wiki:radio_s_off

Version 13 (modified by anonymous, 14 years ago) (diff)

--

Radio S-OFF

FATTIRE DON'T COPY THIS YET, WE FOUND A DIFFERENT WAY

WORK IN PROGRESS NOT DONE YET And scotty2 did it again!

Howto (Overview of the steps)

  1. Perm root your phone
  1. Make a backup of partition 7 of your phone, copy the image of partition 7 to your PC and modify it with a HEX-editor
  1. Use a custom kernel and the appropriate wp-this module to get rid of the write protection of the radio partitions
  1. Push the modified partition 7 image back to phone and copy it to the partition 7

At this point in time the @secu_flag is removed from your phone and your phone is S-OFF.

Optional steps - verify the S-OFF (Overview of the steps)

  1. start hboot, attach a serial console to it and start rtask c
  1. attach a serial console to the now running AT-command interpreter and run some AT-commands to verify the success

1. Perm root your phone

See http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2 for instructions on how to perm-root.

2. Backup partition 7

Create a backup of your partition 7:

Get a adb-shell:

adb shell

In the shell

su
dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7-ori.img

Exit the shell and copy the image to your PC. (On your PC)

mkdir p7
cd p7 
adb pull /sdcard/mmcblk0p7-ori.img mmcblk0p7-ori.img

Make a copy of the image

cp mmcblk0p7-ori.img mmcblk0p7-new.img

Hex-edit the file

(do be described later)

3 Copy the modified partition 7 back to the phone

Prerequisites: Kernel and wp-this module

You will have to install a custom kernel that disables the kernel protection for the radio partition and a wp-this module for this kernel that drops the write protection of the emmc-memory chip.

The boot.img that contains the kernel can be found here: http://www.thinkthinkdo.com/boot-new.img

The wp-this here http://www.thinkthinkdo.com/wpthis-cyanogen.ko

Install the custom kernel using fastboot.

First boot your G2 into fastboot (press Power Button and the trackpad Button until the screen with the surfing androids appear and it says FASTBOOT in red).

Get fastboot from <the internet>

(On your PC)

fastboot erase boot
fastboot flash boot boot-new.img

Reboot the phone into normal mode and copy the new image to the G2 (On the PC)

adb push mmcblk0p7-new.img /sdcard/

Get a shell:

adb shell

In the shell:

insmod /sdcard/wpthis-cyanogen.ko
dd if=/sdcard/mmcblk0p7-new.img of=/dev/block/mmcblk0p7
sync

Wait a minute to make sure that the changes stick.

Reboot the phone.

5 start rtask c in hboot

sudo modprobe -r usbserial
sudo modprobe usbserial vendor=0x0BB4 product=0x0C94
sudo screen /dev/ttyUSB0
rtask c

This will terminate your console session. Attach the serial to the new USB-device

6 Verify the success using the AT-command interpreter

sudo modprobe -r usbserial
sudo modprobe usbserial vendor=0x05c6 product=0x9002
sudo screen /dev/ttyUSB2

In the following code there is mixed commands and answers. You only type the commands the start with AT.

ATE1
ATV1
AT@CID?
@CID: 11111111

OK
AT@SIMLOCK?AA
@secu_flag: 0

AT@SIMLOCK?40
@SIMLOCK: 00

OK

AT$QCPWRDN

Attachments (2)

Download all attachments as: .zip