Working to bootrom/bootload unlock playbook? What's your progress?
- PBs manufactured after Feb'12 are shipped at OS2.0.0.8550+ including older units that have been repaired/returned/refurbed, therefore rooting is extinct for all circulating and existing units.04-10-13 04:51 PMLike 0
- The PlayBook is a highly secure device. You're going to be banging your head quite a bit. You may want to see about joining one of those NFL concussion lawsuits. Yeah, that kind of banging your head!
If you want something that can be rooted then find an iOS or Android device. Plenty of means to hack those...04-10-13 07:10 PMLike 0 - The PlayBook is a highly secure device. You're going to be banging your head quite a bit. You may want to see about joining one of those NFL concussion lawsuits. Yeah, that kind of banging your head!
If you want something that can be rooted then find an iOS or Android device. Plenty of means to hack those...
Seeing what can I do with qnx.04-11-13 04:36 AMLike 0 - All known methods of gaining root have been blocked, and only one process now runs as root, the web server. It is the most secure web server in existence, and has only 6 functions. In other words, to get root access you would need to exploit one of those 6 functions somehow. Alternatively there is privilege escalation, but that's also unlikely.iamcanadiantoo likes this.04-15-13 12:52 PMLike 1
- That would be far too easy. If I recall correctly, Sascha said that they disabled the gid/uid bit. Meaning that the FS doesn't care what group/user the apps are set to. All apps are run as the default user.
The only way around it would be to escalate the current users group/privileges. Or as mentioned, the server is run escalated, but we would have to have the server be able to launch shell as root (which would mean exploiting the server to get a remote shell).04-17-13 10:57 AMLike 0 - My one year warranty of my playbook is over recently and anyway I am not eligible for any warranty anymore. I wish I could root playbook to get use of some good apps instead of waiting for blackberry to work on it. I am sick of waiting... When I bought the device I thought blackberry would do manythings to keep the hype of playbook. Now blackberry is just ignoring playbook as if it is not one of their product. It is really bad. I am really regret buying playbook for such a cost where I could buy 2 android tablets. Thumbs down blackberry and playbook.05-13-13 02:54 AMLike 0
- My one year warranty of my playbook is over recently and anyway I am not eligible for any warranty anymore. I wish I could root playbook to get use of some good apps instead of waiting for blackberry to work on it. I am sick of waiting... When I bought the device I thought blackberry would do manythings to keep the hype of playbook. Now blackberry is just ignoring playbook as if it is not one of their product. It is really bad. I am really regret buying playbook for such a cost where I could buy 2 android tablets. Thumbs down blackberry and playbook.05-13-13 12:55 PMLike 0
- Extra features...not many. USB Host Mode (i.e. use USB keyboard/mouse, and USB storage devices), themes, installing apps from the device itself without using a proxy. That's about it. Root never existed for long enough to get proper support I don't think. As a result, very little was done using it.05-13-13 03:22 PMLike 0
- Extra features...not many. USB Host Mode (i.e. use USB keyboard/mouse, and USB storage devices), themes, installing apps from the device itself without using a proxy. That's about it. Root never existed for long enough to get proper support I don't think. As a result, very little was done using it.
Was just talking about potential features.05-14-13 09:12 AMLike 0 -
-
And even if it were open source, being able to compile your own code does no good without being able to flash it. And you can't flash it without it being signed with the right private keys, which as the name suggests, are private. The bootrom (which cannot ever be overwritten, because it's ROM) will check the signature of the bootloader before allowing it to run. Unless you manage to figure out the private key for the bootloader (or find some exploit in the bootrom), there will never be a non-BlackBerry approved bootloader on the PB.06-06-13 10:24 AMLike 0 - Is the boot rom simply a rom? I can't imagine a company releasing the product with no way of updating it incase a major security flaw is found.
Surely its an eeprom?06-09-13 09:53 AMLike 0 - Just because QNX is open source does not mean the Playbook bootloader is open source. They are not the same thing. The bootloader initialises the necessary hardware and loads QNX. It is not itself QNX, or part thereof.
And even if it were open source, being able to compile your own code does no good without being able to flash it. And you can't flash it without it being signed with the right private keys, which as the name suggests, are private. The bootrom (which cannot ever be overwritten, because it's ROM) will check the signature of the bootloader before allowing it to run. Unless you manage to figure out the private key for the bootloader (or find some exploit in the bootrom), there will never be a non-BlackBerry approved bootloader on the PB.
What if we did find a root exploit.
Patch the public key in playbook tobe used with our new private key which we use to sign a new ROM.
and compile a Linux bootloder which works with qnx (and maybe android),sign it with that new private key and flash it.
What do u think?06-09-13 10:14 AMLike 0 - Sorry for bothering u but one more thing.
What if we did find a root exploit.
Patch the public key in playbook tobe used with our new private key which we use to sign a new ROM.
and compile a Linux bootloder which works with qnx (and maybe android),sign it with that new private key and flash it.
What do u think?
Anyway, it's all irrelevant because no one has been able to find a root exploit for the last few revisions of the OS. The OS is now rather secure and only one process runs as root (the web server, which only has 6 functions and is known as the most secure web server in the world), so to get root you would have to either exploit that one process or perform some sort of privilege escalation.
I'm not 100% sure, but I think it is just ROM. Many devices have un-updateable bootroms (e.g. most older iPhones have exploitable bootroms leading to jailbreaks regardless of firmware version, early Wii models have exploitable boot1 [essentially bootrom] allowing custom code to be run regardless of system software versions - neither can be updated by Apple or Nintendo respectively).06-09-13 12:19 PMLike 0 - Root provides certain privileges, but not overwritting bootrom, which as the name implies and I mentioned above, cannot be overwritten. It is the bootrom that contains the public key for decrypting the bootloader/verifying it's signature, and so unfortunately your idea won't work. The public key for the bootloader is impossible to overwrite (I'm assuming a little here, based off security on other systems I'm more familiar with), even for BlackBerry, because it is hardcoded into the device. If someone were somehow to figure out the bootloader private key and thus sign a custom bootloader, there would be nothing BlackBerry could do to fix it. (But that won't happen).
Anyway, it's all irrelevant because no one has been able to find a root exploit for the last few revisions of the OS. The OS is now rather secure and only one process runs as root (the web server, which only has 6 functions and is known as the most secure web server in the world), so to get root you would have to either exploit that one process or perform some sort of privilege escalation.
I'm not 100% sure, but I think it is just ROM. Many devices have un-updateable bootroms (e.g. most older iPhones have exploitable bootroms leading to jailbreaks regardless of firmware version, early Wii models have exploitable boot1 [essentially bootrom] allowing custom code to be run regardless of system software versions - neither can be updated by Apple or Nintendo respectively).
-----BEGIN PRIVATE KEY-----
MIIG/wIBADANBgkqhkiG9w0BAQEFAASCBukwggblAgEAAoIBgQD382H vBB2NFoPM
Cnu+1grLNRnQzBMWr6O1d3aOwB2X45ZCXj0dijqmzMRDwciKrs 1Xo4ysuyx40b7s
06AyneQHCsJ+u5h0MaKfzRPqB0UCK+TwQPdqrOKa6UrGDt590k zW4KhmBpa8prZ2
V5NQAebrc4GfoBf78nSGKKsychbCfkjcYiWvCEqihAQseXo8YL c8nJ4VDf9cZRoR
HHawMdXP1wl9ILpUg2mWUQyu7GikLzw8Q0v/wuVS1oSI4ePo7/Lz7COkKH/vaOrA
JTaWppT47oIEhLgQTZeQ1dV0YNOLIZyb7ro2sIh5USVw6quRC+ FM+ZNYpRrJc65P
x/uMYun25l005oR1/QpAIzJfjJ/qvQBGZRdhD7MwXvF9TcMkYL0hnhJikk9LG6Lw
frAKv2tUyI9n4JyHFdi1C+uUv1HG9dZjtnk0W4GF7exbTUCkXq MAw3WNY5tpxZpn
YqHA4pb1H79wUR2NK4mp+Bi5ak1YzuS0f5pxlKbxFUdOdP+gn2 UCAwEAAQKCAYEA
ynxnrdmeiGmqmCa3h9EkX26t9mWx8QTenINCvrEFedTSEMEFB+ qqmyz92peWPisi
Zj+Z0jXIy6H+WUk5uhxW66lNzFFG3xzpwbaoXKYzJOLTw6BKbU Niiz+ZYMUjzXzA
Y3p0C122G7nJqDs8gkoLWpypbsI+0/HcVvM/W6LwE0UuG0vLmnUa/jzxa6CIwmX5
PfZo4qjbsYifEPo9swX/pgvmI9lmUT5ALBFkWjWV/v7UIiKTHfr7a/rjoSVYChJo
qmlAfRwWmZL4BzK9NIXg7YFO1Gj3M4ddhk8zfriczY4Z9YQ0Io hhUQCPUPNSDPH7
1HIooRG4TLYQGjMj9f6013NP3jtgA/V9f9KOolXMEtfPx++d+3k5V99M+7tJ/EDi
wZaTzcYQA308J1WaREFqW/2IaBd/z8ypUgn5R/1D2aqa+S57ke64VGQa4DcTtVV/
xuB9J7CdbN2p8ZDWYVgVXcRymXMzpbZX86jG2hClwUgVrS4ZfW etgCM4FjxQSlzB
AoHBAP05sPpquAH8c/YvVWA/KYFMPoGEefjS3lg2lQv2wdlsrqujp0Bv9Hz1ADCN
6pKM/PuC5EOaWa05dtoJiCU6RQRV0sEHlp+8H4tVAoc1WP58R3mol4r W5ivObAg0
go/NSR4l3Xjk5QPKkuEUJLnyqHFV24SdomZxivjHxXTqvvBNyrh7F 5VPm1Z6F6SZ
wfLxCBcNmc2uHDsPVpr9ki995PKMrONE1qISwlut1+L1IFmH7V C9RtFZ/FX57+6J
YggSiwKBwQD6quVHG5d0nDZgcpsmn6UUb//oEAd26/xtceXNwvHAMhmfBmDqe6R4
ys842XymT7TC0TxEv6Gpvj/0KNbZ3iBw4VLiBfgE1ddlDwRZ9xVxGBIdLKrLeRCX
KKTb/qsTuGxFoA3cUEk/XtcZNDLftLygD+DwMi3AdTFZJC5Ny3x1PQgNwpdEsHh/
+zhC5hBZ1NKRsnjA8bQAbvsYuObrP9nujXvehuU4f+DlcAKG56 swf2nu4F80KQMK
JsgjSS7mA88CgcEA++pe5GEyudcazfl86AkuE1F0hYjzhtTRGd UDJinP46u5gUuH
4hT+lyltjOBCUpUsQFKRH6f4OtqGIJeG9/ImIw/2YM5ZzINspkJmB3jNFi8xNBjC
2f68cSwkUW1bzg+eA/4LfG/KXaEzyfMuLkb3x/hwMFhZ7axbYu/qwkuetJXPbQQY
DBRsJvXDe57zUerz72s6bWIe96pksEA/JDwMfjfw7w/WrtoWvPoPYdwW2LrfHomO
YEszO50wUpAeFIXNAoHASc7CHfLo4KQSesmkF3ZQZDkqL8lweT q5I/yyfqiVCFN4
KdP1+3UWk56b75BSXKIBho+XYGLQlit3p0vTH2mBQduGzRiW08 2nU5FdZaQUQy2k
P8TkMW9fTDLigAh3lSHrd4DOM/3L44XobfpptGcCV1r1j6QmxpF7S1UU8UEmT1r+
IRcX9VjE0mJFSaV2UQ0SR2Y2mhFRQANtmfTvwXsWj2BHhdlQax d0P/qAM/rI9EnA
Bl84iSI+S+HpckJdNcsPAoHBALsx4BSEvTBhHcQMQSNXB1c4sP XcDqbO/WF8HYuy
hKv4YJIrPr/hlmGSURl2958UA+hECR2xH8hQ2sZBS7mxxuJxKIcj9xe4jSuCL LUA
RDBpYLIOip8uhTYL5D/L0DnfKMQHrj/qmYcmPJwnJD9jBCw98nzglDJBtK1mPCM6
CTNP8moYp9zWnmxCtwHQxbtSj4c9AnrEsld3caulACC/+NFr1okQEQRH/iqQvnUR
IMwJItk0zdKz4U1GSFMexOABbA==
-----END PRIVATE KEY-----06-09-13 05:42 PMLike 0
- Forum
- BlackBerry PlayBook Forums
- BlackBerry PlayBook OS
Working to bootrom/bootload unlock playbook? What's your progress?
Similar Threads
-
What should app developer do to keep PB app awake?
By kwelamnp in forum BlackBerry PlayBookReplies: 41Last Post: 11-14-13, 06:41 PM -
How To Back-up 3rd Party Applications on Z10?
By JustfrEe in forum BlackBerry Z10Replies: 4Last Post: 09-06-13, 07:10 PM -
BBM to compete directly with Skype: calls to telephone numbers? (Speculation)
By lorax1284 in forum General BBM ChatReplies: 2Last Post: 07-25-13, 10:33 PM -
Need Developer for Sideloading android app to .bar (can installed mass)
By Nicko Christian in forum Developers LoungeReplies: 5Last Post: 07-25-13, 07:39 PM -
Switch to international character set for SMS!
By Matt Vairy in forum BlackBerry Curve SeriesReplies: 1Last Post: 07-23-13, 09:10 AM
LINK TO POST COPIED TO CLIPBOARD