[DEV] r/w access to /system [SuperCID]

Search This thread
By:
Advanced…
M

maddoxus

Member
May 9, 2010
8
0
Edinburgh
I am here as well

Hi, if someone has any idea how I can help to get rw to all of you, give me a message. There are a few dump's already done, a SPL dump and a dump of the first nand part. I try to be as helpful as I can be.
 
alpinux

alpinux

Senior Member
Feb 6, 2008
148
8
maddoxus said:
Hi, if someone has any idea how I can help to get rw to all of you, give me a message. There are a few dump's already done, a SPL dump and a dump of the first nand part. I try to be as helpful as I can be.
Click to expand...
Click to collapse

Thanks a lot. Hopefully your phone is a real gift from htc to the community ;-)
 
P

pipomolo42

Member
Mar 26, 2010
43
29
OnePlus 5T
Samsung Galaxy S10
I started a few threads about what I found while disassembling the SPL a while back, but I never got any reply...

http://xdaforums.com/showthread.php?t=655618

http://xdaforums.com/showthread.php?t=655772

I also recently got a USB<->UART converter, and tried to get a serial port, but with no luck (tried to hook it like on the Nexus One) : http://xdaforums.com/showthread.php?t=625434

If the desire works like other recent HTC desire, I think what we need to do is :
- find a serial port
- switch the port to radio command prompt (rtask 7 or 8)
- issue the AT@SIMLOCK=7,0 command

Another problem is that for the AT@SIMLOCK command to be accepted, we might need to get the RADIO password or key, to be able to do a challenge-response authentication (according to info found in "Technical" section of http://wiki.xda-developers.com/index.php?pagename=HTC_Hermes).

Also, I think that it's highly unlikely for the Jtag to be available through the USB port, as suggested in this thread : there simply aren't enough pins.
 
P

pipomolo42

Member
Mar 26, 2010
43
29
OnePlus 5T
Samsung Galaxy S10
One question, to those that have access to the dump:

I guess the SPL is identical to those found in the RUU.

What about the Radio image ? The one in the RUU is 25MB, and has some "structure" metadata (headers, magic numbers...). Does the memory dump structure look identical to the RUU radio image ? or are parts mapped differently in ROM ?
 
alpinux

alpinux

Senior Member
Feb 6, 2008
148
8
I also tried to contact toastcfh. He did the full root for the evo4g. Maybe there are similarities.
 
alpinux

alpinux

Senior Member
Feb 6, 2008
148
8
pipomolo42 said:
One question, to those that have access to the dump:

I guess the SPL is identical to those found in the RUU.

What about the Radio image ? The one in the RUU is 25MB, and has some "structure" metadata (headers, magic numbers...). Does the memory dump structure look identical to the RUU radio image ? or are parts mapped differently in ROM ?
Click to expand...
Click to collapse

I haven't got the dump yet, but the SPL looks identical to the stock one.
You should PM kubino99 for the full dump of the phone files.
 
K

kubino99

Senior Member
Apr 14, 2008
244
28
pipomolo42 said:
One question, to those that have access to the dump:

I guess the SPL is identical to those found in the RUU.

What about the Radio image ? The one in the RUU is 25MB, and has some "structure" metadata (headers, magic numbers...). Does the memory dump structure look identical to the RUU radio image ? or are parts mapped differently in ROM ?
Click to expand...
Click to collapse


1) the SPLs are identical

2) I made a quick look at the part in NAND and it's mapped differently.
 
P

pipomolo42

Member
Mar 26, 2010
43
29
OnePlus 5T
Samsung Galaxy S10
The Professor said:
IEF and others are working on assembling a JTAG cable - we're pretty sure it runs through the headphone port, not the micro USB. They're definitely working for the AT@SIMLOCK option. :D
Click to expand...
Click to collapse

Yeah, I had a very quick look at the Desire kernel sources, and I think I read something about serial debugging and jack35, but I haven't looked closer or poked at it yet.
 
J

janvandusschoten

Senior Member
Feb 18, 2010
109
9
You might contact benocharm too, he also bought a Desire and says on Twitter: I'm not a big fan of the current rooting method for Desire, will try to find other ways thats easier and better!
 
P

pipomolo42

Member
Mar 26, 2010
43
29
OnePlus 5T
Samsung Galaxy S10
The Professor said:
IEF and others are working on assembling a JTAG cable - we're pretty sure it runs through the headphone port, not the micro USB. They're definitely working for the AT@SIMLOCK option. :D
Click to expand...
Click to collapse

Regarding the location of the JTAG connector, I would put my money on the group of 6 test points on the top right corner of this picture : http://img704.imageshack.us/img704/1793/1004272019e391d7a023250.jpg

My guess is that a Serial / UART port might be available through the 3.5mm jack.
 
K

kubino99

Senior Member
Apr 14, 2008
244
28
alpinux said:
toastcfh rooted the evo 4g ( http://xdaforums.com/showthread.php?t=690762 ).
He may help with some hints. Maybe the way to hack it is similar.
Click to expand...
Click to collapse

seems like they don't have full write access to system :

maejrep said:
This method does not require re-rooting after a reboot.

Terminal emulator on the phone starts as the app user, but becomes root by simply running su.

'adb shell' starts up in a root shell every time.

'adb remount' works to remount /system as "rw" -- BUT, the NAND protection actually prevents being able to write to /system, even though it is mounted rw.


/system is writable from recovery though -- which means you can still add/remove apps, change settings, etc ... just means you have to do it from recovery (for now). And obviously you can flash an entirely new ROM from recovery (as evidenced by having Froyo running on it)
Click to expand...
Click to collapse
 
alpinux

alpinux

Senior Member
Feb 6, 2008
148
8
Small update: So far no one managed to get full NAND access, because we don't have a working cable!
 
You must log in or register to reply here.

Similar threads

Sebby
  • Locked
[Discontinued]Runnymede AIO V6.1.1 Special Edition with INT2SD support [Beta]
Replies
18K
Views
4M
TonyStark R.I.P.
TonyStark R.I.P.
A
  • Locked
[ROM-AOSP GRH78C] Oxygen v2.0-RC7 (Gingerbread, clean, fast and 100% open-sourced!!)
Replies
19K
Views
4M
davedes
davedes
S
[BETA 0.18.2.1][17.09] ICS for Desire[ALL HBOOTS][4.0.4]
Replies
17K
Views
7M
Saf98
Saf98
coolexe
[ROM][Cool3D Sense 3.0][18 Dec]Cool3D AceS v6 |BASE 3.12|GSM/CDMA|STOCK|CM7/r2
Replies
10K
Views
3M
allhill
allhill
Mr.Mefisto
HTC Desire (Bravo) Index - Everything Desire is here! [24th/January/2015]
Replies
395
Views
4M
R
Rynpcfc

New posts