Certain components of the software included with the Netflix Player by Roku are subject to separate license terms, including "free" or "open source" software ("Separately Licensed Code"). As required by the terms of the relevant Separately Licensed Code licenses, Roku makes the "free" and "open source" code provided under such licenses, and Roku's modifications to such code, available on Roku's website, at no charge.
The source code files referenced on this page have been provided under one or more open source licenses. The source code listed here is complete to the best of Roku's knowledge. If you believe any additional source code files should be provided under the applicable open source license, please contact us at firstname.lastname@example.org and provide in detail the product or code module in question. Roku, Inc. is committed to meeting the requirements of the open source licenses including the GNU General Public License (GPL) and will make all required source code available on its website.
There is one interesting caveat to rolling your own Player: "This product is protected by certain intellectual property rights of Microsoft Corporation. Use or distribution of such technology outside of this product is prohibited without a license from Microsoft or an authorized Microsoft subsidiary."
It took a bit longer that I expected for the hackers to get into the Linux-based device. Mbaily on the Roku forums figured out how to telnet into the Netflix Player:
nmap showed port 8080 was open;
$ nmap [IP]
telnetted to 8080, but no response.
used nmaps scan version flag to yell at the socket with random version detection stuff and got:
$ nmap -sV -p8080 [IP]
Starting Nmap 4.53 ( http://insecure.org ) at 2008-06-12 14:45 PDT
Interesting ports on [IP]:
PORT STATE SERVICE VERSION
8080/tcp open http-proxy?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
[TRUNCATED TO OBSCURE MAC ADDRESSES/SERIAL]
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 131.096 seconds
I was then able to telnet to the ip port 8080 and get to that terminal from then on. I'm not sure why this enabled the debug terminal, but I'm guessing nmap must have sent some bits to it that switched it on.
Thanks to David for sending this in.