wiki:incsfree

Version 5 (modified by admin, 13 years ago) (diff)

--

incsfree

incsfree is tool for the HTC Incredible S to get the phone to S-OFF, SuperCID and remove the SIM-lock (hopefully).

It is still in an very early stage and has only been tested for S-OFF and SuperCID. The removal of the SIM-lock is still untested.

incsfree and it's options

incsfree usage:
incsfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
	-h | -? | --help: display this message
	-v | --version: display program version
	-s | --secu_flag on|off: turn secu_flag on or off
	-c | --cid <CID>: set the CID to the 8-char long CID
	-S | --sim_unlock: remove the SIMLOCK
	-w | --disable_wp yes|no: disable write protect on eMMC
	-k | --disable_kf yes|no: remove kernel filter
	-b | --hboot: <hbootFile>: install hboot from image file
	-y | --recovery: <recoveryFile>: install recovery from image file
	-r | --restore <backupFile>: restore partition from backup file
	-d | --debug: enable debug output

	-f | --free_all: same as --secu_flag off --sim_unlock --cid 11111111

--secu_flag, --cid, --sim_unlock

These options will change the configuration information of the phone in partition 7. Using one of these flaga will create a backup file of your existing partition 7 named /sdcard/part7backup-<time>.bin. Please make a backup of these files in a secure place on your computer - especially the first file created is the only chance you have to restore the phone to it's original state.

--secu_flag

Using -s off will set the phone to S-OFF and -s on will set the phone to S-ON.

--cid

Using --c 11111111 will set the phone to SuperCID.

--sim_unlock

Using -S will remove the SIM-lock data from the phone. This feature is untested for the Incredible S

--disable_wp

This option defaults to yes. So if you do not specify is the same as -w yes.

Using this option will attempt to powercycle the emmc chip of the phone and thereby remove it's write protection.

incsfree uses a kernel module called gfmod that is embedded in incsfree. The output of the kernel module will be written to the kernel messages. You can retrieve the output by either using the command (without the # - that only indicates a root command prompt)

# demsg

or by running the following command in parallel (in a second adb shell to the phone) while running incsfree:

# cat /proc/kmsg

-- restore

-r (or --restore) option allows you to restore the backupfile of your partition 7. It expects a backup file created be gfree in a previous run.

--recovery

-y (or --recovery) option allows you to install a recovery image file to partition 21. It will create a backup file of your existing partition 21 named /sdcard/part21backup-<time>.bin. Please make sure that you are using the correct recovery image file for your device! . You can use -y together with -w: This will disable the write protection of the emmc and install the recovery image but will not change anything in partition 7.

--hboot

-b (or --hboot) option allows you to install a hboot image file to partition 18. It will create a backup file of your existing partition 18 named /sdcard/part18backup-<time>.bin. Please make sure that you are using the correct hboot image file for your device! . You can use -b together with -w: This will disable the write protection of the emmc and install the recovery image but will not change anything in partition 7.

WARNING if you are using the -b option then i highly recommend that after running it and syncing you create md5sums of the hboot.img that you installed and /dev/block/mmcblk0p18. This can be done using busybox.

adb push busybox /data/local/tmp/
adb shell chmod 777 /data/local/tmp/busybox

And then in your temp-root shell (the one with the # prompt)

/data/local/tmp/busybox md5sum /sdcard/hboot-eng.img
/data/local/tmp/busybox md5sum /dev/block/mmcblk0p18

If the md5sums don't match then first of all - DON'T REBOOT and second run for help at the #G2ROOT IRC channel on freenode.

gfree_verify

Short guide how to verify that gfree worked.

Download and unpack gfree_verify.zip and unpack it on your PC.

Copy gfree_verify to the phone:

adb push gfree_verify /data/local

Get a shell

adb shell

In the shell

su
cd /data/local
chmod 777 gfree_verify
stop ril-daemon
./gfree_verify

You should see this output:

gfree verify_cid returned: 
@CID: 11111111

OK

gfree verify_secu_flag returned: 
@secu_flag: 0

OK

gfree verify_simlock returned: 
@SIMLOCK= 00

OK

Start the ril-daemon again by using

start ril-daemon

(or reboot your phone)

Attachments (2)