= Radio S-OFF = '''WORK IN PROGRESS NOT DONE YET''' And scotty2 did it again! == Howto (Overview of the steps) == 1. Perm root your phone 2. Make a backup of partition 7 of your phone 3. Use a custom kernel and the appropriate wp-this module to get rid of the write protection of the radio partitions 4. Copy the image of partition 7 to your PC and modify it with a HEX-editor, push it back to phone and copy it to the partition 7 At this point in time the @secu_flag is removed from your phone and you can run certain AT@SIMLOCK commands. 5. start hboot, attach a serial console to it and start rtask c 6. attach a serial console to the now running AT-command interpreter and run AT@SIMLOCK=3,2 to write the subsidy data clear text to partition 7 === 4 Enable @secu_flag=0 in partition 7 === {{{ adb push mmcblk0p7-new.img /sdcard/ }}} {{{ insmod /sdcard/wpthis-cyanogen.ko dd if=/sdcard/mmcblk0p7-new.img of=/dev/block/mmcblk0p7 sync }}} Wait a minute to make sure that the changes stick === 5 start rtask c in hboot === {{{ sudo modprobe -r usbserial sudo modprobe usbserial vendor=0x0BB4 product=0x0C94 sudo screen /dev/ttyUSB0 }}} rtask c {{{ This will terminate your console session. Attach the serial to the new USB-device {{{ {{{ sudo modprobe -r usbserial sudo modprobe usbserial vendor=0x05c6 product=0x9002 sudo screen /dev/ttyUSB2 }}} {{{ ATE1 }}} }}}