PlayBook - Unlocking Bootloader Possible [Project]
- 06-29-13 05:48 AMLike 0
- We're trying (at least quackquack147 is trying) to hack it by going in with a JTAG rig and installing a new bootloader. Failing that, I gotta save up for a Nexus 7...06-29-13 05:53 AMLike 0
- 06-29-13 05:56 AMLike 0
- What is the bootloader? And what can you do with it.
I was really looking forward to the new os, but another question was, even if the 10 os did come out for PB how would it have worked with bbm and instant messaging if it was wifi on PB, i am using BlackBerry bridge but having it constantly hooked would have played havoc with my battery life.
Posted via CB1006-29-13 10:39 AMLike 0 - Please sign this petition.this is to tell black berry to unock bootloader for playbook ....https://www.change.org/en-IN/petitio...-of-our-likingchaosdivine and flyingsolid like this.06-29-13 12:16 PMLike 2
-
we can crack the rsa 128 bit. but if its more than rsa 192 or 256 then tough luck, bruteforce is not possible with my limited resource, we need 1000's of quad core cpu running 24/7/365 to crack it and dont know for how long.
which leaves me with no choice but to try and hit the nail hard in the head. its a dirty job and as usual like everytime i love the dirty jobs and always gets my hands dirty.
howarmat, i hope you understood now.
yes its possible, with hardware, software its real tough. we are trying to find other methods. and once i got jtag then i first backup, then wipe, then restore and then i will start to attack the foundation aka system calls. so this is not happening in one day or a week. min 3 weeks max 5-6 weeks.
and i guess not more than than, since once we get the jtag we can shake up the foundation, piece of cake! ;-) got it?
got more doubts? spit rapid fire your questions.
hope this helps!
thanks!
-paul06-29-13 12:56 PMLike 6 -
but you are right. i have 1% chance of failing miserably.
i have explained the process in detail.
hope everyone understands.
and if i say 100% then i will be over-confident and i will for sure fail 100%. UNACCEPTABLE.
so i will keep that 1% in mind and will try to work on it. synerworks been helping me with suggestions all this while. and they been extremely helpful. thanks synerworks.
tomorrow is the D-Day! Red Letter Day!
hope this helps!
thanks
-paulJohny 5 and SEAWARRIOR like this.06-29-13 01:00 PMLike 2 - If Blackberry ever unlocks the Playbook, it would be violating DoD requirements for secured platforms and leave Blackberry with a black eye for military comms equipment in the future. Just imagine all those secured devices used by spooks and all getting a free update to wipe out the Playbook and put whatever you want on it including a clone look-alike that is virtually 100% to the PBOS. Hide all the backdoors in there and leak at will to the neighbors wanting to know how much is really going on. Nope, not even a dumb-a$$ executive would say sure what the hell. If you want it to do what you want, it will need to be broken by anybody other than Blackberry.06-29-13 02:45 PMLike 0
- 99% i wont fail. jtag never failed me.
but you are right. i have 1% chance of failing miserably.
i have explained the process in detail.
hope everyone understands.
and if i say 100% then i will be over-confident and i will for sure fail 100%. UNACCEPTABLE.
so i will keep that 1% in mind and will try to work on it. synerworks been helping me with suggestions all this while. and they been extremely helpful. thanks synerworks.
tomorrow is the D-Day! Red Letter Day!
hope this helps!
thanks
-paul
Okay only said that in hopes you succeed, if you crack it I know some folks that might be interested in loading webOS on it, sure you could load a CM build as well. What's your end game though? If you can crack the bootloader, you have to have a plan for what OS to load, right? As a geek, I am super interested on seeing how this progresses.06-29-13 02:57 PMLike 0 - You WILL FAIL!!!!
Okay only said that in hopes you succeed, if you crack it I know some folks that might be interested in loading webOS on it, sure you could load a CM build as well. What's your end game though? If you can crack the bootloader, you have to have a plan for what OS to load, right? As a geek, I am super interested on seeing how this progresses.
thanks for the lines
You WILL FAIL!!!! -> the catalyst, this always helped me succeed. to thanks for the kick... ;-)
i am not cracking it tomorrow. tomorrow, already tomorrow, i mean in 6 hours from now, full hardware hacking. find hardware weakness. then take a jtag backup. then wipe the device. then jtag restore.
if this works? i can then hit the foundation. syscalls, which is for the non jtag users. so that its easy for them as well.
i am not exactly cracking the loader. nickstarmaster told me the bootloader is 128 bit.
if its so bruteforce the key. else? find fault aka system calls and attack. there is facl and acl and pf (openbsd firewall) so? things are like protected even against 0 day. so rooting alone wont help take over the bootrom.
end game? corrupt /dev/mem and /dev/fmem ;-) not easy. not easy at all. this is what i will be spending all my time. jtag should be easy keepin in mind i know how to jtag but others dont will be my assumption.
now coming to OS? once its locked or wiped or over written? install a new FOSS bootloader.
there is qcfp in the system i assume. i havent seen the full functionality of the entire device as a devuser login. so my target is to corrupt /dev/mem and /dev/fmem steal the keys from me using aes-keyfind and document the entire process.
did you get what i said.
this is a long and complicated plan. i hope i succeed tomorrow. and oh yeah forgot one more thing. use the TI's NDA debugger and try to find the software based weakness. already planning to use the register mapper where i will get the detailed register information and mapping. and then use the TI debugger and disable the HS register and turn it into GP mode.
i may make changes and modify my plan or path or code but i am going in for sure. :-D thats about it. tough work. but somone gotta do the dirty job. thats why i thought i can do it in 3 weeks. but then i may take more than 3 weeks for a non-jtag mode.
so once blueberrymerry said "this is the heights, mount everest" i would say i am not interested in Mt everest, i am game for Mt K2 the most toughest mountain to conquer. someone else can take Everest, i am going after K2. ;-) i hope its all clear now this is the game plan. and this mode of attack is called data drain. i already told in the forum whats data drain. 100% fatality and slow and painful work. ;-)
hope this helps!
thanks
-paul06-29-13 04:04 PMLike 3 - Congrats to the OP for the title of his thread.
Calling a thread "Playbook" on the Playbook forum............OldSkoolVWLover and Djlatino like this.06-29-13 04:11 PMLike 2 - 06-29-13 04:39 PMLike 1
-
Good luck with your hacking away, you are much more bold than me... I let guys like you do the work then use your automated solutions. (wait that's what people do to me at work...)06-29-13 04:45 PMLike 0 - Did you ask my permission to change that? Hehe lol ^my title has been hacked!! .........run away
Posted via CB10OldSkoolVWLover likes this.06-29-13 05:28 PMLike 1 -
work has started. we are probing with multimeter and we are waiting for the tone....... "beep beep"
thanks!
-paulchaosdivine and hienpb like this.06-30-13 01:10 AMLike 2 - Updated thread title, hope quackquack is okay with me including "project" in the title as it is him doing the heavy lifting. quackquack, feel free to PM me if you want me to remove the tag, and if you get more going on this feel free to create a separate thread, let me know and I will link to your thread and close this thread if needed.
Good luck with your hacking away, you are much more bold than me... I let guys like you do the work then use your automated solutions. (wait that's what people do to me at work...)
see ya on monday.
and you dont need to ask to ask, just ask. i will pm you tomorrow. thanks. and bye!
thanks
-paulOldSkoolVWLover likes this.06-30-13 01:14 AMLike 1 -
JTAG PINS LOCATED : Now time to REALLY confirm IF they are real pins or we need to spend more time.
please dont jump right now and create a ruckus. thank you.
thanks
-paul06-30-13 07:04 AMLike 3 -
-
good news. bad news and mixed news.
bad news first: out of 7 pins? we are missing 3 pins and their voltage and current.
good news second : out of 7 pins, one is obviously ground, and we found
#1. jtag_tdi = check
#2. jtag_tdo = check
#3. jtag_tms_tmsc = check
#4. ground = check (obviously)
thirdly, mixed news: board is partially detected ;-)
next work on wednesday most probably. and we will have the rest of the pins. ;-)
posting in detail in rooting forum.
and bambinoitaliano, i dont care if they have a poster or they ran out of posters ;-) and lastly? i am doing this for GSOC14. :-D i hope you know what is it. if you dont here it is. Google Summer of Code 2014. i missed it this year, next year i wouldn't :-D
more info in detail in rooting forum.....
hope this helps!
thanks!
-paul06-30-13 09:43 AMLike 4 - Hello every one, just a french guy withe a poor english.
So, is my first message, please perdon me.
I have an idea, I don't know if it was explored or suggested but I go ; sombody try to dump all the system to make a kind of iso file to play with on a vm ?
After that do a job with this vm and a sowftware like ida or somthing like that, perhaps you will take some precious informations.
I am not a developer ; but I have some ideas that digg in my head
All off us do a great job in this forum, so don't keep the creative fiber !
Posted via CB1006-30-13 05:41 PMLike 0 - If you, or anyone else, figures out how to wipe it clean, so we can load something, anything else, certainly drop me a line. I can sneak time to do stuff, but this kind of stuff is really beyond my current knowledge, so it'd be a waste of time for me to spend trying to help that side of it. :-s07-01-13 12:54 AMLike 0
- Forum
- BlackBerry PlayBook Forums
- BlackBerry PlayBook
PlayBook - Unlocking Bootloader Possible [Project]
« anyone know why my pb won't play videos from time to time ? ( only black screen )
|
Big ol 10 inch playbook »
Similar Threads
-
BlackBerry PlayBook in Movies
By mphillips828 in forum BlackBerry PlayBookReplies: 8Last Post: 06-30-13, 02:07 PM -
Playbook apps and devs.
By Blackman91 in forum PlayBook Apps & GamesReplies: 6Last Post: 06-30-13, 05:10 AM -
Uk win a playbook comp ....
By rb99 in forum BlackBerry PlayBookReplies: 1Last Post: 06-29-13, 04:53 PM -
Love my Playbook
By der_mit in forum BlackBerry PlayBookReplies: 1Last Post: 06-29-13, 04:37 PM -
VIDEO - some of the features of BB Bridge Q10 & PlayBook
By Harry_III_UK in forum BlackBerry Q10Replies: 2Last Post: 06-29-13, 04:10 PM
LINK TO POST COPIED TO CLIPBOARD