This has been in progress for a while. If you follow the G2 forums, then you'll know that there have been big problems with G2 phones that have been unlocked via unlock codes, with those unlocked phones then not being able to find a network at all.
It looks like the guys on #G2ROOT have cracked S-OFF for radio. This is *not* the same as the current S-OFF that we have from HBOOT. Apparently it should help to prevent semi-bricking via incorrect flashing of older ROMs.
The article in the Wiki explains all. Documentation about the procedures should be coming soon. We will of course have to make sure it's fine on the DZ too :
http://forum.xda-developers.com/wik...Subsidy_Unlock.2C_SuperCID.2C_and_Radio_S-OFF
nice gives all those "bricked" g2's hope
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
DanWilson said:
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
Click to expand...
Click to collapse
I imagine it'll still be possible to reverse it. From a scan of the IRC logs (though of course I might have missed important stuff), it looks like you just need to write the correct data to the right area of a partition to get the radio S-OFF. So surely you can un-do that by writing the previous data ?
Documentation on this is now up, see http://forum.xda-developers.com/showthread.php?t=855764
Bear in mind that the instructions are for the G2 right now, so if you try this out on a DZ there's a high chance of a permanent brick ! But hopefully someone will sort out a verified method for the DZ soon
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Lennyuk said:
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Click to expand...
Click to collapse
But when an easier way to do it comes along (which is being worked on, I believe), a full S-OFF will be a lot safer, because then it won't be so easy to brick your phone by simply flashing an old RUU.
steviewevie said:
But when an easier way to do it comes along (which is being worked on, I believe), a full S-OFF will be a lot safer, because then it won't be so easy to brick your phone by simply flashing an old RUU.
Click to expand...
Click to collapse
people should not be flashing an old RUU anyway!
anyone who is silly enough to do that gets a brick for a reason.
Always either flash the latest ruu, or restore a nandroid of stock and flash an ota it offers, these are the safest ways.
You will get more bricks from people doing radio s-off than the s-off + ruu method gives.
Lennyuk said:
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Click to expand...
Click to collapse
You're an ass-talker. You talk through your ass, blow hot air, and have no idea what you're talking about.
1) it is SAFER,
2) it is EASIER to come back from,
3) it is SAFER.
Why is it safer? Because it does NOT require writing the hboot or radio! You can blow p7 out and android will still boot, which means that you have the opportunity to fix it if something goes wrong.
A bad flash of the radio or hboot and you're dead.
For those who might not have seen it yet, there's now a fully documented procedure on how to do this to your DZ (and yes, it's been tested on the DZ too).
As has been said, this is a safer method to get S-OFF (letting you flash custom ROMs) than the previous method of putting on an engineering hboot.
See http://forum.xda-developers.com/showthread.php?t=857390
DanWilson said:
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
Click to expand...
Click to collapse
all i do for warrenty with modded phones is feed 12-20 volts ( from a wall adapter) into the battery contacts and tost the main board and bring it back as dead they send me a new one no questions asked cause the phone is dead...even did this with a htc ppc6800 that i smashed the screen in and thay warrenteyed it no prob....this is on bell in canada....
666
I was following your discussion on bricking because of flashing ruus but for some reason it doesn't apply to me. I had an Asian WWE 1.34.707.5 (shipped with my phone) then I flashed it with Asian WWE 1.34.707.3 RUU and it didn't brick my phone.
Related
Now that Firerat has figured out how to easily fit stuff on G1 and T-mobile MT3G phones without DangerSPL, I'm thinking of downgrading to the base engineering SPL. I have a few questions though, since I don't feel like bricking my phone.
First off, fastboot info:
SAPPHIRE PVT 32B
HBOOT - 1.33.2005 (Danger, I believe)
Radio - 2.22.23.02
First off, where would I find a non-danger engineering SPL? Are the SPL's in this thread the ones I should be looking for? http://forum.xda-developers.com/showthread.php?t=529019
Also, are there any benefits of sticking with Danger SPL (other than extra 30 megs system) and since it's now easier to fit this stuff on non Danger, will there be more benefits in reverting back to the original Engineer SPL?
In addition, if I DO decide to flash back to a non-danger SPL, would I have to use recovery or fastboot? I'm assuming they'd be a match, but I'd like to do whichever way is more safe.
Edit: Oh crap, just noticed I posted this in the wrong section. I own a MT3G, but I installed danger way back when they first rooted it when following a tutorial. Should I be looking at a different engineering spl?
Sorry for all of the stupid questions.
DangerSPL is not required for the MT3G in the first place, so I'm not sure why you installed it in the first place.
From what I know, there is no downside to being on Danger, so I don see why downgrading to an engineering spl is necessary
If you do decide to do it, do it through recovery not fastboot
PurpleFries said:
DangerSPL is not required for the MT3G in the first place, so I'm not sure why you installed it in the first place.
From what I know, there is no downside to being on Danger, so I don see why downgrading to an engineering spl is necessary
If you do decide to do it, do it through recovery not fastboot
Click to expand...
Click to collapse
You got it the wrong way bud.
Read the Brick confirmation thread by lbcoder.
flashing radios and recoveries (incompatible ones) through recovery is how bricks happen.
cal3thousand said:
You got it the wrong way bud.
Read the Brick confirmation thread by lbcoder.
flashing radios and recoveries (incompatible ones) through recovery is how bricks happen.
Click to expand...
Click to collapse
Probably, but I've never had a bad experience flashing an SPL through recovery. Never once used fastboot. I very rarely actually can. Also, you run the risk of a brick ANY TIME you flash one. As for OP, just flash a new Engineering SPL. There's no real brick with those. I mean, yes you CAN, but just make sure it's not corrupted when you download it new SPL. Check MD5 Sum. There's no radio-spl brick with those. (As far as I know.) And, yes, those are the SPLs you want if you have a myTouch.
PurpleFries said:
DangerSPL is not required for the MT3G in the first place, so I'm not sure why you installed it in the first place.
Click to expand...
Click to collapse
I don't know. I followed the tutorial word by word when it was first figured out how to root the MT3G. I literally had that handset for a week before anyone had done anything with it.
Thanks for the responses.
Edit: Bit the bullet and did it. No problems. Made sure to check the MD5 every time I moved the file, used fastboot. Couldn't have been easier and everything is working perfectly.
A little question about AlpharevX that I had on my mind for some time.
What I would love is the right answer and not thousand of people guessing it, so ideally, please refrain from answering if you are not sure.
XTC Clip gives us factory S-OFF, through the likely emulation of the official HTC SIM card with the relevant RSA keys. If you use the XTC clip, your phone becomes a 'dev' phone, totally unlocked as it was meant by HTC.
Now what about AlpharevX?
There are a lot of people talking about it making their phone S-OFF.
Now the question.
Is the AlpharevX S-OFF the same as the XTC Clip S-OFF, ie achieved by clearing the s58 security flag, OR is it just patching the HBOOT to make it think that S is OFF (like Alpharev 1.8 did), OR is it achieving this feat in some other way?
On the Alpharev 1.8 page, it says:
Since we are unable to access the Radio NVRAM itself (where secuflag is stored),
Click to expand...
Click to collapse
So this got me wondering.
It is a reversed engineerd bootloader that thinks that the secuflag is off. So nothing is changed in the radio, they just put a new hboot on your phone.
Alltough it is a reversed engineerd one, it does do everything that the standard htc hboot does. It does even more: there is the posibility to use fastboot, which is not possible with the factory bootloader. So making your phone s-off by the xtc clip will not allow you to use fastboot, flashing the one from alpharevx does.
Erwin
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Thanks Erwin.
So the phone is still S-ON, but does not care about it anymore. Sweet.
I was asking this because I was thinking that if I were a developer, I would have put some code in all sort of horrible places to check for this sort of bypass, a bit like in the first PS, where games stopped working if they detected a modchip.
But then if I were an HTC developper, I would have had total faith in HBOOT 1.000.1 being unbreakable, so I may not have bothered
In any case, how did they manage to get a custom HBOOT ? Does anyone know?
Is it signed ?
You're welcome! ;-)
It is of course not signed ;-) I've asked them, but they wouldn't say it, propably for the same reason as why unrEVOked keep there method secret untill htc has come up with an update that fixes the exploit. So I understand why they won't tell us and also, you do not ask for your grandmother's secret family recepy, do you ;-)
All we know is that they use a combination psneuter and gingerbreak to get a temproot, and than somehow manage to get pass the nand protection to replace the factory hboot by there hboot. Or at least, that is my interpretation of what I've read here on this forum somewhere
Erwin
metv said:
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Click to expand...
Click to collapse
Sorry I didn't see your question.
Once they have a way to replace the stock hboot by there one, there hboot can be easely replaced in the same way by the stock one, to get an s-off device again. They have already said somewhere that they will provide a way to revert the proces, just in case you have to bring your phone back in waranty. There are real genuises, aren't they ;-)
Erwin
Thanks for the clear explanation chaps.
Posting this to get it out in the community for anyone who wants it. This is the shipping hboot 1.04 patched to give s-off identical to the current ENG hboot everyone is using as well as including the ENG commands and fastboot flash/erase support. Obviously if you have a perfectly running device there might be no reason to flash this. For those who are yet to flash a hboot you might choose this instead since it's newer and we don't know what flaws could have been fixed from the older ENG release.
This will likely accompany our official root release for the device when we finish it.
I have tested this to be working on my phone, as well as another developers device so it should be safe. You however take full responsibility for anything that goes wrong with this flash as with any aftermarket mod.
IMPORTANT NOTE:
For those not aware, the thunderbolt is not a true s-off device. The ENG hboot or this patched hboot give you fake s-off while the radio is screaming s-on... This doesn't mean much, but DO NOT flash a hboot that isn't patched or you'll be stuck.
UPDATE 8/1/2011: This has been updated to now block normal hboot flashing to make it much safer. It's still wise to not arbitrarily flash things but you should rest a little more at ease now.
Thread update (not a new version):
Here is the commands to re-flash hboot after installing this:
"fastboot oem mw 8d08ac54 1 31302E30"
"fastboot flash hboot whateverhbootfile.nb0"
where whateverhbootfile.nb0 is in your path, you can get this file by unzipping the PG05IMG.zip with a hboot in it
(BE CAREFUL WITH THIS, YOUR PHONE WILL FLASH TETRIS.EXE AS A BOOTLOADER IF YOU ASK IT TO)
Enjoy.
Sweet thanks
Sent from my ADR6400L using XDA Premium App
Thank you sir, I shall try this soon.
This is not newer than the ENG, its actually the same version number. The ENG one came from a 1.12.605.6 eng ruu (same as shipping)
Will this block hboot flashing like the alpharevx one (please say yes)
Shadowmite said:
Posting this to get it out in the community for anyone who wants it. This is the shipping hboot 1.04 patched to give s-off identical to the current ENG hboot everyone is using as well as including the ENG commands and fastboot flash/erase support. Obviously if you have a perfectly running device there might be no reason to flash this. For those who are yet to flash a hboot you might choose this instead since it's newer and we don't know what flaws could have been fixed from the older ENG release.
This will likely accompany our official root release for the device when we finish it.
I have tested this to be working on my phone, as well as another developers device so it should be safe. You however take full responsibility for anything that goes wrong with this flash as with any aftermarket mod.
IMPORTANT NOTE:
For those not aware, the thunderbolt is not a true s-off device. The ENG hboot or this patched hboot give you fake s-off while the radio is screaming s-on... This doesn't mean much, but DO NOT flash a hboot that isn't patched or you'll be stuck.
Enjoy.
Click to expand...
Click to collapse
Ah, I guess I was under the impression it was older from what I was told. Regardless I never ran that one. Currently it doesnt block hboot flash, but I'll look into that patch next. I guess we'd want to block hboot from zip files but not from fastboot flash in order to protect soff while still having a way to return to stock.
Shadowmite said:
Ah, I guess I was under the impression it was older from what I was told. Regardless I never ran that one. Currently it doesnt block hboot flash, but I'll look into that patch next. I guess we'd want to block hboot from zip files but not from fastboot flash in order to protect soff while still having a way to return to stock.
Click to expand...
Click to collapse
I ended up not releasing the older one, as I had both (im not sure if joshua was given both or not).
Once you add blocking hboot flash (artificially high version number does it i think??) would it be ok to place in my guide until (if/when) yall release a package? (I intend to remove mine once a reliable "auto" is out).
Flashed for fun and it works great.
Having another method of root may not mean much to Tbolt owners now but it will once devices start shipping with GB.
Great to have you guys working on this.
so this a a way to root in the future for GB owners? just want to make sure so i dont flash if i dont need to because i am already rooted
Shadowmite said:
Ah, I guess I was under the impression it was older from what I was told. Regardless I never ran that one. Currently it doesnt block hboot flash, but I'll look into that patch next. I guess we'd want to block hboot from zip files but not from fastboot flash in order to protect soff while still having a way to return to stock.
Click to expand...
Click to collapse
excellent! i personally would love a permanent s-off patch. ill be watching this thread,thank you kind sir.
thanks,Shadowmite
Shadowmite said:
Posting this to get it out in the community for anyone who wants it. This is the shipping hboot 1.04 patched to give s-off identical to the current ENG hboot everyone is using as well as including the ENG commands and fastboot flash/erase support. Obviously if you have a perfectly running device there might be no reason to flash this. For those who are yet to flash a hboot you might choose this instead since it's newer and we don't know what flaws could have been fixed from the older ENG release.
This will likely accompany our official root release for the device when we finish it.
I have tested this to be working on my phone, as well as another developers device so it should be safe. You however take full responsibility for anything that goes wrong with this flash as with any aftermarket mod.
IMPORTANT NOTE:
For those not aware, the thunderbolt is not a true s-off device. The ENG hboot or this patched hboot give you fake s-off while the radio is screaming s-on... This doesn't mean much, but DO NOT flash a hboot that isn't patched or you'll be stuck.
Enjoy.
Click to expand...
Click to collapse
Hey,
Might you guys post your IDB of this hboot? or send it to me via PM? or somehow. Id love to see the breakdown of the file you guys reversed.
and what patches. Thanks!
Thanks shadowmite. I followed your work way back in the 6600 days...
Sent from my ADR6400L using Tapatalk
running it now,no issues. used it to flash a recovery,and change my radios. also verified it has the same available fastboot commands.
feel free let me know if you need any kind of feedback,or help with testing. id be more thaN happy to help test a permanent patch
Ok, updated main post with new updated hboot. Now patched to block normal hboot flashes which should make it a lot safer. To test, flash the update, then try flashing it again. The second one should not take.
yes! thank you kind sir. so,if im understanding correctly,it will prevent the flash of any other hboot,including the original engineering one?
downloaded and about to flash
scotty1223 said:
yes! thank you kind sir. so,if im understanding correctly,it will prevent the flash of any other hboot,including the original engineering one?
downloaded and about to flash
Click to expand...
Click to collapse
Correct. I figure eventually someone might need to flash back to a original and ill eventually toss up instructions how to do this. For now, this should block everything we've seen for the device to date.
Is revolutionary working on root for the thunderbolt? Will it give us true s-off?
from the first post,no it will not give us true s-off. im running it now,tried flashing the stock s-on hboot and the old eng hboot and it blocked them both
next question: if one installed a stock recovery,and accepted an OTA... would this prevent hboot from being overwritten there as well?
Yes it should always block hboot unless they do something purposeful to overcome the block method. I'll post a command in the first post sometime next week that will allow you to overwrite hboot should you want to.
Hey Everyone,
I've bricked a phone beyond recovery once. It sucks. What happened? I didn't check md5's and ruined everything. That phone is long gone, and history now. I've learned my lessons.
Anyway, I noticed something that might remove a risky step from phone modification. I needed to root my OTA gingerbread DZ from Bell, which required a Gold Card.
Besides backing up and restoring the sd card contents, it's a pretty painless process to make a Gold Card for your phone.
After downgrading with the Gold Card, I asked myself "hey, I just flashed a PC10IMG.zip that wouldn't have passed the security checks...why can't I flash back my Bell radio via PC10IMG.zip now too, even though I have the stock hboot?"
The answer, I did. It worked
Summary: If you have a Gold Card, you should be able to flash any PC10IMG.zip that isn't corrupted, even on stock hboot.
Anyway, I know flashing a radio is also risky, but hey, if you don't need to flash eng hboot, you have seriously avoided doing probably the most dangerous modification to your phone.
Funny thing is that I've never heard of this and my searches brought up nothing. Maybe I'm just bad at searching.
Any thoughts on this that I may not be addressing?
Cheers!
NOTE: proceed with caution! I am not responsible for the bricking of your phone. Please let this discussion unfold a bit before assuming everything is safe!
After running gfree, it gives you Super-cid, which means you don't have to use a goldcard.
You can flash radio's on ship hboot as well, by using PC10IMG, and flashing it through hboot.
Goldcards are only neccessary when downgrading roms when trying to root.
Also, having an eng hboot is recommended, because you have a lot more control over the phone than normal, if you were to really break anything, but could still get to hboot, then the phone will be recoverable.
-Nipqer
Nipqer said:
After running gfree, it gives you Super-cid, which means you don't have to use a goldcard.
You can flash radio's on ship hboot as well, by using PC10IMG, and flashing it through hboot.
Goldcards are only neccessary when downgrading roms when trying to root.
Also, having an eng hboot is recommended, because you have a lot more control over the phone than normal, if you were to really break anything, but could still get to hboot, then the phone will be recoverable.
-Nipqer
Click to expand...
Click to collapse
Aah, thank you. I thought it was required to have the eng hboot to flash radios. I knew there must be a reason why this isn't a big deal lol.
Sent from my Nexus 6 through tears in rain.
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
kemoba said:
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
Click to expand...
Click to collapse
1.) No, I hadn't.
2.) You can write data directly into system without booting into recovery and there's no downs, only better
3.) Your Click may go to eternity sleep if something goes wrong. but believe me, I've S-OFFed my Desire, not my previous Click as it's already factoried s-off. Nothing bad happens:beer:
4.) S-offing will NOT touch your recovery.
5.) The risks are very low, but if you mess up service again so it's worth, I recommend. Download from HTCDev site. Revolutionary's unfortunately not into this.
Sent from my HTC Desire using xda app-developers app
kemoba said:
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
Click to expand...
Click to collapse
If you're thinking about using htcdev boot unlocker, it won't S-Off your phone. It would just let you flash custom recovery and such which we can do already. Therefore in my view, it's not necessary to do it.
If you actually get an S-Off done(paid solution), it still won't be very useful as most of the things that we usually want like downgrading/upgrading we can do with the help of gold card and some other tricks posted in this forum.
I got S-off done as I wanted to be able to change mid but I later found out that I couldn't do it with stock hboot as it provides a curtailed list of fastboot oem commands in comparison to Eng-hboot. I thought S-Off would help me change the model id(mid). If there was a way a to directly alter mid in NVRAM then it would be helpful but for now the money spent on S-Off is a waste.
Wish there was an ENG hboot available for our Tattoo.
Hope this info will be useful.