Latest in Gtvhacker

Image credit:

Roku player software cracked open temporarily, root now to run XBMC later

Richard Lawler, @Rjcc
December 28, 2013
Share
Tweet
Share

Sponsored Links

Roku's line of set-top boxes have been popular thanks to their simple controls, large set of available apps (recently expanded to include YouTube for the new Roku 3) and hardware ranging in price from inexpensive to downright cheap. Still, despite an active and encouraged developer community with custom channels and well-supported media player apps like Plex, the hardware has remained largely on lockdown -- until now. The GTVHacker team that previously unlocked Google TV and Chromecast has found a way to run its commands as root on any Roku 2 or Roku 3 using the most recent software version (unfortunately, that does not at this time include Sky TV's cheap Now TV player, which runs on older software). While the player overall is credited as "considerably more secure than others in the entertainment field" (Samsung comes to mind but it's from from the only one) a development password field provided a way in.

Currently they've only achieved persistence on the Roku 2, which in this case means they can maintain control even after the box reboots by breaking the secure boot process and modifying the initial boot loader. Since Roku 2 runs on the same Broadcom chip used by the popular Raspberry Pi, team member CJ Heres expects to see ports for third-party home theater PC software like XBMC very quickly. The Roku 3 will be a bit trickier since it runs on different hardware, and right now it needs to have the command entered each time the box starts.

Those well-versed in using the command line should find the process simple. A WGET command entered via the development password field pulls down a script -- available from the GTVHacker team -- that makes sure you have the right box and does all the dirty work before rebooting, leaving you with a rooted box, as seen above. Hardware level access on mobile platforms has lead to a number of custom software projects and we'll have to see if the same path is followed here, but if all this does is create a simple $40 XBMC box, it's probably still worth looking into -- and quickly, the team expects this security hole will be patched soon.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Jabra's ANC update for the Elite 75t earbuds is now available

Jabra's ANC update for the Elite 75t earbuds is now available

View
Hummer EV 'supertruck' has a UI built on Unreal Engine and runs Android

Hummer EV 'supertruck' has a UI built on Unreal Engine and runs Android

View
Jony Ive will help design 'the future of Airbnb'

Jony Ive will help design 'the future of Airbnb'

View
Quibi confirms it's shutting down

Quibi confirms it's shutting down

View
Apple iPad Air (2020) review: Who needs the iPad Pro?

Apple iPad Air (2020) review: Who needs the iPad Pro?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr