gfree only works on devices that use emmc and have this vulnerability, that is to say only the HTC Desire Z...but it does not matter.
Be careful with what is below, it may brick your device so do it at your own risk.
I managed to set the S-ON flag back on the HTC Desire Z with the following command: AT@SIMLOCK?7,1. This can be sent to the device by first putting the device in HBOOT mode, then issuing "rtask C" and then talking to the radio with AT commands (see http://tjworld.net/wiki/Android/HTC/...kingtotheRadio
But it did not work on a HTC Desire S.
Originally Posted by heavy_metal_man
well, once you have s-off you can map the all of the nand via fastboot kernal commands, but like the wildfire s we would need to work out the size of all the partitions and "write in" the information for the radio. if we did that and then xtc clipped a buzz on the revolutionary hboot it may show you where the the s-0n s-0ff "bit" is. then, in theory you could write to the nand and overwrite the bit to change it. in theory this would also work to properly s-0ff the device so all hboots could be flashed. but that would imply that the s-0ff s0n bit is actually in the unmapped partition of the nand. i would like to try this idea just to see how far we could get, as i may be getting another s-on buzz in july but we would have to get the mappings for the mtd partitions. oh, and gfree only works on emcc devices i think, thats why it wont work for us as it is mtd.
1) Could you develop on your "fastboot kernal" commands ? How do you do what you are talking about ?
2) I know where the security flag is for the HTC Desire Z but not for the Desire S, I would need to backup all the partitions, S-OFF it and then make a diff to identify it.