Ok guys, first of all Scotty2 gets all the credit for the program R&D. I used my device as a test bed and have tried a couple different kernels (Gr8Gorilla's O/C Kernel and the stock kernel).
Now for the boring stuff ...
This is a very invasive way of rooting your device but the benefit is TRUE S=Off and root privileges throughout the system. As such, you do this at your own risk and if you brick your device neither Scotty2 nor myself are responsible, YOU ARE!!! Do this at your own risk!!!
This is not for the faint of heart and if you have any reservations about doing things like this do not do it.
This process will do three things for your device. I will explain them here:
1. It will set up Super CID on your device allowing you to flash any carriers rom (not just tmobile). Giving you more freedom with your choice of software.
2. It will subsidy unlock your device. In other words, it will SIMUNLOCK your phone allowing you to use an AT&T sim card and so on in your device without needing the unlock code from HTC.
3. Most important of all it will turn the RADIO S=Off. This is the ultimate S=Off because the radio is what controls the security flag in the first place. Once you turn it off here it is off everywhere and will allow you pure unadulterated access to your device.
This process will not change your bootloader (unless your on 0.86.0000 and you follow the optional steps).
Now, you may be asking "Why do this? I already have root from your other guide and it has given me r/w access to system and recovery. I thought this meant we had permanent S=Off." This is only partially true. We have had an engineering bootloader and "Label" s=off not radio s=off. When you turn the security off in radio it is off permanently no matter what hboot you have installed engineering or otherwise. However, it is optional but you can still copy the engineering hboot over and it will allow you to flash whatever you like without (as much) fear of bricking your device.
This guide assumes you know how to use ADB. If you do not there are guides all over XDA to show you how. There is even a really good one in this forum. Also here is a video on how to setup adb discovered by topgun303: http://www.youtube.com/watch?v=1UF5w1dKe2U
Not sure this works until you root with my other guide or not yet. If someone could confirm that would be great.
Here we go:
If you are already permarooted per the other guide just follow the first 11 steps. As soon as I get a chance I will add how to check if it worked when done this way.
Make sure you have visionary installed on your device and download this file:
1. Now unzip the file into your SDK tools directory.
2. Plug your device into your computer.
3. Now open explorer and hold down shift at same time you right mouse click on your SDK tools directory. Select open command window here. If you are in linux (ubuntu) right mouse click on your SDK tools folder, choose actions, and choose open command window(or whatever it's called). Otherwise, open a command prompt and cd your way to your SDK tools directory.
4. Type "adb push gfree /data/local" and hit enter.
Optionally, you could dl the file to your phone use androzip or something like it to unzip the file and then use root explorer to move all the files to /data/local. This would skip the first 4 steps.
5. Now unplug your device from the computer.
6. Run visionary to gain temp root.
7. Open terminal emulator on your device, type "su", and hit enter to gain root privileges.
8. Type "cd /data/local" and hit enter.
9. Now type "chmod 777 gfree" and hit enter to make the program executable.
10. Type "./gfree" and hit enter.
11. Wait for the program to finish and then reboot into HBoot to see if S=Off. Also, check your bootloader version. If it says s=off and has bootloader version 0.86.0000 it worked. Congratulations!
Gfree writes a backup of the file that it patches on your sdcard. I suggest putting this file in a safe place as it is the only way to revert if you need to. I will also add those steps as I get time.
[Optional] Steps to flash engineering bootloader.
1. Restart your phone and plug it back into your computer.
2. Download this file: http://www.megaupload.com/?d=NN5726Z8
3. Copy the file to your SDK tools directory.
4. Open a command prompt again and cd into your SDK tools directoty.
5. Type "adb push hboot_dhd.nb0 /data/local" and hit enter.
6. Now open terminal on your device and type "su" and enter to gain root priviliges.
7. Type "cd /data/local" and enter.
8. Now type "dd if=hboot_dhd.nb0 of=/dev/block/mmcblk0p18" and hit enter.
9. You should see something like: 2048 bytes in 2048 bytes out 1048576 bytes copied blah blah blah.
10. Now restart the device into hboot and check if your bootloader version is 0.85.2007. That is what you want to see.
Congratulations, you now have a TRUE root and engineering bootloader on your shiny MT4G!!!
Here is a pic of the stock HBoot 0.86.0000 with S=Off to prove it.