned no one would need it because there are about 100 different devices that can already do it an better!
I actually think with enough dev support people could figure out how to make the chromecast into quite a bit more. I am not familiar with the limitations of the device itself though.
Before coming to Android I had an iPhone and I had my phone jail broke. Certain apps would not work if it was detected to be jail broken. Usually the devs found a work around and still had the content.
I'm still sticking with best case scenario is this turns out to be an apple vs jail break scene. They keep patching it but devs keep working to find holes and increasing the options users have with their device. This might keep the content providers happy since google would be patching the holes when they are presented.
And when it comes down to other devices doing it better.... Yeah there is always a different options... With the current state of things honestly I still prefer the rokus over the chromecast.
Sent from my Nexus 5 using Tapatalk
Related
I keep checking around occasionally to see if my Chromecast will become useful today. I would have expected that only a few days after its release, the Google Play store would be filled with interesting Chromecast apps, and existing Android apps would be adding Chromecast features. As of today, the only apps capable of playing media on the Chromecast are still apps that it launched with. I've heard a bit about Koush's unreleased apps, which tells me that the holdup is Google themselves. What gives? Why are they doing this? Does anyone have any idea of when they will allow developers to release their apps? The way this Chromecast thing has played out so far seems very unlike Google, and is making me quite disappointed with them.
Waiting on Google to release the sdk out of beta. No timeline yet. It will come....
Sent from my Nexus 4 using xda app-developers app
I think main reason for the release of the device was to bring Google Movies service to your big screen TV, the rest was just a bonus. Looks like due to lots of licensing issues, this will be a slow and painful process and I hope it doesn't become the next Apple TV that is barely useful without the jailbreak and XBMC on it.
I also hope someone turns the script from the other thread to a mobile app in a similar fashion to what Koush did.
The way I figure it:
If you were an early adopter, you get a Netflix, Youtube, Google Play and sort-of Chrome tab player for $35. If you got the Netflix 3 months code, then it cost you even less. Think back to the last time you bought a disappointing piece of technology that you had high hopes for... at least this one is cheap!
I'm sure the public SDK will happen when it's good and ready. I just think Google wants to have out some more examples of big-name apps that work really well with Chromecast, before they open the floodgates to all the rest of the devs.
cmstlist said:
Think back to the last time you bought a disappointing piece of technology that you had high hopes for... at least this one is cheap!
Click to expand...
Click to collapse
That is true. It's just frustrating to own a capable device with artificial limitations.
Yea we should of known something was up when 3 months of netflix with the device at only $35. That tells me they knew the only content provider they had on board now was netflix. To keep most happy they can say "oh we pretty much gave you the device". Enjoy old movies for the next 6 months and we will slowly add content. Only way for Google to make money is to not let devs release their apps. Fortunately some will grow tired and root the device "again" and developers will create programs that function with beta sdk and your device ID that will enable apps to work as they choose. Only issue is we will never be able to receive content updates as that would patch root access. Kinda a lose lose situation. lol
Its cool dont get me wrong... To sit on the shelf and say i have 5 of them. But in know way fun to use if you already had your netflix and youtube experience. I recommend android stick mk808 or higher even a roku as they are very fun to tinker with.
I think before the 3 months of Netflix expire we'll at least see a few more big names come on board. Both developers and customers are beating down the door to get in.
Sent from my Nexus 7 using Tapatalk 4
I can't help but to be pessimistic about all of this. How can a device with such a simple idea of casting not come out with the ability to cast images from your phone to the TV? It is an obvious omission that almost everyone wants and would have been a simple coding to get it working at launch.
Either way though, I must say I really love my Chromecast as-is, even though it does have these unnecessary artificial limitations.
AlexNC75 said:
I can't help but to be pessimistic about all of this. How can a device with such a simple idea of casting not come out with the ability to cast images from your phone to the TV? It is an obvious omission that almost everyone wants and would have been a simple coding to get it working at launch.
Either way though, I must say I really love my Chromecast as-is, even though it does have these unnecessary artificial limitations.
Click to expand...
Click to collapse
Geez people! Have some freaking patients! The SDK is in beta and developers are not allowed to release apps yet. Do you really think they created an SDK to never release it? WTF! It's like a bunch of little kids in a candy store and their mom telling them they can't eat all their candy right away. The SDK WILL be released and people WILL create apps or add functionality to current apps...
Doctors have plenty of patients.
I'd bet the vast majority of purchasers will only ever use this for the 'sanctioned' apps that G itself gets behind. Picasa should have been included out the gate. When I hacked the mk808, it was one of the first things I wanted to do, get my photos up on the big screen. Maybe someday we'll see 'Chromecast-Ready' advertising, but I still wonder how G makes real bank on this product. It's saving grace so far is price and future potential.
edit: and the more I think about it, that future potential tends to circumvent G's interests.
While everyone has a conspiracy theory I think what we're seeing is a typical new product cycle. For a product like Chromecast to be successful Google needs as many apps to support it as possible. However, I'm sure after that app developers are reluctant to support a new hardware product until there are enough devices to warrant it. Look, Windows phone has millions of phones in use but app developers aren't going there. Yes, Chromecast doesn't require much from the app developer but using their precious resources costs money and they don't want to go there until the hardware was proving itself as something people wanted.
Hence Netflix. It was a seed product. An app many millions of people use. If they were on board it could help sell the product. And help it did. I believe the success of Chromecast caught Google off guard. Clearly they weren't able to handle the demand for hardware and the demand by app developers to get things into the Play Store. While they may have thought they'd have until Holiday season to get things rolling, it has been accelerated greatly.
I expect that the next run of the hardware will be bigger and longer. I work for a company that has products made in China. It can take 6 weeks just to get on the schedule of a manufacturer and then many weeks to produce and then 3 weeks to come across the water and go through customs, then another 2 weeks to get into the channel. That's months. Google has more money to throw at the manufacturer to speed things up but there may not be too many suppliers that can make this product.
Time is what is needed. By the end of the year we'll know a lot more. Be patient.
Google blocks Chromecast app that let you stream your own videos...
"Google hasn't provided a clear answer on whether Chromecast will eventually let users stream their own local videos and music to the TV screen. But if early updates for the $35 dongle are any indication, the company doesn't want third-party developers trying to deliver that functionality. The most recent Chromecast update has broken support for AllCast, an Android application that previously allowed users to stream their personal media to a TV. AllCast (also known as AirCast thanks to a trademark dispute) could play back files stored in a phone's gallery, Dropbox, or Google Drive. Developer Koushik Dutta accomplished the feat by reverse engineering the Chromecast's code. He'd released several betas of the app, even planning a release on Google Play, before Google's latest software update broke things — "intentionally" in Dutta's opinion."
Read more...
http://www.theverge.com/2013/8/25/4...chromecast-app-that-let-you-stream-own-videos
They blocked these two apps so far:
https://plus.google.com/110558071969009568835/posts/G3jF2JynLc2
https://plus.google.com/117916055521642810655/posts/23BrB267QHJ
Let Google know exactly how you feel about this issue. If you're not happy downgrade and comment on their official Chromecast app.
https://play.google.com/store/apps/details?id=com.google.android.apps.chromecast.app&hl=en
xuser said:
They blocked these two apps so far:
https://plus.google.com/110558071969009568835/posts/G3jF2JynLc2
https://plus.google.com/117916055521642810655/posts/23BrB267QHJ
Click to expand...
Click to collapse
Those apps were never approved and on the app whitelist. ALL apps are blocked by default. Only approved apps will run on the Chromecast. What those apps were doing was reverse engineering the Chromecast and using a hack to get around it. Google fixed that hack.
New names for Chromecast:
iCast
Castrate
ClosedCast
CastOff
OutCast
Sucks that now only YouTube and Netflix are the only things that'll play. Enjoyed the ability to play local media.
xuser said:
New names for Chromecast:
iCast
Castrate
ClosedCast
CastOff
OutCast
Click to expand...
Click to collapse
I'm calling mine Ebaycast.
I've got a Roku3 that does everything I need..
Very disappointing! I was at a friend's home and he was showing off mirroring his iclone through Apple tv. Was hoping Chromecast would top that.
Sent from my EVO using xda app-developers app
After getting Aircast and fling to work, I ordered 2 more Chromecast dongles. Just cancelled them.
Hopefully Google is just temp blocking until ready to officially supporti 3rd party apps. If not, back to Roku.
I don't know if anyone else noticed but casting a local video file from a chrome browser tab actually plays smoother now. But aircast provided the easiest way to cast a video file from an Android phone.
After getting Aircast and fling to work, I ordered 2 more Chromecast dongles. Just cancelled them.
Click to expand...
Click to collapse
I have no interest in buying another Chromecast until this gets sorted out either.
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me
Click to expand...
Click to collapse
Mostly because it was more useful when AllCast and Fling worked. Kind of back in the ballpark with Google TV now in that it doesn't do a lot (for me anyway). Nothing more, nothing less.
Disappointed
akellar said:
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
Click to expand...
Click to collapse
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
akellar said:
So everyone is disappointed that it doesn't do something they never said it would? A lot to do about nothing if you ask me.
Sent from my SCH-I605 using xda app-developers app
Click to expand...
Click to collapse
It may never have been announced to be able to do it, but to most it was obvious that the device was capable of doing it and that with dev support a lot was possible. It is disappointing to see how restrictive Google is being in taking away support for a function that the chromecast can handle. That being said, there will always be a way to accomplish this, it is just a matter of how inconvenient Google is going to make it.
While Google is within their own rights to change parts of the software that was never intended to be used for 3rd party, it's a massive mistake for Google to do this just to kill off those 3rd party apps. There must be a good reason for it and Google should make a public announcement as to why. There's probably a good % of sales of Chromecast specifically because of the functionality AirCast gave. I was going to buy a ChromeCast only because of the functionality AirCast gave but without this, a ChromeCast is useless for me.
I won't be buying until this functionality is officially supported or Google provides an official API/support for 3rd party applications that do provide this functionality.
Such a shame as Google had some much promise behind this product but that seems to have disappeared.
Hey
Just discovered an app that streams local content to any dnla player - wiTV. It offers mostly russian online contant but.. It also offers streaming local content from all of your devices including apple pc and Android. It creates a dnla local server on mobile devices and you can launch local media playback and scroll through it on the mobile device plays well on my old asus oplay r3 and samsung tv
Have fun and screw u Google! I can't believe i paid $100 to buy junk
Sent from my SAMSUNG-SGH-I747 using xda app-developers app
jamosjamos said:
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
Click to expand...
Click to collapse
The SDK isn't final. And in this case the developer hacked around one of the most essential parts (the app whitelist). No offense, but I don't want Netflix, HBO, etc to pull their content off the Chromecast so Google can let hackers design apps to stream content from my phone in a non-standard way that was never intented. How about we all wait until the SDK is final before judging Google. All they did was fix a security hole in the device.
Techno79 said:
While Google is within their own rights to change parts of the software that was never intended to be used for 3rd party, it's a massive mistake for Google to do this just to kill off those 3rd party apps. There must be a good reason for it and Google should make a public announcement as to why. There's probably a good % of sales of Chromecast specifically because of the functionality AirCast gave. I was going to buy a ChromeCast only because of the functionality AirCast gave but without this, a ChromeCast is useless for me.
I won't be buying until this functionality is officially supported or Google provides an official API/support for 3rd party applications that do provide this functionality.
Such a shame as Google had some much promise behind this product but that seems to have disappeared.
Click to expand...
Click to collapse
I agree.
I purchased the ChromeCast only for the purpose of wireless playing movies from my laptop to my HDTV. I currently use a HDMI cable, but thought wireless would be ideal.
I never use Netflix.
I never use Utube.
I wasted $35 plus shipping, because google refuses to allow me to use the hardware I purchased the way I want to.
It just arrived a few days ago, and I can root it.
But I don't think rooting it will help.
It's just a paperweight now.
Maybe I can return it to Google for a full refund?
ddiehl said:
I'm calling mine Ebaycast.
I've got a Roku3 that does everything I need..
Click to expand...
Click to collapse
Yeah, I just love DLNA support on my Roku3.
jamosjamos said:
I'd say we are disappointed because it appears Google is intent on heading off the kind of innovation and creativity that has made the Android platform so wonderful. Google should let developers do what they do best: reverse engineer, hack and create, to turn Chromecast into the most powerful and versatile device it can be. They should let people root the device, they should let people work around the limits.
The disappointment is more that this is a sign that Google is not interested in fostering a creative, innovative developer community for Android. The disappointment is more that Google seems so short sighted in thinking they need to lock everything down. I thought they knew that a large part of the appeal of the platform has always been how open it is.
Click to expand...
Click to collapse
I hope you sent this as feedback, very well put. The corporate device manufacture, including Google has benefited from free private development. A lot of the features that come on devices today started with the devs witch in turn busted sales from their innovation and put android where it is today.
Sent from my EVO using xda app-developers app
I don't under stand what the problem was. I mean, I was just using AllCast to watch videos of my kids on the TV. I'm not willing to spend time to upload videos to YouTube just to do that (nevermind privacy concerns and the fact the world doesn't care about my kid doing backflips off the couch).
I already have an HTPC for media playback, there's only personal content on my phone.
This was probably disabled because it wasn't using the actual SDK and was more of a hack. Was neat while it lasted.
Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
r3pwn said:
Now that the "gates are open" on the Google Chromecast it *should* in some way, be possible to root it now. I have done some security researching and I was wondering if we could create a malicious streaming app to stream a shebang file (hashbang, whatever you wanna call it; same tactic used in both versions of iOS' evasi0n) to run a script to root the device. We might also be able to stream over elf binaries that use kernel exploits to root the device then use adb to execute them from there. Please comment on your suggestions/thoughts/why this will or will not work. As always, thank you for taking the time to read this.
r3pwn
Click to expand...
Click to collapse
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
bhiga said:
I like your thinking.
The first order would be to get root and disable OTA updates.
As long as the whitelist exists, a malicious app would be difficult to get past Google's approval. Kind of like how iOS had the "flashlight" app that allowed tethering until Apple shut it down.
It might actually have to be two parts - a functional app that has a vulnerability, and some specific trigger that can utilize the vulnerability. A backdoor into a normal app, or a some kind of specific login that triggers a specific server-side response, for example.
AFAIK, ADB isn't enabled on stock Chromecast.
Another potential attack vector is the setup mechanism on the Chromecast-side - for example if the SSID or keyphrase strings can be overrun, but Google may have already checked that stuff.
Because stock Chromecasts auto-accept OTA updates, I fear it will be a continual cat-and-mouse game of finding exploits and having them auto-patched by Google OTAs. Still, at least it would provide an option for folks who have an updated bootloader.
Click to expand...
Click to collapse
The whitelist still exists? I had thought they removed that with the SDK.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
The whitelist still exists? I had thought they removed that with the SDK.
Click to expand...
Click to collapse
According to this in the developer's guide you still have to allow your Chromecast to send its serial number, register your app which gives you an API key, and register your device so it can receive the app.
Only "published" apps will be available without registering your device, so still sounds like Google is the gatekeeper to publicly-available apps.
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Sent from my Nexus 7 using Tapatalk
r3pwn said:
Hmm... I may have to hand over the $5 for the developer fee just to fool around. Or I may find an alternative by the time I can get around to getting a Google play card. Lol.
Click to expand...
Click to collapse
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
bhiga said:
Not sure about your neighborhood, but the WA/OR Costcos are selling a 3-pack of $20 Google Play cards for $54 (so 10% discount)
Click to expand...
Click to collapse
I don't think I want to spend that much. If I don't find something else by then, I could just go to GameStop in the mall (right across the street from my school) and get a $15 one.
Sent from my Nexus 7 using Tapatalk
Walmart also sells play cards!
Sent from my SPH-L710 using xda app-developers app
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
We need to get Chainfire to do the rooting stuff.
Asphyx said:
Not sure we will ever find a security hole in the CCast with the whitelisting in effect but perhaps the search for a vulnerability should be made on the Player Apps that are already whitelisted.
Finding some content that could be sent to (ie via aVia) to play on CCast that isn't really media but does trigger some exploit to root the device.
In fact the cast a tab feature may be the weakest point in the CCast security. Hacking that extension could be the key to exploiting the CCast.
Click to expand...
Click to collapse
I was actually thinking that to myself. There has to be some sort of thing to root the device other than the 2nd stage bootloader exploit that was patched already.
Sent from my iPod touch using Tapatalk
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
cmstlist said:
If anyone did sneakily get an app published with a root exploit, it would certainly risk revoking their SDK permissions due to a ToS violation.
Sent from my Nexus 5 using Tapatalk
Click to expand...
Click to collapse
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Sent from my iPod touch using Tapatalk
r3pwn said:
That is true. But if we exploited an existing app, Google would just "suspend" the app from the Play Store until the bug gets fixed. If the app were free, however, we could just back up a copy of the apk before the bug fix was patched and spread it around here on XDA. I'll look into some apps to see if it's possible.
Click to expand...
Click to collapse
Well the exploit I was referring to would not be in an APK at all...
It would be on the App server CCast loads it's player's from.
The APKs that support CCast do not have any access to the filesystem of the CCast but the Player Apps CCast loads are on the device and the exploit would attack a vulnerability of that app to do something on the unit that the player app never considered.
Sort of like the old WMV exploit to launch web pages inside a Video that if existed as a capability in a CCast loaded Player App could launch a browser operation to a page with the Exploit code.
I'm sure Google has thought about all of that in their implementations but perhaps the 3rd Party Developers have not been so diligent about it.
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Asphyx said:
In fact I think that precise issue is why Google does not allow someone like the PlexDevs to allow launch of Media to CCast from the Local PlexWeb (that can easily be user manipulated since it resides on their local machine) and will only allow them to implement it from the Plex.tv site that is not accessible to user manipulation at all.
Click to expand...
Click to collapse
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
bhiga said:
And probably why Google maintains the whitelist.
As long as there is whitelist, Google can disable an app at will.
So once an external exploit becomes known (ie, "Play this specific video"), Google could easily disable the app until the developer updates it to patch the vulnerability.
The inability to refuse OTA updates and the lack of external accessibility/sideloading makes Chromecast quite secure.
Click to expand...
Click to collapse
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
wideasleep1 said:
Tying CC to google framework/Play is annoying and disappointing. It's a walled-garden Apple approach.
Click to expand...
Click to collapse
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
bhiga said:
It all goes hand-in-hand for making sure things work and making sure the content providers don't yank the carpet out from under them.
If the content providers leave Google, Chromecast becomes useless for all the folks who bought it for what it does, rather than what we want it to be and do.
End-of-day for a product like this, it's user experience that will make or break it. That's probably why Google's being extra-cautious here. They're treading on Apple's turf.
Click to expand...
Click to collapse
Not that I don't disagree, but for the sake of argument, I think that is Google's cop-out. They haven't concerned themselves with this in prior endeavors, although I'm sure the poor showing of GoogleTV had to smart. The truth as I see it: Google wants the data (sigint, if you will) our 'casting' provides, THAT is why it's walled. They may want to couch it with 'quality, content provider compliance,etc.', but only so far as it maintains THEIR sigint. After all, the content providers will always constrain their content as they see fit...it must be on their servers/cdn networks by their own hand. CC is a protocol, and now cannot be enjoyed without their sigint (framework/Play version). Google's modus is provide convenience products for the non-free price of your sigint data, so you can be sold to advertisers.
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
My explanation above offers a possible reason.
edit: apologies to OP for accidentally steering into non-root discussion!
styckx said:
I've often wondered why Google is being this way with Chromecast of all things. Not that they roll out a red carpet to allow Android to be rooted. But they aren't actively trying to prevent it. I mean they've looked the other way forever with Gapps distribution.. I love Chromecast and worth every dime though. Just strange how much they're throwing up the walls everywhere for it
Sent from my Nexus 10
Click to expand...
Click to collapse
Could be a requirement from the providers due to copyright concerns.
..... Are there way to many local media casting apps?
It seems another one pops up every few days.
I am all for a free market but, c'mon, let's get some originality!
Sent from my Nexus 7 using Tapatalk
Nothing wrong with it, in my opinion. One of them might come up as the ultimate Chromecast app. So far for me, top stop is reserved for BubbleUPnP, but I would change in the heartbeat if something better comes out (tough ask).
abuttino said:
..... Are there way to many local media casting apps?
It seems another one pops up every few days.
I am all for a free market but, c'mon, let's get some originality!
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
I was about to post the same thing. So far it has been very redundant and underwhelming. We need mirroring ASAP. And I'm still waiting for that app that makes me say, "Wow, I never thought of using the chromecast that way!"
Don't get me wrong, I love my chromecast. Best bang for the buck in the history of computers/electronics. I'm just spoiled. LOL!
I've never been opposed to choice. In fact it's why I own Android products and not an iPhone.
Sent from my Nexus 7 (2013) using xda-developers app
I stated that in my post. I am all for free market.
I would just hope that someone can think of something better than all these local media streamers.
Sent from my DROID RAZR HD using Tapatalk
abuttino said:
..... Are there way to many local media casting apps?
It seems another one pops up every few days.
I am all for a free market but, c'mon, let's get some originality!
Click to expand...
Click to collapse
I think it's just a matter of those apps being the most logical early adopters for CCast support cause once one media player supports CCast the rest have to make sure to follow or lose marketshare.
And I wouldn't discount Google and the Whitelisting for reasons why we aren't seeing more innovative Apps for the CCast.
Players are pretty straight forward and other Apps are probably getting a bit more scrutiny from Google before getting approved for Whitelisting since those operations actually require a more complex code on the CCast side than the Local Player apps do.
The only thing that I'm disappointed in is the fact that none of the Local Stream Devs are doing much to expand the capabilities of the player on the CCast side. Bubble has probably done the most with it's subtitle support, and Plex's latest release has added a ton of features including Music Photo and some Eye Candy during navigation.
