Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[DEV][THE S-OFF CAMPAIGN] We need electrical engineers & experts in JTAG, OpenOCD!

OP *se-nsei.

2nd May 2012, 06:44 PM   |  #2311  
csoulr666's Avatar
Senior Member
Flag Aligarh
Thanks Meter: 408
 
1,447 posts
Join Date:Joined: Jun 2011
More
@nhb A thought just occurred to me.......if you're trying to boot a linux kernel.......why not try it via a different linux based OS on the phone......Tizen for example?????
The Following User Says Thank You to csoulr666 For This Useful Post: [ View ]
2nd May 2012, 07:12 PM   |  #2312  
heavy_metal_man's Avatar
Recognized Contributor
Thanks Meter: 724
 
2,643 posts
Join Date:Joined: Nov 2011
Donate to Me
More
I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea

sent from my android powered beast!
The Following User Says Thank You to heavy_metal_man For This Useful Post: [ View ]
2nd May 2012, 08:47 PM   |  #2313  
theq86's Avatar
Senior Member
Flag Nuremberg
Thanks Meter: 736
 
918 posts
Join Date:Joined: Jan 2009
Donate to Me
More
Quote:
Originally Posted by csoulr666

@nhb A thought just occurred to me.......if you're trying to boot a linux kernel.......why not try it via a different linux based OS on the phone......Tizen for example?????

it doesn't matter what sits "on top" of the kernel. we need do grab deeper. probably that deep, that not even a kernel would be required. we just use the kernel to bootstrap in a "familiar environment"

Quote:
Originally Posted by heavy_metal_man

I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea

sent from my android powered beast!

It's not proven the exploit works as we hope to. and we know nothing of the side effects that may come up using this exploit on an s-off phone.
The Following 2 Users Say Thank You to theq86 For This Useful Post: [ View ]
2nd May 2012, 09:25 PM   |  #2314  
Senior Member
Thanks Meter: 1,075
 
984 posts
Join Date:Joined: Oct 2011
Quote:
Originally Posted by heavy_metal_man

I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea

sent from my android powered beast!

As far as I know the Radio is protected even on an S-OFF phone. It's just that signatures are not checked by HBOOT so you can use HBOOT to flash whatever Radio you want, but I don't think you'll be able to write from within Android. At least not without the modifications to the kernel that would also enable you to write to the Radio partition on an S-ON phone.
The Following User Says Thank You to no.human.being For This Useful Post: [ View ]
3rd May 2012, 12:01 AM   |  #2315  
MrTaco505's Avatar
Senior Member
Flag Dallas
Thanks Meter: 103
 
409 posts
Join Date:Joined: Jan 2012
More
Quote:
Originally Posted by theq86

It's not proven the exploit works as we hope to. and we know nothing of the side effects that may come up using this exploit on an s-off phone.

Well I did have a longer reboot


Sent from my HTC Wildfire S using xda premium
3rd May 2012, 01:01 AM   |  #2316  
Antagonist42's Avatar
Senior Member
Flag Bolton
Thanks Meter: 225
 
583 posts
Join Date:Joined: Feb 2012
More
CM seems to me to be more to do with the 'most widely used' phones and not down to chip or Android version as vendors can add/change boot up to Android and each vendor can be different even down to mtd partition order/naming.

I've been trying to figure out what exactly the 0:MIBIB means (as I haven't found anything relevant towards what it stands for or what it does do via googling it, the closest thing I have come across is two separate acronyms, they being:

MI - Machine Instruction .... Which will be slightly obvious although would separate it from other machine code instructions for operation.

BIB - Backwards Indicator Bits ....
Quote:

The Forward Indicator Bits (FIBs) and Backward Indicator Bits (BIBs) are used for retransmissions. Under normal conditions (no link errors), the FIB and BIB have the same value. As illustrated in Figure 4-9, the field length is 1 bit; therefore, only two values are possible: 0 or 1.

from this...

