Forgot your password?

BlackBerry PlayBook Dingleberry Root Exploit Explained

Dingleberry

I got a chance to jailbreak my BlackBerry PlayBook with Dingleberry and play with it including Android Market and I found it very interesting to see how the developers managed to gain root access. Two of the devs, @cmwdotme and @xpvqs have explained that Dingleberry takes advantage of the fact that RIM does not sign their backups allowing them to modify the Samba config file (smb.conf) and restore it to execute whatever commands they wish as root. In case you don’t know Samba is a popular opensource network file server that RIM uses to allow you to access the PlayBook drives over Wi-Fi. This should be very easy to fix for RIM and according to devs RIM already has a patch ready and has known about the issue for awhile.

The thing is that RIM has known about this security issue for awhile. CrackBerry confirmed that they had pointed this out to RIM but it has been pretty common knowledge for awhile. Developers have been struggling with it on the official BlackBerry support forums when they discovered that BlackBerry PlayBook backup files are simply zip files in *.bbb format. This means that anybody can extract apps and other files from the backups and then decompile both AIR and WebWorks apps easily for pirates. That thread is from back in April so RIM has known about this for awhile but we have not seen any changes.

RIM will probably roll out a patch for this Samba exploit and the backup signing altogether. On the other hand it would also be nice if RIM could provide some security for developers in protecting their code and applications from being pirated…

2 total comments on this postSubmit your comment!
  1. And now the OS that should save the company becomes an issue… :/

  2. I don’t see that it’s an issue. Apple and Android devices can be rooted. Since the email, bbm, etc, are stored on the phone and not the PlayBook, I don’t think it’s a big issue. Now they have time to fix before Native apps and 2.0 come to fruition. At least it took them 6 months to do this versus the 16 hours it took to do the iPhone 4.

1 pingback on this post

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2016’ BerryReview LLC