Originally Posted by ppcd9220
I've succeded in overwriting the CID. Just used count= parameter for DD command. (Block size=512b).
I've replaced my CID with another one. disconnected, connected, performed test readout. The CID string is changed.
Unfortunately it looks like it is back-uped somewhere and checked at start-up.
Because after rebooting my CID is back.
Tested 2 times. After changing - I can read it. After reboot it is back to original one.
Does anyone have any other ideas of changing CID and/or S-ON/OFF ?
Try editing the CID from the OFF recovery mode (with CWM):
Turn off the phone completely,
then connect the USB and wait for around 15 seconds
Use the adb commands directly without touching the phone.
I was amazed that i can play around my phone's internal memory while its in this mode, adb devices shows "recovery" although phone is off.
The actual problem is that S-ON secures (idk how) the NAND from writing(and partial reading).
EDIT: Some partition information, n=name:
mmcblk0p1, contains S/N
mmcblk0p2, contains PID and wrong manufacture date (maybe programmed date) my hox is ht251, shows 2012/5/3
mmcblk0p9, n=SIF, contains mainversion and radioversion <<< EDITABLE(buggy)
, fastboot reads from SIF when oem rebootRUU
mmcblk0p18, what's sec.bin ?
mmcblk0p20, temp partition contains higher(for me)hboot version?!? 1.33.0000 (or just temp from failed flash), im still hboot 1.31