open roku .pkg after encrypting

You cannot decrypt the package, only the box has that capability. The best you can do is load the .pkg on a Roku in developer mode and see what contents you can gather through the BrightScript debugger.

--Kevin

Too bad, found a bug and accidentally backed up the wrong version of source before adding untested features to my app.

Git, SVN or another. Choose one and learn it, you'll be thankful you did.

"RokuKevin" wrote:
You cannot decrypt the package, only the box has that capability. The best you can do is load the .pkg on a Roku in developer mode and see what contents you can gather through the BrightScript debugger.
--Kevin

Interesting. I didn't know you could sideload signed pkgs. If that's true, I may need to keep that in mind with clients that have opted not to purchase the source code... :?

You would need to be able to sideload signed packages in order to retrieve and rekey the roku.
Important: If there are no keys installed on your device, the Packager option will not be available. You may either generate a new set of keys or use the ReKey option on the utilities page to install keys on your device.
The “ReKey” button allows you to install a set of keys from an existing applications and use those keys to package a new application. This allows you to use the keys resident in the previous version of the application to sign the new version of the application or enable multiple boxes to sign your application. To do this you MUST have the password that was created when the keys were originally generated. It is highly recommended that you safely store the keys and password for future use. You may create a NULL application package which can be used as a container for storing a set of keys for future use. You may create a NULL application package which can be used as a container for storing a set of keys for future use.

That being said, ROKU employees have offered to 'help' individuals on request in specific cases in the past, so why this functionality isn't available eludes me. It's not like pkg files are easily obtainable outside of the roku channel store AFAIK.
viewtopic.php?f=34&t=36435#p235910 - that implies something could be possible.

"destruk" wrote:
You would need to be able to sideload signed packages in order to retrieve and rekey the roku.

Rekeying isn't side-loading. I'm talking about actually loading and running a pkg file. I didn't think you could do that.

"destruk" wrote:
That being said, ROKU employees have offered to provide the original source files to individuals on request in specific cases in the past, so why this functionality isn't available eludes me. It's not like pkg files are easily obtainable outside of the roku channel store AFAIK.

I think that's a very bad idea. As a developer, I've developed a number of channels for third parties, and I usually charge as much as 30% more if they want to purchase the source code as well. If they choose not to purchase the source code, then I only provide them with the PKG file. If there were a way to decrypt/decompile a PKG file either directly or through Roku, then that's potentially exposing my intellectual property... not a good thing!

"TheEndless" wrote:
I'm talking about actually loading and running a pkg file. I didn't think you could do that.

I thought the same thing, so I turned to the DeveloperGuide.pdf included with the v2.8 sdk:

"Bottom of page 12 of DeveloperGuide.pdf" wrote:

The Application Installer page only accepts applications using the zip file format. This process is often referred to as “side-loading” your application. It does not allow installation of signed (.pkg) applications package files. The .pkg file must be distributed through the channel store mechanism as either a published or private application.

So what did you mean, RokuKevin?

Sideloading a pkg file and running it on the roku does work. I tried it a couple weeks ago and it was fine.
The 'passwords' to key an app aren't insecure. If you kept the password safe then I don't think anyone would be able to brute force it open.

"destruk" wrote:
Sideloading a pkg file and running it on the roku does work. I tried it a couple weeks ago and it was fine.

Good to know!

"destruk" wrote:
Sideloading a pkg file and running it on the roku does work. I tried it a couple weeks ago and it was fine.
The 'passwords' to key an app aren't insecure. If you kept the password safe then I don't think anyone would be able to brute force it open.

If you can side-load (which I just tested, and can verify does work, despite the documentation.. even if your dev key doesn't match :?), then you can debug, which gives access to the full source code as you step through it (which I also just tested). It wouldn't be easy to capture, but it certainly wouldn't be impossible with a scriptable telnet client, and it doesn't require brute force.

Roku, please revisit this functionality, so it works as the documentation suggests...