HTC implemented security on their newer generation phones. This flag, called @secuflag, controls whether your phone has
it's NAND or flash unlocked. Most noticeably, S-ON (security on) will read-lock your /system and /recovery partition, to name a few. Also, secuflag controls whether zip files being flashed through recovery or fastboot, are signed by HTC.
The now notorious S-OFF (security off) will disable this NAND security.
Since we are unable to access the Radio NVRAM itself (where secuflag is stored), we turned our attention to HBOOT.
AlphaRev has patched HBOOT images for several phones, whereas the HTC Desire (GSM) was our first victim.
Soon to be supported devices:
HTC Legend GSM
HTC Aria GSM (Liberty)
HTC Wildfire GSM (Buzz)
The following patches were made:
First and foremost, the security flag is ignored. HBOOT now always thinks the phone is S-OFF.
Second, Fastboot extended commands are enabled. This is similar to engineering HBOOTS, these allow you to use commands like 'fastboot flash system system.img' (flashing a system image), or 'fastboot boot boot.img' (downloading and directly booting a kernel image and ramdisk).
Is there any risk involved?
Yes, there is. Flashing HBOOT will flash a critical part of your phone, if that gets corrupted, your phone WILL be bricked.
We do not accept any responsibility for bricked phones, even though we've attempted to make the actual flashing method as safe as possible.
If your phone no longer turns on anymore, please return to HTC for warranty purposes.
Should you still run this hack/program, you then hereby accept full responsibility.
So how does this work?
The image provided is an ISO image. You can either burn that on CD, and boot it. Instructions will be provided when you run the CD.
The actual tool is packaged in a Linux livecd, to ensure maximum compatibility.
On a sidenote: yes, you should be able to run this in VMWare or Virtualbox, as long as you enable the USB device to be routed to the livecd running.
Will my phone stay S-OFF forever?
Yes and no. As soon as you decide to flash a stock RUU that has a HBOOT update in it, this hacked HBOOT will be overwritten.
You do have the option to remove the HBOOT update from the rom.zip inside the RUU. Since your phone no longer checks signatures, you could easily do that.
Also, you then still have the option to flash custom recovery, or different kernels using the fastboot functions described above (fastboot flash, et al).
http://alpharev.shadowchild.nl/
http://xdaforums.com/showthread.php?t=794314&page=5 (Desire thread)
it's NAND or flash unlocked. Most noticeably, S-ON (security on) will read-lock your /system and /recovery partition, to name a few. Also, secuflag controls whether zip files being flashed through recovery or fastboot, are signed by HTC.
The now notorious S-OFF (security off) will disable this NAND security.
Since we are unable to access the Radio NVRAM itself (where secuflag is stored), we turned our attention to HBOOT.
AlphaRev has patched HBOOT images for several phones, whereas the HTC Desire (GSM) was our first victim.
Soon to be supported devices:
HTC Legend GSM
HTC Aria GSM (Liberty)
HTC Wildfire GSM (Buzz)
The following patches were made:
First and foremost, the security flag is ignored. HBOOT now always thinks the phone is S-OFF.
Second, Fastboot extended commands are enabled. This is similar to engineering HBOOTS, these allow you to use commands like 'fastboot flash system system.img' (flashing a system image), or 'fastboot boot boot.img' (downloading and directly booting a kernel image and ramdisk).
Is there any risk involved?
Yes, there is. Flashing HBOOT will flash a critical part of your phone, if that gets corrupted, your phone WILL be bricked.
We do not accept any responsibility for bricked phones, even though we've attempted to make the actual flashing method as safe as possible.
If your phone no longer turns on anymore, please return to HTC for warranty purposes.
Should you still run this hack/program, you then hereby accept full responsibility.
So how does this work?
The image provided is an ISO image. You can either burn that on CD, and boot it. Instructions will be provided when you run the CD.
The actual tool is packaged in a Linux livecd, to ensure maximum compatibility.
On a sidenote: yes, you should be able to run this in VMWare or Virtualbox, as long as you enable the USB device to be routed to the livecd running.
Will my phone stay S-OFF forever?
Yes and no. As soon as you decide to flash a stock RUU that has a HBOOT update in it, this hacked HBOOT will be overwritten.
You do have the option to remove the HBOOT update from the rom.zip inside the RUU. Since your phone no longer checks signatures, you could easily do that.
Also, you then still have the option to flash custom recovery, or different kernels using the fastboot functions described above (fastboot flash, et al).
http://alpharev.shadowchild.nl/
http://xdaforums.com/showthread.php?t=794314&page=5 (Desire thread)
Last edited:
