Remove All Ads from XDA
Find Your Device:
Or Continue to Thread: Goal: S-off HOX (TEGRA3)
23rd February 2013, 09:51 PM |#193  
Thanks Meter: 48
Is there any reason we wouldn't be able to use AT commands to directly force the radio to set itself S-OFF?

I've found these, and they apply to most any phone I suppose, but specifically to the X-GOLD XMM6260 in the international One X+.

This is documentation of the chip itself.
This is a guide on how to talk to the chip.
And this is just a run down of the HBOOT analysis of the HTC G2 aka Vision. However, it does have a few gems, like the AT command to set the radio S-OFF, "AT@SIMLOCK=7,0".

I'm going to look at this further, but does anyone know if the S-OFF flag is controlled by the Tegra 3 chipset (i.e. the processor) or the radio?

I remember the gfree S-OFF exploit for the Desire Z, where in it sent the commands to the radio to reboot itself without rebooting the phone, and it would come back up without write protection enabled, so you could force it to set itself S-OFF. My point being, the exploit we're looking for should have very little to do with the Tegra chipset, and much more to do with the radio chipset. (Assuming I'm right, and please tell me if I'm not.)
The Following 24 Users Say Thank You to backXslash For This Useful Post: [ View ] Gift backXslash Ad-Free