Version 8 (modified by 14 years ago) (diff) | ,
---|
Radio S-OFF
WORK IN PROGRESS NOT DONE YET And scotty2 did it again!
Howto (Overview of the steps)
- Perm root your phone
- Make a backup of partition 7 of your phone
- Use a custom kernel and the appropriate wp-this module to get rid of the write protection of the radio partitions
- Copy the image of partition 7 to your PC and modify it with a HEX-editor, push it back to phone and copy it to the partition 7
At this point in time the @secu_flag is removed from your phone and you can run certain AT@SIMLOCK commands.
- start hboot, attach a serial console to it and start rtask c
- attach a serial console to the now running AT-command interpreter and run AT@SIMLOCK=3,2 to write the subsidy data clear text to partition 7
4 Enable @secu_flag=0 in partition 7
2 Backup partition 7
dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7-ori.img
adb push mmcblk0p7-new.img /sdcard/
insmod /sdcard/wpthis-cyanogen.ko dd if=/sdcard/mmcblk0p7-new.img of=/dev/block/mmcblk0p7 sync
Wait a minute to make sure that the changes stick
5 start rtask c in hboot
sudo modprobe -r usbserial sudo modprobe usbserial vendor=0x0BB4 product=0x0C94 sudo screen /dev/ttyUSB0
rtask c
This will terminate your console session. Attach the serial to the new USB-device
sudo modprobe -r usbserial sudo modprobe usbserial vendor=0x05c6 product=0x9002 sudo screen /dev/ttyUSB2
In the following code there is mixed commands and answers. You only type the commands the start with AT.
ATE1 ATV1 AT@CID? @CID: 11111111 OK AT@SIMLOCK?AA @secu_flag: 0 OK AT@SIMLOCK=3,8 AT@SIMLOCK=3,2 ERROR AT@SIMLOCK=3,1 ERROR AT@SIMLOCK=3,2 ERROR AT@SIMLOCK=3,4 OK AT@SIMLOCK=3,8 ERROR AT@SIMLOCK=3,10 OK AT@SIMLOCK=3,1 ERROR AT@SIMLOCK=3,2 ERROR at$qcpwrdn
dd if=/dev/block/mmcblk0p7 of=/sdcard/mmcblk0p7-s1.img
adb pull /sdcard/mmcblk0p7-s1.img mmcblk0p7-s1.img
Attachments (2)
- p7_s-off.c (2.8 KB) - added by 14 years ago.
- p7_s-off (6.7 KB) - added by 14 years ago.
Download all attachments as: .zip