wiki:radio_s_off

Version 10 (modified by anonymous, 14 years ago) (diff)

--

Radio S-OFF

FATTIRE DON'T COPY THIS YET, WE FOUND A DIFFERENT WAY

WORK IN PROGRESS NOT DONE YET And scotty2 did it again!

Howto (Overview of the steps)

  1. Perm root your phone
  1. Make a backup of partition 7 of your phone, copy the image of partition 7 to your PC and modify it with a HEX-editor
  1. Use a custom kernel and the appropriate wp-this module to get rid of the write protection of the radio partitions
  1. , push it back to phone and copy it to the partition 7

At this point in time the @secu_flag is removed from your phone and your phone is S-OFF.

Optional steps - verify the S-OFF (Overview of the steps)

  1. start hboot, attach a serial console to it and start rtask c
  1. attach a serial console to the now running AT-command interpreter and run some AT-commands to verify the success

2 Backup partition 7

Create a backup of your partition 7:

Get a adb-shell:

adb shell

In the shell

su
dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7-ori.img

Exit the shell and copy the image to your PC. (On your PC)

mkdir p7
cd p7 
adb pull /sdcard/mmcblk0p7-ori.img mmcblk0p7-ori.img

Make a copy of the image

cp mmcblk0p7-ori.img mmcblk0p7-new.img

Hex-edit the file (do be described later)

3 Copy the modified partition 7 back to the phone

(On the PC)

adb push mmcblk0p7-new.img /sdcard/

Get a shell:

adb shell

In the shell:

insmod /sdcard/wpthis-cyanogen.ko
dd if=/sdcard/mmcblk0p7-new.img of=/dev/block/mmcblk0p7
sync

Wait a minute to make sure that the changes stick.

Reboot the phone.

4 Enable @secu_flag=0 in partition 7

5 start rtask c in hboot

sudo modprobe -r usbserial
sudo modprobe usbserial vendor=0x0BB4 product=0x0C94
sudo screen /dev/ttyUSB0
rtask c

This will terminate your console session. Attach the serial to the new USB-device

6 Verify the success using the AT-command interpreter

sudo modprobe -r usbserial
sudo modprobe usbserial vendor=0x05c6 product=0x9002
sudo screen /dev/ttyUSB2

In the following code there is mixed commands and answers. You only type the commands the start with AT.

ATE1
ATV1
AT@CID?
@CID: 11111111

OK
AT@SIMLOCK?AA
@secu_flag: 0

AT@SIMLOCK?40
@SIMLOCK: 00

OK

AT$QCPWRDN

Attachments (2)

Download all attachments as: .zip