Status
Not open for further replies.
Search This thread

xHausx

Inactive Recognized Developer
Jul 5, 2010
6,778
4,519
Central Florida
DO NOT POST IN THIS THREAD UNTIL YOU READ THIS
Congrats and mad props to Agrabren and Team WIN for punching a hole through HTCs software and getting root! Agraben now has a thread for it so make sure you thank them for all of their hard work: [GUIDE] Fre3vo / Fre3dom Official Thread

The thread got way off track for awhile there but maybe now we can keep it close to being on topic. As long as it is somewhat related to the topic you won't hear me complain, however, this is Not the place to ask about Netflix, why your Battery doesn't last all week or how you can get out of paying a dollar a day for wireless tethering. For those of you just getting your phones, if you find that your bootloader is unlocked (read: S-OFF) please send me a PM. Also, if you're still unsure about the differences between S-OFF, and Root, and what it all means; you can check out the Android Dictionary or feel free to ask in the Q&A section. I know the dictionary there is somewhat lacking but it's still pretty good.


Now that root has been obtained we are able to focus on getting S-OFF and opening these things up for ROMs. HTC is using a new security scheme with these that hasn't made it easy so far, but as is with anything new it's going to have holes that are just waiting to be found. Using Flash_image to flash directly looks to be a dead end but there are still many different angles that are being worked on at the moment. Please jump in anytime if you have an idea that you think may help.

I have attached a few things to this bottom of this post and dragonfyre13's thread has a lot of good info that is being deposited there: Root: shaking something loose [WIP]. Odds are very good our current method of getting root won't last long so it never hurts to start looking for something new early.


If you find the file SMART_IO.CRD on your sd card please do not delete or format anything on it and let us know.

The read and writesecureflag commands show the following when you try to use them:
Code:
fastboot oem readsecureflag
... INFOsecure_flag: 3
OKAY

fastboot oem writesecureflag ?
... INFO shooter_init_sd, SD card already power on
INFOsdcc_init_memory_device done
INFO[FAT_ERROR] fat_open_file: can not find SMART_IO.CRD
INFO[JAVACARD_ERR] SMART_IO.CRD cann't find
INFOwritesecureflag: Permission denied, value 1
OKAY


Update 6/28: Many are wondering if the Incredible 2 being unlocked would help us and Shinzul posted a good explanation of how it relates to where we are:
Alpha Rev X has released a beta version of their Incredible2 S-OFF utility:

http://alpharev.nl/x/beta/

I can only imagine that the method used could quite possibly be adapted to the 3D. Someone needs to open these tools up in IDA and start reverse-engineering.

The incredible 2 shipped with Froyo on it, which means that there are plenty of available exploits that can be used to gain a root shell. As far as I understand, the inc2 guys didn't have a leaked eng bootloader, so once they had temp root, they had no way to unlock the bootloader without essentially hex editing the existing one and then coming up with a process to overwrite the existing one.

We have an eng bootloader for the 3VO, so all we really need to do is gain a root shell and then write the boot and recovery images and reboot - poof, s-off.

Props to the AlphaRev team for the inc2 work, but unfortunately, it doesn't help one bit for us.



Disclaimer: You and you alone are responsible for anything you do to your phone. Do not attempt anything that is in this thread, or on this site for that matter, if you do not want to risk damaging your phone.


DL link for gingerbreak is here.
 

Attachments

  • EVO3D_Partitions.txt
    4.2 KB · Views: 447
  • EVO3D_Extended_Fastboot_Commands.txt
    5.2 KB · Views: 4,522
  • EVO3D_Standard_Fastboot_Commands.txt
    598 bytes · Views: 309
  • Evo3D_Development_HBOOTA.zip
    345.6 KB · Views: 466
  • Evo3D_Development_RECOVERY.zip
    5 MB · Views: 339
  • Evo3D_Devolopment_BOOTA.zip
    3.3 MB · Views: 309
  • shooter-recovery-1.11.651.2.zip
    5.7 MB · Views: 292
Last edited:

RVDigital

Senior Member
Feb 17, 2010
466
272
heymanniceblog.com
Do you need "SMART_IO.CRD" for a further test?

