= Radio S-OFF = '''FATTIRE DON'T COPY THIS YET, WE FOUND A DIFFERENT WAY''' '''WORK IN PROGRESS NOT DONE YET''' And scotty2 did it again! == Howto (Overview of the steps) == 1. Perm root your phone 2. Make a backup of partition 7 of your phone, copy the image of partition 7 to your PC and modify it with a HEX-editor 3. Use a custom kernel and the appropriate wp-this module to get rid of the write protection of the radio partitions 4. , push it back to phone and copy it to the partition 7 At this point in time the @secu_flag is removed from your phone and your phone is S-OFF. == Optional steps - verify the S-OFF (Overview of the steps) == 5. start hboot, attach a serial console to it and start rtask c 6. attach a serial console to the now running AT-command interpreter and run some AT-commands to verify the success === 2 Backup partition 7 === Create a backup of your partition 7: Get a adb-shell: {{{ adb shell }}} In the shell {{{ su dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7-ori.img }}} Exit the shell and copy the image to your PC. (On your PC) {{{ mkdir p7 cd p7 adb pull /sdcard/mmcblk0p7-ori.img mmcblk0p7-ori.img }}} Make a copy of the image {{{ cp mmcblk0p7-ori.img mmcblk0p7-new.img }}} Hex-edit the file (do be described later) === 3 Copy the modified partition 7 back to the phone === (On the PC) {{{ adb push mmcblk0p7-new.img /sdcard/ }}} Get a shell: {{{ adb shell }}} In the shell: {{{ insmod /sdcard/wpthis-cyanogen.ko dd if=/sdcard/mmcblk0p7-new.img of=/dev/block/mmcblk0p7 sync }}} Wait a minute to make sure that the changes stick. Reboot the phone. === 4 Enable @secu_flag=0 in partition 7 === === 5 start rtask c in hboot === {{{ sudo modprobe -r usbserial sudo modprobe usbserial vendor=0x0BB4 product=0x0C94 sudo screen /dev/ttyUSB0 }}} {{{ rtask c }}} This will terminate your console session. Attach the serial to the new USB-device === 6 Verify the success using the AT-command interpreter === {{{ sudo modprobe -r usbserial sudo modprobe usbserial vendor=0x05c6 product=0x9002 sudo screen /dev/ttyUSB2 }}} In the following code there is mixed commands and answers. '''You only type the commands the start with AT'''. {{{ ATE1 ATV1 AT@CID? @CID: 11111111 OK AT@SIMLOCK?AA @secu_flag: 0 AT@SIMLOCK?40 @SIMLOCK: 00 OK AT$QCPWRDN }}}