The Most popular Android player apps were popular due to the extra container and codec support they had but unless they can add that support to the CCast side player (difficult I know) their supporting CCast really isn't going to help them retain Market.
As for Mirroring you probably have two forces at play holding it up.
First the Operating System support has to be there which means only devices with 4.2.x or higher will likely be able to run it,
and Second would be the security issues (@bhiga mentioned early on) that could be triggered by some malware that could trigger your unit to mirror to someone else and violate privacy.
Even if someone finds a way to do Mirroring well I would expect Google to go over it with a fine tooth comb before they whitelisted it and lets be honest they may NEVER allow 3rd party Mirroring Apps and prefer to control that function all on their own. Perhaps as part of future versions of Android which currently the SDK seems to have the code for it but is not being used by anyone at the moment.
What is the likelihood of Google going all "Anti-Root" on the ChromeCast like Apple does with iOS? I mean just about every android device has been and is currently rootable for the most part. I knows rooting can be considered a "security threat if misused and all.
~SG
They fixed the first hole pretty fast, so I guess they will do the same with the 2nd hole.
An open media player can be difficult due to licencing issues...
I agree with the previous post on that Google will try to block Chromecast root. But, anyway, I think it's still an awesome device.
I would imagine companies like Netflix prefer the CC locked.
If you ask me...Google has definitely been diligent at securing the device from being rooted. I mean it's almost a year since the last root window opened up and closed.
They definitely learned a thing or two from Motorola about locking up devices!
They have to at least appear to be doing something about securing the device since support from the various content providers is dependent on that security.
A lesson they learned with the Google TV debacle.
Unlike Google TV without content this CCast dongle is worthless!
So yes they will try and do whatever they can to patch up any root exploit they can.
As long as the content providers remain paranoid about piracy, the big G will have to do what they need to in order to make sure there's still content to play via Chromecast.
bhiga said:
As long as the content providers remain paranoid about piracy, the big G will have to do what they need to in order to make sure there's still content to play via Chromecast.
Click to expand...
Click to collapse
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
~SG
SomeGuy2008 said:
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
Click to expand...
Click to collapse
A tablet and phone can do other things than simply play media.
Chromecast minus the media leaves screen mirroring - but only for semi-recent and supported devices. That's not a market of millions of units, otherwise the folks selling Miracast devices would be rich and making shinier products.
(Stock) Chromecast has no interface, no way to sideload apps, and requires applications to support it in their code. Take the Chromecast-enabled apps away and you don't have much left, especially up against the Miracast devices.
SomeGuy2008 said:
I agree. But how does the ChromeCast differ in that respect to a Android Tablet or Phone? Im sure that content providers care about piracy on those devices running android.
~SG
Click to expand...
Click to collapse
The chromecast is built for, and solely marketed as a online media streaming stick. Google needs to show content providers that they are passionate about making their device a secure hardware solution for online media, otherwise if new content providers do not develop for the Chromecast, or current ones opt out Google would have lost the sole purpose of their device.
Android itself is generally easy to unlock devices bootloaders, gain root access and install custom roms, it was designed like that. While the chromecast was locked down. Google are taking a completely different approach to the Chromecast, than they did for their nexus line or Stock android in general.
It really comes down to numbers vs risk.
The solution is to use DRM to protect the content. Pretty easy on a Phone/Tab due to it's beefier processor but not so much on a CCast other than using the built in DRM which could be vulnerable if someone with root access messed with it. On a phone you could create your own DRM system inside the app and even run a root check to deny the app from running which many have chosen to do. In essence that is precisely what Netflix does! And it should be noted that Netflix runs differently on CCast than all the other Receiver apps we see.
While they would probably be more comfortable not supporting Android due to it's rootable nature, when 85% of your target audience is running it it's a little difficult to ignore. Not so much the case with CCast at this point. and without their support it never will capture a majority of the audience.
Truth is the major holdup to content support seems to be the duality required to make CCast work. Not only do you have to code a receiver app for the CCast but you have to build the control and Dial functions into the Mobile app as well to send content to it.
Most media companies aren't this savvy to wrap their heads around that which makes CCast support almost an afterthought.
But back to your question...Yes they are plenty concerned with root on phones and tabs but to deny them means cutting off the lionshare of your target audience. Not the case with CCast at this point and since content is all it does they have some leverage to ignore it if they want until they are sure it is piracy proof.