Hack a Day discovered that Roku has posted the source code for the Netflix Player:
Certain components of the software included with the Netflix Player by Roku are subject to separate license terms, including "free" or "open source" software ("Separately Licensed Code"). As required by the terms of the relevant Separately Licensed Code licenses, Roku makes the "free" and "open source" code provided under such licenses, and Roku's modifications to such code, available on Roku's website, at no charge.The source code files referenced on this page have been provided under one or more open source licenses. The source code listed here is complete to the best of Roku's knowledge. If you believe any additional source code files should be provided under the applicable open source license, please contact us at [email protected] and provide in detail the product or code module in question. Roku, Inc. is committed to meeting the requirements of the open source licenses including the GNU General Public License (GPL) and will make all required source code available on its website.
There is one interesting caveat to rolling your own Player: "This product is protected by certain intellectual property rights of Microsoft Corporation. Use or distribution of such technology outside of this product is prohibited without a license from Microsoft or an authorized Microsoft subsidiary."
It took a bit longer that I expected for the hackers to get into the Linux-based device. Mbaily on the Roku forums figured out how to telnet into the Netflix Player:
nmap showed port 8080 was open;Code:
$ nmap [IP]telnetted to 8080, but no response.
used nmaps scan version flag to yell at the socket with random version detection stuff and got:
Code:
$ nmap -sV -p8080 [IP]Starting Nmap 4.53 ( http://insecure.org ) at 2008-06-12 14:45 PDT
Interesting ports on [IP]:
PORT STATE SERVICE VERSION
8080/tcp open http-proxy?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8080-TCP:V=4.53%I=7%D=6/12%Time=485198E6%P=i686-pc-linux-gnu%r(NULL
SF:,89,"Welcome\x20to\x20the\x20Frampton\x20Debug\x20Terminal\.\n\rType\x2
SF:0'help'\x20for\x20help\.\n\rESN\x20[TRUNCATED TO OBSCURE MAC ADDRESSES/SERIAL]
Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 131.096 secondsI was then able to telnet to the ip port 8080 and get to that terminal from then on. I'm not sure why this enabled the debug terminal, but I'm guessing nmap must have sent some bits to it that switched it on.
Thanks to David for sending this in.
I could be wrong, but I doubt this is "Source Code to the Netflix Player". As the notice says, it is the source code to the "free" or "open source" parts they used. In other words, Linux software that's already available.
Posted by: kh | July 03, 2008 at 09:26 AM
My guess about the "This product is protected by certain intellectual property rights of Microsoft Corporation" is Netflix/Roku player might be using Microsoft's DMR.
Posted by: dave | July 03, 2008 at 12:20 PM
You mean, DRM.
The only thing is, that as soon as someone hacks it. The roku player uses a method to update in the background (like a Wii). So, even if you DID hack it, a simple update could break your hack.
Posted by: comeondave | July 03, 2008 at 12:31 PM
If only they could background update in new WiFi hardware that doesn't cause audio pops.
Posted by: Wade Menard | July 03, 2008 at 08:36 PM
I had the weirdest thing happen to me! i was supposed to get 2 movies on tuesday. one was alias season 5, and one was drillbit taylor
so i go outside to the mailbox and only one was in there
so today i go out there later in the day, and theres a netflix envelope in there, but its ripped open and has been taped with scotch tape, and so i think well maybe someone took it and put it back
or the post office riped it, and it got stuck somewhere, it was 2 days late
so i just opened it figure well it would be drillbit taylor right?its some movie called vitus
Posted by: Cin | July 04, 2008 at 12:29 AM
If it the audio pops, it is your router. I just have a basic DSL connection and I have never had ANY audio pop on either of my 2 players.
Posted by: OdomZ | July 04, 2008 at 03:34 AM
Odomz, how do you know so much about Wade's router?
Cin, on topic?
Posted by: question boy | July 04, 2008 at 03:28 PM
I wish a different router was all that was needed!
As it is I'm using an inexpensive wireless bridge with a ethernet cable to the Roku so it thinks its on a direct connection and (apparently) turns off the WiFi radio.
