Having Fun With In-Store Chromecast

by lol-md4

If you've ever used Chromecast (more generally Google Cast), you'll know how easy it is to send something (often a video) to your TV so others can enjoy.

And any consumer electronics store (I'll cover Best Buy, but others are by no means exempt) will be sure to have Internet-connected TVs nowadays.  So why not tap into all this potential that these TVs have?

Nowadays, Best Buy has two Wi-Fi networks (with three ESSIDs): BestBuyGuest, BBYDemo, and BBYDemoFast

All in-store "demo" devices (smartphones, TVs, laptops, etc. that are on display) are connected to either BBYDemo or BBYDemoFast; they're on the same subnet so both give you access to the same devices.  The PSK for the BBYDemo networks, by the way, is "blue1966" at the time of this writing.  If this still works at your Best Buy, go ahead and skip to the "casting" section.

Getting the Wi-Fi Password via Android Devices

But what if they change it?  (I sure hope they do!)  Well, recall that all demo devices are connected to the same network.  All of them have the password stored in plaintext, so it's clearly a secret that's very hard to keep.  You'll just need to find a machine that will give you root/admin access and retrieve the password from it.

I got the current one by rooting Android devices running 4.4 using Towelroot.  Since Best Buy censors towelroot.com, download tr.apk before you go and save it to your smartphone.  You could also save it to a personal mirror or a file sharing service.  When you arrive, look for the old, cheap Android devices.

Search "Settings -> About Device" for the Android version and, if it's 4.4, Bluetooth tr.apk over.  Now just install and run tr.apk.  If it doesn't work (and you have time to wait for the device to reboot), try some of the modstrings as found on Towelroot's website.

I've had luck with temproot (you only need root once, after all).  Otherwise, move on to another device until you root one.  If you can't find any 4.4 devices (quite possible by the time you read this), you may have some luck with Kingo Root.  It seems like a gimmick to me, but many have reported success with it.

Now that you have root, getting the password is the easy part.  Just hit up the Google Play Store and search for "Wi-Fi Password" or similar.  There should be an abundance of apps, but I recommend "WiFiKeyshare" because it's Free/Libre OSS.  Notice that when you open the app, you will not be prompted for root access.  This is because the "su" binary placed by Towelroot grants all access by default.  (If you used Kingo Root, you may be prompted.)

Select the Wi-Fi network all the devices in the store are connected to and hit "View Password".

Good!  Skip to the "casting" section below.

Getting the Password Using Windows Machines

Using Kon-Boot to Get Admin

No luck with the phones?  Most of the Windows machines do not allow customers administrator privs, but if you do find one, skip down to retrieving the PSK below.

Meanwhile, Kon-Boot is an awesome bit of commercial software that lets you bypass login screens and escalate to admin if you have physical access.  Plus, this method should work on all Windows machines.  After writing it to a USB, just boot to it on the target machine.  (You might have to disable Secure Boot in the UEFI settings first.)  When you get to the login screen, try to login as the administrator if present or anyone else if not.  Now just type literally anything (longer than 0 characters) and press Enter.  If it worked, you'll be logged in.

Do Win+R -> cmd.exe -> Enter.

If you're in System32, change to another directory.  Do "copy C:\Windows\cmd.exe cmk.exe" followed by "cmk.exe".  If all goes well (BSoDs are possible), this new command prompt is running as nt-authority\system!

Retrieving the PSK via the Command Line

Just run: netsh wlan show profile name=BBYDemo key=clear

Find the password under "Security Settings -> Key Content".

Via the GUI

Right-click on "Start" (or press Win-X) then open "Control Panel -> Network and Sharing Center".

Click the "Connection: Wi-Fi" link.

In the Wi-Fi status window, click "Properties".

In the Wi-Fi Properties window, click on the "Security" tab and check "Show Characters".

Casting Videos!

Chromecast

You're in the Demo network.  Now what?

Most, if not all of the TVs on the network, support Google Cast or screen mirroring.  Open a supported app (*cough*YouTube*cough*), open what you want to play, and hit this button:

You'll be presented with a list of TVs/Chromecast devices to cast to.  Most are named after their size (e.g. LG60L337 = 60"), so pick the largest one you can find and head to the opposite corner of the store.  Pretend to shop for items and hit play!

Screen Mirroring

In case you'd like to cast an app that doesn't support Google Cast (such as a web browser), open "Settings -> Display & Lights" and then scroll down to "Cast".

Check "Enable Wireless Display" in the menu and choose a device.

Be careful though, as this casts your entire screen once connected.  So if you're showing off an OEM theme or have icons in your notification bar, those could be used to identify you and kick you out.  So perhaps you should stick to Google Cast apps.

Have fun!

References and Suggested Material

Towelroot: towelroot.com

modstrings: towelroot.com/modstrings.html

Kingo Root: www.kingoapp.com

Kon-Boot: kon-boot.com

Big Bill Hell's, a pretty fun video to blast:

You could also go for something more subtle, like a nature slideshow dubbed with an extremist podcast, for example.

Return to $2600 Index