1. Dr_Acula's Avatar
    Looks like the old qnx neutrino holes are patched up. Though I didn't tried all.
    Bootloader is highly secure as a result of no sources.:banghead::banghead:

    Did anyone else got any progress?

    I'm new to qnx any site where I can get to know more.
    04-09-13 12:07 PM
  2. kbz1960's Avatar
    There was kind of a root, dingleberry, awhile back. Didn't get a whole lot with it and I think they gave up.
    04-09-13 12:48 PM
  3. Dr_Acula's Avatar
    Thats interesting
    No one wants to be the admin of there own device.:sly:
    04-10-13 07:06 AM
  4. Dr_Acula's Avatar
    I planted mine with some water and scotts feeder, and never got any roots
    Instead of water try H2SO4 and u will get a cube root.:what:
    04-10-13 07:08 AM
  5. Synerworks's Avatar
    PBs manufactured after Feb'12 are shipped at OS2.0.0.8550+ including older units that have been repaired/returned/refurbed, therefore rooting is extinct for all circulating and existing units.
    04-10-13 04:51 PM
  6. rthonpm's Avatar
    The PlayBook is a highly secure device. You're going to be banging your head quite a bit. You may want to see about joining one of those NFL concussion lawsuits. Yeah, that kind of banging your head!

    If you want something that can be rooted then find an iOS or Android device. Plenty of means to hack those...
    04-10-13 07:10 PM
  7. Dr_Acula's Avatar
    The PlayBook is a highly secure device. You're going to be banging your head quite a bit. You may want to see about joining one of those NFL concussion lawsuits. Yeah, that kind of banging your head!

    If you want something that can be rooted then find an iOS or Android device. Plenty of means to hack those...
    Already had android and iOS
    Seeing what can I do with qnx.
    04-11-13 04:36 AM
  8. Dr_Acula's Avatar
    What happened to setuidgid hack
    can we still use
    /tmp/setuidgid root /bin/sh
    04-15-13 12:36 PM
  9. SifJar's Avatar
    What happened to setuidgid hack
    can we still use
    /tmp/setuidgid root /bin/sh
    All known methods of gaining root have been blocked, and only one process now runs as root, the web server. It is the most secure web server in existence, and has only 6 functions. In other words, to get root access you would need to exploit one of those 6 functions somehow. Alternatively there is privilege escalation, but that's also unlikely.
    iamcanadiantoo likes this.
    04-15-13 12:52 PM
  10. BB_Bmore's Avatar
    I do not believe anyone will EVER root the PlayBook again.
    04-15-13 05:46 PM
  11. firey21's Avatar
    That would be far too easy. If I recall correctly, Sascha said that they disabled the gid/uid bit. Meaning that the FS doesn't care what group/user the apps are set to. All apps are run as the default user.

    The only way around it would be to escalate the current users group/privileges. Or as mentioned, the server is run escalated, but we would have to have the server be able to launch shell as root (which would mean exploiting the server to get a remote shell).
    04-17-13 10:57 AM
  12. Nicky1990's Avatar
    what about fonts?
    I am from Georgia , and cant see text which is written in my language ?
    is there any way of adding fonts in playbook?
    04-21-13 02:23 AM
  13. Dr_Acula's Avatar
    what about fonts?
    I am from Georgia , and cant see text which is written in my language ?
    is there any way of adding fonts in playbook?
    Adding font without root, I don't think so.
    Try looking in setting>language
    04-21-13 07:00 AM
  14. ssmuthu's Avatar
    My one year warranty of my playbook is over recently and anyway I am not eligible for any warranty anymore. I wish I could root playbook to get use of some good apps instead of waiting for blackberry to work on it. I am sick of waiting... When I bought the device I thought blackberry would do manythings to keep the hype of playbook. Now blackberry is just ignoring playbook as if it is not one of their product. It is really bad. I am really regret buying playbook for such a cost where I could buy 2 android tablets. Thumbs down blackberry and playbook.
    05-13-13 02:54 AM
  15. SifJar's Avatar
    My one year warranty of my playbook is over recently and anyway I am not eligible for any warranty anymore. I wish I could root playbook to get use of some good apps instead of waiting for blackberry to work on it. I am sick of waiting... When I bought the device I thought blackberry would do manythings to keep the hype of playbook. Now blackberry is just ignoring playbook as if it is not one of their product. It is really bad. I am really regret buying playbook for such a cost where I could buy 2 android tablets. Thumbs down blackberry and playbook.
    Rooting gives you access to pretty much no extra apps.
    05-13-13 12:55 PM
  16. Dr_Acula's Avatar
    Rooting gives you access to pretty much no extra apps.
    What about extra features.

    And I heard Chris wade even singles bb10.don't know if it's true.
    05-13-13 01:09 PM
  17. SifJar's Avatar
    What about extra features.

    And I heard Chris wade even singles bb10.don't know if it's true.
    Extra features...not many. USB Host Mode (i.e. use USB keyboard/mouse, and USB storage devices), themes, installing apps from the device itself without using a proxy. That's about it. Root never existed for long enough to get proper support I don't think. As a result, very little was done using it.
    05-13-13 03:22 PM
  18. Dr_Acula's Avatar
    Extra features...not many. USB Host Mode (i.e. use USB keyboard/mouse, and USB storage devices), themes, installing apps from the device itself without using a proxy. That's about it. Root never existed for long enough to get proper support I don't think. As a result, very little was done using it.
    Yes I know that,
    Was just talking about potential features.
    05-14-13 09:12 AM
  19. chaosdivine's Avatar
    I planted mine with some water and scotts feeder, and never got any roots
    After watching the keynote today and seeing that the PlayBook didn't get any BB OS10 mention, this made me laugh and think similar thoughts...
    05-14-13 11:03 AM
  20. Dr_Acula's Avatar
    Wasn't the source code of qnx open source some time before.

    So can't we compile a unlocked bootloader from it and find some way to flash it.
    06-06-13 01:32 AM
  21. SifJar's Avatar
    Wasn't the source code of qnx open source some time before.

    So can't we compile a unlocked bootloader from it and find some way to flash it.
    Just because QNX is open source does not mean the Playbook bootloader is open source. They are not the same thing. The bootloader initialises the necessary hardware and loads QNX. It is not itself QNX, or part thereof.

    And even if it were open source, being able to compile your own code does no good without being able to flash it. And you can't flash it without it being signed with the right private keys, which as the name suggests, are private. The bootrom (which cannot ever be overwritten, because it's ROM) will check the signature of the bootloader before allowing it to run. Unless you manage to figure out the private key for the bootloader (or find some exploit in the bootrom), there will never be a non-BlackBerry approved bootloader on the PB.
    06-06-13 10:24 AM
  22. preacher666's Avatar
    Is the boot rom simply a rom? I can't imagine a company releasing the product with no way of updating it incase a major security flaw is found.

    Surely its an eeprom?
    06-09-13 09:53 AM
  23. Dr_Acula's Avatar
    Just because QNX is open source does not mean the Playbook bootloader is open source. They are not the same thing. The bootloader initialises the necessary hardware and loads QNX. It is not itself QNX, or part thereof.

    And even if it were open source, being able to compile your own code does no good without being able to flash it. And you can't flash it without it being signed with the right private keys, which as the name suggests, are private. The bootrom (which cannot ever be overwritten, because it's ROM) will check the signature of the bootloader before allowing it to run. Unless you manage to figure out the private key for the bootloader (or find some exploit in the bootrom), there will never be a non-BlackBerry approved bootloader on the PB.
    Sorry for bothering u but one more thing.

    What if we did find a root exploit.
    Patch the public key in playbook tobe used with our new private key which we use to sign a new ROM.
    and compile a Linux bootloder which works with qnx (and maybe android),sign it with that new private key and flash it.
    What do u think?
    06-09-13 10:14 AM
  24. SifJar's Avatar
    Sorry for bothering u but one more thing.

    What if we did find a root exploit.
    Patch the public key in playbook tobe used with our new private key which we use to sign a new ROM.
    and compile a Linux bootloder which works with qnx (and maybe android),sign it with that new private key and flash it.
    What do u think?
    Root provides certain privileges, but not overwritting bootrom, which as the name implies and I mentioned above, cannot be overwritten. It is the bootrom that contains the public key for decrypting the bootloader/verifying it's signature, and so unfortunately your idea won't work. The public key for the bootloader is impossible to overwrite (I'm assuming a little here, based off security on other systems I'm more familiar with), even for BlackBerry, because it is hardcoded into the device. If someone were somehow to figure out the bootloader private key and thus sign a custom bootloader, there would be nothing BlackBerry could do to fix it. (But that won't happen).

    Anyway, it's all irrelevant because no one has been able to find a root exploit for the last few revisions of the OS. The OS is now rather secure and only one process runs as root (the web server, which only has 6 functions and is known as the most secure web server in the world), so to get root you would have to either exploit that one process or perform some sort of privilege escalation.
    Is the boot rom simply a rom? I can't imagine a company releasing the product with no way of updating it incase a major security flaw is found.

    Surely its an eeprom?
    I'm not 100% sure, but I think it is just ROM. Many devices have un-updateable bootroms (e.g. most older iPhones have exploitable bootroms leading to jailbreaks regardless of firmware version, early Wii models have exploitable boot1 [essentially bootrom] allowing custom code to be run regardless of system software versions - neither can be updated by Apple or Nintendo respectively).
    06-09-13 12:19 PM
  25. antiRIM's Avatar
    Root provides certain privileges, but not overwritting bootrom, which as the name implies and I mentioned above, cannot be overwritten. It is the bootrom that contains the public key for decrypting the bootloader/verifying it's signature, and so unfortunately your idea won't work. The public key for the bootloader is impossible to overwrite (I'm assuming a little here, based off security on other systems I'm more familiar with), even for BlackBerry, because it is hardcoded into the device. If someone were somehow to figure out the bootloader private key and thus sign a custom bootloader, there would be nothing BlackBerry could do to fix it. (But that won't happen).

    Anyway, it's all irrelevant because no one has been able to find a root exploit for the last few revisions of the OS. The OS is now rather secure and only one process runs as root (the web server, which only has 6 functions and is known as the most secure web server in the world), so to get root you would have to either exploit that one process or perform some sort of privilege escalation.
    I'm not 100% sure, but I think it is just ROM. Many devices have un-updateable bootroms (e.g. most older iPhones have exploitable bootroms leading to jailbreaks regardless of firmware version, early Wii models have exploitable boot1 [essentially bootrom] allowing custom code to be run regardless of system software versions - neither can be updated by Apple or Nintendo respectively).
    This probably doesn't help, but I found this in one of my old backups of OS 6149.

    -----BEGIN PRIVATE KEY-----
    MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQD382H vBB2NFoPM
    Cnu+1grLNRnQzBMWr6O1d3aOwB2X45ZCXj0dijqmzMRDwciKrs 1Xo4ysuyx40b7s
    06AyneQHCsJ+u5h0MaKfzRPqB0UCK+TwQPdqrOKa6UrGDt590k zW4KhmBpa8prZ2
    V5NQAebrc4GfoBf78nSGKKsychbCfkjcYiWvCEqihAQseXo8YL c8nJ4VDf9cZRoR
    HHawMdXP1wl9ILpUg2mWUQyu7GikLzw8Q0v/wuVS1oSI4ePo7/Lz7COkKH/vaOrA
    JTaWppT47oIEhLgQTZeQ1dV0YNOLIZyb7ro2sIh5USVw6quRC+ FM+ZNYpRrJc65P
    x/uMYun25l005oR1/QpAIzJfjJ/qvQBGZRdhD7MwXvF9TcMkYL0hnhJikk9LG6Lw
    frAKv2tUyI9n4JyHFdi1C+uUv1HG9dZjtnk0W4GF7exbTUCkXq MAw3WNY5tpxZpn
    YqHA4pb1H79wUR2NK4mp+Bi5ak1YzuS0f5pxlKbxFUdOdP+gn2 UCAwEAAQKCAYEA
    ynxnrdmeiGmqmCa3h9EkX26t9mWx8QTenINCvrEFedTSEMEFB+ qqmyz92peWPisi
    Zj+Z0jXIy6H+WUk5uhxW66lNzFFG3xzpwbaoXKYzJOLTw6BKbU Niiz+ZYMUjzXzA
    Y3p0C122G7nJqDs8gkoLWpypbsI+0/HcVvM/W6LwE0UuG0vLmnUa/jzxa6CIwmX5
    PfZo4qjbsYifEPo9swX/pgvmI9lmUT5ALBFkWjWV/v7UIiKTHfr7a/rjoSVYChJo
    qmlAfRwWmZL4BzK9NIXg7YFO1Gj3M4ddhk8zfriczY4Z9YQ0Io hhUQCPUPNSDPH7
    1HIooRG4TLYQGjMj9f6013NP3jtgA/V9f9KOolXMEtfPx++d+3k5V99M+7tJ/EDi
    wZaTzcYQA308J1WaREFqW/2IaBd/z8ypUgn5R/1D2aqa+S57ke64VGQa4DcTtVV/
    xuB9J7CdbN2p8ZDWYVgVXcRymXMzpbZX86jG2hClwUgVrS4ZfW etgCM4FjxQSlzB
    AoHBAP05sPpquAH8c/YvVWA/KYFMPoGEefjS3lg2lQv2wdlsrqujp0Bv9Hz1ADCN
    6pKM/PuC5EOaWa05dtoJiCU6RQRV0sEHlp+8H4tVAoc1WP58R3mol4r W5ivObAg0
    go/NSR4l3Xjk5QPKkuEUJLnyqHFV24SdomZxivjHxXTqvvBNyrh7F 5VPm1Z6F6SZ
    wfLxCBcNmc2uHDsPVpr9ki995PKMrONE1qISwlut1+L1IFmH7V C9RtFZ/FX57+6J
    YggSiwKBwQD6quVHG5d0nDZgcpsmn6UUb//oEAd26/xtceXNwvHAMhmfBmDqe6R4
    ys842XymT7TC0TxEv6Gpvj/0KNbZ3iBw4VLiBfgE1ddlDwRZ9xVxGBIdLKrLeRCX
    KKTb/qsTuGxFoA3cUEk/XtcZNDLftLygD+DwMi3AdTFZJC5Ny3x1PQgNwpdEsHh/
    +zhC5hBZ1NKRsnjA8bQAbvsYuObrP9nujXvehuU4f+DlcAKG56 swf2nu4F80KQMK
    JsgjSS7mA88CgcEA++pe5GEyudcazfl86AkuE1F0hYjzhtTRGd UDJinP46u5gUuH
    4hT+lyltjOBCUpUsQFKRH6f4OtqGIJeG9/ImIw/2YM5ZzINspkJmB3jNFi8xNBjC
    2f68cSwkUW1bzg+eA/4LfG/KXaEzyfMuLkb3x/hwMFhZ7axbYu/qwkuetJXPbQQY
    DBRsJvXDe57zUerz72s6bWIe96pksEA/JDwMfjfw7w/WrtoWvPoPYdwW2LrfHomO
    YEszO50wUpAeFIXNAoHASc7CHfLo4KQSesmkF3ZQZDkqL8lweT q5I/yyfqiVCFN4
    KdP1+3UWk56b75BSXKIBho+XYGLQlit3p0vTH2mBQduGzRiW08 2nU5FdZaQUQy2k
    P8TkMW9fTDLigAh3lSHrd4DOM/3L44XobfpptGcCV1r1j6QmxpF7S1UU8UEmT1r+
    IRcX9VjE0mJFSaV2UQ0SR2Y2mhFRQANtmfTvwXsWj2BHhdlQax d0P/qAM/rI9EnA
    Bl84iSI+S+HpckJdNcsPAoHBALsx4BSEvTBhHcQMQSNXB1c4sP XcDqbO/WF8HYuy
    hKv4YJIrPr/hlmGSURl2958UA+hECR2xH8hQ2sZBS7mxxuJxKIcj9xe4jSuCL LUA
    RDBpYLIOip8uhTYL5D/L0DnfKMQHrj/qmYcmPJwnJD9jBCw98nzglDJBtK1mPCM6
    CTNP8moYp9zWnmxCtwHQxbtSj4c9AnrEsld3caulACC/+NFr1okQEQRH/iqQvnUR
    IMwJItk0zdKz4U1GSFMexOABbA==
    -----END PRIVATE KEY-----
    06-09-13 05:42 PM
1,081 123 ...

Similar Threads

  1. What should app developer do to keep PB app awake?
    By kwelamnp in forum BlackBerry PlayBook
    Replies: 41
    Last Post: 11-14-13, 06:41 PM
  2. How To Back-up 3rd Party Applications on Z10?
    By JustfrEe in forum BlackBerry Z10
    Replies: 4
    Last Post: 09-06-13, 07:10 PM
  3. Replies: 2
    Last Post: 07-25-13, 10:33 PM
  4. Need Developer for Sideloading android app to .bar (can installed mass)
    By Nicko Christian in forum Developers Lounge
    Replies: 5
    Last Post: 07-25-13, 07:39 PM
  5. Switch to international character set for SMS!
    By Matt Vairy in forum BlackBerry Curve Series
    Replies: 1
    Last Post: 07-23-13, 09:10 AM
LINK TO POST COPIED TO CLIPBOARD