-
-
Save interfect/5f68381d55658d334e2bc4619d796476 to your computer and use it in GitHub Desktop.
| #!/usr/bin/env bash | |
| # castanet.sh: Script to connect a chromecast to a WiFi network. | |
| # | |
| # Allows you to put your Chromecast on WiFi and do Chromecast initial setup | |
| # without using the Google Home app at all, just using a normal Linux computer. | |
| # | |
| # You do need your Chromecast to be on Ethernet, or (untested) to join its setup WiFi | |
| # network with your PC, and you also need to find out its IP yourself with e.g. | |
| # Wireshark. | |
| set -e | |
| if [[ -z "${CHROMECAST_IP}" || -z "${WIFI_SSID}" || -z "${WIFI_PASSWORD}" ]] ; then | |
| echo 1>&2 "Usage: CHROMECAST_IP=\"XXX\" WIFI_SSID=\"XXX\" WIFI_PASSWORD=\"XXX\" ${0}" | |
| exit 1 | |
| fi | |
| if ! which curl >/dev/null 2>/dev/null ; then | |
| echo 1>&2 "Install jq to use this script!" | |
| exit 1 | |
| fi | |
| if ! which jq >/dev/null 2>/dev/null ; then | |
| echo 1>&2 "Install jq to use this script!" | |
| exit 1 | |
| fi | |
| if ! which nodejs >/dev/null 2>/dev/null ; then | |
| echo 1>&2 "Install nodejs to use this script!" | |
| exit 1 | |
| fi | |
| # Set VERBOSITY=-vvv to see Curl traffic happening | |
| if [[ -z "${VERBOSITY}" ]] ; then | |
| VERBOSITY=-s | |
| fi | |
| echo "Connecting ${CHROMECAST_IP} to ${WIFI_SSID} with password ${WIFI_PASSWORD}" | |
| # Get the device's public key | |
| INFO_JSON="$(curl ${VERBOSITY} --insecure --tlsv1.2 --tls-max 1.2 https://${CHROMECAST_IP}:8443/setup/eureka_info)" | |
| CHROMECAST_PUBKEY="$(echo "${INFO_JSON}" | jq -r '.public_key')" | |
| # Scan for and find the network we want to get the encryption parameters | |
| curl ${VERBOSITY} --insecure --tlsv1.2 --tls-max 1.2 -X POST https://${CHROMECAST_IP}:8443/setup/scan_wifi | |
| sleep 20 | |
| WIFI_JSON="$(curl ${VERBOSITY} --insecure --tlsv1.2 --tls-max 1.2 https://${CHROMECAST_IP}:8443/setup/scan_results)" | |
| WIFI_NETWORK_JSON="$(echo "${WIFI_JSON}" | jq ".[] | select(.ssid == \"${WIFI_SSID}\")")" | |
| WIFI_AUTH_NUMBER="$(echo "${WIFI_NETWORK_JSON}" | jq -r '.wpa_auth')" | |
| WIFI_CIPHER_NUMBER="$(echo "${WIFI_NETWORK_JSON}" | jq -r '.wpa_cipher')" | |
| echo "${WIFI_NETWORK_JSON}" | |
| # Encrypt the password to the device | |
| # Encryption kernel by @thorleifjaocbsen | |
| # See <https://github.com/rithvikvibhu/GHLocalApi/issues/68#issue-766300901> | |
| ENCRYPTED_KEY="$(nodejs <<EOF | |
| let crypto = require('crypto'); | |
| let cleartext = "${WIFI_PASSWORD}"; | |
| let publicKey = "${CHROMECAST_PUBKEY}"; | |
| publicKey = "-----BEGIN RSA PUBLIC KEY-----\n"+publicKey+"\n-----END RSA PUBLIC KEY-----" | |
| const encryptedData = crypto.publicEncrypt({ | |
| key: publicKey, | |
| padding: crypto.constants.RSA_PKCS1_PADDING, | |
| // This was in the original thorleifjaocbsen code but seems nonsensical/unneeded and upsest some Nodes | |
| //oaepHash: "sha256", | |
| }, Buffer.from(cleartext)); | |
| console.log(encryptedData.toString("base64")); | |
| EOF | |
| )" | |
| # Generate the command to connect. | |
| CONNECT_COMMAND="{\"ssid\": \"${WIFI_SSID}\", \"wpa_auth\": ${WIFI_AUTH_NUMBER}, \"wpa_cipher\": ${WIFI_CIPHER_NUMBER}, \"enc_passwd\": \"${ENCRYPTED_KEY}\"}" | |
| # And the command to save the connection. | |
| # Include keep_hotspot_until_connected in case we are on the Chromecast's setup hotspot and not Ethernet. | |
| # See <https://github.com/rithvikvibhu/GHLocalApi/issues/88#issuecomment-860538447> | |
| SAVE_COMMAND="{\"keep_hotspot_until_connected\": true}" | |
| # Send the commands | |
| curl ${VERBOSITY} --insecure --tlsv1.2 --tls-max 1.2 -H "content-type: application/json" -d "${CONNECT_COMMAND}" https://${CHROMECAST_IP}:8443/setup/connect_wifi | |
| # Hope this one gets there before it can actually disconnect if we're using the setup hotspot? | |
| # Otherwise we have to use Ethernet or jump over to the target network and find the device again. | |
| # See <http://blog.brokennetwork.ca/2019/05/setting-up-google-chromecast-without.html?m=1> for a script that knows how to swap wifi networks but needs to be ported to use the current API. | |
| curl ${VERBOSITY} --insecure --tlsv1.2 --tls-max 1.2 -H "content-type: application/json" -d "${SAVE_COMMAND}" https://${CHROMECAST_IP}:8443/setup/save_wifi | |
| # To see it working, if you aren't kicked off the hotspot (or if you set the new CHROMECAST_IP in your shell): | |
| # | |
| # curl --insecure --tlsv1.2 --tls-max 1.2 https://${CHROMECAST_IP}:8443/setup/eureka_info | jq . | |
| # | |
