People have been hacking streaming media devices such as the Apple TV, Google TV, Chromecast for ages by gaining access to root permissions and installing third party apps that wouldn’t otherwise be supported.

Now it’s Roku’s turn.

roku dev settings

Roku makes some of the most popular devices for streaming internet content to a television, but the built-in software is pretty secure, which is why it’s taken years for hackers to find a good way to root the devices.

Now the folks at GTVHacker have found a way in. Roku recently rolled out a software update with a security exploit that allows users to take “temporary” root control. That means you lose root access as soon as you reboot the device.

But on some older Roku models, the temporary root method has provided an entry point for “persistent” root. In other words, if you have a supported model, you can root it now and hang onto your root access indefinitely. Roku may eventually push out a software update that removes the vulnerabilities, so if you think you might want to root a Roku box, there’s no time like the present.

You can find more details at the GTVHacker blog and wiki. You may be able to root most Roku devices, but persistent root is only available on second-generation devices with Broadcom BCM2835 chips, including the Roku LT, Roku 2 HD, Roku 2 XD, Roku 2 XS, and Roku Streaming Stick.

Right now there’s not much that casual users can do with root access. But this move paves the way for third party apps such as XBMC to run on Roku’s inexpensive media streaming devices.

The newer 3rd-generation Roku devices aren’t supported, and not only will you not be able to hold onto root after rebooting your device, but you won’t be able to block automatic software updates which may remove the vulnerability.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,535 other subscribers

8 replies on “Running unsigned code on some Roku media streaming boxes”

  1. Can Ruku 2 XS devices currently be rooted with the out of box OS version before it updates? Thanks!

  2. I wish someone would do this for the Roku HD (2500) and Roku LT (2450), which have the BCM7208 chips.

  3. It would be nice if we can install some kind of VPN client or configure use of a DNS proxy on the device, for those using the device in countries that have geographical limitations places on their use..

    1. Much easier to do at the router level using dd-wrt or something similar.

  4. I think the autoupdate system and the fact that Plex is on the Roku as-is will deter me from rooting it. It just works so well out of the box for me.

  5. Brad,

    Just tried something really cool with Lubuntu…(needs to be refined)…
    Good bye 1024×600 with most netbooks. I wonder if the same can be done for 1024×600 Android?

    Use this below to run in Lubuntu on 1024×600 Netbook screen to scale the whole screen to –scale 1.28×1.28 – gain very usable screen realestate on less than usable 1024×600 screen.

    Tested on Dell Mini 9 and HP Mini 1000 (need to have the commands timed correctly to work).

    This is easy to do FOR ANYONE TO FOLLOW now because…
    Lubuntu 13.10 has new default application menu in

    1st make a file (exceutable)… call it gui-netbook
    Put it into the /home/treasurer/.config/lxsession/Lubuntu folder
    where the startup file is located (or anywhere you want, but why not here).

    This is the text of the “gui-netbook” file:
    sleep 4 ;
    xrandr –output LVDS1 –mode 1024×600 –scale 1.28×1.28
    sleep 0 ;
    xrandr –output LVDS1 –fb 1024×768 –panning 1024×768
    sleep 2 ;
    xrandr –output LVDS1 –mode 1024×600 –scale 1.28×1.28

    Then go to:
    Preferences>Default applications for LXsession (select the Autostart option)
    type – in the blank field the following location to the gui-netbook file you will execute in the autostart file…
    /home/treasurer/.config/lxsession/Lubuntu/gui-netbook

    The autostart file for Lubuntu will then autostart the gui-netbook file and change the
    resolution. Note that the timings can be changed depending on netbook version
    AND some other gui resolution fine tuning is needed to have all the apps use the new screen size.
    Might have to manually adjust the application to use the full screen size (have not had time to
    look into this).

    Close and test by logging out, and logging in – see if resolution is higher than 1024×600
    YEP – good bye 1024×600 with Lubuntu (if you want)…

    –> AND Optional afterward – to alter the view of the desktop them…
    RUN this command and see what happens next
    xrandr –output LVDS1 –mode 1024×600 –scale 1×1

    –> then to swtich back from command line or
    RUN – the following command to scale back again to like before…
    xrandr –output LVDS1 –mode 1024×600 –scale 1.28×1.28

    Yep, just wish it could happen where you can scale from lxrandr effort or menu programed to hot key to switch… it can be done, I just have not gotten that far yet… Those last two commands could be assigned hot key status…! Very cool.

  6. So excited to try this, but before I do I have 4 questions to ask.

    1. Does this work on the regular Roku 2 (as in the one without xd, hd, xs at the end of the name.)
    2. If I does work on Roku 2 will it be persistent (be there after a reboot and an update).
    3. How do you enable developer mode on Roku 2.
    4. Can you brick your Roku doing this?

    Thanks to anyone who can help I can’t wait to try this out!!

    1. Ummm. If you read the article click on the link under the word wiki and all your answers are there.

Comments are closed.