[DEV] Rooting Blackberry Playbook
I've been diggin into the Playbook for a few days now, trying to figure out who against who here. the goal of course is gaining root.
The things we know so far, is that the device is dual-core 1Ghz cortex-A9, armv7 architecture using OMAP4 platform. On top of it runs a QNX linux that uses Adobe air sdk for application.
Its possible to set the device into Development Mode in the security settings, and use the 'blackberry-connect' utility that comes with the Blackberry TabletOS SDK
First thing you need to be connected with the pc and playbook on the same wifi.
You will need a private key, and a public key created with the ssh-gen utility or you can use the keys I attach in keys.zip.
Use the utility to connect the device on port 4455:
blackberrysdk\blackberry-connect -targetHost <ip> -devicePassword <pass> -sshPublicKey <yourkey4096.pub>
Then the device will start the ssh server on the ssh port.
In order to connect it, I used 2 utilities
: Peagent, and Putty.
By starting Peagent, load the private key (or .pkk in the zip). and use putty to connect the device.
The username is : devuser
There is also a way to execute native code on the device as first discovered by @b3ll.
The idea is to compile the code in the QNX ide for armv7, making them runnable by : chmod +x nativeapp
and zipping them.
Then connect the device using the Blackberry desktop, copy the zip to "Downloads" directory and use the ssh to unzip the files and run them(in /tmp directory).
The Download directory will be located somewhere under the /accounts directory. I added the native app that @b3ll originally published.
Also, the device has 3 connections in the bottom, the most right is the magnetic charger- which cannot transfer data.
The middle one is micro-USB, and the left one is mini-hdmi.
Leaving the micro-USB the only connection that can transfer data.
- turning on the device
Turning on using POWER + Volume-UP
- gives unknown special mode for few seconds.
Thats all i figured out so far