wiki:incsfree

incsfree

incsfree is tool for the HTC Incredible S to get the phone to S-OFF, SuperCID and remove the SIM-lock (hopefully).

It is still in an very early stage and has only been tested for S-OFF and SuperCID. The removal of the SIM-lock is still untested.

License

incsfree and the modules it uses is licensed under the GPL v2.

It's source code can be found at https://github.com/tmzt/g2root-kmod/tree/master/guhl in the directories incsfree, gfmod and gkmod.

Please feel free to use it as you like as long as you respect the license!

incsfree and it's options

incsfree usage:
incsfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
	-h | -? | --help: display this message
	-v | --version: display program version
	-s | --secu_flag on|off: turn secu_flag on or off
	-c | --cid <CID>: set the CID to the 8-char long CID
	-S | --sim_unlock: remove the SIMLOCK
	-w | --disable_wp yes|no: disable write protect on eMMC
	-k | --disable_kf yes|no: remove kernel filter
	-b | --hboot: <hbootFile>: install hboot from image file
	-y | --recovery: <recoveryFile>: install recovery from image file
	-r | --restore <backupFile>: restore partition from backup file
	-d | --debug: enable debug output

	-f | --free_all: same as --secu_flag off --sim_unlock --cid 11111111

--secu_flag, --cid, --sim_unlock

These options will change the configuration information of the phone in partition 7. Using one of these flags will create a backup file of your existing partition 7 named /sdcard/part7backup-<time>.bin. Please make a backup of these files in a secure place on your computer - especially the first file created is the only chance you have to restore the phone to it's original state.

--secu_flag

Using -s off will set the phone to S-OFF and -s on will set the phone to S-ON.

--cid

Using --c 11111111 will set the phone to SuperCID.

--sim_unlock

Using -S will remove the SIM-lock data from the phone. This feature is untested for the Incredible S

--disable_wp

This option defaults to yes. So if you do not specify is the same as -w yes.

Using this option will attempt to powercycle the emmc chip of the phone and thereby remove it's write protection.

incsfree uses a kernel module called gfmod that is embedded in incsfree. The output of the kernel module will be written to the kernel messages. You can retrieve the output by either using the command (without the # - that only indicates a root command prompt)

# demsg

or by running the following command in parallel (in a second adb shell to the phone) while running incsfree:

# cat /proc/kmsg

--disable_kf

This option defaults to yes. So if you do not specify is the same as -k yes.

Using this option will attempt to remove the filter from the kernel that prevents writes to the partition 7 by patching the kernel in memory. To do so it will load a module called gkmem that will provide a device called /dev/gkmem.

Remark: If the phone reboots on an attempt to change something in partition 7 this basically means the the removal of the kernel filter failed.

-- restore

-r (or --restore) option allows you to restore the backupfile of your partition 7. It expects a backup file created be incsfree in a previous run.

--recovery

-y (or --recovery) option allows you to install a recovery image file to partition 21. It will create a backup file of your existing partition 21 named /sdcard/part21backup-<time>.bin. Please make sure that you are using the correct recovery image file for your device! . You can use -y together with -w: This will disable the write protection of the emmc and install the recovery image but will not change anything in partition 7.

--hboot

-b (or --hboot) option allows you to install a hboot image file to partition 18. It will create a backup file of your existing partition 18 named /sdcard/part18backup-<time>.bin. Please make sure that you are using the correct hboot image file for your device! . You can use -b together with -w: This will disable the write protection of the emmc and install the recovery image but will not change anything in partition 7.

WARNING if you are using the -b option then it is highly recommended that after running it and syncing you create md5sums of the hboot.img that you installed and /dev/block/mmcblk0p18. This can be done using busybox.

adb push busybox /data/local/tmp/
adb shell chmod 777 /data/local/tmp/busybox

And then in your temp-root shell (the one with the # prompt)

# /data/local/tmp/busybox md5sum /sdcard/hboot-eng.img
# /data/local/tmp/busybox md5sum /dev/block/mmcblk0p18

If the md5sums don't match then first of all - DON'T REBOOT and second run for help at the #G2ROOT IRC channel on freenode.

gfree_verify

Short guide how to verify that incsfree worked. (The tool was developed for the HTC G2 and can be found attached to the page gfree)

Download and unpack gfree_verify.zip and unpack it on your PC.

Copy gfree_verify to the phone:

adb push gfree_verify /data/local/tmp/

Get a shell

adb shell

In the shell

$ su
# cd /data/local/tmp
# chmod 777 gfree_verify
# stop ril-daemon
# ./gfree_verify

You should see this output:

gfree verify_cid returned: 
@CID: 11111111

OK

gfree verify_secu_flag returned: 
@secu_flag: 0

OK

gfree verify_simlock returned: 
@SIMLOCK= 00

OK

Start the ril-daemon again by using

start ril-daemon

(or reboot your phone)

tested version

Up to now incsfree has been tested on one phone with the following versions:

Android version: 2.2.1
Baseband version: 20.23.30.0802U_38.02.01.11_M
Kernel version: 2.6.35.9-g3052235
htc-kernel@and18-2 #1
Fri Feb 11 18:02:35 CST 2011
Build number: 1.36.405.1 CL335771 release-keys
Software number: 1.36.405.1
HBOOT: 1.09.0000
RUU: RUU_Vivo_HTC_WWE_1.36.405.1_Radio_Radio_20.23.30.0802U_38.02.01.11_M_release_172670_signed
Last modified 11 years ago Last modified on 09/01/11 21:49:47

Attachments (2)