R800x rooting(verizon version) - Xperia Play Android Development

Sent from my R800x using xda premium

? I have found nothing yet for this ps I love this phone for gaming
Sent from my R800x using xda premium

First you have to get your bootloader unlocked which there is only a paid way to do that right now. After you get your phone's bootloader unlocked, you download and copy RootXperia.zip to your SD card. Then you download and copy recoveryPLAY.img to the same directory on your PC as adb and fastboot.
Fastboot boot recoveryPLAY.img
Then choose to install zip which will be the RootXperia.zip on your SD card.
Or simply.....
Unlock bootloader, flash doomlord's v3 kernel which installs root, then flash back stock kernel.

Ok so you do need to get it unlocked I thought you might be able to get root without unlockex bootloader
Sent from my R800x using xda premium

There is no working root for the R800x without an unlocked bootloader.
Sent from my R800x using XDA App

Don't flash doomlords kernel if u did the 2.3.3 update. We don't have the 2.3.3 kernel and 2.3.2 Kernels will break ur wifi on a 2.3.3 system.

Unfortunately I did the update and wifi doesn't stay connected which is no good to play games like modern combat an 9mm, was hoping to some how root this or crack the bootloader so I can run different rom I don't like sonys at all
Sent from my R800x using xda premium

my question is since when does a locked bootloadert stop development from my experience with xda its more of a challenge, i would like to unlock it free if possible theres got to be a solution to this problem i dont want the gsm version its weak if someone can point me in the right direction i can start to try an unlock the bootloader

crisis187 said:
my question is since when does a locked bootloadert stop development from my experience with xda its more of a challenge, i would like to unlock it free if possible theres got to be a solution to this problem i dont want the gsm version its weak if someone can point me in the right direction i can start to try an unlock the bootloader
Click to expand...
Click to collapse
You can start by reading the 400+ reply thread here on the subject and then wash it down with the entire saga of bootloader unlocking roller coaster that SE sent us through on the 280 post thread located here.
Those would be a couple of good places to start. And its not the locked bootloader thats stopped development. Its the fact that you cant flash anything when its locked. There is no root exploit for gingerbread. Look at any of the other phones. The whole community is at a standstill on devices running gingerbread (except for the blur-based exploit of recent moto's).

But yet there's a paid version and dev stopped is it really worth payment, cause I did read them they are all dead an, and I'm kinda see'ing if anyone else still has the same problem someone had a solution but didn't release it cause of the paid version and would like to continue were was left off
Sent from my R800x using xda premium

crisis187 said:
But yet there's a paid version and dev stopped is it really worth payment, cause I did read them they are all dead an, and I'm kinda see'ing if anyone else still has the same problem someone had a solution but didn't release it cause of the paid version and would like to continue were was left off
Sent from my R800x using xda premium
Click to expand...
Click to collapse
Crisis,
Dev work pretty much stopped because there's nothing that can be done. If a gingerbread-specific exploit is found, then we will reap the benefits along with every other gingerbread device. Otherwise, the problem is this - we need to reverse engineer Sony's hashing algorithm. See this thread for the specifics. If you figure out how to do it, you're a much smarter person than the rest of us and you should be working for the government or something, because reverse engineering a hashing algorithm is designed to be pretty fracking impossible. And we don't access to enough computing power to even think about attempting to brute force it, and even if we did we can't because we don't know the algorithm being used so we don't even know where to start.

so then are you saying this method doesn't work with verizon plays? http://unlockbootloader.sonyericsson.com/instructions
how sad I just got a free one today and was looking forward to some cm7

flamesbladeflcl said:
so then are you saying this method doesn't work with verizon plays? http://unlockbootloader.sonyericsson.com/instructions
how sad I just got a free one today and was looking forward to some cm7
Click to expand...
Click to collapse
This is where Sony is outright lying to us. Yes, the R800x can get into Fastboot no problem, which by their instructions means it should be unlockable (and it is!). But the catch is you have to use Sony's submission form to get the unlock code. It's unique to every device, and it's a value created from the result of applying a hash algorithm against a devices IMEI (GSM) or MEID (CDMA).
If you go to the form and attempt to enter in your MEID, it will fail and say it's not a valid IMEI (Which of course it's not). However in the past their web form coding sucked, and all the validation of the form was client-side in the browser. So if you just manually formulated an HTTP POST request with the correct parameters, it would accept your MEID blindly in the IMEI post var without checking it. With the help of Mills and Asher, I wrote a console app in C# that would do just that. And sure enough, their code will apply their hash algorithm and spit you out a valid unlock key.
However, one day it got published in the bootloader cracked thread how we were doing the end-around their javascript validation. Within 48 hours Sony pulled the site down for maintenance and when it came back up, they had added a CAPTCHA to the form and also added server side checking on the postvar containing the IMEI. So even if you manually make a request now, it will error off. This is what cut off our free unlocking.
So in short, their web based unlocking system can unlock our phones, they just won't let us, and claim that "They cannot unlock CDMA Plays at this time, and they are working on it".
If you can come up with a way to publicly shame Sony into removing this restriction, well, we're all ears.

