After obtaining temproot and posting my thread on how to get it, I tried the "gfree" exploit that was used on the MyTouch 4G/T-mobile G2/Desire Z/Desire HD. However, I had no luck.
Basically, what it did was exploit a security hole in an early radio firmware on those phones, and through exploiting this way, it was able to power down the eMMC chip, dropping its write protection. After that, it was possible to modify the CID, SIM-lock and bootloader security status. It could do each seperate, or all at the same time.
I pushed the gfree binary to my Chacha and tried running it, and as I predicted, it failed at the part it tries to power cycle the eMMC chip. Would any dev be able to take the binary, modify it and try to find such a hole on the Chacha? I tried finding source for it, but I was unsuccessful, so it may be a bit harder
EDIT: Right after posting this, I've come across what appears to be such source - https://github.com/tmzt/g2root-kmod/tree/master/scotty2/gfree
Basically, what it did was exploit a security hole in an early radio firmware on those phones, and through exploiting this way, it was able to power down the eMMC chip, dropping its write protection. After that, it was possible to modify the CID, SIM-lock and bootloader security status. It could do each seperate, or all at the same time.
I pushed the gfree binary to my Chacha and tried running it, and as I predicted, it failed at the part it tries to power cycle the eMMC chip. Would any dev be able to take the binary, modify it and try to find such a hole on the Chacha? I tried finding source for it, but I was unsuccessful, so it may be a bit harder
EDIT: Right after posting this, I've come across what appears to be such source - https://github.com/tmzt/g2root-kmod/tree/master/scotty2/gfree
Last edited:
