Hijacking Chromecast With The Rickmote Controller

rick-astelyWith a simple $35 dongle that plugs right into your TV, it’s possible to enjoy your favorite TV shows, YouTube channels, and everything else Chromecast has to offer. Being a WiFi enabled device, it’s also possible to hijack a Chromecast, forcing your neighbors to watch [Rick Astley] say┬áhe’s never going to give you up.

The rickmote, as this horrible device is called, runs on a Raspberry Pi and does a lot of WiFi shennaigans to highjack a Chromecast. First, all the wireless networks within range of the rickmote are deauthenticated. When this happens, Chromecast devices generally freak out and try to automatically reconfigure themselves and accept commands from anyone within proximity. The rickmote is more than happy to provide these commands to any Chromecast device, in the form of the hit song from 1987 and 2008.

Video demo of the rickmote below, along with a talk from ToorCon describing how the hijacking actually works.

16 thoughts on “Hijacking Chromecast With The Rickmote Controller

  1. Does the Rickmote require an internet connection? I ask because it opens youtube. I don’t have a chromecast, so I might be missing something obvious.

    1. IIRC with C*h*romecast, the phone/computer/remote controlling it essentially points it to a website and the Chromecast goes. So the remote just needs the youtube link hard-coded into it.

      1. The rickmote is is configuring the chromecast for a particular network that you would need to provide.

        This could be provided by the rickmote/pi it-self, and thus the files could be loaded directly, or it could be an existing network that is linked to the internet (hotspot? starbucks?)

  2. Ah Rickrolling, we’re never gonna give you up! Anyway my first question is WTF Google!? A totally open AP, come on! You couldn’t put a password on the AP and then print it on a sticker on the Chromecast? Secondly, since this does netflix I assume that if you have control of the Chromecast when it accesses netflix (if you just let the CC access the internet) you could steal the netflix password and have free flix for yourself? And finally I’ed assume if you replace the RPi with a desktop you could do far more with the CC, like Rickroll somebody for 5 minutes every 15 minutes when they’re watching a netflix movie, show The Beverly Hillbillies when they’re trying to watch House of Cards and every time they try to access cartoons give them xhamster! So cheers to Alt and google, come on.

    1. The chromecast does not actually store your account info last I checked, its just directed by a client app on one of your devices to do something

  3. I was constantly finding my chromecasts were off the network and broadcasting their own open wifi network for anyone to come along and connect to and re-configure them.

    They are now sitting in a drawer because their flakey-ass slow 2.4GHz wifi was never able to stream anything in the evenings, and I was constantly having to power-cycle them to get them to reconnect to the wifi and stop broadcasting their open network.

    What an idiotic idea it was to make them get configured over an open wifi network, and to just open it up because it gets disconnected from the one and only network you can have it configured for.

    Also stupid to have a media streaming device only be able to do 72 megabit on the 2.4ghz band.

    1. I haven’t had any issues with mine so far… maybe you should update them or root them..

      Possibly get a second/dedicated AP for them… which is recommended for any media devices (separate them and limit access to prevent slowdowns on their network)

      Just a thought

  4. You know with all the talk about the chromecast it still took me quite a while to understand that what the thing does is getting commands and then stream directly from the internet, instead of streaming data from a phone/tablet/desktop.

    And when I realized that I immediately saw that it wasn’t for me, and now that clones that can do without internet and stream directly from devices exists (although that method will reduce battery life I hear) I would much sooner go for that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s