After a brief lead-up period, the Dingleberry jailbreak for the BlackBerry PlayBook is now publicly available, though still in a very early beta. The exploit used to gain root access is actually pretty simple. PlayBook backup files used in the BlackBerry Desktop Software apparently aren’t signed, which means those files can be used to launch just about whatever you want on the device. So what can you do with it? Well, not too much yet, and the three guys behind Dingleberry are hoping that the developer community at large will run with this and do all sorts of neat stuff, but for now one of the devs have posted instructions on how to get the Android Market up and running on the PlayBook.
How to get the Android Market working on the BlackBerry PlayBook:
1. Install the 2.0 beta on your PlayBook.
2. Root your PlayBook using the Dingleberry tool found at dingleberry.it
3. Download the Google apps package from http://wiki.cyanogenmod.com/index.php?title=Latest_Version/Google_Apps
4. Install and launch an Android app packaged as a .bar file in order to set up the Android system (using DDPB). I would recommend installing a launcher app of some kind since you will need one to launch the Market and related apps. A bunch can be found at http://playbookbars.com/
5. Log into your PlayBook as root with an scp client (eg: WinSCP for Windows). Copy the system folder in the Google apps download to the root of your PlayBook and merge it with the system folder there.
6. Open up a root ssh shell and remove “/system/app/SetupWizard.apk” (this can by done by typing in “mv /system/app/SetupWizard.apk /system/app/SetupWizard.apk.bak”.
7. Kill the running Android player “cd /apps/sys.android.XXXX.ns/native/scripts” (XXXX will be different for each device) and run “./android-player-cmd.sh kill-android-core.sh”
8. Launch a launcher app of some kind. Start up Android Market (or any other Google app), enter your account details and it will start working. This trick will also install Google Chat and a few other goodies. The Android Market works and will install things after you do this.
9. Play around with the Android player and find other cool things!
The dream here is to be able to dual-boot into BBX and Android operating systems, and though that might take a lot of work, this is a good start. Android apps have been sideloaded into the PlayBook for a few months now in a variety of ways, but until RIM officially launches PlayBook OS 2.0 in February, this will be the most painless way to go about it. It does sort of suck that you’ll have to kill the native Android app player in order to get this hack to work, but seeing as it’s still in beta anyway, that’s fine by me.
Now, RIM has a huge concern for security, and they’ve already issued a statement that they’ll “release a software update that is designed to minimize the potential adverse impact to our customers”. It strikes me that it would be easy enough to do something like require signed keys for backup files, but I’m no programmer – maybe there’s something significant that would prevent RIM from being able to pull this off right away.
PlayBook owners can head on over to Dingleberry to get started. I’ll get started on this now and let you guys know if I can get the Android Market up and running.
Update: So, I’ve been trying to get this to work for about three days straight, and still no love. It’s possible though – I’ve seen screencaps from a few people in the Dingleberry IRC channel who have pulled it off. I’ve been able to get root access from the command prompt, but getting WinSCP to work so I can load up Android apps at the root level has been tricky. A few protips…
- Make sure you send the rsa file in the Dingleberry folder through Puttygen to create a new private key.
- When running WinSCP, make sure you have Pageant running with the RSA.ppk file created by Puttygen loaded in. DingleSSH also has to be running all the while in the background to get anything useful done. “sh: <stdin>[30]: groups: cannot execute – No such file or directory” is a common error when logging in, I’m told, and you can safely ignore it. The WinSCP settings should look like this when all is said and done, and should disable that error message.
- If you can get devuser access (it shows $ at the prompt), try the command “/tmp/setuidgid root /bin/sh”. Dingleberry should be doing that by default, but it’s handy to have it for use elsewhere if needed.
- When trying to get access through WinSCP, make sure that .ppk file is loaded in “private key file” field, SCP file protocol is selected, and if you like, you can run the above “/tmp/setuidgid root /bin/sh” command by punching it into the Shell field under the Environment-SCP/Shell tab. Try to log in as “root” first, with no password. If you can get that, you’re golden and can start sideloading Android apps, but if not, try “devuser” and you’ll still have a bit of wriggle room. In my experience, I can’t use WinSCP’s terminal for any commands, but DingleSSH, PuTTy and even the Windows command prompt work fine.
- If your the initial jailbreak isn’t working, one tip being thrown around is to type “cd dingleberry” from the Dingleberry SSH, then “./launch.sh”. You’ll get a bunch of error messages, but ignore that for now. Crack open the BlackBerry Desktop software while that’s still running, get ready to load up the Dingleberry restore file as per the original instructions, and just as you do, type “pidin a” in the Dingleberry SSH, and hit enter, then the up arrow and enter over and over again while the restore is happening. This supposedly slows down the process enough for the jailbreak to work, and supposedly takes a few tries to work. I’ve only tried once so far with no luck.
- If you’ve got root access, and have tried loading up all the Google apps as above, but are still having issues, you can reset the Android Player pretty easily. You’ll lose settings, but the apps should still be there. Big ups to HaTaX for this one.
- First you need to login to the PB over SSH as root. So get in there and get the “#” prompt and then:
- rm -Rf /apps/sys.android.gYABgKAOw1czN6neiAT72SGO.ns
- rm -Rf /accounts/1000/appdata/sys.android.gYABgKAOw1czN6neiAT72SGO.ns
- That will completely clean off the current Android player.
- Then WITHOUT REBOOTING, install this BAR via your favorite sideloading method (like DDPB)
- After it’s installed reboot the PB.
- If you’re still having issues, try starting again from scratch with a blank slate. Turn off your PlayBook, plug it in, and launch the Desktop software. From the resulting pop-up, hit update, and it will wipe your device clean and give you a new beginning. You’ll want to pick up the new developer beta after that, then follow the original instructions to the letter.
If you’ve got any more tips about how to get this to work, leave a comment! Here’s a video of one of the jailbreak developers showing what you can do with the final product. I’ll embed any other helpful videos I find below.