| # To list known networks: | |
| # | |
| # curl --insecure --tlsv1.2 --tls-max 1.2 https://${CHROMECAST_IP}:8443/setup/configured_networks | jq . | |
| # | |
| # To forget a newtwork: | |
| # | |
| # curl --insecure --tlsv1.2 --tls-max 1.2 -H "content-type: application/json" -d '{"wpa_id": 0}' https://${CHROMECAST_IP}:8443/setup/forget_wifi | |
| # | |
| # If you leave Ethernet plugged in, the Chromecast will ARP for its WiFi IP on | |
| # Etherenet and drop the WiFi connection! Unplug the Chromecast, and plug it in | |
| # again with no Ethernet, to get it to keep the WiFi connection up! | |
| # | |
| # Set Name and opt out of things: | |
| # | |
| # curl --insecure --tlsv1.2 --tls-max 1.2 -H "content-type: application/json" -d '{"name": "NovakCast5000", "opt_in": {"crash": false, "stats": false, "opencast": false}}' https://${CHROMECAST_IP}:8443/setup/set_eureka_info | |
@interfect I'm sure I'm always in the setup. After the reset of the CCwGTV, I've just paired the remote and to get the page showing QRCode to be scanned with Google Home. Hotspot is enabled only from this page, and only this page provide the wifi password. So... I've no idea why "tos_accepted":true 😄
But yes, I'm pretty sure things have change with this new chromecast (tested you script with a Chromecast gen3 yesterday and was perfectly working). I've managed to get the public key with this command:
openssl s_client -showcerts -connect SERVER_IP:6467 </dev/null 2>/dev/null|openssl x509 -outform PEM > server.pem
but can't manage to encrypt properly my password with it, CCwGTV refuse it, not sure why... Will continue debugging.
Yeah, if there's a QR code from the cast device to the set up device that you need to scan then there's definitely a different process going on. Maybe the public key is in the QR code? The device isn't in contact with Google yet, so either the QR code has what is needed to do the setup or it has something you send to Google to get back something from them to do the setup.
Amazing, thank you so much! 🎉
Worked for me on hotspot also. NB if you get "can't connect to server" from cURL, make sure you don't have a VPN active.
Thanks for posting the script, it's very helpful.
In case anyone else gets connection refused errors from curl when running the script, it seems older versions of the chromecast firmware only exposed wifi setup services over http on port 8008. I had this issue with a gen3 chromecast right out of the box (manufacture date 05/2021).
Old firmware:
"build_version": "123837"
"cast_build_revision": "1.32.123837"`
$ nmap 192.168.255.249
Starting Nmap 7.80 ( https://nmap.org/ ) at 2024-01-02 15:10 EST
Nmap scan report for 192.168.255.249
Host is up (0.0037s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
8008/tcp open http
8009/tcp open ajp13
9000/tcp open cslistener
I changed the curl calls to use http on port 8008 and everything went smoothly. Once the chromecast was connected to wifi, it did an automatic firmware update and rebooted. Interestingly, after the firmware update the chromecast now exposed setup services on https port 8443. This port was then required to be used for setup on the new firmware, so the script above worked as is.
New firmware:
"build_version": "291998"
"cast_build_revision": "1.56.291998"
$ nmap 192.168.255.249
Starting Nmap 7.80 ( https://nmap.org/ ) at 2024-01-03 15:04 EST
Nmap scan report for 192.168.255.249
Host is up (0.0073s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
8008/tcp open http
8009/tcp open ajp13
8443/tcp open https-alt
9000/tcp open cslistener
10001/tcp open scp-config
On Linux I'm having some trouble. Any thoughts on this?
Error: error:0680007B:asn1 encoding routines::header too long
at Object.publicEncrypt (node:internal/crypto/cipher:79:12)
at [stdin]:5:30
at Script.runInThisContext (node:vm:129:12)
at Object.runInThisContext (node:vm:307:38)
at node:internal/process/execution:79:19
at [stdin]-wrapper:6:22
at evalScript (node:internal/process/execution:78:60)
at node:internal/main/eval_stdin:30:5
at Socket.<anonymous> (node:internal/process/execution:195:5)
at Socket.emit (node:events:525:35) {
opensslErrorStack: [
'error:0688000D:asn1 encoding routines::ASN1 lib',
'error:0688010A:asn1 encoding routines::nested asn1 error',
'error:06800066:asn1 encoding routines::bad object header'
],
library: 'asn1 encoding routines',
reason: 'header too long',
code: 'ERR_OSSL_ASN1_HEADER_TOO_LONG'
}
@Cyanatide Are you sure it isn't set up already maybe? How did it get
"tos_accepted":true?Or maybe the protocol has indeed changed.