Roku has been silent on the issue thus far so not sure if its a bad batch of WiFi radios (they are on a daughtercard) or some underlying electrical interference design problems.
I hope they start talking soon and allow us to exchange units.
Posted by: Wade Menard | July 05, 2008 at 01:33 AM
Yeah it looks like most of that is just linux source.
How about a different approach... Has anyone tried copying the Roku software into a VM running the same kernel(like virtualbox)?
I am considering subscribing, but would like to able to watch movies on Linux. Has anyone figured out how to do this?
Posted by: Joe | July 06, 2008 at 11:40 PM
What good is hacking the Roku player or virtualizing the platform? Right now, you can play Netflix and Amazon on demand offerings on ANY pc that can browse the internet. Virtualizing the Roku platform won't provide anything new. The benefit of Roku is it's various multimedia interfaces, ease of use, and HD capabilites. It's a hardware offering.
Posted by: Mike | August 29, 2009 at 12:13 PM
I'd like to see it hacked so I could stream my own collection of videos to the tiny little Roku box instead of my big ol' heavy Samsung DVR (which is LOUD and HOT - comparison to Roku). The form factor of the Roku is great for tacking on the side of the tubed box (old CRT TV...) I use for viewing.
Posted by: Mike S | September 19, 2009 at 08:07 AM
@Mike - like the poster said that you were replying to - it's a Linux problem - Netflix won't support Linux desktops, even though the benefit strongly from Linux in the Roku.
Posted by: Bill McGonigle | October 11, 2009 at 09:23 PM
also @ mike - you can't play Netflix on ANY pc, you have to have Windows XP service pack 2 or higher. We have one machine running Windows 2000 and 3 running Ubuntu and I can't watch any Netflix movies instantly. A linux player would be awesome.
Posted by: amy | October 16, 2009 at 07:56 PM
There must be a linux player, since Roku is linux based...
Can't wait 'till my tech savvy cohorts hack one up from the roku player.
Posted by: Insipsicated | February 22, 2010 at 06:08 PM
i like this part of the post:"t took a bit longer that I expected for the hackers to get into the Linux-based device. Mbaily on the Roku forums figured out how to telnet into the Netflix Player:" is very good
Posted by: generic viagra | April 19, 2010 at 12:49 PM
The reason the Roku set-top box works is because of the video chip they use natively decodes the DRM, the fact that it is running Linux is most likely to keep their costs down - so it's not a software issue as much as it is a hardware issue. They are using an NXP chip.
Posted by: geoff | August 12, 2010 at 12:59 PM
Keep up with your good articles,and I will follow your steps.and now I have some good prodcuts about Air force ones for you,and hope you will have a look it,the way is easy to link my name and see them.they are good for you as well.
Posted by: Air force ones | September 27, 2010 at 03:56 AM
I just walk around, suprised by your blog,please give more information.
Posted by: ugg shoes | October 22, 2010 at 10:32 PM
That trick doesn't seem to open that 8080 port anymore. As of 11/2010.
Posted by: Randall Flagg | November 09, 2010 at 01:43 PM
Addendum:
[email protected]:~$ nmap -sV -p8080 192.168.1.100
Starting Nmap 5.21 ( http://nmap.org ) at 2010-11-09 12:41 CST
Nmap scan report for 192.168.1.100
Host is up (0.00075s latency).
PORT STATE SERVICE VERSION
8080/tcp closed http-proxy
Service detection performed. Please report any incorrect results at http://nmap.org/sub
mit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds
Posted by: Randall Flagg | November 09, 2010 at 01:44 PM
Would it be possible to emulate a software decoder or reverse engineer it or something?
Posted by: joe | November 30, 2010 at 02:18 AM
Millard Fu*#ing Fillmore, you might as well just pay for the damn service...
Posted by: Jim | January 28, 2011 at 08:57 PM
I have a question. Recently within the last two weeks. After watching netfliks for three hours or two movies, the ROKU turns off the internet signal. Anyone else having this problem?
Posted by: Robert | April 17, 2011 at 03:52 PM