Root!!
Ladies & Gentlemen, brought to you by CrimsonSentinal13, root with a locked bootloader!!
http://forum.xda-developers.com/showthread.php?p=18615502&posted=1#post18615502

Related

[UNLOCK] Unlocked bootloader

I did not create "it", but the unlock tool is here: link
I am really looking forward to the first ROMs
I just saw that and not sure (afraid) to try it yet 'couse I just got mine TFP. It will break all agreement with ASUS.
Please post any results and experiences.
Nice
Sent from my Transformer Prime TF201 using xda premium
Anyone tried it yet? Lol.
mutiny said:
Anyone tried it yet? Lol.
Click to expand...
Click to collapse
and what do you think?
allready running with unlocked bootloader
I just read the other threads (I should have before asking --lol) and I've come to the conclusion that right now, at least for me, it's not worth unlocking yet. Here are my reasons:
1. There are zero development on the Prime as of now, so why unlock besides to void warranty?
2. If you do unlock and knock-on-wood something happens to your Prime before we get CM9 or other roms, what do you do?
3. Unless you're a dev or someone who is fairly knowledgeable/confident in your rom-development skills, what are you going to do with your unlocked Prime?
Are there any advantages I'm missing? I'm not sure if anyone agrees with me, but that's how I feel right now. Note that I am not at all gun shy about dumping my warranty for the real good stuff. Like many here, all Android phones I've ever owned, including my entire family's Android phones and tablets (also my other tablet --a Xoom) are rooted with custom roms and recoveries.
I advised those who don't develop or don't know much about rooting to not try this. There are just too many "what-ifs" against this method. For example, what if someone comes up with a way to unlock that doesn't go through Asus? By some miracle, if that happens, everyone who uses Asus' unlock will have a very iffy device with no warranty coverage whatsoever. Just a thought.
mutiny said:
I just read the other threads (I should have before asking --lol) and I've come to the conclusion that right now, at least for me, it's not worth unlocking yet. Here are my reasons:
1. There are zero development on the Prime as of now, so why unlock besides to void warranty?
2. If you do unlock and knock-on-wood something happens to your Prime before we get CM9 or other roms, what do you do?
3. Unless you're a dev or someone who is fairly knowledgeable/confident in your rom-development skills, what are you going to do with your unlocked Prime?
Are there any advantages I'm missing? I'm not sure if anyone agrees with me, but that's how I feel right now. Note that I am not at all gun shy about dumping my warranty for the real good stuff. Like many here, all Android phones I've ever owned, including my entire family's Android phones and tablets (also my other tablet --a Xoom) are rooted with custom roms and recoveries.
I advised those who don't develop or don't know much about rooting to not try this. There are just too many "what-ifs" against this method. For example, what if someone comes up with a way to unlock that doesn't go through Asus? By some miracle, if that happens, everyone who uses Asus' unlock will have a very iffy device with no warranty coverage whatsoever. Just a thought.
Click to expand...
Click to collapse
Right this minute, it's not necessary to unlock. However, my guess is that in less than a day we'll have a ClockworkMod version for the prime and you will need an unlocked bootloader to utilize it. This will allow you to make a full backup of your device (stock) and have a good backup plan should you run into issues in the future with an OTA, etc. The roms will be coming very soon.
Video about it is here!
http://www.youtube.com/watch?v=YBY6GY8G5lg&hd=1&list=PLFA87501087653A16
I'm gonna do it! I want to install Ubuntu on mine. Please watch the video, and subscribe if you liked it!
CWM Recovery is already out too
http://forum.xda-developers.com/showthread.php?t=1510983
does anyon know yet what "SERVICES" they blocked with the unlock, i read somewhere a LOOOONG time ago that they were going to block certain services when they released the bootloader unlock
If I remeber correctly, you're not able to use google music with an unlocked bootloader, because of the DRM security.
Bart1981 said:
If I remeber correctly, you're not able to use google music with an unlocked bootloader, because of the DRM security.
Click to expand...
Click to collapse
I'm not sure about that since I use it on my Galaxy Nexus with an unlocked bootloader.
ASUS’s reason for locking the bootloader was simply to comply with DRM protected content. Which a fair response. Not really something many of really are interested in any ways with services like Netflix and Google Music though.
Click to expand...
Click to collapse
source
Not shure though if they mean with 'comply' if you're not able to use it anymore with an unlocked bootloader.
edit:
Here's some more info about unlocking the bootloader and the DRM content.
Regarding the bootloader, the reason we chose to lock it is due to content providers' requirement for DRM client devices to be as secure as possible. ASUS supports Google DRM in order to provide users with a high quality video rental experience. Also, based on our experience, users who choose to root their devices risk breaking the system completely. However, we know there is demand in the modding community to have an unlocked bootloader. Therefore, ASUS is developing an unlock tool for that community. Please do note that if you choose to unlock your device, the ASUS warranty will be void, and Google video rental will also be unavailable because the device will be no longer protected by security mechanism.
Click to expand...
Click to collapse
Bart1981 said:
If I remeber correctly, you're not able to use google music with an unlocked bootloader, because of the DRM security.
Click to expand...
Click to collapse
You can't use the movie rental service I know that but never heard anything about music
Does this wipe the tablet like when unlocking the nexus?
Sent from my Transformer Prime TF201 using Tapatalk
since some people don't do research
please before you start.. and if you have root
Code:
adb logcat > output.txt
when all **** is done, please upload it to a pastebin or send it to me in a private message..
p.s. you can do this when you have adb set up or in the terminal from the device itselve.
Cm9 is booted on the Device!
Now a little waiting for the custom roms and probably a proper dual boot solution with windows just for the hell of it. Things are looking great so far with CWR already a go. I love the devs here.
Asus delivers in the end. Cheers.
The obvious question that I haven't seen asked yet...will it be possible to develop a tool to lock your bootloader again? If the bootloader can be unlocked with an apk file, there should at least be hope to lock it again by reversing whatever the apk did.

