Remove All Ads from XDA

[Q] Possible to mod the T-Mobile G2 and Desire Z/HD "gfree" exploit?

209 posts
Thanks Meter: 49
By qzfive, Senior Member on 26th October 2011, 11:30 PM
Post Reply Email Thread
After obtaining temproot and posting my thread on how to get it, I tried the "gfree" exploit that was used on the MyTouch 4G/T-mobile G2/Desire Z/Desire HD. However, I had no luck.

Basically, what it did was exploit a security hole in an early radio firmware on those phones, and through exploiting this way, it was able to power down the eMMC chip, dropping its write protection. After that, it was possible to modify the CID, SIM-lock and bootloader security status. It could do each seperate, or all at the same time.

I pushed the gfree binary to my Chacha and tried running it, and as I predicted, it failed at the part it tries to power cycle the eMMC chip. Would any dev be able to take the binary, modify it and try to find such a hole on the Chacha? I tried finding source for it, but I was unsuccessful, so it may be a bit harder

EDIT: Right after posting this, I've come across what appears to be such source -
28th October 2011, 11:46 PM |#2  
Senior Member
Flag Copenhague
Thanks Meter: 289
I don't think it can ever work -- the ChaCha like older HTC phones has a specific radio NAND, not an eMMC chip. The gfree exploit power-cycles the eMMC through GPIO 88 in order to reset it to its "everything is writable" state.

What would work is an HBOOT exploit, like unrevoked or AlphaRevX (both are probably patched in the latest HBOOT version).

EDIT: in addition, the gfree exploit binary is compiled for the ARMv7 architecture, which has a different ISA than ARMv6 (the MSM7227 in the ChaCha is based on ARMv6).
29th October 2011, 01:41 AM |#3  
OP Senior Member
Thanks Meter: 49
Darn, I had a feeling it was gonna be too good to be true
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes