Caster - Google Devs

Enumerating Google Devices

PreviousCaster - Amazon Devs NextCaster - Roku Devs

Last updated 1 year ago

Caster - Google Devs

Enumerating Google Devices

This section will try to explain the Google side of things! We will go over just a few basic commands that can help you get some information on a Google device ( which may or may not be supported ) as well as change a few things by abusing endpoints!

Note: The Google section has only been tested on two IoT devices by Google which is the standard streaming HD4K Chromecast and the Chromecast Dongle. These endpoints may not work for every version and compatibility has not been tested yet.

enumerate cast-setupinfo - This command will grab the basic information for device setup. The endpoint that is requested will also slap a public-key in the response, however, for formatting and frontend reasons, this data ends up being written to the file since the key is too long to fit within a box. So you will see where it gets written to. Below demonstrates this command.

enumerate cast-legacyinfo : This command is special for a few reasons. When attempting to reverse engineer the Chromecast, there were a few things that were noticed: especially when it came down to shutting down applications or the device itself. That thing that was noticed? Some of the endpoints require authentication with specific parameters, that is, if they are with new forms of data. Google keeps a unique set of legacy configurations on a server which is actually used by the Chromecast for a few reasons. This legacy configuration can help you gather further information about the device itself. However, at the time of writing this, this endpoint only carries application information so Caster has another option for that. This is why Caster does not make an attempt to parse the response.

enumerate cast-legacyapps : This is the second option above that we were talking about. This option will attempt to make a request to that server and retrieve the information by only parsing very specific applications. Below is an example of what this looks like.

enumerate cast-activeapp : This is a bit more of a direct information bit for you. In the case that you ever want to remotely shut down an application on a Google Chromecast, you should check if the application is currently running first. This option allows you to take a given application ID or name and then check if it is currently running.

enumerate cast-shutdownapp: This nifty little option allows you to shut down the application currently running on the device based on the application ID. So, it is preferable that you try to grab all legacy applications and their IDs if you are trying to shut one down. If the application ID does not exist or if the application is not currently running, Caster will return the status code from the server which is typically 404.
enumerate cast-devdescription : Like many of the devices on this list, they all have a way of getting the device's general description and a way of capturing very specific information. This option allows you to get the device description which is just a set of device information that identifies the device.

enumerate dev-changename : This amazing little tool is about the closest as you can get to device modification. This command allows you to set custom names on the device if you want to. Now, unlike Roku, Google does not seem to be blocking characters, so, do what you will with that info. The screenshot below shows that we are setting the device name to hello world and then verifying it by grabbing setup information.

PreviousCaster - Amazon Devs NextCaster - Roku Devs

Last updated 1 year ago

Note: The Google section has only been tested on two IoT devices by Google which is the standard streaming HD4K Chromecast and the Chromecast Dongle. These endpoints may not work for every version and compatibility has not been tested yet.

enumerate cast-setupinfo - This command will grab the basic information for device setup. The endpoint that is requested will also slap a public-key in the response, however, for formatting and frontend reasons, this data ends up being written to the file since the key is too long to fit within a box. So you will see where it gets written to. Below demonstrates this command.

enumerate cast-legacyinfo : This command is special for a few reasons. When attempting to reverse engineer the Chromecast, there were a few things that were noticed: especially when it came down to shutting down applications or the device itself. That thing that was noticed? Some of the endpoints require authentication with specific parameters, that is, if they are with new forms of data. Google keeps a unique set of legacy configurations on a server which is actually used by the Chromecast for a few reasons. This legacy configuration can help you gather further information about the device itself. However, at the time of writing this, this endpoint only carries application information so Caster has another option for that. This is why Caster does not make an attempt to parse the response.

enumerate cast-legacyapps : This is the second option above that we were talking about. This option will attempt to make a request to that server and retrieve the information by only parsing very specific applications. Below is an example of what this looks like.

enumerate cast-activeapp : This is a bit more of a direct information bit for you. In the case that you ever want to remotely shut down an application on a Google Chromecast, you should check if the application is currently running first. This option allows you to take a given application ID or name and then check if it is currently running.

enumerate cast-shutdownapp: This nifty little option allows you to shut down the application currently running on the device based on the application ID. So, it is preferable that you try to grab all legacy applications and their IDs if you are trying to shut one down. If the application ID does not exist or if the application is not currently running, Caster will return the status code from the server which is typically 404.
enumerate cast-devdescription : Like many of the devices on this list, they all have a way of getting the device's general description and a way of capturing very specific information. This option allows you to get the device description which is just a set of device information that identifies the device.

enumerate dev-changename : This amazing little tool is about the closest as you can get to device modification. This command allows you to set custom names on the device if you want to. Now, unlike Roku, Google does not seem to be blocking characters, so, do what you will with that info. The screenshot below shows that we are setting the device name to hello world and then verifying it by grabbing setup information.