Thread Deleted Email Thread
Prev Previous Post   Next Post Next
Please see this safer/easier/faster method instead of using the one below

Original guide provided below for historial purposesonly, seriously use hte one above:

Please refrain from repackaging, or rehosting my materials, ask prior to deciding to.

If this guide fails, or the auto script (which I will not recommend you use) fails, please do a factory reset before attempting again.

If you appreciate this, please make sure you check out my original article on the AndroidPolice. Without the support of AP, I wouldn't spend nearly as much time doing this. To the bloggers who will chose to link to a forum post, rather than the original post on a better blog, you suck.

Donations for new test devices can be made at the paypal link to the left. I reserve the right to send leftover funds to whatever charities I feel like. Generally I choose Boys and Girls club of america, sometimes I choose seasonal charity, or a medical related one.

Known Problems:
Adb server is out of date
Uninstall HTC Sync, Samsung Kies, etc any software that talks to the phone.

If you get stuck, please immediately find someone in our chat that knows what they are doing. It is very easy to brick your phone if you follow these directions incorrectly, or if a problem arises!

Need faster help? or Want to help visit our chat


Original development: jcase
Awesome saver of the day: Sean Beaupre
Crash test dummy: dsb9938 (I bricked his phone making this!)
Artem and all @AndroidPolice for putting up with my nonsense.
Special thanks to Fuses for recommending a better target, and the numerous testers that let me play with their new phones.

Warning: This is semi complicated, and is known to ruin phones if done incorrectly. Proceed at your own risk

1gb free space on the phone.
Working adb, must support the adb restore feature (ICS and up!)

backup.ab (300mb) mirrors: - -

DNA_TeamAndIRC mirrors - - -

Unzip DNA_TeamAndIRC, put, CIDGen.apk and backup.ab into the directory where adb is (or anywhere if you have your paths setup right).

Please Check the readme.txt before continuing!

adb install CIDGen.apk
Run the CIDGen app on your phone, enter the last digit of your IMEI (NOT YOUR MEID) and press generate. Then confirm the generated file exists.

adb shell ls -l /sdcard/CIDBLOCK.img
If CIDBLOCK.img does not exist, run the app and try again. Do not proceed without generating a CIDBLOCK.img, it is needed to repair the phone and unlock.

Once you have CIDBLOCK.img on your sdcard, open two terminals (command prompts) and continue

In the first terminal/cmd prompt run these commands:

adb push /data/local/tmp/
adb shell chmod 755 /data/local/tmp/
adb shell /data/local/tmp/ will continue to loop and spit out No such file or link failed errors, just leave it running for now.

In the other terminal/cmd prompt run this commands:

adb restore backup.ab
Then allow the restore on your phone. Once the process is finished, you can go back to the looping terminal and stop it with control + c, or close the terminal

At this point, do not continue unless you are certain you can do this. Past this point, is where people can brick if they do not follow the directions correctly. If you run into a problem, find someone to help you. Do NOT power your phone off or reboot it. Leave it charging and find someone.

adb shell rm /data/data/*
adb shell mv /data/DxDrm /data/DxDrm_org
adb shell mkdir /data/DxDrm
adb shell ln -s /dev/block/mmcblk0p5 /data/DxDrm/DxSecureDB
adb reboot
Once the phone is rebooted, open two terminals and repeat the restore exploit:

In the first one:
adb shell /data/local/tmp/
This process will also loop forever and give out lots of "No such file" or "link failed" errors - again, just leave it running.

In the second terminal, restore the backup again:

adb restore backup.ab
After the restore is done, we will undo the DxDrm symlink attack and write the new CIDBLOCK.img:

adb shell mv /data/DxDrm /data/DxDrm_trash
adb shell dd if=/sdcard/CIDBLOCK.img of=/dev/block/mmcblk0p5
If this returns an "out of space error" come to our chat, and find either jcase or beaups. Do not reboot. Do not continue.

adb reboot
After reboot, you can go to, and unlock through their official process. Choose the "All other supported models" option when selecting your phone.

The Following 82 Users Say Thank You to jcase For This Useful Post: [ View ]
Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes