A little question about AlpharevX that I had on my mind for some time.
What I would love is the right answer and not thousand of people guessing it, so ideally, please refrain from answering if you are not sure.
XTC Clip gives us factory S-OFF, through the likely emulation of the official HTC SIM card with the relevant RSA keys. If you use the XTC clip, your phone becomes a 'dev' phone, totally unlocked as it was meant by HTC.
Now what about AlpharevX?
There are a lot of people talking about it making their phone S-OFF.
Now the question.
Is the AlpharevX S-OFF the same as the XTC Clip S-OFF, ie achieved by clearing the s58 security flag, OR is it just patching the HBOOT to make it think that S is OFF (like Alpharev 1.8 did), OR is it achieving this feat in some other way?
On the Alpharev 1.8 page, it says:
Since we are unable to access the Radio NVRAM itself (where secuflag is stored),
Click to expand...
Click to collapse
So this got me wondering.
It is a reversed engineerd bootloader that thinks that the secuflag is off. So nothing is changed in the radio, they just put a new hboot on your phone.
Alltough it is a reversed engineerd one, it does do everything that the standard htc hboot does. It does even more: there is the posibility to use fastboot, which is not possible with the factory bootloader. So making your phone s-off by the xtc clip will not allow you to use fastboot, flashing the one from alpharevx does.
Erwin
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Thanks Erwin.
So the phone is still S-ON, but does not care about it anymore. Sweet.
I was asking this because I was thinking that if I were a developer, I would have put some code in all sort of horrible places to check for this sort of bypass, a bit like in the first PS, where games stopped working if they detected a modchip.
But then if I were an HTC developper, I would have had total faith in HBOOT 1.000.1 being unbreakable, so I may not have bothered
In any case, how did they manage to get a custom HBOOT ? Does anyone know?
Is it signed ?
You're welcome! ;-)
It is of course not signed ;-) I've asked them, but they wouldn't say it, propably for the same reason as why unrEVOked keep there method secret untill htc has come up with an update that fixes the exploit. So I understand why they won't tell us and also, you do not ask for your grandmother's secret family recepy, do you ;-)
All we know is that they use a combination psneuter and gingerbreak to get a temproot, and than somehow manage to get pass the nand protection to replace the factory hboot by there hboot. Or at least, that is my interpretation of what I've read here on this forum somewhere
Erwin
metv said:
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Click to expand...
Click to collapse
Sorry I didn't see your question.
Once they have a way to replace the stock hboot by there one, there hboot can be easely replaced in the same way by the stock one, to get an s-off device again. They have already said somewhere that they will provide a way to revert the proces, just in case you have to bring your phone back in waranty. There are real genuises, aren't they ;-)
Erwin
Thanks for the clear explanation chaps.
Related
This has been in progress for a while. If you follow the G2 forums, then you'll know that there have been big problems with G2 phones that have been unlocked via unlock codes, with those unlocked phones then not being able to find a network at all.
It looks like the guys on #G2ROOT have cracked S-OFF for radio. This is *not* the same as the current S-OFF that we have from HBOOT. Apparently it should help to prevent semi-bricking via incorrect flashing of older ROMs.
The article in the Wiki explains all. Documentation about the procedures should be coming soon. We will of course have to make sure it's fine on the DZ too :
http://forum.xda-developers.com/wik...Subsidy_Unlock.2C_SuperCID.2C_and_Radio_S-OFF
nice gives all those "bricked" g2's hope
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
DanWilson said:
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
Click to expand...
Click to collapse
I imagine it'll still be possible to reverse it. From a scan of the IRC logs (though of course I might have missed important stuff), it looks like you just need to write the correct data to the right area of a partition to get the radio S-OFF. So surely you can un-do that by writing the previous data ?
Documentation on this is now up, see http://forum.xda-developers.com/showthread.php?t=855764
Bear in mind that the instructions are for the G2 right now, so if you try this out on a DZ there's a high chance of a permanent brick ! But hopefully someone will sort out a verified method for the DZ soon
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Lennyuk said:
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Click to expand...
Click to collapse
But when an easier way to do it comes along (which is being worked on, I believe), a full S-OFF will be a lot safer, because then it won't be so easy to brick your phone by simply flashing an old RUU.
steviewevie said:
But when an easier way to do it comes along (which is being worked on, I believe), a full S-OFF will be a lot safer, because then it won't be so easy to brick your phone by simply flashing an old RUU.
Click to expand...
Click to collapse
people should not be flashing an old RUU anyway!
anyone who is silly enough to do that gets a brick for a reason.
Always either flash the latest ruu, or restore a nandroid of stock and flash an ota it offers, these are the safest ways.
You will get more bricks from people doing radio s-off than the s-off + ruu method gives.
Lennyuk said:
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Click to expand...
Click to collapse
You're an ass-talker. You talk through your ass, blow hot air, and have no idea what you're talking about.
1) it is SAFER,
2) it is EASIER to come back from,
3) it is SAFER.
Why is it safer? Because it does NOT require writing the hboot or radio! You can blow p7 out and android will still boot, which means that you have the opportunity to fix it if something goes wrong.
A bad flash of the radio or hboot and you're dead.
For those who might not have seen it yet, there's now a fully documented procedure on how to do this to your DZ (and yes, it's been tested on the DZ too).
As has been said, this is a safer method to get S-OFF (letting you flash custom ROMs) than the previous method of putting on an engineering hboot.
See http://forum.xda-developers.com/showthread.php?t=857390
DanWilson said:
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
Click to expand...
Click to collapse
all i do for warrenty with modded phones is feed 12-20 volts ( from a wall adapter) into the battery contacts and tost the main board and bring it back as dead they send me a new one no questions asked cause the phone is dead...even did this with a htc ppc6800 that i smashed the screen in and thay warrenteyed it no prob....this is on bell in canada....
666
I was following your discussion on bricking because of flashing ruus but for some reason it doesn't apply to me. I had an Asian WWE 1.34.707.5 (shipped with my phone) then I flashed it with Asian WWE 1.34.707.3 RUU and it didn't brick my phone.
Hi all,
I've an HTC Wildfire with a branded ROM by Fastweb (ITA).
I didn't update to Froyo, so my phone can still be rooted.
Before rooting I want to be sure to be able to come back to stock ROM and hboot.
For my phone no RUU is avalaible, the only software package is the OTA update to Froyo (I haven't downloaded it for now).
As no RUU exists, I know that there's no easy way to restore my phone for warranty; isn't it?
What I'm asking is; if I get a temporary root (so no unrevoked) can I dump some phone address to get an hboot backup?
Using dd I should be able to dump, and if S-OFF also to restore the hboot, right?
I can't find information on this issue, everybody tells to use unrevoked!
May you help me?
[edit] fixed thread title, sorry!
I'm guessing you need NAND unlock (S-OFF), as if you could read/write HBOOT with temp root, people wouldn't be stuck un-rootable on Froyo
Yeah, you're right; I will never be able to write it until I'm S-OFF...but I still shall be able to read it, isn't it?
If i have a dump, I can put the phone in S-OFF with XTC clip and restore it.
But I still don't have any idea about on which /dev/ the hboot is stored
You cannot see the partition under /dev its hidden by hboot.
you need i think the diag file, i have that but thats also a nogo to downgrade or s-off, it says at-cmd timeout [email protected]=7,0 ok but phone reboots and not s-off.
ah, ok...so it seems it's not possible to backup the hboot?
they have been very clever this time...
thanks for your support.
So, after rooting with revolutionary tool, i gotta go back to stock for waranty purposes.
My stock version is an arabic one, so here is what I am gonna do,
1. Use a WWE froyo RUU.
2. Push hboot 1.0.0001 through ADB.
3. Run my locale version RUU (Arabic One) (Froyo) which will bring me to hboot 1.0.0002. --iHope--
Is this procedure right ?!
Please I need fast feedback in order to start doing it as I need to send my phone to waranty as soon as possible.
Thanks everyone!
Please refer to this thread
PS: First time I used that RUU my hboot was 0.8.x so I only had to run the .exe file WHILE THE PHONE WAS BOOTED INTO BOOTLOADER ( Hold Power Button>Reboot>Bootloader)
I re-rooted my phone soon after with Revolutionary but did not used any RUU.exe because I will not go stock yet.
If the RUU won't work while the phone is ON, just reboot it into Bootloader, that should do the trick.
after rooting my wildfire and testing many Roms and even going back to the original RUU, i can say that it will never be like the stock Rom
Thx guys for your effort,
but I know how to do all this, I am not that newbie!
I just wanted to know if the procedure is right, so I can be safe!
And I just did it, and I am done, smoothly with no problems!
Have you got your S-ON? I want to know because I want to unroot soon for warranty reasons and my phone was S-Off since I got it from Vodafone...
Dethox said:
Have you got your S-ON? I want to know because I want to unroot soon for warranty reasons and my phone was S-Off since I got it from Vodafone...
Click to expand...
Click to collapse
Yes I did, with hboot 1.0.0002 and COMPLETE stock, just as I got it from the factory!
Good to know that. I just remembered that my bootloader was unlocked when I bought the phone from Vodafone so I cannot get S-On back...
Nevertheless, I will try my luck soon. I just need to find the warranty sheet ) ....I lost it and cannot find it....lol
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
kemoba said:
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
Click to expand...
Click to collapse
1.) No, I hadn't.
2.) You can write data directly into system without booting into recovery and there's no downs, only better
3.) Your Click may go to eternity sleep if something goes wrong. but believe me, I've S-OFFed my Desire, not my previous Click as it's already factoried s-off. Nothing bad happens:beer:
4.) S-offing will NOT touch your recovery.
5.) The risks are very low, but if you mess up service again so it's worth, I recommend. Download from HTCDev site. Revolutionary's unfortunately not into this.
Sent from my HTC Desire using xda app-developers app
kemoba said:
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
Click to expand...
Click to collapse
If you're thinking about using htcdev boot unlocker, it won't S-Off your phone. It would just let you flash custom recovery and such which we can do already. Therefore in my view, it's not necessary to do it.
If you actually get an S-Off done(paid solution), it still won't be very useful as most of the things that we usually want like downgrading/upgrading we can do with the help of gold card and some other tricks posted in this forum.
I got S-off done as I wanted to be able to change mid but I later found out that I couldn't do it with stock hboot as it provides a curtailed list of fastboot oem commands in comparison to Eng-hboot. I thought S-Off would help me change the model id(mid). If there was a way a to directly alter mid in NVRAM then it would be helpful but for now the money spent on S-Off is a waste.
Wish there was an ENG hboot available for our Tattoo.
Hope this info will be useful.
Hi,
Please forgive me if the answers to this have already been posted - I spent most of yesterday trying to figure this out, but couldn't find the exact answer.
I have a t-mobile MT4G (glacier) which was previously rooted, hboot unlocked and s=off, and a CM ROM installed. The microUSB port has recently loosened, and so it is going back for a warranty exchange.
I was able to flash a PD15IMG image, and this reverted the ROM back to stock. It also removed CWM recovery.
My question is: is it necessary to revert s=off to s=on for a warranty exchange (hardware related problem)?
And if so, how do I go about that for an HBOOT version 0.86? All the guides I've seen are for HBOOT versions greater than 1. There are lots of warnings that flashing the HBOOT is the most risky part of the process, so I've held off on trying a solution that seems "almost" right for my phone.
Also, my HBOOT version doesn't say "LOCKED", "UNLOCKED" or "RELOCKED" at the top. Does that mean it was never unlocked?
Thanks in advance,
Lee
lee_alkureishi said:
Hi,
Please forgive me if the answers to this have already been posted - I spent most of yesterday trying to figure this out, but couldn't find the exact answer.
I have a t-mobile MT4G (glacier) which was previously rooted, hboot unlocked and s=off, and a CM ROM installed. The microUSB port has recently loosened, and so it is going back for a warranty exchange.
I was able to flash a PD15IMG image, and this reverted the ROM back to stock. It also removed CWM recovery.
My question is: is it necessary to revert s=off to s=on for a warranty exchange (hardware related problem)?
And if so, how do I go about that for an HBOOT version 0.86? All the guides I've seen are for HBOOT versions greater than 1. There are lots of warnings that flashing the HBOOT is the most risky part of the process, so I've held off on trying a solution that seems "almost" right for my phone.
Also, my HBOOT version doesn't say "LOCKED", "UNLOCKED" or "RELOCKED" at the top. Does that mean it was never unlocked?
Thanks in advance,
Lee
Click to expand...
Click to collapse
S-Off means it is unlocked lol. I think..
Just tell them you didn't do anything
lee_alkureishi said:
Hi,
Please forgive me if the answers to this have already been posted - I spent most of yesterday trying to figure this out, but couldn't find the exact answer.
I have a t-mobile MT4G (glacier) which was previously rooted, hboot unlocked and s=off, and a CM ROM installed. The microUSB port has recently loosened, and so it is going back for a warranty exchange.
I was able to flash a PD15IMG image, and this reverted the ROM back to stock. It also removed CWM recovery.
My question is: is it necessary to revert s=off to s=on for a warranty exchange (hardware related problem)?
And if so, how do I go about that for an HBOOT version 0.86? All the guides I've seen are for HBOOT versions greater than 1. There are lots of warnings that flashing the HBOOT is the most risky part of the process, so I've held off on trying a solution that seems "almost" right for my phone.
Also, my HBOOT version doesn't say "LOCKED", "UNLOCKED" or "RELOCKED" at the top. Does that mean it was never unlocked?
Thanks in advance,
Lee
Click to expand...
Click to collapse
It shouldn't matter, technically it voids the warrenty but usually, they don't really care. They have issues when something software esque happens. Just flash a version of the stock rom and play dumb, you'll be fine
THEindian said:
It shouldn't matter, technically it voids the warrenty but usually, they don't really care. They have issues when something software esque happens. Just flash a version of the stock rom and play dumb, you'll be fine
Click to expand...
Click to collapse
Thanks for the advice - phone sent back yesterday. Will update if I have any problems.
Lee