/rickmote

The Rickmote Controller (2) Hijack TVs using Google Chromecast

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

rickmote

The Rickmote Controller: Hijack TVs using Google Chromecast

The Rickmote Controller

The Rickmote is a Python program for Hijacking Chromecasts and playing arbitrary video to their connected TVs. Full details on how the hack works will be provided at the talk "Rickrolling your Neighbors with Google Chromecast" at HOPE X in New York. See you there!

Additionally, this is all streamlined into a Raspberry Pi (pictured above) with details to come soon at BlackHat USA 2014's Tools Arsenal! If you just can't wait and want to try pranking your friends right away, here are the vital ingredients:

Software Dependencies:
  • aircrack-ng
  • Tkinter python library (python-tk in debian)
  • hostapd
  • dnsmasq
  • Network Manager, specifically nmcli
3D Printed Case:

Download the 3D models for the slick Rickmote 3D printed case here at Thingiverse http://www.thingiverse.com/thing:398100

Hardware Recommended by Original Developer
not me!
Setup Assumptions:

The Rickmote Controller needs to pull a lot of Wi-Fi shenanigans in order to automate the hack. For best results, you may want to try using Kali Linux as it has the easiest setup for wireless drivers that support injection. Also note that we are actively working on reducing these assumptions! Sorry it's so specific in the meantime.

  • Three wireless interfaces.
    • wlan0 is a client interface that is set to Managed mode
    • mon0 is a monitor mode interface that supports packet injection
    • wlan1 is a an AP that is set to Master mode
  • wlan1 is an access point to an open AP named "RickmoteController", using hostapd
  • wlan1 has an IP of 192.168.75.1, netmask 255.255.255.0
  • A working Internet connection, bridged to wlan1
    • Tethering to a smart phone tends to be a decent method
    • We currently only have support for playing YouTube videos from the real Internet
  • It is also worth noting that the current Rickmote de-authenticates every wireless network it sees, and is generally very rude

More Information

For more information, try here.

TODO: Create docker container for access without raspberry

Notes (CY)

How the procedures work for Hijacking Chromecast:


  • 1: Deauth the STA connectivity of Chromecast to the WiFi AP.

  • 2: Connect to the AP mode of Chromecast, usually set as "Network Name"

  • 3: HTTP POST to set the Chromecast to the AP setup for hijacking purpose

  • 4: Find Chromecast using upnp protocol using multicast address (not working certain times)

  • 5: Enable the Youtube apps