well, once you have s-off you can map the all of the nand via fastboot kernal commands, but like the wildfire s we would need to work out the size of all the partitions and "write in" the information for the radio. if we did that and then xtc clipped a buzz on the revolutionary hboot it may show you where the the s-0n s-0ff "bit" is. then, in theory you could write to the nand and overwrite the bit to change it. in theory this would also work to properly s-0ff the device so all hboots could be flashed. but that would imply that the s-0ff s0n bit is actually in the unmapped partition of the nand. i would like to try this idea just to see how far we could get, as i may be getting another s-on buzz in july but we would have to get the mappings for the mtd partitions. oh, and gfree only works on emcc devices i think, thats why it wont work for us as it is mtd.
gfree only works on devices that use emmc and have this vulnerability, that is to say only the HTC Desire Z...but it does not matter.
Be careful with what is below, it may brick your device so do it at your own risk.
I managed to set the S-ON flag back on the HTC Desire Z with the following command: AT@SIMLOCK?7,1. This can be sent to the device by first putting the device in HBOOT mode, then issuing "rtask C" and then talking to the radio with AT commands (see http://tjworld.net/wiki/Android/HTC/...kingtotheRadio).
But it did not work on a HTC Desire S.
1) Could you develop on your "fastboot kernal" commands ? How do you do what you are talking about ?
2) I know where the security flag is for the HTC Desire Z but not for the Desire S, I would need to backup all the partitions, S-OFF it and then make a diff to identify it.
Well, this idea actually belongs to the guys over at the wildfire s s-off campaign( had to be said )
The way it works is that you issue a kernal, or clockworkmod recovery for that matter, with new paramiters for the mtd partitions via fastboot and when that new kernal is loaded the "unmaped areas will then be mapped. Then as you said for point 2 you would dump both before and after the xtc clip and !hopefully! It would show the location of the s-off. The partition information will be device specific, so each device and hboot would need to be accounted for. But, the theory is solid. The only issue the wfs guys are having is trying to write to the nand. But with an s-off device I hope this wouldn't be an issue. If you head over to there s-off campaign you will find out alot more on this idea.
Sent from my HTC Sensation XE with Beats Audio using xda premium
./fastboot -c "mtdparts=msm_nand:0x00100000@0x1ff00000(misc),0x00500000@0x02fc0000(recovery),0x00340000@0x034c0000(boot),0x10400000@0x03800000(system),0x02300000@0x13c00000(cache),0x09600000@0x16900000(userdata),0x00a00000@0x15f00000(devlog),0x00080000@0x02b00000(hboot)" boot recovery-clockwork-22.214.171.124-marvel.img
|Thread Tools||Search this Thread|