To me thinking about it, what if the option to edit this FIB/BIB would now be locked for greater security whereas before those Bits may have been ignored or unset?. Looking at the diagram on the linked page I can see to a certain degree the block layout of the systems partitions used on Android, seeing as we may have to delve deeper to attain S-OFF may as well find out all we can from whatever we can even if it seems odd

---------- Post added 3rd May 2012 at 12:01 AM ---------- Previous post was 2nd May 2012 at 11:56 PM ----------

Could the longer reboot times be down to verifying the installed hboot because maybe a pointer/signature/whatever wasn't set before it was installed whereas the original and official updates may be verified before installing therefore no check so shorter boot time?

Added this as well to the found docs
Last edited by Antagonist42; 3rd May 2012 at 01:31 AM.
3rd May 2012, 02:17 PM   |  #2317  
Antagonist42's Avatar
Senior Member
Flag Bolton
Thanks Meter: 225
 
583 posts
Join Date:Joined: Feb 2012
More
S-OFF - can or can't?
I don't think we will directly alter the state of S-OFF whilst the system is running, I believe it is Software Implemented either during OS Factory Install or from Vendor Update - my reason being:

Quote:
Originally Posted by jumpit

Hi all,
Just for information.
Use this to ROOT my phone a couple of days ago and all work fine.

Last night stupidly there was OTA update that I installed and now I also have the 'Hellions with BLUE flames !' problem.

The update was something like 1.013.flex sorry did not write down and that is all I can remember.

Keep up the good work Doomlord

Phone: Acer E320-orange
Android version: 2.3.4
Baseband: C6-1.013.00
Kernel: 2.6.35.7
Build: Acer_E320_1.013.00_EMEA_ORGUK

I hope this helps

I will look at back rev'ing when I have time and post my results.

Found a Russian rooted rom for this device but would still like a way to root the original rom.

Now if as with this phone we had all the access open, then the S-ON came with the update as my phone was updated before I had a chance to run anything (hence my uncertainty as to gaining S-OFF on the ACER E320/C6), so my line of thinking is still that we can gain S-OFF with an update, I think trying to make the mtd drivers may be a long and arduous route to take if we don't know what we're looking for with trying to access maybe 2. 3. or 4 (Android/yaffs/ext3-4/L4 and possiblyOKL-L4) different operating file systems (that doesn't mean we shouldn't still try if needs be ).
4th May 2012, 07:41 AM   |  #2318  
theq86's Avatar
Senior Member
Flag Nuremberg
Thanks Meter: 736
 
918 posts
Join Date:Joined: Jan 2009
Donate to Me
More
HTC OTA updates are normal flashable edify update-zip files (the ones installable by the recovery)

one difference is, that they can only be installed using a stock recovery.
second is, the zip contains another zip, called framework.zip.
That framework.zip is a renamed PG76IMG.zip - and guess - signed.

it is handed to hboot which proceeds as if it was uploaded by a ruu or manually loaded at hboot load when PG76IMG.zip is available.

the update thing is not the right way, since we really would need a tool which could sign our custom update with htc keys.
4th May 2012, 05:44 PM   |  #2319  
Wolf Pup's Avatar
Senior Member
Flag I live in the TARDIS
Thanks Meter: 290
 
3,731 posts
Join Date:Joined: Jan 2011
More
Wasn't Antagonist 42 onto something about some NAND keys? Or the HTC cryptographic keys?

Sent from my HTC Wildfire S A510e using XDA
5th May 2012, 12:11 PM   |  #2320  
Wolf Pup's Avatar
Senior Member
Flag I live in the TARDIS
Thanks Meter: 290
 
3,731 posts
Join Date:Joined: Jan 2011
More
Who got invited to the Windows 8 App Dev camp? I know I did! Just need to do some partitioning on my hard drive, finish installing Windows 8 and then I'm ready to go!

Sent from my HTC Wildfire S A510e using XDA

Post Reply Subscribe to Thread

Tags
bootloader, campaign, dev, exploit, hboot, htc, kernel, radio, s-off, secu-flag, wildfire s
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes