قالب وردپرس درنا توس
Home / Tips and Tricks / How to hijack Chromecasts with CATT to view photos, messages, videos, websites and more «Zero Byte :: WonderHowTo

How to hijack Chromecasts with CATT to view photos, messages, videos, websites and more «Zero Byte :: WonderHowTo



Give your Wi-Fi password can give more control than you think. Because of how Chromecast and other IoT devices communicate, everyone in the same Wi-Fi network as your device can often do what they want. With a script called "Cast All Things," we can hijack a Chromecast to play almost any type of media with a single command in terminal.

Internet of Things (IoT) devices are famous for compromising security for the sake of convenience, making them particularly easy to attack. A perfect example is Chromecast, which can effectively be cut off any device in the same local network that knows how to talk to it.

Media devices such as a Chromecast are controlled by simple programming interfaces (APIs) designed to be controlled by messages from a user's smartphone. These are usually sent to Chromecast, as the user runs a mobile application with an interface to control the device. In most cases, these messages do not require any type of password to execute, so Chromecast will respond exactly the same if you send it directly directly ̵

1; without involving the official app.

IoT devices use vulnerable messages to communicate [19659005] Internet devices of things are everywhere, and many use light messaging standards such as MQTT to communicate via Wi-Fi. This standard is kind of like Twitter for Wi-Fi, short simple pre-formatted messages that can be easily transferred between devices on a network network. A network network allows groups of IoT devices to send messages between each other so that all devices have a connection to the Internet even if a device in the cluster has a connection back to a Wi-Fi network.

While this standard of communication is useful, security is often neglected to make it easier to configure the devices. With more serious problems like hard-coded passwords that can't be changed, botnet's a real threat; shortcuts for setting message authentication; and lack of planning to use devices in shared network environments has made IoT security a real problem.

Picture of Kody / Null Byte

] Delete all items for command line control

For anyone who wants a scriptable , easy to install, easy to operate with control over Chromecast devices, the community has an answer. Cast All The Things provides command line access to the Chromecast API, which sets you between the front-end mobile application and the device it controls. Designed to extend the functionality of the Chromecast transition where Google felt comfortably officially supportive, running the project on Python and operating on almost any operating system.

CATT's use for a hacker lies in how easy it is to use and how scalable it is. It is not possible to command each Chromecast on a large network to play a video at the same time as the regular application, as it is not a behavior Google would like to support.

With CATT, a single hacker with a laptop connected to the same network in a large office could order hundreds of Chromecasts to download and play a distracting video at maximum volume simultaneously, causing chaos and confusion at a glance.

CATT can also act as "out of band" or difficult to track, ways to communicate with another person by using Chromecast as a means of transmitting messages. These can either be open, as in the subtitles or hidden, such as changing the programming repeatedly to certain topics.

What you need

To follow this guide, you need a PC with Python installed. In addition, you need an item in the same network as the device you target. This can be a Wi-Fi network or an Ethernet network. This does not work on a guest network if the guest network does not allow you to scan or communicate with other hosts, such as a Starbucks Wi-Fi network.

You also need a Chromecast device to try to control, such as a Chromecast Ultra or Chromecast (3rd Generation). This will work against all Chromecast models because they use the same basic API call. When you have a Chromecast device connected to the same network as your computer, you can download CATT and all dependencies.

Chromecast Ultra Available at Amazon | Best Buy | Google | Walmart

Step 1: Installing CATT

Installing CATT is extremely easy, provided you have installed Python. If you do, just run the following command in a terminal window. While you don't need to, you should also take the time to check out the GitHub page to learn more about how the tool works.

  pip install catt 

Pip installs all dependencies and configure CATT for you. When you are ready to install, you can write catt –help to get a list of all command-line tools to better understand what the script can do. Unfortunately, there is no manual entry for CATT, so the entertaining "man catt" command is currently not going anywhere.

  catt --help 
  Usage: catt [OPTIONS] COMMAND [ARGS] ...

Alternative:
--delete-cache Empty the Chromecast detection cache.
-d, --device NAME Select Chromecast device.
- Help Display this message and exit.

commands:
add Add a video to the queue.
cast Send a video to a Chromecast to play.
cast_site Cast any site to a Chromecast.
ffwd Fast-wrap a video by TIME duration.
info View full information about the current video.
pause Pause a video.
play Resume a video after it has been paused.
Reset Return Chromecast to saved state.
rewind a video after TIME duration.
save Save current permission for Chromecast for later use.
scan Scan the local network and view all Chromecasts and their IP addresses.
search Search the video for TIME position.
skip Skip to next video in queue (if any).
status Show some information about the current video.
stop stopping playing.
volume Set the volume on LVL [0-100].
volume decrease Turn the volume down with a DELTA increment.
volume Repeat the volume with a DELTA increment.
write_config Type the name of the standard Chromecast device into the configuration file. 

Step 2: Scan the network for Chromecasts

CATT does things straight away for us by being able to scan the network alone. Although it is possible to do a Nmap scan to the network, scan by CATT is already set to detect Chromecast devices on the local network.

Without using CATT, you need to calculate the network interval of the network you are on, scan for devices with port 8008 open and then delay information on what type of device it is. All these things are integrated into CATT, so you can discover all the nearby Chromecasts, you can type the following command.

  catt scan 
  Scan Chromecast ...
192.168.0.91 - Probe Team CIC - Google Inc. Chromecast Ultra 

CATT has found a device and shown us its IP address, network name and type of device. We can use this IP address, or the name of the device, to specify which device we want to command if there is more than one.

Since there is only one on this network, we do not need to enter it in the following commands, because CATT will send to it by default.

Step 3: Send a Picture to the Screen

Images like GIF files are extremely easy to view on a Chromecast screen. To view most common image formats, including animated GIFs (played in a loop), you can run the following command.

  catt cast ./mygif.gif

Step 4: Play a remote YouTube Video to the screen

To cast a video host on a YouTube-like site, you can run the following command.

  catt cast "https://www.youtube.com/watch?v=dQw4w9WgXcQ"[19659021] This tool supports many, many websites besides YouTube that have video content, and there is a list of popular videos sites like this tools can support. See  the entire list of websites (several of which are quite nasty). 

With this ability you can either host your own videos you want to play on YouTube and play them with the script or you can actually stream a file directly from your computer.

Step 5: Play a local video with subtitles

Now let's put a message on the media that we throw from our laptop. This means that we can communicate in two layers with the content of the video we play and with subtitles played very visibly over the video when it is played.

To do this, we must make an SRT file, which we can do in nano. In a terminal window, type the following to create a text file.

  nano Demo.srt 

Then paste the following into the text file. You can change the text, but the point looks at how the format works. At the top you have a 0 for where everything starts. Then you have a number for each text block, a time code for how long the text is displayed, and then the text shown below it.

  0
00: 00: 01.530 -> 00: 00: 03.629
HERE IS ANY TEXT

1
00: 00: 03.629 -> 00: 00: 07.819
OH WOW Look at the big text

2
00: 00: 07.819 -> 00: 00: 08.740
It's so big and big OH

3
00: 00: 08.740 -> 00: 00: 13.370
Some more examples TEXT HERE BUT

4
00: 00: 13.370 -> 00: 00: 14.660
There is no need to call

5
00: 00: 14.660 -> 00: 00: 17.699
Never use Priceline

6
00: 00: 17.699 -> 00: 00: 22.720
More text to test

7
00: 00: 22.720 -> 00: 00: 26.300
Here are some sample text

8
00: 00: 26,300 -> 00: 00: 30,000
please pay me with a credit card 

When you have finished creating your text file, type Ctrl-x and then y to save and close the file.

Now, we should have a Demo.srt file to throw along with a local video. It is easy to throw a local video; Just enter the file path after writing catt cast and you should watch the video start playing. To indicate that we want subtitles, we add the flag -s . In the format below, replace "/yourvideo.mp4" with the location of your video file.

  catt cast -s ./Demo.srt ./yourvideo.mp4
 Make local file yourvideo.mp4 ...
Use of Subtitles /Users/Send/Desktop/Demo.srt
Playing yourvideo.mp4 on "Probe Team CIC" ...
Serving local file, press Ctrl + C when done.
192.168.0.91 - - [21/Jan/2019 07:00:41] "GET /? Loaded_from_catt HTTP / 1.1" 200 - video / mp4 - 786.90 MB
192.168.0.91 - - [21/Jan/2019 07:00:41] "GET //var/folders/n1/l_2ynlx91lv57t122lq8lkyh0000gn/T/tmpxxljn3ds.vtt HTTP / 1.1" 200 - text / vtt; charset = utf-8 - 1.69 KB 

Just like that, you should watch your video and text message start playing!

Picture Of Kody / Null Byte

To Spend Less Time If you set different Chromecast devices, you can also configure aliases and add a configuration file. You can create a configuration file by creating a "catt.cfg" file in the following location.

  nano ~ / .config / catt / catt.cfg 

You can add devices in this configuration in the following formats. Under "options", you can add the default device you want to use if you do not specify another when running Catt.

Under "aliases" you can create nicknames for the devices you want to use so you can use that name for them when running the script.

  [options]
device = chromecast_one

[aliases]
en = chromecast_one
two = chromecast_two 

Step 6: Create a Website for the Screen

Finally, we can throw all the sites directly to the screen. Chromecast captures sites with a resolution of 1280 x 720 pixels and displays them on the screen. Although this is useful for casting existing websites, we can also use it to design our own content, put it in a web interface and then just set it to the screen!

Sometimes we want to create something completely false and splash it on the screen and by posting a web address we can even host a web server on our own laptop and throw what we choose to show it directly to the interface .

The command to do this, with this example being Null Byte website, is as follows.

  catt cast_site https://null-byte.wonderhowto.com 
  Casting https://null-byte.wonderhowto.com on "Probe Team CIC". 

CATT can do almost anything on the screen

This tool is useful for a hacker who wants to control Chromecast devices that they do not own, but of course it is very useful for anyone who owns a Chromecast as well. Thanks to the simplicity of controlling Chromecast devices over Wi-Fi, you can set custom triggers to cause action on any screen you want to use CATT.

While the techniques we covered today focused on local networks, it will also work against any Chromecast device that is also directly exposed on the internet. This was shown when hackers found Chromecast units on Shodan and made them play videos that market PewDiePie. You should never do this, so if you have set up port transfer to allow direct access to the Internet for things like a printer, camera or media player, you can expect a message from a hacker saying you subscribed to PewDiePie. 19659002] I hope you had this guide to find and take over Chromecasts! If you have any questions about this tutorial on taking over IoT devices or if you have a comment, please ask it below or contact me on Twitter @ KodyKinzie .

Don't miss: VPN Your IoT and media devices with a Raspberry Pi PIA Routertraffic

Cover photo by TAKA @ PPRS / Flickr




Source link