[GUIDE] Radio S-OFF, SuperCID, SimUnlock + Root

Bumble-Bee

Bumble-Bee

Senior Recognized Developer & Original Autobot
Feb 21, 2009
917
566
0
twitter.com
Dec 1, 2010 at 3:41 PM
Hi ppl here is a guide on how to gain radio S-OFF, Super CID , SimUnlock :D

What You Need
-- This File
-- If on OSX / Linux ADB binary (they are not included in the .zip)

-------------------------------------------------------------------------------------------

Bits in red Are Only for people who dont already have perm root

Bits in Blue are for everyone :D

-------------------------------------------------------------------------------------------

1) Extract the zip file (to your adb directory if on mac / linux)

2) Open a command prompt / shell and navigate to your where you extracted the files

3) run
adb install visionaryplus-r14.apk
Click to expand...
4) open visionary on phone

5) tick Run visionary.sh after root" and "set system r/w after root"

6) Now click "temproot now" and wait 30 - 60 sec

7) run line per line
adb push gfree /data/local
adb shell
su
cd /data/local
chmod 777 gfree
./gfree
sync
reboot
Click to expand...
Now We Are Radio S-OFF and SuperCID + SimUnlocked

8) If you where not already perma rooted run visionary Temp root, then perm root. :D

[To Check]

1) run
adb reboot bootloader
Click to expand...
ON SHIP HBOOT
Just check the top line if you see
SHIP S-OFF (it worked :D)

SHIP S-ON (it didnt :()

ON ENG HBOOT
2) tap bootloder option
3) use vol down to get to system info and tap
4) check CID for CID-11111111 (if you have this all is done 100%) :D
5) reboot

[PROBLEMS]
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IF THIS DOESNT WORK AND U GET
***WARNING***: Did not find brq filter.
Click to expand...
Get either a stock kernel CM/SENSE or my buzz-1.0.7 as its confirmed working on those :D

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

[FAQ]
Does this install the ENG hboot ?
No as that is no longer required, still an opition if you want to gain the extra functions
Click to expand...
How can i install custom recovery for roms without ENG hboot ?
Just get rom manger from marked and install with that :D
Click to expand...
What does all this mean ?
Radio S-OFF = we have s-off regardless or hboot we are using so if you update the hboot s-off will stay :D
Super CID = Allow to install RRU's from ANYONE :D
Click to expand...
[CREDITS]
Paul O'Brien for visionary
scotty2 and others who found the method to patch P7 :D
everyone else who has worked on the G2 root and wpthis :D
 
Last edited:
  • Like
Reactions: vugiang, Lebenita, altralazer and 10 others
emx_o

emx_o

Senior Member
Aug 2, 2009
368
37
0
Munich
Dec 1, 2010 at 3:54 PM
hey there, thanks for the guide but something didnt work while running ./gfree
Code: 
./gfree
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
 - Section[16]: .modinfo
 -- offset: 0x00000a14 (2580)
 -- size: 0x000000cc (204)
Kernel release: 2.6.32.25-Buzz-1.0.6-OCUV
New .modinfo section size: 212
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
 - Address: c02ccc70, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02cc000
Kernel memory mapped to 0x40001000
Searching for brq filter...
 - ***WARNING***: Did not find brq filter.
Patching and backing up partition 7...
after some seconds it rebooted on its own but nothing happened to my cid. any ideas?
 
  • Like
Reactions: vugiang
Bumble-Bee

Bumble-Bee

Senior Recognized Developer & Original Autobot
Feb 21, 2009
917
566
0
twitter.com
Dec 1, 2010 at 4:03 PM
That will be the live kernel patching failing as it cant find where to patch .... try running with my 1.0.7 kernel and then restore back (shuld run on stock kernels)... as i know that works ill relay this info to scotty2 and see if he can fix for these kernels.

Can you post your kernel info from the about phone menu ?
 
  • Like
Reactions: southadam
nintendolinky

nintendolinky

Senior Member
May 7, 2009
1,363
303
113
Wakefield, West Yorkshire
Dec 1, 2010 at 4:09 PM
Worked great
To verify all went well, do this:
Plug in your phone to your computer
In the Terminal/command line, type this:
PHP: 
 adb shell
this puts you in the phone's shell. now it's a simple matter of the following:
(note the # is your prompt. Don't type the "#". The lines without the # are returned by the phone.)
PHP: 
# stop ril-daemon
# cat /dev/smd0 &
# echo -e 'ATE1\r' > /dev/smd0
0
#
# echo -e 'ATV1\r' > /dev/smd0
OK
# echo -e '[email protected]?\r' > /dev/smd0
@CID: 11111111

OK
echo -e '[email protected]?40\r' > /dev/smd0
# [email protected]?40
@SIMLOCK= 00

OK
#echo -e '[email protected]?AA\r' > /dev/smd0
 [email protected]?AA
@secu_flag: 0

OK
It should look something like that anyway. It may look slightly different if you were typing while the computer was sending you back information.
Did it work? Here's what you're looking for:
@CID: 11111111 <--- this response means you have superCID! Congrats!
@SIMLOCK= 00 <--- this means your simlock is off. Mazel Tov!
@secu_flag: 0 <--- this means your radio is S-OFF. Hurrah!
 
  • Like
Reactions: en3s
starbase64

starbase64

Senior Member
Apr 3, 2007
4,331
1,685
253
Dec 1, 2010 at 4:20 PM
Hi,

not work for me.

Code: 
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.

C:\Users\Administrator>d:

D:\>cd D:\Handy\HTC Desire HD\SuperCID

D:\Handy\HTC Desire HD\SuperCID>adb push gfree /data/local
adb server is out of date.  killing...
* daemon started successfully *
1939 KB/s (683255 bytes in 0.344s)

D:\Handy\HTC Desire HD\SuperCID>adb shell
# su
su
# cd /data/local
cd /data/local
# chmod 777 gfree
chmod 777 gfree
# ./gfree
./gfree
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
 - Section[16]: .modinfo
 -- offset: 0x00000a14 (2580)
 -- size: 0x000000cc (204)
Kernel release: 2.6.32.25-Buzz-1.0.6-OCUV
New .modinfo section size: 212
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
 - Address: c02ccc70, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02cc000
Kernel memory mapped to 0x40001000
Searching for brq filter...
 - ***WARNING***: Did not find brq filter.
Patching and backing up partition 7...

D:\Handy\HTC Desire HD\SuperCID>
with friendly greet

starbase64
 
Bumble-Bee

Bumble-Bee

Senior Recognized Developer & Original Autobot
Feb 21, 2009
917
566
0
twitter.com
Dec 1, 2010 at 4:34 PM
For the moment

IF THIS DOESNT WORK AND U GET

***WARNING***: Did not find brq filter.

Get either a stock kernel CM/SENSE or my buzz-1.0.7 as its confirmed working on those
 
broncogr

broncogr

Retired Senior Moderator
Aug 17, 2005
3,881
4,263
263
47
XDA Central
Dec 1, 2010 at 4:44 PM
starbase64 said:
Hi,

not work for me.

Code: 
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten.
 
C:\Users\Administrator>d:
 
D:\>cd D:\Handy\HTC Desire HD\SuperCID
 
D:\Handy\HTC Desire HD\SuperCID>adb push gfree /data/local
adb server is out of date.  killing...
* daemon started successfully *
1939 KB/s (683255 bytes in 0.344s)
 
D:\Handy\HTC Desire HD\SuperCID>adb shell
# su
su
# cd /data/local
cd /data/local
# chmod 777 gfree
chmod 777 gfree
# ./gfree
./gfree
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
 - Section[16]: .modinfo
 -- offset: 0x00000a14 (2580)
 -- size: 0x000000cc (204)
Kernel release: 2.6.32.25-Buzz-1.0.6-OCUV
New .modinfo section size: 212
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
 - Address: c02ccc70, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02cc000
Kernel memory mapped to 0x40001000
Searching for brq filter...
 - ***WARNING***: Did not find brq filter.
Patching and backing up partition 7...
 
D:\Handy\HTC Desire HD\SuperCID>
with friendly greet

starbase64
Click to expand...
Try with 1.07 kernel.
If it doesnt work try with stock kernel which works fine
I think only the ENG Hboot shows system info...
 
xmoo

xmoo

Retired Recognized Developer
Aug 19, 2006
5,392
1,795
0
31
Eindhoven
www.Mohammad.Moghtader.net
Dec 1, 2010 at 5:19 PM
dubstepshurda said:
Is there anyway to undo this? Incase of garanty issues?
Click to expand...
S-OFF has nothing to do with legal or illigal.
In somecases when you send your phone for repair, they S-off it, and forget to remove it.
So just remove superuser, install stock rom. And don't matter S-ON or s-OFF

"ON ENG HBOOT
2) tap bootloder option
3) use vol down to get to system info and tap
4) check CID for CID-11111111 (if you have this all is done 100%)
5) reboot"

2) tap bootloader option You fotgot the A.
 
Last edited:
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone