Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[S-OFF] BLACKROSE (Custom HBOOT) [2012.04.21]

OP dla5244

21st September 2011, 01:12 AM   |  #1  
OP Retired Recognized Developer
Flag Incheon
Thanks Meter: 1,260
 
219 posts
Join Date:Joined: Apr 2011
Donate to Me
More
BlackRose

This is Nexus One custom bootloader(Based on HBOOT 0.35.2017)

Quote:

FEATURE

Security OFF
None padlock mark even unlocked
Password protection
Engineering command
BlackRose custom command
Change boot logo
Resize Partition
Select menu by pressing trackball
Switch vibration at boot
CRC32 check function
Prevent overwrite HBOOT by RUU


Quote:

REQUIRE

Windows PC or Linux PC
USB Debugging(ADB) ON(Setting-Application-Development-USB Debugging)
Connect USB before execute BlackRose installer

ADB and Fastboot USB Driver - Windows
http://www.mediafire.com/?bhxmn903d6cz9eg

Quote:

GO

Windows PC: BlackRose.exe
Linux PC: BlackRose

Possible argument
skip: go to blackrose menu immediatly(not recommand because hboot version check step is skipped)
editor: go to blackrose editor(standalone)

Guide
Install
http://www.youtube.com/watch?v=cC7nyRxVvk4
Uninstall
http://www.youtube.com/watch?v=mGrnDsSrS5s
Update(from 120215)
http://www.youtube.com/watch?v=TK5kepkO9oI
Resize partition
http://www.youtube.com/watch?v=ScIMetgk7Zw
Execute BREditor(standalone)
http://www.youtube.com/watch?v=FSbSL4kUloQ

*.Those who using older version custom BlackRose(eg.111231), Since older version can't communicate with BlackRose installer so you need to follow my direction.
Once you follow my direction, you no need to do this later

1.customize same as previous partition layout using BlackRose editor(view "execute BREditor")
2.fastboot flash hboot hboot_brcust.nb0
3.fastboot reboot


*.If you are using MAC OSX and failed to install by using installer,
Download blackrose_manual_120421.zip and follow instruction in zip file

Quote:

Change Log

120421

Disable password protection (temporary)
*.As you know, there is no way to recover password.
That's why I designed 2nd password.
I received many message about forget password.
So I decided to disable password protection until I design new solution.

Fix stock BlackRose partition layout label.

120216

Bootloader(HBOOT)
Add new function(I will not reveal, It doesn't matter for normal user)

120215

Bootloader(HBOOT)
Change message when protected by password (not allowed -> protected)
Add bootloader commandline in order to communicate BlackRose installer

Installer

Now surpport below HBOOT version
0.33.0012
0.33.2012
0.35.0017
0.35.2017
7.35.5017(BlackRose)

Recreate program (not rebuild but recreate )
1.BREditor has merged
2.Install process has revemped
3.Communicate with HBOOT
4.Convenient,Optimized
5.ETC
* Since i'm not god, please feel free to report bug)

111231

Happy New Year!

HBOOT(Bootloader)
Update release date(because it's the last day of 2011)

Installer and Editor
Common: Execute file is not packed (fix ploblem executable-file deleted by Virus Scanner)
Installer: Improve install process
Update exploit

Installer: Fix install bug(perfectly, 111231_2)

Installer: Improve installer(111231_3)
Editor: Bug fix(111231_3)

111217

HBOOT(Bootloader)
New CRC32 function
(this function is used for make custom bootloader)

Installer and Editor
Installer: Can flash ANY bootloader
Editor: Show warning message when set password

Editor: bug fix(partition and "understand" bug,111217_2)

111208

HBOOT(Bootloader)
Password protection
rebase blackrose custom command
remove unlock, lock command
remove simlock menu(replaced powerdown)
remove clearstorage menu(replaced reboot)
display off, on message when switch vibration at boot
add extension label(no more identify 5017 or 5117)
bug fix(getvar version)
cleanup

Installer and Editor
improve blackrose installer
new blackrose editor(you must use this)

breditor: make it clear(password -> protection)(111208_2)
breditor: password bug fix(111208_3)

111128

fix BlackRose custom command ploblem(brcmd 5)
improve BlackRose installer

111126

select menu by using trackball instead of power key(default)
*.I analysed key dispatch routine perfectly and revamped routine.
I recommand update BlackRose 111126 because that is better than 111125

fix key label

111125

switch trackball selection (permanent!!!, view advenced section)
etc

111118

HBOOT(Bootloader)
can't flash image without signature when S-ON
(can't flash by unsigned RUU, while can flash by flash command? that's not fair.)
change command (oem brset -> oem brcmd)
new command (brcmd 2, brcmd 5)

Installer
can apply custom partition blackrose (view Advenced section, more easily)
can update blackrose from custom partition blackrose. (view update section)

can install blackrose even you dosen't achieve adb root permission(111118_2)
fix BlackRose windows installer error(111118_3)
rebase BlackRose installer(111118_4)
fix BlackRose installer error(111118_5)

111111

change title color
can flash some image(boot,recovery,system,userdata,radio,zimage) even S-ON and locked bootloader
rework writemainver(reason:when you uninstall blackrose, stored mainversion will be cleared.)
add custom command(fastboot oem brset)
can switch vibration during at boot
can select by pressing trackball (View Advenced section in BlackRose Installer)
optimization and cleanup

can install BlackRose on linux (111111_2)
fix BlackRose linux installer error (111111_3)

111009
When you update ROM(by PASSIMG, RUU), BlackRose doesn't write new mainver

111006
New based on 0.35.2017(Engineering HBOOT) - Thanks to PhaseBurn
Original Image(0.35.2017): http://forum.xda-developers.com/show...&postcount=116

None padlock mark(even you unlocked bootloader)
Prevent overwrite HBOOT by OTA or RUU
Disable fastboot command(oem unlock), because no need to unlock bootloader
Can receive Google OTA

Quote:

FAQ

1.Phone is brick, dosen't turn on screen

You have flashed unsigned RADIO
If you want unbrick your phone, The answer is JTAG or HTC Service Center(The engineer can refuse to repair your phone)

2.Can I lock bootloader again?

To relock the bootloader, You have to achieve radio S-OFF(secu_flag=0), otherwise you would see the error [Lock Failed]

3.How to achieve radio S-OFF?

AT@SIMLOCK=7,0 or AT@SIMLOCK=8,0

I disassembled radio(AMSS)
it need HTC Special SIM-CARD or SIM-EMULATOR(XTC-CLIP)

but...
If we can disable SMI-MPU and modify only one byte to AMSS routine on SDRAM
We can achive Radio S-OFF without HTC-Special-CARD.

4.I can't update radio by using recovery.

If cache partition size less than radio image, you couldn't update radio by using recovery.
so I suggest a way to update radio

fastboot flash radio [RADIO IMAGE(e.g radio.img)]

5.I can't see my device when execute BlackRose installer

If you are using sense rom, adb device isn't worked.
You must install htc sync.

Quote:

-Thanks for your favor-

Donation

rugmankc
efrant
madj42
fzr-r4
texasice
gdarren


WOW, I cannot appreciate it enough

Lecahel
Attached Thumbnails
Click image for larger version

Name:	amss.JPG
Views:	19283
Size:	84.4 KB
ID:	725905  
Attached Files
File Type: zip blackrose_120421.zip - [Click for QR Code] (884.3 KB, 48092 views)
File Type: zip blackrose_manual_120421.zip - [Click for QR Code] (399.3 KB, 17215 views)
Last edited by dla5244; 21st April 2012 at 03:41 AM.
The Following 137 Users Say Thank You to dla5244 For This Useful Post: [ View ]
21st September 2011, 01:44 AM   |  #2  
OP Retired Recognized Developer
Flag Incheon
Thanks Meter: 1,260
 
219 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Supplement

Quote:

BlackRose custom command

fastboot oem brcmd [command]

svib : Enable/Disable vibration during at boot (Output string is none. but setting will be changed.)
brec : Go to recovery mode
pass [password]: Create encrypted password/Authentication

Quote:

Change boot logo

1.Prepare 480*800 bmp file to change
2.nbimg.exe -F [BMP FILE] -n
3.rename *.nb file to splash1.img
4.fastboot flash splash1 [SPLASH1 IMG]

Quote:

Password Protection

1.fastboot oem brcmd pass [ORIGINAL PASSWORD]
2.Note your encrypted value
3.Input encrypted value in BREditor
4.Apply custom BlackRose

NEVER input original password in BREditor

If you would like to unlock protection
fastboot oem brcmd pass [ORIGINAL PASSWORD]

