Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,742,143 Members 51,984 Now Online
XDA Developers Android and Mobile Development Forum

[DEV][THE S-OFF CAMPAIGN] We need electrical engineers & experts in JTAG, OpenOCD!

Tip us?
 
csoulr666
Old
#2311  
csoulr666's Avatar
Senior Member
Thanks Meter 389
Posts: 1,362
Join Date: Jun 2011
Location: Aligarh
@nhb A thought just occurred to me.......if you're trying to boot a linux kernel.......why not try it via a different linux based OS on the phone......Tizen for example?????
If thou art commit a sin,thy reaper will punish thee!!!


My Phone:HTC Wildfire S
Current Rom:OmniRom by Olivier
Username Pronounciation:"See-soul-are-triple-six"

You are not the only living person with a problem!!Search a bit before posting
The Following User Says Thank You to csoulr666 For This Useful Post: [ Click to Expand ]
 
heavy_metal_man
Old
#2312  
heavy_metal_man's Avatar
Recognized Contributor
Thanks Meter 681
Posts: 2,492
Join Date: Nov 2011

 
DONATE TO ME
I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea

sent from my android powered beast!

 
Devices
-> HTC wildfire (buzz)- currently testing all sorts.

-> HTC wildfire BEE
s-on HTC-dev unlocked
rom: my cooked rom
-> HTC sensation XE
Died a horrible overheating death
-> Nexus 7 32gb wifi
Bootloader unlocked
Rom: ParanoidAndroid 3.1
-> Htc desire s
xtc clip s-off/simunlocked/supercid
revolutionary hboot 7.00.1002
testing roms....
The Following User Says Thank You to heavy_metal_man For This Useful Post: [ Click to Expand ]
 
theq86
Old
#2313  
theq86's Avatar
Senior Member
Thanks Meter 726
Posts: 918
Join Date: Jan 2009
Location: Nuremberg

 
DONATE TO ME
Quote:
Originally Posted by csoulr666 View Post
@nhb A thought just occurred to me.......if you're trying to boot a linux kernel.......why not try it via a different linux based OS on the phone......Tizen for example?????
it doesn't matter what sits "on top" of the kernel. we need do grab deeper. probably that deep, that not even a kernel would be required. we just use the kernel to bootstrap in a "familiar environment"

Quote:
Originally Posted by heavy_metal_man View Post
I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea

sent from my android powered beast!
It's not proven the exploit works as we hope to. and we know nothing of the side effects that may come up using this exploit on an s-off phone.
Please Search the forums and ask your questions there. I'm no personal supporter.
HTC One (m7_ul)
The Following 2 Users Say Thank You to theq86 For This Useful Post: [ Click to Expand ]
 
no.human.being
Old
#2314  
Senior Member
Thanks Meter 1074
Posts: 979
Join Date: Oct 2011
Quote:
Originally Posted by heavy_metal_man View Post
I've also had an idea, have we tried to do this to an s-off device? I know it sounds strange but it would hopefully yeild some useful information. Like if it works with no arguments then we would know that the s-on is still ****ing with us and that the kernals works. Just an idea

sent from my android powered beast!
As far as I know the Radio is protected even on an S-OFF phone. It's just that signatures are not checked by HBOOT so you can use HBOOT to flash whatever Radio you want, but I don't think you'll be able to write from within Android. At least not without the modifications to the kernel that would also enable you to write to the Radio partition on an S-ON phone.
The Following User Says Thank You to no.human.being For This Useful Post: [ Click to Expand ]
 
MrTaco505
Old
#2315  
MrTaco505's Avatar
Senior Member
Thanks Meter 103
Posts: 409
Join Date: Jan 2012
Location: Dallas
Quote:
Originally Posted by theq86 View Post
It's not proven the exploit works as we hope to. and we know nothing of the side effects that may come up using this exploit on an s-off phone.
Well I did have a longer reboot


Sent from my HTC Wildfire S using xda premium
 
Antagonist42
Old
(Last edited by Antagonist42; 3rd May 2012 at 12:31 AM.)
#2316  
Antagonist42's Avatar
Senior Member
Thanks Meter 190
Posts: 449
Join Date: Feb 2012
Location: Bolton
CM seems to me to be more to do with the 'most widely used' phones and not down to chip or Android version as vendors can add/change boot up to Android and each vendor can be different even down to mtd partition order/naming.

I've been trying to figure out what exactly the 0:MIBIB means (as I haven't found anything relevant towards what it stands for or what it does do via googling it, the closest thing I have come across is two separate acronyms, they being:

MI - Machine Instruction .... Which will be slightly obvious although would separate it from other machine code instructions for operation.

BIB - Backwards Indicator Bits ....
Quote:
The Forward Indicator Bits (FIBs) and Backward Indicator Bits (BIBs) are used for retransmissions. Under normal conditions (no link errors), the FIB and BIB have the same value. As illustrated in Figure 4-9, the field length is 1 bit; therefore, only two values are possible: 0 or 1.
from this...

To me thinking about it, what if the option to edit this FIB/BIB would now be locked for greater security whereas before those Bits may have been ignored or unset?. Looking at the diagram on the linked page I can see to a certain degree the block layout of the systems partitions used on Android, seeing as we may have to delve deeper to attain S-OFF may as well find out all we can from whatever we can even if it seems odd

---------- Post added 3rd May 2012 at 12:01 AM ---------- Previous post was 2nd May 2012 at 11:56 PM ----------

Could the longer reboot times be down to verifying the installed hboot because maybe a pointer/signature/whatever wasn't set before it was installed whereas the original and official updates may be verified before installing therefore no check so shorter boot time?

Added this as well to the found docs
Wanna get inside what ya got, gotta get out and find it..I found some!
THE END IS NIGH....S-OFF HERE WE COME...
The Latest ACER E320/C6 Rom From Xakep - Very Slick
ACER E320 1.005.00 ROM EUU
 
Antagonist42
Old
#2317  
Antagonist42's Avatar
Senior Member
Thanks Meter 190
Posts: 449
Join Date: Feb 2012
Location: Bolton
Default S-OFF - can or can't?

I don't think we will directly alter the state of S-OFF whilst the system is running, I believe it is Software Implemented either during OS Factory Install or from Vendor Update - my reason being:

Quote:
Originally Posted by jumpit View Post
Hi all,
Just for information.
Use this to ROOT my phone a couple of days ago and all work fine.

Last night stupidly there was OTA update that I installed and now I also have the 'Hellions with BLUE flames !' problem.

The update was something like 1.013.flex sorry did not write down and that is all I can remember.

Keep up the good work Doomlord

Phone: Acer E320-orange
Android version: 2.3.4
Baseband: C6-1.013.00
Kernel: 2.6.35.7
Build: Acer_E320_1.013.00_EMEA_ORGUK

I hope this helps

I will look at back rev'ing when I have time and post my results.

Found a Russian rooted rom for this device but would still like a way to root the original rom.
Now if as with this phone we had all the access open, then the S-ON came with the update as my phone was updated before I had a chance to run anything (hence my uncertainty as to gaining S-OFF on the ACER E320/C6), so my line of thinking is still that we can gain S-OFF with an update, I think trying to make the mtd drivers may be a long and arduous route to take if we don't know what we're looking for with trying to access maybe 2. 3. or 4 (Android/yaffs/ext3-4/L4 and possiblyOKL-L4) different operating file systems (that doesn't mean we shouldn't still try if needs be ).
Wanna get inside what ya got, gotta get out and find it..I found some!
THE END IS NIGH....S-OFF HERE WE COME...
The Latest ACER E320/C6 Rom From Xakep - Very Slick
ACER E320 1.005.00 ROM EUU
 
theq86
Old
#2318  
theq86's Avatar
Senior Member
Thanks Meter 726
Posts: 918
Join Date: Jan 2009
Location: Nuremberg

 
DONATE TO ME
HTC OTA updates are normal flashable edify update-zip files (the ones installable by the recovery)

one difference is, that they can only be installed using a stock recovery.
second is, the zip contains another zip, called framework.zip.
That framework.zip is a renamed PG76IMG.zip - and guess - signed.

it is handed to hboot which proceeds as if it was uploaded by a ruu or manually loaded at hboot load when PG76IMG.zip is available.

the update thing is not the right way, since we really would need a tool which could sign our custom update with htc keys.
Please Search the forums and ask your questions there. I'm no personal supporter.
HTC One (m7_ul)
 
Wolf Pup
Old
#2319  
Wolf Pup's Avatar
Senior Member
Thanks Meter 289
Posts: 3,717
Join Date: Jan 2011
Location: I live in the TARDIS

 
DONATE TO ME
Wasn't Antagonist 42 onto something about some NAND keys? Or the HTC cryptographic keys?

Sent from my HTC Wildfire S A510e using XDA
Devices:
 

SGS3 Intl (Current Device)
HTC WFS (Stolen)
HTC TyTn (WM6)

Fun Stuff:
 

I have a TARDIS. All my messages are sent from my TARDIS. I also have a Sonic Screwdriver.
I'm a Doctor Who addict.
I like Minecraft
Quote:
Originally Posted by conantroutman View Post
You people make me sick......

If you wish, please drop me an internet. Thanks.
 
Wolf Pup
Old
#2320  
Wolf Pup's Avatar
Senior Member
Thanks Meter 289
Posts: 3,717
Join Date: Jan 2011
Location: I live in the TARDIS

 
DONATE TO ME
Who got invited to the Windows 8 App Dev camp? I know I did! Just need to do some partitioning on my hard drive, finish installing Windows 8 and then I'm ready to go!

Sent from my HTC Wildfire S A510e using XDA
Devices:
 

SGS3 Intl (Current Device)
HTC WFS (Stolen)
HTC TyTn (WM6)

Fun Stuff:
 

I have a TARDIS. All my messages are sent from my TARDIS. I also have a Sonic Screwdriver.
I'm a Doctor Who addict.
I like Minecraft
Quote:
Originally Posted by conantroutman View Post
You people make me sick......

If you wish, please drop me an internet. Thanks.

Tags
bootloader, campaign, dev, exploit, hboot, htc, kernel, radio, s-off, secu-flag, wildfire s
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes