Everything S-OFF - Think tank, General information, Q&A

Status
Not open for further replies.
Search This thread
By:
Advanced…
V

verkion

Senior Member
Sep 3, 2007
350
33
xboarder56, do you have *.img of the same HBOOT versions with S-On and S-Off posted anywhere other than here? i.e. a 1.90.0006 S-On and S-Off? Also, I'm guessing that those with Shipped S-Off can load Eng S-Off Hboots correct?

Although I'm way out of practice (disassembling, coding, etc.), I'm certain I can re-learn and start hacking away in a while. Not saying I can do any better than anyone else, but maybe a fresh set of eyes can help. I've spent quite a lot of time dissembling/developing/testing ROMs for my Mitsubishi Evo X, and I figure what the hell, need another thing to keep my mind busy. LOL!

Thanks!
verkion
 
  • Like
Reactions: jonathancano and charlatan01
0

00Ghz

Guest
Now you all say that getting S-OFF is impossible. I remember back with the desire it took several months do it and they said the same. No way to achieve S-OFF and they did it eventually. As I remember they overlaid a hacked HBoot on top of the S-ON one. What do you think?
 
Binary100100

Binary100100

Retired Forum Moderator
Apr 6, 2008
6,470
1,649
Detroit, Mi
TheRedDrake said:
Now you all say that getting S-OFF is impossible. I remember back with the desire it took several months do it and they said the same. No way to achieve S-OFF and they did it eventually. As I remember they overlaid a hacked HBoot on top of the S-ON one. What do you think?
Click to expand...
Click to collapse

Already tried it. We need a signed RUU with S-Off included (which is probably going to have to be leaked from HTC themselves. Unfortunately that needs to come from the source. I've read somewhere that you can try to hex edit the misc.img pulled from the misc partition and this would allow you to change the version number so that you will be able to flash any RUU file but when I tried that all I saw was 0's throughout the entire 15mb file. It was kinda strange. Trust me when I say that we've already looked into everything considered.
 
xboarder56

xboarder56

Senior Member
Oct 8, 2010
5,581
4,330
28
Bonney Lake
Binary100100 said:
Already tried it. We need a signed RUU with S-Off included (which is probably going to have to be leaked from HTC themselves. Unfortunately that needs to come from the source. I've read somewhere that you can try to hex edit the misc.img pulled from the misc partition and this would allow you to change the version number so that you will be able to flash any RUU file but when I tried that all I saw was 0's throughout the entire 15mb file. It was kinda strange. Trust me when I say that we've already looked into everything considered.
Click to expand...
Click to collapse
Binary i could pull one of my partions becuase it lets me downgrade at will
 
Binary100100

Binary100100

Retired Forum Moderator
Apr 6, 2008
6,470
1,649
Detroit, Mi
xboarder56 said:
Binary i could pull one of my partions becuase it lets me downgrade at will
Click to expand...
Click to collapse

You misunderstand what I was referring to. The misc partition holds all of the requirements that are in the android-info.txt file. The reason why you can't flash the RUU from other carriers is because of the software version and carrier ID. By editing the misc file and pushing it back we might be able to flash any RUU. However as I was saying earlier the misc.img is all 0's and even if we could edit the file we may not be able to flash the modified misc partition.
 
xboarder56

xboarder56

Senior Member
Oct 8, 2010
5,581
4,330
28
Bonney Lake
Binary100100 said:
You misunderstand what I was referring to. The misc partition holds all of the requirements that are in the android-info.txt file. The reason why you can't flash the RUU from other carriers is because of the software version and carrier ID. By editing the misc file and pushing it back we might be able to flash any RUU. However as I was saying earlier the misc.img is all 0's and even if we could edit the file we may not be able to flash the modified misc partition.
Click to expand...
Click to collapse
ill check it out

misc doesnt let us flash diffrent carriers thats the cid
 
Binary100100

Binary100100

Retired Forum Moderator
Apr 6, 2008
6,470
1,649
Detroit, Mi
xboarder56 said:
ill check it out

misc doesnt let us flash diffrent carriers thats the cid
Click to expand...
Click to collapse

That's also supposedly included in the misc partition.

If you look in any of the RUU files you will not see a misc file but it's in our phones. That could be because the misc holds the devices individual data such as serial number, CID, subsidy, etc. So when you flash anything from an RUU file it is likely using the data from the misc partition to read the requirements for the android-info.txt file. So in theory if we can manipulate the data in the misc partition we may have some slack to do things like flash other RUU's which may give us the ability to manipulate the partitions altogether included the locked nands.

Here are some examples that I just dug up from one of my other forums (HTC Sapphire). Sure it's an older device but the concept of the misc partition should be the same.

http://xdaforums.com/showpost.php?p=12690163&postcount=5
http://xdaforums.com/showpost.php?p=17062477&postcount=7
http://xdaforums.com/showthread.php?t=1034287
http://xdaforums.com/showthread.php?t=1415103
http://xdaforums.com/showpost.php?p=20828293&postcount=6
http://xdaforums.com/showpost.php?p=20828293&postcount=7
http://xdaforums.com/showpost.php?p=20828293&postcount=8
http://xdaforums.com/showpost.php?p=20828293&postcount=10
http://xdaforums.com/showthread.php?t=756226&
 
Last edited:
xboarder56

xboarder56

Senior Member
Oct 8, 2010
5,581
4,330
28
Bonney Lake
Binary100100 said:
That's also supposedly included in the misc partition.

If you look in any of the RUU files you will not see a misc file but it's in our phones. That could be because the misc holds the devices individual data such as serial number, CID, subsidy, etc. So when you flash anything from an RUU file it is likely using the data from the misc partition to read the requirements for the android-info.txt file. So in theory if we can manipulate the data in the misc partition we may have some slack to do things like flash other RUU's which may give us the ability to manipulate the partitions altogether included the locked nands.

Here are some examples that I just dug up from one of my other forums (HTC Sapphire). Sure it's an older device but the concept of the misc partition should be the same.

http://xdaforums.com/showpost.php?p=12690163&postcount=5
http://xdaforums.com/showpost.php?p=17062477&postcount=7
http://xdaforums.com/showthread.php?t=1034287
http://xdaforums.com/showthread.php?t=1415103
http://xdaforums.com/showpost.php?p=20828293&postcount=6
http://xdaforums.com/showpost.php?p=20828293&postcount=7
http://xdaforums.com/showpost.php?p=20828293&postcount=8
http://xdaforums.com/showpost.php?p=20828293&postcount=10
http://xdaforums.com/showthread.php?t=756226&
Click to expand...
Click to collapse
ok but i know if you can flash mine you can downgrade hboots and junk its just a matter of turning off cid to 11111111
 
Last edited:
xboarder56

xboarder56

Senior Member
Oct 8, 2010
5,581
4,330
28
Bonney Lake
if someone wants to test mine go ahead it lets you downgrade hboots and radios

copy misc.img from the zip to sdcard
adb shell
dd if=/sdcard/misc.img of=/dev/block/mmcblk0p24
reboot hboot try and flash older ruu
 
Binary100100

Binary100100

Retired Forum Moderator
Apr 6, 2008
6,470
1,649
Detroit, Mi
xboarder56 said:
ok but i know if you can flash mine you can downgrade hboots and junk its just a matter of turning off cid to 11111111
Click to expand...
Click to collapse

For some reason you have a lot more data in your misc file than I do in mine. It's interesting. There are references to recovery and lost+found directory but everything else is unreadable. But you certainly have more data in yours than I do in mine.

Example I don't have anything in offset 840, C40, 9000, 91F0, B100 or 44C000.
 
Last edited:
xboarder56

xboarder56

Senior Member
Oct 8, 2010
5,581
4,330
28
Bonney Lake
Binary100100 said:
For some reason you have a lot more data in your misc file than I do in mine. It's interesting. There are references to recovery and lost+found directory but everything else is unreadable. But you certainly have more data in yours than I do in mine.

Example I don't have anything in offset 840, C40, 9000, 91F0, B100 or 44C000.
Click to expand...
Click to collapse
ya i wonder if someone can flash it then they get the ability to downgrade ruus
 
Binary100100

Binary100100

Retired Forum Moderator
Apr 6, 2008
6,470
1,649
Detroit, Mi
xboarder56 said:
ya i wonder if someone can flash it then they get the ability to downgrade ruus
Click to expand...
Click to collapse

Curious... if we can get the misc paritition from someone wiht eng s-off if that would allow us to flash their hboot as well? I still think that we need to flash the signed hboot from the RUU though. I took a look at the VideoTron RUU and they have a picture of the bootloader with s-off. I thought that was funny.
 

Attachments

  • UPD_RECOVERY03_01.bmp
    91.4 KB · Views: 67
Last edited:
xboarder56

xboarder56

Senior Member
Oct 8, 2010
5,581
4,330
28
Bonney Lake
Binary100100 said:
Curious... if we can get the misc paritition from someone wiht eng s-off if that would allow us to flash their hboot as well? I still think that we need to flash the signed hboot from the RUU though. I took a look at the VideoTron RUU and they have a picture of the bootloader with s-off. I thought that was funny.
Click to expand...
Click to collapse
hmm this is wierd i wonder if there is a way to change our cid then we might beable to get s-off then :D
 
Status
Not open for further replies.

Similar threads

G
  • Locked
[S-OFF] Juopunutbear S-OFF
Replies
824
Views
223K
wardfan220
wardfan220
S
[Nightly][ROM][JB]Cyanogenmod 10 [OFFICIAL]
Replies
4K
Views
610K
K
Kofap
electronicrice
[MOD][S-OFF] SIM Unlock Your HTC Amaze!
Replies
177
Views
182K
CuhThooLoo
CuhThooLoo
electronicrice
[MOD][S-OFF] SuperCID Your Amaze!
Replies
150
Views
95K
huzefaonline
huzefaonline
NRGZ28
[ROM][*NEW*] |Aug 6th| Energy™ -.¸¸.·´¯ ICS 4.0.3 Tweaks / Beats / Blue ¯´·.¸¸. -
Replies
5K
Views
617K
NRGZ28
NRGZ28

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 4
    xboarder56
    xboarder56
    Hi,

    this is a development & collection Thread. The PH85IMG.ZIP files can be flashed through SD-CARD in HBoot Mode. This works only for S-OFF users. If you don't have S-OFF you cannot use the files. There is no way to get S-OFF on a normal S-ON phone now.

    If you want to help, check if you have S-ON or S-OFF. Turn off the phone, reboot with the volume button held down, and check at the top of the white screen if it says "SHIP S-ON", "SHIP S-OFF" or "ENG S-OFF". S-ON is stock and not helpful, SHIP S-OFF could be useful, the really helpful ones are ENG S-OFF. Please don't post asking if you can help if you have S-ON.

    HOW TO DUMP YOUR HBOOT (please remember this is only interesting if you already have S-OFF)

    1. Download ADB: http://www.mediafire.com/?5d0v316g9bg97
    2. Extract the contents of the zip to C:\
    3. Run the commands below:
    Code: 
    cd c:\adb
adb shell
dd if=/dev/block/mmcblk0p12 of=/sdcard/hboot.img
    Note: If your device is not detected, download and install HTC Sync.
    4. Connect your phone in USB Mode, copy the hboot.img file from your SD card and upload it to Multiupload.


    How To Flash Eng Hboot:
    1. Comming soon


    imag0586d.jpg


    imag0582c.jpg


    Credits:
    - Da9b16
    - anonymous user
    - CrackEyes
    Click to expand...
    Click to collapse

    Hall of Fame: Thanks Everyone so much goes to future Development devices
    - ikm19 100$
    - James Jenkins 20$
    - Steven Ziebarth 70$
    - Camron Kitching 10$
    - Terrence Taylor 10$
    - Dale Thompson 10$
    Click to expand...
    Click to collapse

    [/FONT]
    View
    4
    Binary100100
    Binary100100
    dmunseyautotech said:
    If they start making them harder to unlock and give developers a hard time I think it will cost them greatly. We are the ones that go out and buy there new phones and support them. The development for the HTC devices and the modding is why I buy them. I have spent a small fortune and now have the amaze and can't get past the security.
    Click to expand...
    Click to collapse

    I agree. This is probably going to be my last HTC device unless they change here pretty soon. I paid good money for this device so if I want to use an Anker battery, make hardware adjustments to dim my screen bleeding problem, use a custom firmware, whatever it's MY choice to make. If I break it then that's my own fault. HTC has no right to tell me what I can and cannot do with my property. After my 30 day return period is over then it's officially mine to do with whatever I please. I understand the warranty issue but I would gladly waive it to make it 100% mine. Since it's not 100% mine then why did I pay 100% of the price for it? They refuse to allow me to modify my property so I can only assume that they still think that it's theirs. So in that case, can I return it and get a 100% refund since it was never fully my own property? Yeah HTC is only screwing themselves with this.
    View
    4
    I
    ieftm
    TheRedDrake said:
    So binary why doesn't revolutionary want to help?
    Click to expand...
    Click to collapse

    Nobody said we don't want to help, but we have no Amaze.

    TheRedDrake said:
    Perhaps we should ask again? And for a reason as well
    Click to expand...
    Click to collapse

    Next to "being willing to help", exploit finding isn't exactly an exact science, you know.

    Binary100100 said:
    Go forth and annoy.

    Xboarder tried talking to them.
    I offered to send my own phone to them.

    Nobody seems to care... so go ahead and try.
    Click to expand...
    Click to collapse

    "tried talking to them" ? You mean the 3 line IRC chat conversation I had with him, about him having an assorted collection of hboots for Amaze? Right.

    I have mentioned this before:

    Apparently the consensus seems to be that we 'dont care'.

    Allow me to set some things straight:

    1. Exploit finding is not an exact science. A new device means a new exploit. This takes time, and mostly, research.

    2. You say 'you dont care' like we owe something to the community? We help in the best way that we can. You can't exactly say we haven't already given a hell of a lot to the community as-is. You make it sound like we leech off the community, or something.

    3. No device means that it is extra hard to even develop. Remote access will only get you so far. Especially when you need to be extremely careful not to break it.
    View
    3
    M
    mcs117
    Oh no.. I'm just started electrical engineering. I am just pointing out clues so someone with much better experience with androids can read what i found, and be that much closer to getting S-off... I'm just testing methods other people used and pray it doesn't brick....
    View
    3
    M
    mcs117
    I'm trying to find out what each partition is, and I'm like 80% done
    View

New posts