Roku’s set-top boxes which were known for being cheap and simple to use have now been rooted thanks to hackers from GTVHacker.
GTVHacker have created a tutorial called “Breaking the Secure boot on Roku”. They have also released a video on how to gain root. The team now expects to see ports of popular home theater suites like XBMC which improves the value of the 40$ setup box.
Roku is a company that makes set-top boxes for IP TV (Internt Protocol Televison) that streams from the popular sites such as “Netflix” and “YouTube”. The setup boxes cost as little as 40$ and had a minimalistic interface that was easy to get used to and users could jump right onto and get started on. Roku players do support powerful media player apps such as Plex but due to hardware lockdown, leave the user with fewer choices.
Roku players have a grsec kernel implemented on a bcm2835 ARM chipset. The method involved modifying a portion of the system boot to reduce certain signature n verification checks and loading a new image in.
The method works for most recent Roku devices like the Roku 2 and Roku 3 but not some of the older ones like Sky TV’s Now TV player that runs an older version of the software. Roku 3 testers were report losing root on reboot of the system while Roku 2 testers root persists on the Roku 2. This is because Roku 2 uses the same Broadcom chip found on the Raspberry pi while the Roku 3 runs on different hardware, and therefore needs a the root command entered on each boot.
While the team is working on making Roku 3 root persistent, it expects this vulnerability to be patched by subsequent updates and encourages users to “exploit now or forever hold your peace.”