I had read that the file was being found on the SD card included with the device. if possible, maybe someone with the Phone can up this file for further testing...
 

il Duce

Inactive Recognized Developer / Retired Forum Mod
Feb 25, 2009
16,727
16,454
Twin Cities, MN
I get mine today "before 3pm CST" according to UPS/Sprint... I work at 2, so if I get it before work, and the SD has this file, I will post it before I even boot the device lol.
 

TMartin

Inactive Recognized Developer
Jun 30, 2008
2,186
1,582
Sunbury, Ohio
Nexus 7 (2013)
Nexus 9
If we don't get an unlocked bootloader, then this is where we might have to turn to an XTC clip (aka like a goldcard method). I'll reach out to the XTC dev. I know he just started a thread over in the Sensation section.
 
Last edited:
  • Like
Reactions: Zabalba

sfld

Senior Member
Jul 24, 2007
1,162
156
il have mine in about a hour or so. i will be able to test whatev
 

rugedraw

Senior Member
Jun 25, 2010
1,112
81
Miami, FL
If anyone with a 3D would like to try Gingerbreak out having temporary root would come in very handy. DL link is here.

I would be more than willing to try it with mine, and I'm expecting it to be delivered to my job any minute now. However, I've never used this method and when it comes to ADB, I'm a novice.....at best.

Is there any way you can provide a quick guide as far as what the command prompts we are to type to get GingerBreak to go through? I'm sure it would be helpful to many of us.

Edit: Also, do you think I should do this before the out-of-the-box OTA update goes through? I know we are all hoping the update has the unencrypted keys, but for all we know, it may shut the door on an existing exploit and makes things harder. What do you think?

Thanks in advance!
 
Last edited:
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 51
    I'll answer a few more questions...

    1. OTA updates: The reason not to accept an OTA now is for the next stage, getting s-off. Now that HTC is aware that we have a very likely exploit to their latest generation of devices, they may push an OTA that makes getting s-off.harder.

    2. Sensation: I'm pretty sure it will work on the sensation, although it may need a few minor tweaks.

    3. Secrecy: The reason we're not releasing the details of the exploit yet is to prevent a forced or even optional OTA from closing the hole before we can use it for root. Without root, we can't do much to prevent OTAs.

    4. Timeline: Let's be fair. It does take time to go from a hole in the kernel to root. We're working blind here. Because we have no source tree in hand, and no root, we are punching holes in the kernel in the dark. We have some tools to help, but it's still a challenge. I wouldn't expect anything released before the weekend.

    Sent from my PG86100 using Tapatalk
    43
    DO NOT POST IN THIS THREAD UNTIL YOU READ THIS
    Congrats and mad props to Agrabren and Team WIN for punching a hole through HTCs software and getting root! Agraben now has a thread for it so make sure you thank them for all of their hard work: [GUIDE] Fre3vo / Fre3dom Official Thread

    The thread got way off track for awhile there but maybe now we can keep it close to being on topic. As long as it is somewhat related to the topic you won't hear me complain, however, this is Not the place to ask about Netflix, why your Battery doesn't last all week or how you can get out of paying a dollar a day for wireless tethering. For those of you just getting your phones, if you find that your bootloader is unlocked (read: S-OFF) please send me a PM. Also, if you're still unsure about the differences between S-OFF, and Root, and what it all means; you can check out the Android Dictionary or feel free to ask in the Q&A section. I know the dictionary there is somewhat lacking but it's still pretty good.


    Now that root has been obtained we are able to focus on getting S-OFF and opening these things up for ROMs. HTC is using a new security scheme with these that hasn't made it easy so far, but as is with anything new it's going to have holes that are just waiting to be found. Using Flash_image to flash directly looks to be a dead end but there are still many different angles that are being worked on at the moment. Please jump in anytime if you have an idea that you think may help.

    I have attached a few things to this bottom of this post and dragonfyre13's thread has a lot of good info that is being deposited there: Root: shaking something loose [WIP]. Odds are very good our current method of getting root won't last long so it never hurts to start looking for something new early.


    If you find the file SMART_IO.CRD on your sd card please do not delete or format anything on it and let us know.

    The read and writesecureflag commands show the following when you try to use them:
    Code:
    fastboot oem readsecureflag
    ... INFOsecure_flag: 3
    OKAY
    
    fastboot oem writesecureflag ?
    ... INFO shooter_init_sd, SD card already power on
    INFOsdcc_init_memory_device done
    INFO[FAT_ERROR] fat_open_file: can not find SMART_IO.CRD
    INFO[JAVACARD_ERR] SMART_IO.CRD cann't find
    INFOwritesecureflag: Permission denied, value 1
    OKAY


    Update 6/28: Many are wondering if the Incredible 2 being unlocked would help us and Shinzul posted a good explanation of how it relates to where we are:
    Alpha Rev X has released a beta version of their Incredible2 S-OFF utility:

    http://alpharev.nl/x/beta/

    I can only imagine that the method used could quite possibly be adapted to the 3D. Someone needs to open these tools up in IDA and start reverse-engineering.

    The incredible 2 shipped with Froyo on it, which means that there are plenty of available exploits that can be used to gain a root shell. As far as I understand, the inc2 guys didn't have a leaked eng bootloader, so once they had temp root, they had no way to unlock the bootloader without essentially hex editing the existing one and then coming up with a process to overwrite the existing one.

    We have an eng bootloader for the 3VO, so all we really need to do is gain a root shell and then write the boot and recovery images and reboot - poof, s-off.

    Props to the AlphaRev team for the inc2 work, but unfortunately, it doesn't help one bit for us.



    Disclaimer: You and you alone are responsible for anything you do to your phone. Do not attempt anything that is in this thread, or on this site for that matter, if you do not want to risk damaging your phone.


    DL link for gingerbreak is here.
    39
    has there ever been a post in this thread contributing to root on the evo 3d i mean sure people threw ideas out there but everyone in this thread knows the devs working on root were in there own irc and doing it behind the scenes cause my guess would be that they dont like these threads or atleast try to stay away from them.

    For starters, let me just say that I literally read every reply on every page of this thread.

    You never know what off-the-wall idea may spur devs into finding an exploit. Creativity is to be encouraged - so thanks to everyone who contributed in some way.

    SECOND, the root method is a BRAND NEW EXPLOIT that we are not going to share any details on how it works.

    The next step is to work on getting s-off. The hboot is definitely nand-locked, so I can't just push the eng hboot and win.

    Will keep looking.
    38
    Ok, to clarify... We've definitely found a hole. We're working to make an exploit that can take advantage of the hole. It'll take us a day or so to sift through the wreckage (as it were). By time the first attack at the hole was done, my device would only boot with /data mounted as ro and the screen wouldn't turn on. So a factory reset later, and we're sifting through the results. But this is definitely promising.
    34
    Ya'll make my job hard :\

    I'm the only one moderating the forum at this time and this thread shot from 120 pages yesterday to 182 pages today.

    I know we are all excited about root being achieved, but let me remind you that NOONE has offered any proof of any kind. Furthermore, even if root has been achieved I am not going to tolerate trash being dumped into this thread. So, after I clean up all the junk in the last 30 pages and re-open the thread. Do not start posting congratulations, I wanna have your baby comments, or any of that other junk.

    If this gets out of hand I will take whatever steps I have to get things under control even if that means temp banning people for a day.

    Regards,
    Stephen