1. quackquack147's Avatar
    Hello there!
    greetings! everyone!
    So i finally finished building the rom which is necessary to boot the device off this is called the first stage bootloader. then it chainloads into 2 or more bootloaders. i am not sure into how many chains BB PB loops. I have consulted too many urls and pdfs and wiki pages and i tried to rebuild the signed boot loader. the files are in this order.

    http://forums.crackberry.com/playboo...ml#post8627883

    http://filebin.ca/k8S33c5yTT8/x-load.bin -> unsigned pristine binary, this will not get loaded dont try this this is for reference.

    http://filebin.ca/k8SYHMiCMwk/x-load.bin.ift -> this is the signed binary aka first stage boot loader or second stage boot loader trigger switch. this fine is the MOST important one. this file is what you need to flash and nothing more/less.

    http://filebin.ca/k8TUyZx1Kr4/u-boot.bin -> this is the second stage boot loader or boot chain loader. this will help you load any other OS may be even blackberry OS. i am not sure. though.

    as of now you need these three files. at a later point of time i will upload the git tarball and also the patches and checkouts. and i hope i will write a tutorial with my broken english. for the geeks and developers who wish to DIY their own loaders.

    and lastly i will also try to write a tutorial for windows users. damn i have not used windows since ages.

    you also need one more file. OMAPFlash_tuna.zip -> this is the flasher. luckily or unluckily blackberry doesnt like linux or bsd so i am helpless. else i would have tried it first on my device and also i got no windows machine.

    i am awake since yesterday 6:00 am India standard time till now 9:00 pm India standard time. dead tired and exhausted. i would like to call it a day. too much typing and posting and reading and coding and debugging. looks like i am right now screwed up beyond any repair. so kindly post your queries and when i log back in tomorrow i will try to answer as many beta tester as i can.

    and i will try to install windows in KVM and/or xen and will try to take screenshot and post instructions hoping that it will help beta testers of the unfortunate bricked blackberry playbook owners.

    thanking everyone again and signing out for today. I need sleep badly. good night.
    -paul

    p.s. dont forget to download the 4 files. they are important. esply signed loader and u-boot and the flash thingie for windows.
    Robert Storph likes this.
    06-10-13 10:25 AM
  2. Superfly_FR's Avatar
    Bricked PlayBook ?
    You must be confused: are you trying to root the box ? (lol)

    More seriously.
    Old horse is saying : unless you are VERY advanced in ROM programming and chips, this is nowhere something you should do. Unless you really want to observe with your own eyes one of the first dead-bricked PB : yours.
    06-12-13 03:33 AM
  3. quackquack147's Avatar
    Bricked PlayBook ?
    You must be confused: are you trying to root the box ? (lol)

    More seriously.
    Old horse is saying : unless you are VERY advanced in ROM programming and chips, this is nowhere something you should do. Unless you really want to observe with your own eyes one of the first dead-bricked PB : yours.
    Superfly_Fr hello there!
    greetings!
    yes bricked playbook. lawguyman got a soft bricked playbook. i did ask him if he could. but he didnt say anything and no reply.
    am i confused? i guess i am more confused now than i was when i first purchased 2 64 GiB playbook for 18K INR each.
    and this makes me double confused because i am trying to root the box. and i am not sure how (UN)successfull i will be. lol because then i asked others how to do it. and now others ask me how its to be done. ;-) which i dont know as of now till this very key stroke. ;-)

    well there old horse about my experience in rom programming? i have successfully debricked many wifi routers and also not successfully with many. i am well versed with openocd and tjtag/jtag (mostly openwrt) by tornado from dd-wrt forum and dairyhairymaid from openwrt. have ported openwrt to 2 device on my own w/o much help lava w150 (google up please)!
    upsized the thinkpad t60 and x60 with 4 MB coreboot opensource bios/firmware replacement and gpg signed the kernel and chain bootloader aka grub which gets triggered via seabios. thats not all planning to upsize further to atmel at24c256 soic8 flash chip pushing the limit to 32 MiB rom find me a laptop with 32 MiB bios or even 4 MiB bios and i will buy this talk. ;-) till then i will keep staring your advertisement ;-) (no offense given none taken) nokia n900 is a whole different story.