TIP
If lock state, oem pass command work as unlock method
Otherwise, work as create encrypted password

If you type wrong password third in a row, device is turned off

Quote:

Apply custom BlackRose
*.If you use BlackRose installer method, no need to read

Apply
1.fastboot flash hboot [CUSTOM BLACKROSE BINARY]
2.fastboot reboot-bootloader

If you will change partition layout
1.fastboot flash hboot [CUSTOM BLACKROSE BINARY]
2.fastboot reboot-bootloader
3.fastboot erase cache
4.fastboot oem brcmd brec
5.full wipe
6.update rom
7.reboot

Attached Files
File Type: zip nbimg.zip - [Click for QR Code] (10.7 KB, 4511 views)
Last edited by dla5244; 14th February 2012 at 07:32 PM.
The Following 40 Users Say Thank You to dla5244 For This Useful Post: [ View ]
21st September 2011, 06:53 PM   |  #3  
Member
Thanks Meter: 1
 
50 posts
Join Date:Joined: May 2010
maybe its too early in the morning,.... but huh?
21st September 2011, 07:36 PM   |  #4  
Senior Member
Thanks Meter: 955
 
4,317 posts
Join Date:Joined: Aug 2009
More
It means - a hack that allows flashing anything anywhere as long as the hack is present. So, theoretically, if anyone would modify the bootloader code (done earlier in this thread, AFAIK) to allow bypassing security, this hack will allow flashing it. Also, possibly, this hack will allow flashing engineering bootloader.
The Following User Says Thank You to Jack_R1 For This Useful Post: [ View ]
21st September 2011, 07:55 PM   |  #5  
Senior Member
Flag Stockholm
Thanks Meter: 97
 
846 posts
Join Date:Joined: Jun 2009
More
Impressive! A really interesting approach. Even though Radio S-OFF would be preferred a modified hboot that unlocks more commands than the current stock-unlocked hboot does, right?
22nd September 2011, 03:18 AM   |  #6  
OP Retired Recognized Developer
Flag Incheon
Thanks Meter: 1,260
 
219 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Quote:
Originally Posted by blunden

Impressive! A really interesting approach. Even though Radio S-OFF would be preferred a modified hboot that unlocks more commands than the current stock-unlocked hboot does, right?

Yes, we can do anything(except radio)
I found hidden functions during disassemble hboot
saveprt2sd, savemem2sd, mw etc...
i temporary changed oem lock function to saveprt2sd and it worked.

I found 0.33.2012 hboot(ENG) image
but since I use SLCD Nexus One, I couldn't flashing

Blackrose has potential

Sent from my Nexus One using XDA App
Last edited by dla5244; 26th September 2011 at 06:43 AM.
The Following 5 Users Say Thank You to dla5244 For This Useful Post: [ View ]
23rd September 2011, 07:42 PM   |  #7  
OP Retired Recognized Developer
Flag Incheon
Thanks Meter: 1,260
 
219 posts
Join Date:Joined: Apr 2011
Donate to Me
More
Post Changed.
The Following 3 Users Say Thank You to dla5244 For This Useful Post: [ View ]
23rd September 2011, 08:35 PM   |  #8  
Senior Member
Flag Shenzhen
Thanks Meter: 6
 
134 posts
Join Date:Joined: Nov 2006
More
doesn't work, still fails the signature verification.
23rd September 2011, 08:38 PM   |  #9  
rjmohit's Avatar
Senior Member
Thanks Meter: 50
 
254 posts
Join Date:Joined: Sep 2010
Donate to Me
It doesnt work. It shows a 'failed' result, saying that the file couldnt be verified or something. I tried out three different hboots, including the one you've provided, but it shows the same error every time. :-/

EDIT: Works perfectly. Got an S-off. :)
Last edited by rjmohit; 23rd September 2011 at 11:31 PM.
23rd September 2011, 08:41 PM   |  #10  
Senior Member
Flag Shenzhen
Thanks Meter: 6
 
134 posts
Join Date:Joined: Nov 2006
More
Quote:
Originally Posted by rjmohit

It doesnt work. It shows a 'failed' result, saying that the file couldnt be verified or something. I tried out three different hboots, including the one you've provided, but it shows the same error every time. :-/

didn't see anything to bypass the signature verification during the process.. i thought the only way to let the bootloader accept the image is that the file itself has a valid signature? how can you flash the image directly then..? o_o

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes