[S-OFF] Got Root!
DO NOT POST IN THIS THREAD UNTIL YOU READ THIS
Congrats and mad props to Agrabren and Team WIN for punching a hole through HTCs software and getting root! Agraben now has a thread for it so make sure you thank them for all of their hard work: [GUIDE] Fre3vo / Fre3dom Official Thread
The thread got way off track for awhile there but maybe now we can keep it close to being on topic. As long as it is somewhat related to the topic you won't hear me complain, however, this is Not the place to ask about Netflix, why your Battery doesn't last all week or how you can get out of paying a dollar a day for wireless tethering. For those of you just getting your phones, if you find that your bootloader is unlocked (read: S-OFF) please send me a PM. Also, if you're still unsure about the differences between S-OFF, and Root, and what it all means; you can check out the Android Dictionary
or feel free to ask in the Q&A section. I know the dictionary there is somewhat lacking but it's still pretty good.
Now that root has been obtained we are able to focus on getting S-OFF and opening these things up for ROMs. HTC is using a new security scheme with these that hasn't made it easy so far, but as is with anything new it's going to have holes that are just waiting to be found. Using Flash_image to flash directly looks to be a dead end but there are still many different angles that are being worked on at the moment. Please jump in anytime if you have an idea that you think may help.
I have attached a few things to this bottom of this post and dragonfyre13's thread has a lot of good info that is being deposited there: Root: shaking something loose [WIP]
. Odds are very good our current method of getting root won't last long so it never hurts to start looking for something new early.
If you find the file SMART_IO.CRD on your sd card please do not delete or format anything on it and let us know.
The read and writesecureflag commands show the following when you try to use them:
Update 6/28: Many are wondering if the Incredible 2 being unlocked would help us and Shinzul posted a good explanation of how it relates to where we are:
fastboot oem readsecureflag
... INFOsecure_flag: 3
fastboot oem writesecureflag ?
... INFO shooter_init_sd, SD card already power on
INFO[FAT_ERROR] fat_open_file: can not find SMART_IO.CRD
INFO[JAVACARD_ERR] SMART_IO.CRD cann't find
INFOwritesecureflag: Permission denied, value 1
Originally Posted by Shinzul
Originally Posted by m03sizlak
Alpha Rev X has released a beta version of their Incredible2 S-OFF utility:
I can only imagine that the method used could quite possibly be adapted to the 3D. Someone needs to open these tools up in IDA and start reverse-engineering.
The incredible 2 shipped with Froyo on it, which means that there are plenty of available exploits that can be used to gain a root shell. As far as I understand, the inc2 guys didn't have a leaked eng bootloader, so once they had temp root, they had no way to unlock the bootloader without essentially hex editing the existing one and then coming up with a process to overwrite the existing one.
We have an eng bootloader for the 3VO, so all we really need to do is gain a root shell and then write the boot and recovery images and reboot - poof, s-off.
Props to the AlphaRev team for the inc2 work, but unfortunately, it doesn't help one bit for us.
Disclaimer: You and you alone are responsible for anything you do to your phone. Do not attempt anything that is in this thread, or on this site for that matter, if you do not want to risk damaging your phone.
DL link for gingerbreak is here