    plus i have upsized many ram and flash chips in wifi routers and was easy. ;-) and lastly if i try it i will have the first brick?

    you just hit the nail hard in the head. because every doctor must try the medicine first on himself and should be prepared of two things, he/she will either get vaccinated with the med or may die of unknown causes. ;-) i got 2 playbook 64 gb eash, which means you can chuckle more that i will have 2 bricked playbooks instead of just one. and thats not all. if no one shares his/her dead/bricked playbook? i will buy one more from grey market be it locked/stolen.

    with jtag and i2c via buspirate i think i will have a less hard time ressurecting it. but the hard part is bypassing the stock firmware and bootloader with the method i am about to experiment.

    label be a ******, since i am wasting my youth with technology when i could be doing things. ;-)
    thanks
    -paul
    06-12-13 04:33 AM
  4. quackquack147's Avatar
    Superfly_FR

    what are the different ways available to brick a device? hard/soft/dead. i havent bricked any. so if you have bricked it or if someone else did brick it, can you share how you really did brick it.

    brick by brick you bricked the full house, now can you also tell me how you really bricked it.

    because i decided to purchase myself a second hand stolen/locked device and then will try the various method which others have used to successfully brick their device. because no one will send me their BB PB so i decided to spend around 7-8K INR and get it for some serious R&D. and also because i dont think no one will share his wife with someone else who is learning to screw around. unacceptable. and i fully understand and respect their sentiments.

    now, if you or others know how they did it is extremely useful. if i know how it was deconstructed then i guess i can reconstruct. this/these information i assume is going to help. if you have bricked your device what kind of brick is that? soft/hard/long/medium/short etc etc.

    what are the various ways people have successfully bricked it. might prove extremely valueable to me.

    reading time.... back to reading 5554 pages of TI junk! sigh, i hate this geek life of mine. ;-) and blackberry just did the icing on the cake. yummy.

    thanks
    -paul
    06-12-13 07:57 AM
  5. Dr_Acula's Avatar
    On playbook I don't think much people got a hard brick. Which may be possible with throwing a brick at it. U can brick a pb with updating it with PC and pulling out the USB b/w the process.

    Other thing, no luck with the bricked board. He got it fixed and traded it for iPad mini.:what::banghead:
    06-12-13 08:48 AM
  6. quackquack147's Avatar
    On playbook I don't think much people got a hard brick. Which may be possible with throwing a brick at it. U can brick a pb with updating it with PC and pulling out the USB b/w the process.

    Other thing, no luck with the bricked board. He got it fixed and traded it for iPad mini.:what::banghead:
    thanks to Mr. gerard i nierenberg - author of - "the art of negotiating" how is he related here? well i read this book already many times before and i am now an okay negotiator. not an expert, if i were an expert then i would have either persuaded either RIM or TI to allow me with the NDA material for free. Sigh!

    Anyway i see an ad against Playbook 32 GB i pulled the phone and punched the numbers on the touchscreen. it rang as usual after 5 ring the fellow picks up the call.

    And as usual he starts to bluff like every other bluffing sales guy. He lists his 32 GB for 11,000 INR which is roughly 190.50 US$ (1 US$ = 57.74 INR @ Wed Jun 12 23:13:17 IST 2013). So i got the details and hang up. Well i wanted to gamble again.
    Since i already knew he pulled his bluffing card, i laid a bait. I told him someone is offering me a 64 GB with 3 months more warranty for 9000 INR (155.87 US$) with everything complete case and also the bill.

    Guess what he hit the bait. and he slashed his rate. he offers me 7500 INR (129.89 US$) as the final price w/o charger (who needs it i got it already and practically any mobile should repace the oem one). So i told him again that i would like to take it from the other guy since he is offering me a bargain and he is willing to sell it for 8500 INR (147.21 US$). He said he will call me back in 30 mins.

    i started to read the 5554 pages, phone rang again. i picked up the call. he says he will stash the price by 1000 more which now resulted in 112.57 US$. And hangs up.

    then i agreed with the deal and he started to beat around the bush with his colorful lies. i was impressed with his lies. amazing. an inspiration indeed. i am a hard bargainer. then he gives in. he is now selling it because he fuuhked up his charger and he doesnt like the UI of blackberry and its userfriendlylessness. awesome.

    here he goes spilling the bean. i as usual buy his c0cked up lies and ask him for the final time deal or no deal. he gives in and says 6500 INR or 112.57 US$ and its a deal. sounds good to me and 2 months oem warranty still left over.

    well i remained chilled and i bought his bluff and hence how i got a discount. a sharp fall from 11,000 INR to 6500 INR. loved this hard chilled bargain. if everyone spits bluff who is gonna listen. as usual i love these dirty jobs which i only gotta do. anyway just another few hours more and i will have a shining blackberry playbook 32 GB in my hand.

    i am loving it. he sold his bluff and i bought his bluff and also i got myself a great 4500 INR discount (77.93 US$).......hmmmmm nice nice nice nice!

    no issues Dr_Akula! i got myself a great deal. plus i love bluffers like these. they give me a great discount. all you need to do is remain calm while the deal is on. and here you go a big whooping around 80 US$ discount. ;-) ting ting de ting! lol
    thanks
    -paul
    Dr_Acula likes this.
    06-12-13 12:57 PM
  7. anon(4242931)'s Avatar
    i have a playbook (got it free for developing an air app). it's 16GB with the latest available 2.1 OS.

    I do not use it. I dont really care if it's bricked. I use all three PC OSs. I have PC and Mac that i can test out on, but i'd prefer to use PC/Linux combo. (Kali or Ubuntu are the distros ive got now).


    Please let me know what you need flashed and in what order and i'll do my best. send me a PM and we can work out IRC or other real time communications. I know you're in india, and the time difference with USA is pretty big, but im willing to adjust my schedule to make it easier for you, quackquack147.

    Let me know where e go from here.
    06-21-13 12:09 PM
  8. quackquack147's Avatar
    i have a playbook (got it free for developing an air app). it's 16GB with the latest available 2.1 OS.

    I do not use it. I dont really care if it's bricked. I use all three PC OSs. I have PC and Mac that i can test out on, but i'd prefer to use PC/Linux combo. (Kali or Ubuntu are the distros ive got now).


    Please let me know what you need flashed and in what order and i'll do my best. send me a PM and we can work out IRC or other real time communications. I know you're in india, and the time difference with USA is pretty big, but im willing to adjust my schedule to make it easier for you, quackquack147.

    Let me know where e go from here.
    sorry i was not in town. so i couldnt see this post and also reply to this post. sure we can. let me know what you think of IRC channel called #crackberry in oftc or freenode or efnet (my favourite wild wild west rules).
    yes i also accept the fact that we need to port. and secondly mate we dont know jack about this device's debug port.
    we know one thing. jtag and ice pick. thats it. we still dont know the port and or debug pads except 1.8 volts.
    aah work? find the traces. if you hear a beep? we got signal.
    but remember the lookout voltage is 1.8v and current has to be less than 50 mA.
    get a multimeter and run a trace. thats all you have work for now. ;-)
    enjoy your weekend with your playbook trace.
    thanks
    -paul
    p.s. this is what i like and i expected. it took a long to roll the ball but the ball finally started to roll! keep it rolling. and help us defeat this dictatorial menace called RIM.
    06-22-13 08:13 AM
  9. quackquack147's Avatar
    i have a playbook (got it free for developing an air app). it's 16GB with the latest available 2.1 OS.

    I do not use it. I dont really care if it's bricked. I use all three PC OSs. I have PC and Mac that i can test out on, but i'd prefer to use PC/Linux combo. (Kali or Ubuntu are the distros ive got now).


    Please let me know what you need flashed and in what order and i'll do my best. send me a PM and we can work out IRC or other real time communications. I know you're in india, and the time difference with USA is pretty big, but im willing to adjust my schedule to make it easier for you, quackquack147.

    Let me know where e go from here.
    start an irc channel. one for casual irc chat and one for rooting and et al. i dont know i am not a good moderator. so i never take responsibility. just start the channel and let me know. i will poke my head in the channel. and be sure of one thing. long silence from me. this is not the usual ASL irc channel. which is why i said 2 channels. one for rooting and development and other for usual chit chat so users aint bang their head on the wall -> "WTF i am stuck with nerds and geeks."
    so 2 separate channels. you name the channel according to your wish. i have nothing in say with the names of the channels. and try to be calm in irc (geek channel which is for rooting). because everyone there is busy, so dont expect a data flow suddenly. hint
    #crackberry -> where anything goes and official crackberry channel
    and
    #crackberry-rooting -> where only rooting talks.
    this is my idea. create your own channel, and this is for illustrative purpose. try to be more creative with your channel name. keep it nice and geeky (root channel) and rest is your choice.
    i am not a mod and i dont take any heavy duty mod work. sorry. i will be a calm contributor there.
    let me know the progress.
    hope this helps.
    thanks
    -paul
    06-22-13 12:24 PM
  10. anon(4242931)'s Avatar
    Sorry for taking a while to get back to this thread. I should have mentioned in my OP that i don't have the tools, time, or experience to open my playbook and begin probing the traces for a possible JTAG port. If i had to guess, though, the JTAG port is **likely** to be on or near the group of pads in the lower right corner, about 2 inches in from the microHDMI port in this photo: Every other pad seems to be a signal trace... something that i've **never** seen done with a jtag port on any device that I've opened.




    http://guide-images.ifixit.net/igi/qTaOYuSAmokcQFj2

    If you need me t flash a bootloader or attempt bootup of
    06-26-13 02:12 PM
  11. quackquack147's Avatar
    Sorry for taking a while to get back to this thread. I should have mentioned in my OP that i don't have the tools, time, or experience to open my playbook and begin probing the traces for a possible JTAG port. If i had to guess, though, the JTAG port is **likely** to be on or near the group of pads in the lower right corner, about 2 inches in from the microHDMI port in this photo: Every other pad seems to be a signal trace... something that i've **never** seen done with a jtag port on any device that I've opened.




    http://guide-images.ifixit.net/igi/qTaOYuSAmokcQFj2

    If you need me t flash a bootloader or attempt bootup of
    you need to find 1.8v on the pads and 2 pads where you can attach a resistor. and we dont know the value of the resistor. ;-)
    which keeps us guessing. i did think like you. but my friend who is way better than me (i can only smd solder and hot solder) did run a trace and we found way many voltages upto 5.6 v.
    all v aka voltages are in DC.
    now the jtag trace and icepick (2 wires not i2c bus) comes with 1.8 v. but due to lack of time we had to wind up.
    so you care right, there is jtag and there is a mention of it on the bootloader also. in blackberry 10.x aka qcfm.image.com.qnx.coreos.qcfm.os.sdk.BB10_0_09.11 03.369122.signed_qcfp_4.bin.extracted
    *** If your device reboots here then your 4460/win2 device has incorrect configuration resistors ***
    *** If your device reboots here then your 4470/win2 device has incorrect configuration resistors ***
    could not get bootstrap size
    and also in 2.x aka qcfm.image.com.qnx.coreos.qcfm.os.factory_sfi.GR2_ X_X.1526.428550.signed_qcfp_4.bin.extracted
    *** If your device reboots here then your 4460/win2 device has incorrect configuration resistors ***
    WTF! %s got passed a NULL BootromMetricsStruct
    there is a mention of resistors. so there has got to be jtag ports. only time will tell us where it is and how much ohms resistors we need. feel free to drop by in irc tomorrow. and also in the post started by dr_akula and check out page 9, there i have done extensive dissection of the firmware image analysis.
    thanks you.
    hope this helps!
    thanks
    -paul
    06-26-13 02:24 PM
  12. meltbox360's Avatar
    I really wanted to do something similar but i dont want to brick my PlayBook. Up size the ram hehehehe. This is very interesting. BTW do you think it would recognize larger RAM? If you think si I'd be willing to find a very cheap one and eventually try this...

    Posted via CB10
    06-29-13 07:30 PM
  13. quackquack147's Avatar
    I really wanted to do something similar but i dont want to brick my PlayBook. Up size the ram hehehehe. This is very interesting. BTW do you think it would recognize larger RAM? If you think si I'd be willing to find a very cheap one and eventually try this...

    Posted via CB10
    yes possible, but extremely complicated project. you need to know about the banks and channels and the banks and channels must match. just because its a ram, so its not like PC you can easily upgrade it. you need to know loads and having said that you need to know one more thing. BGA SMD work. which is hardcore? no super hardcore and unless you got proper tools? its not possible.
    thanks
    -paul
    06-30-13 01:17 AM
  14. xsacha's Avatar
    Just a note that the links in the OP are useless.

    They are for a OEM OMAP4. Obviously the OMAP4 flasher will not work on any Blackberry device because the bootloader never exposes factory mode (if this mode even exists on our devices) and the bootrom will not load unsigned code.

    Also: The only way to brick a Playbook would be to flash OS10.1 as it blacklists all compatible OSes (in NVRAM). The device is smart enough to work without a bootloader present. Like most modern phones/tablets that restrict bootloader access
    06-30-13 03:07 PM
  15. quackquack147's Avatar
    Just a note that the links in the OP are useless.

    They are for a OEM OMAP4. Obviously the OMAP4 flasher will not work on any Blackberry device because the bootloader never exposes factory mode (if this mode even exists on our devices) and the bootrom will not load unsigned code.

    Also: The only way to brick a Playbook would be to flash OS10.1 as it blacklists all compatible OSes (in NVRAM). The device is smart enough to work without a bootloader present.
    i agree! with the binary thing. i am working on it. i told also not to downlooad and use it.
    CPU is OMAP4430 HS and i got leads and pins. 3 down 3 more to go.
    and yes it will load unsigned code once we disable the register or bypass it or override it.
    device is not smart, i wont agree on that. design of board is pretty smart. its giving me a run for my money! so albeit the system board is smart. as of now only 3 pins and 3 more to go.
    thanks xsacha!
    DONT DOWNLOAD THOSE FILES. THEY ARE USELESS. THEY ARE SIGNED WITH OMAP3430 SIGNATURE CODE.
    WARNING!!!! WONT WORK!

    thanks!
    -paul
    06-30-13 03:12 PM
  16. chaosdivine's Avatar
    Please consider donating on page 12 of this thread: http://forums.crackberry.com/playboo...7/index12.html

    We've started to crowd source and have begun to accept financial donations (no matter how small, it adds up) to reach our goal of $125 to cover purchase and shipping costs (it's mostly going to be shipping costs [to India] that are the expensive part) of some "as-is" PlayBooks through eBay. Ideally we'd like to get bricked system boards (for free) but we'll purchase if we have to. You can see a donation total on page 12 of that thread and how we got to this process...

    Please consider donating. Thank you!
    06-30-13 06:06 PM
  17. quackquack147's Avatar
    dont brick it. get a bricked one. ;-) dont make me repeat this one line for next 21 days. hehehehe!
    thanks!
    -paul
    Dr_Acula likes this.
    07-01-13 06:22 AM

Similar Threads

  1. Replies: 9
    Last Post: 10-19-11, 07:20 PM
  2. Ultra Call Blocker Plus - Need beta testers
    By cpqsoft in forum BlackBerry OS Apps
    Replies: 0
    Last Post: 11-04-10, 12:05 AM
  3. iFusion for Storm - blend of iPhone and HTC (need beta testers)
    By zlee67 in forum BlackBerry Storm 9530/9500 Themes
    Replies: 42
    Last Post: 10-28-09, 12:14 AM
  4. Tasks and the Mac. Before I kill someone, I'm asking for help...
    By splitsurround in forum BlackBerry OS Apps
    Replies: 0
    Last Post: 09-21-08, 12:04 PM
  5. 8320 resets itself (recent calls and all messages)...HELP
    By strinos in forum BlackBerry Curve Series
    Replies: 3
    Last Post: 02-20-08, 04:52 PM
LINK TO POST COPIED TO CLIPBOARD