Subscribe thread for root or unlocked bootloader carrier locked

As the title say's I'm creating this thread for all us carrier locked Xperia S owners to subscribe too. this way we can subscribe to this thread and keep it updated on the latest news of root or unlocking the boot-loader.
YOU CAN'T ROOT LOCKED BOOTLOADERS
I will post new info when I hear something new. Feel free to add news as well. Lets just keep the comments about the topic. No need to fill it with junk that doesn't belong here.
Maybe true maybe not. Silly tech support, they don't have clue. Should have known better.
I talked with sony today and they assured me my rogers branded phone will be getting ICS and the updates will be around may 18th. I kept telling them if my phone is branded to rogers it can't happen as rogers needs time to add their apps and stuff. again sony said they are doing it different with the xperia s and all phones will be getting ics at the same time. may 18th.
so i don't believe them but maybe if more people call we can get a better idea when it's coming.
If you call and hear something different please share in the thread.
Now can someone stick this please? And maybe write YOU CAN'T ROOT LOCKED BOOTLOADERS in big red letters in the OP.
Sent from my LT26i using XDA
Sony does not have to know about everything that my phone is root !!! give them imei no warranty
K900 said:
Now can someone stick this please? And maybe write YOU CAN'T ROOT LOCKED BOOTLOADERS in big red letters in the OP.
Sent from my LT26i using XDA
Click to expand...
Click to collapse
Don't you think that will change in the future?
That's what the thread is for, news about unlocking un-unlockable bootloaders or rooting without it.
I needed this thread XD Thank you mate, Im subscribed now to know inmediatly when I will be able to root my phone!
however it is a bit annoying If this thread is filled with useless posts, just as my one at this moment. there isnt any way to subscribe only to editions in the first message?
I just thought I would shed a little ray of hope here
Apparently there is a way to root with locked bootloaders for official ICS on the Arc S, Ray and Neo V
http://forum.xda-developers.com/showthread.php?t=1600728
So maybe when we get ICS we can root without unlocking the bootloader
Yeah, the problem is when we will get ICS....we want root now! xD
Got phone from Orange, locked to Orange. Locked bootloader.
Asked for unlock key, threatened to leave.
Received unlock key. Phone unlocked. Surprise - Bootloader unlockable after restart *yipee*
Left Orange for good.
Ok I just had a thought and would like your feedback.
I have my xperia sim unlocked.
what im thinking is putting in my none rogers sim,(my other sim is smart, go Philippines).
then updating my phone with sony software and when it say's i have the latest and ask if i want to repair it. select yes and maybe it will the n download another version of the software because it knows the phone is sim unlocked.
what yeah think? would that be even possible to have the software change the ability to have the phone say yes to unlock boot loader.
Not a chance!!!
The bootloader is as it says
"a bootloader"
That means it is a seperate part of the operating system.
When you update/repair your normal running rom/operating system that is the ONLY part that gets updated/repaired.
Your bootloader is never touched
Sent from my LT26i using xda premium
In and suscribed Thanks for the thread!
I managed to purposely get into qhsusb_dload, any way dump the contents of whatever I can?
Device manager now displays it as SEMC Flash Device.
Matt1408 said:
I managed to purposely get into qhsusb_dload, any way dump the contents of whatever I can?
Device manager now displays it as SEMC Flash Device.
Click to expand...
Click to collapse
Cool, what does it mean for us looked down users?
Replied from my little computer, Xperia S.
Not much, since I have no idea what to do with it... it's basically that I found the "test point" pin, and that it still behaves in the same way as it does the the 2011 locked Sony phones.
However, that's the simple part, now we need to wait for the unlock tokens to become available or however the old way worked on the old phones.
UPD: no, it looks like the permissions are correct on stock rom, so it won't work.
K900 said:
There's the new exploit thing for the HTC One X, it might work on the XPS too, at least I couldn't find the reason it wouldn't. However my device is unlocked so I can't test it without relocking. It should be safe though. Anyone who wants to test is welcome to #xperia_s_root_test @ irc.esper.net
Click to expand...
Click to collapse
I'd test it out, what do I need to do?
MattNoblett said:
I'd test it out, what do I need to do?
Click to expand...
Click to collapse
Please join the IRC channel.
K900 said:
Please join the IRC channel.
Click to expand...
Click to collapse
I've joined
This sounds interesting, keep us posted of any news.
Replied from my little computer, Xperia S.
The thread is here
http://forum.xda-developers.com/showthread.php?t=1644167
Looks interesting and really having to hold my self back from testing it as is
Sent from my LT26i using xda premium

Rooting, unlocking first timer - did her homework now needs help!

So um, I posted this a few hours ago waaaaay up in the VERY general Q&A forum but now realize I can and should have put it here. So here goes:
I've read all the rules, terms, threats about what happens if you don't SEARCH first - guys I've done it all and for a long time. I have been studying up on how to root / flash my MoPhoton 4g since I got it last August. I think I'm finally ready....but now I'm afraid I'm too late. I got involved in that soak test, which installed 2.3.5. Now, if I've searched/read acs and xda correctly (and other less intelligent sites), here's where I think I am:
1. There is no way to downgrade from 2.3.5
2. Shabbypenguin's wonderfully simple and sweet One Click Root won't do the trick on 2.3.5 (and boy did I try it MANY times). Had correct drives installed, etc...but no go. I assume you guys know what I'm talking about, but I can and will paste what the script read if you need me too. Short story...got all the way to "you should have root"....but I don't.
3. Currently the only way to do it is with a root method called Torpedo....which I don't know enough about yet but I'm about to get into it... I am nervous though. Since I'm a rooting virgin I would MUCH prefer something easy like OCR.
4. And finally, even if I get root, I won't be able to unlock bootloader, again, because of 2.3.5. So no flashing anything at all (had been planning on cm7 or 9) to replace the stock OS.
Sound about right so far? If so, here's my big question:
If I can ONLY root for now, will I obtain ANY of the benefits I am looking for (mainly increasing/unleashing the SPEED I know this phone is capable of)? Also, I'd like to get free wireless hotspot too, cause if you're gonna dream, dream big.
2nd question: If all the above is correct (and I'm hoping it's not), are the odds decent that one of the geniuses around here will solve this bootloader problem sometime......soon?
Thanks in advance for any help guys!!
Sent from my MB855 using XDA
Yes, you are correct that you can root with photon-torpedo, but will not be able to unlock your bootloader, (for now). I just did it a little while back, and found that using terminal emulator didn't work on my phone, and had to push the .tar file in using the command prompt on my computer with the instructions I got from here.
http://briefmobile.com/how-to-root-motorola-photon-4g
Hope this helps.
Sent from my MB855 using xda premium
Thanks for the reply. When you say "a little while back" you mean when exactly? Your link was an active thread 10 months ago but it's now abandoned and the links don't work. Not a big deal tho, I know where to find torpedo.
Any help out there from a senior member or mod? Most specifically about my last two questions...
Sent from my MB855 using XDA
cool old lady said:
Thanks for the reply. When you say "a little while back" you mean when exactly? Your link was an active thread 10 months ago but it's now abandoned and the links don't work. Not a big deal tho, I know where to find torpedo.
Any help out there from a senior member or mod? Most specifically about my last two questions...
Sent from my MB855 using XDA
Click to expand...
Click to collapse
Root will allow you to use root apps, access file systems, and yes let you use the free wifi hotspot. You could also clear out the bloatware that Sprint/Moto load your phone down with. It will NOT allow you to overclock(although you DO need root you also need a modified kernel which isn't possible with a locked bootloader) Rule here about bootloader unlock of 2.3.5 is don't ask for ETA's so it may be tomorrow or may never happen. Realistically im sure it will come eventually but can put no accurate time frame behind it. Torpedo is really a walk in the park, just read through instructions and follow them and it will take you no more than 10 min.
Torpedo Root, universal deblur/debloat and zepplinrox V6 supercharger. You may not get overclocking but your phone will be significantly faster/smoother than stock.
Awesome, thank you! Hope to report back soon with successful results.
Sent from my MB855 using XDA
___________________________________________
thought I was smart until I met a hacker
cool old lady said:
4. And finally, even if I get root, I won't be able to unlock bootloader, again, because of 2.3.5. So no flashing anything at all (had been planning on cm7 or 9) to replace the stock OS.
Sent from my MB855 using XDA
Click to expand...
Click to collapse
You should be able to use the bootstrap recovery to flash a rom, this won't touch the kernel, so no over clocking, but i imagine that most of them are already debloated with the supercharger script (dont quote me on that one). So there are still ways to play around with a few of the roms here anyway.
Hope that helps.

Interesting Find About The Bootloader???

Hello, I have been scouring the internet for ways to help people unlock their Motorola Photon 4G that had the newest soak update which was 2.3.5 from Motorola directly. I admit, I didn't find jack and they say it's impossible... So I gave up searching and went into my think tank.
I did recently hear that Motorola gave the XOOM users the ability to unlock the bootloader via the internet or using some sort of software just like HTC did. Well, what if we did this.
We found a way to port the XOOM's OS, in that case which is ICS and then matched up the version information for the XOOM and made it available on our Photon 4G? Like we could somehow change the information and make our Photon's be recognized as a XOOM?
I can't guarantee this will some how magically free up our Photon from the dreaded bootloader lock. I am not near in developmental stage but maybe this kind of information will get us users free from this hassle once and for all. Using the XOOM bootloader unlock maybe somehow we can figure out what kind of information that software uses to identify the XOOM as a REAL XOOM. The real questions what I really have below:
1. Does it use a certain encryption or special keys?
2. Does it only see the software version?
3. Does it recognize a certain type of hardware chip?
4. Is it software or hardware type lock?
I mean we can do this, we have tons of users already with unlocked bootloaders and it sounds like to meet it is a software issue. We install an update from Motorola and bam... No more unlocked bootloader.
I mean we already know how to create kernels, custom roms, recoveries. Why not try this? What do we have to lose?
Thanks guys,
- JWT
Very interesting. I wish you the best of luck.
Sent from my MB855 using xda premium
R2DeeTard said:
Very interesting. I wish you the best of luck.
Sent from my MB855 using xda premium
Click to expand...
Click to collapse
Thanks, I might try it later on when I start building my own custom ROMs for the Photon.
To answer your first question I'm pretty sure Motorola somehow sends you a special key. I think I read that somewhere.
Sent from my MB855 using xda app-developers app
FC809 said:
To answer your first question I'm pretty sure Motorola somehow sends you a special key. I think I read that somewhere.
Sent from my MB855 using xda app-developers app
Click to expand...
Click to collapse
If we can somehow change and/or decrypt that key, we can use a 2.3.4 SBF.
JustWorksTechnology said:
If we can somehow change and/or decrypt that key, we can use a 2.3.4 SBF.
Click to expand...
Click to collapse
The only thing is I think your suppose to give your device ID, and then Motorola will send you a specific key for your phone (maybe). Something I found funny off the unlocking page.
WARNING: Motorola strongly recommends against unlocking the bootloader and/or modifying or altering a device's software or operating system. Doing so can have unintended, unforeseen, and dangerous consequences, such as rendering the device unusable, violating applicable laws, or causing property damage and/or bodily injury, including death.
Apparently you can die from unlocking your bootloader lol.
FC809 said:
The only thing is I think your suppose to give your device ID, and then Motorola will send you a specific key for your phone (maybe). Something I found funny off the unlocking page.
WARNING: Motorola strongly recommends against unlocking the bootloader and/or modifying or altering a device's software or operating system. Doing so can have unintended, unforeseen, and dangerous consequences, such as rendering the device unusable, violating applicable laws, or causing property damage and/or bodily injury, including death.
Apparently you can die from unlocking your bootloader lol.
Click to expand...
Click to collapse
We maybe then can try to incorporate that key into our bootloader somehow and then Motorola will see that we have a "fake XOOM". This is really interesting!
I hope one of you geniuses find a way to do it if it's possible.
Sent from my MB855 using xda app-developers app
FC809 said:
I hope one of you geniuses find a way to do it if it's possible.
Sent from my MB855 using xda app-developers app
Click to expand...
Click to collapse
LOL I hope I can possibly be the first... Like I said, I am no where never becoming a developer but I am pretty bright at least I would say so myself. I fixed my first computer at the age of 15
Hey man your ahead of me. I don't even know all of the parts that make up a computer, and I'm about to start my first year of getting my degree in software engineering lol.
Sent from my MB855 using xda app-developers app
JustWorksTechnology said:
Hello, I have been scouring the internet for ways to help people unlock their Motorola Photon 4G that had the newest soak update which was 2.3.5 from Motorola directly. I admit, I didn't find jack and they say it's impossible... So I gave up searching and went into my think tank.
I did recently hear that Motorola gave the XOOM users the ability to unlock the bootloader via the internet or using some sort of software just like HTC did. Well, what if we did this.
We found a way to port the XOOM's OS, in that case which is ICS and then matched up the version information for the XOOM and made it available on our Photon 4G? Like we could somehow change the information and make our Photon's be recognized as a XOOM?
I can't guarantee this will some how magically free up our Photon from the dreaded bootloader lock. I am not near in developmental stage but maybe this kind of information will get us users free from this hassle once and for all. Using the XOOM bootloader unlock maybe somehow we can figure out what kind of information that software uses to identify the XOOM as a REAL XOOM. The real questions what I really have below:
1. Does it use a certain encryption or special keys?
2. Does it only see the software version?
3. Does it recognize a certain type of hardware chip?
4. Is it software or hardware type lock?
I mean we can do this, we have tons of users already with unlocked bootloaders and it sounds like to meet it is a software issue. We install an update from Motorola and bam... No more unlocked bootloader.
I mean we already know how to create kernels, custom roms, recoveries. Why not try this? What do we have to lose?
Thanks guys,
- JWT
Click to expand...
Click to collapse
the xoom is a nexus device, fastboot oem unlock does the trick, no special software needed.
the bootloader has to have the software to support this not just the tool. what that means is unless you plan on flashing the xoom bootloader (please dont do that) then your bypass for teh xoom isnt gunna mean anything. i could set the version strings and build.prop info all day long to whatever i wanted doesnt make my phone anything but a gnexus.
in order to get the token you have to enter your device key, i assure you they are gunna have a database so you cant just make one up. at which point the code they give you is only gunna match up with the device its paired to.
you wanna see if moto has any plans for photon officially any new updates (including the 2.3.5) try running fastboot oem get_unlock_data while in fastboot mode and see if you get an output. you do then there is a pretty damn good chance they are planning on adding support.
shabbypenguin said:
the xoom is a nexus device, fastboot oem unlock does the trick, no special software needed.
the bootloader has to have the software to support this not just the tool. what that means is unless you plan on flashing the xoom bootloader (please dont do that) then your bypass for teh xoom isnt gunna mean anything. i could set the version strings and build.prop info all day long to whatever i wanted doesnt make my phone anything but a gnexus.
in order to get the token you have to enter your device key, i assure you they are gunna have a database so you cant just make one up. at which point the code they give you is only gunna match up with the device its paired to.
you wanna see if moto has any plans for photon officially any new updates (including the 2.3.5) try running fastboot oem get_unlock_data while in fastboot mode and see if you get an output. you do then there is a pretty damn good chance they are planning on adding support.
Click to expand...
Click to collapse
Good point Shabbypenguin, but the whole point was missing. I wasn't planning on flashing the XOOM's bootloader but to imitate the XOOM's bootloader by somehow injecting a the token associated with the XOOM and their databases into our current bootloader... Either by an SBF flash with the current soak ota update.
Look I think moto is ready to release the tool to open the boot loader
h t t p s://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a

S-Off ~ What are the requirements to figure it out?

Nothing changed since this thread opened, got a new question just jump to page 2
I am well aware that till now unless you have a developer phone with CID 11111111 you can't gain SuperCID which will make you able to S-Off your device (For those who are not aware what is S-Off , Its making the security on your bootloader "off" hence enabling you to flash your roms without the need to fastboot flash your boot.img)
But on a developer side, what do the devs need for the "Great Dream" of S-Off to be achieved for all of us?
Files, source codes , exploits. What exactly?
I am aware that this topic has seen the light of day more than once, but every time this topic is opened, no more than a week later its "dead". Why is it THAT impossible to figure out?
I am vaguely aware that it has something to do with the "Tegra 3" chip, but why? If it has something to do with the "Source Code" is there a class talking about security that the devs just removes from the equation then flashes it instead?
I am quite interested in this topic and I tried to look around, but I don't really know the process of what is actually going on under the hood. So Any general help/discussion is welcomed (and encouraged) . If anyone with any "IDEA" about how its done wanna join in (even if he isn't quite sure) or if a DEV from another device did it and can help please do. It's basically a GENERAL discusison that might help brainstorm some ideas .
As always, links to other threads explaining the whole process is welcomed, but just please don't reply with "IDK" because that's basically considered spam
I Also found this out : HTCDev.com uploaded a couple of source codes about their kernel : http://www.htcdev.com/devcenter/downloads which includes the HOX+ if that will be of any help.
Final words: I know that this thread won't probably magically just solve it, But it's just mostly for me and other users to learn
Edit: Since its not really a Q&A Section and more of a general discussion in my opinion so I posted it in general because I want all devs to just talk, since its not really an "Answer the question" thread. MODs you can move the thread if you find it in the wrong section, thank you.
~Ghandour
SuperCID is not a prerequisite to S-Off. Infact it's the other way round, you need to remove the security flag (S-Off) before you have the nessesary permission to modify your Carrier-ID. .
There are ways for end users to attain S-Off but it's either very pricey (Buying a SETool box/Card/Credits and using LGTool to S-Off) or very risky (Sending your phone to someone who already has the equipment to S-Off your phone and hope they dont steel it) lol
Sent from my HTC One X+ using Tapatalk
AndroHero said:
SuperCID is not a prerequisite to S-Off. Infact it's the other way round, you need to remove the security flag (S-Off) before you have the nessesary permission to modify your Carrier-ID. .
There are ways for end users to attain S-Off but it's either very pricey (Buying a SETool box/Card/Credits and using LGTool to S-Off) or very risky (Sending your phone to someone who already has the equipment to S-Off your phone and hope they dont steel it) lol
Sent from my HTC One X+ using Tapatalk
Click to expand...
Click to collapse
OH I forgot to mention, I am well aware that you can S-Off your device using expensive equipment (javacard) and so forth and so on, but this thread was meant for pure normal S-Off the old fashioned way, which you can do without any fancy equipment. Because I am sure that the other phones that can be "S-Off"ed don't really require you to buy all those tools. ^^
They can but it's alot harder for us because of our Tegra SOC's.
I've always wondered why we dont start a donation thread, we could raise the money for the equipment and give it to a trusted member to buy (Someone like lloir but with more time) Then the members who donated could send their phone to this trusted member and get it S-Off'd...
Sent from my HTC One X+ using Tapatalk
AndroHero said:
They can but it's alot harder for us because of our Tegra SOC's.
I've always wondered why we dont start a donation thread, we could raise the money for the equipment and give it to a trusted member to buy (Someone like lloir but with more time) Then the members who donated could send their phone to this trusted member and get it S-Off'd...
Sent from my HTC One X+ using Tapatalk
Click to expand...
Click to collapse
Well there is a thread about sending your phone to the US to an XDA Member with a java card somewhere around but that's not the point at all....
The thread was meant to understand why is it hard? Why can't it be achieved? What is the issue exactly? (From a developer's point of view)
I found this thread : http://forum.xda-developers.com/showthread.php?t=2057105
EDIT: This thread is helpful however the thread remains unsolved. What exploits do the dev try to find when trying to figure out a way to S-Off the device? Leaked DIAG zips ?
Because I am aware that the "S-ON" Policy is mostly only done by HTC. So How are other phones exploited? For example, the HTC One has a fully functional FULL S-OFF : http://forum.xda-developers.com/showthread.php?t=2473644
So Does this App contains the "Diag" zip found in the app or what? Any dev explanation would be helpful.
Attaining SuperCID
I attempted attaining SuperCID by combining this method with this information about the HOX+. It does not appear to have changed anything, so it looks like that part of the memory can't be modified, which probably rules out any method similar to that.
WindyCityRockr said:
I attempted attaining SuperCID by combining this method with this information about the HOX+. It does not appear to have changed anything, so it looks like that part of the memory can't be modified, which probably rules out any method similar to that.
Click to expand...
Click to collapse
Alright, So the issue we are talking about here is that the memory doesn't become saved. So the exploit basically will make it become saved.
So can't we talk about repeating the process over and over and over again till it actually works? Can't we remove the usb in the middle of the process and force a hard reboot?
Tell you what, I think i might try this out. Let's hope the phone keeps on running QQ
"Theoratically" speaking, what if we copy all that partition of the storage to our PC, format the partition then we push it. I know there will be a huge risk of break but in theory can this work without breaking the phone?
Ghand0ur said:
Alright, So the issue we are talking about here is that the memory doesn't become saved. So the exploit basically will make it become saved.
So can't we talk about repeating the process over and over and over again till it actually works? Can't we remove the usb in the middle of the process and force a hard reboot?
Tell you what, I think i might try this out. Let's hope the phone keeps on running QQ
"Theoratically" speaking, what if we copy all that partition of the storage to our PC, format the partition then we push it. I know there will be a huge risk of break but in theory can this work without breaking the phone?
Click to expand...
Click to collapse
Im willing to try whatever you want with my AT&T HOX+. Its a second phone that i dont use anyways. Just let me know what you want me to try. I would love S-OFF on it because then it might become useful to me.
m1ke420 said:
Im willing to try whatever you want with my AT&T HOX+. Its a second phone that i dont use anyways. Just let me know what you want me to try. I would love S-OFF on it because then it might become useful to me.
Click to expand...
Click to collapse
Well I admit that I don't have experience with development yet so I can't ask you to brick your phone with "false" claims So That's out of the question for me. HOWEVER, If any exploit is discovered since I have an international phone , AT&T will be required to test it as well.. But that's not for the near future on my part .. haha and generally speaking if any dev wants you to risk your phone before he risks his then he is not worthy imo.
Anyway back to topic:
Now for the general understanding @WindyCityRockr This post : http://forum.xda-developers.com/showthread.php?t=1671396 says that you pull a file edit it with HEX Code editor and then push it again. I read somewhere that someone changed the paritition setup so basically the "SDCard" became a whole different partition. Can you elaborate on what file you pulled and tried? Where to find it if the location changed?
EDIT: I found it in the root section /dev/block/ the mmc files are there
What I understand is that the "unlock_code.bin" gained from HTCDev makes you gain partial unlock, Did anyone try to edit that file? I mean Maybe the key answer lies in that file. Maybe if you can edit this file then you flash it maybe you gain S-Off?
Now generally speaking, if you are unlocked with S-ON, on other devices where you can use an app to gain S-Off, do you need to relock your bootloader and flash RUU and stock recovery before you try to S-Off your device? What will happen if you dont.
Anyway I will try to load up the file and inspect it abit then report back
Would be a pleasure if more devs join in.
Problem with S-Off on OneX/X+ exists because of different hardware between this phones and any other HTCs. For now there is no way to restore Your phone even with JTAG (tegra has disabled JTAG). No one know what is exactly needed to repair baseband/IMEI after direct flashing eMMC. We can restore phone, but baseband is still dead. We know also there are 3 chips needed to be paired. CPU, eMMC and XGold 626. If You change only one of them- phone has no IMEI, being SIM locked or boot only in bootloader. There is also problem with bootloader- is locked. That's why You can't totaly brick Your phone. There is no way to change anything in bootloader, so We can't S-off phone. Probably even with Java card. I have some diag files for OneX, but not working. We stuck. We need to know how to get SBK for Tegra 3
kwaku85 said:
Problem with S-Off on OneX/X+ exists because of different hardware between this phones and any other HTCs. For now there is no way to restore Your phone even with JTAG (tegra has disabled JTAG). No one know what is exactly needed to repair baseband/IMEI after direct flashing eMMC. We can restore phone, but baseband is still dead. We know also there are 3 chips needed to be paired. CPU, eMMC and XGold 626. If You change only one of them- phone has no IMEI, being SIM locked or boot only in bootloader. There is also problem with bootloader- is locked. That's why You can't totaly brick Your phone. There is no way to change anything in bootloader, so We can't S-off phone. Probably even with Java card. I have some diag files for OneX, but not working. We stuck. We need to know how to get SBK for Tegra 3
Click to expand...
Click to collapse
Alright, just let me comment or rather ask about some few points.
-I get that the international version and AT&T are different , one having LTE and the other dont, so does that mean that the S-Off here will be different between the international and the AT&T? If so, which is easier?
-You said if you change only one you become sim-locked, So did anyone succeed in changing one permenantly?
-There was a thread saying that you can make a backup of your IMEI folder and paste it , shouldn't that fix the IMEI issue?
-So you are saying even with a Java card and the original DIAGs we can't S-Off? How is that possible even though there are people who actually succeeded in doing so ?
So all these issues will be solved if we get the SBK? [Secure Boot Key] ?
Ghand0ur said:
Alright, just let me comment or rather ask about some few points.
-I get that the international version and AT&T are different , one having LTE and the other dont, so does that mean that the S-Off here will be different between the international and the AT&T? If so, which is easier?
-You said if you change only one you become sim-locked, So did anyone succeed in changing one permenantly?
-There was a thread saying that you can make a backup of your IMEI folder and paste it , shouldn't that fix the IMEI issue?
-So you are saying even with a Java card and the original DIAGs we can't S-Off? How is that possible even though there are people who actually succeeded in doing so ?
So all these issues will be solved if we get the SBK? [Secure Boot Key] ?
Click to expand...
Click to collapse
International and AT&T are different. International has Tegra3 CPU, AT&T is standard Snapdragon phone. It's just OneS in One X skin. So. probably for this last OneS S-Off solution should be working after some modifications. Need to ask some good devs. This version is also supported for JTAG flashing, IMEI repair etc.
Almost all HTCs has standard Qualcomm processors (even HTC One) and similar construction. International OneX is different. Completly different CPU (and GPU), different and locked by Nvidia bootloader. Security flags are in bootloader, so, We can't even touch it.
-I never heard about anyone who change any of this parts and bring phone to live. If anyone can do this- probably We can do everything else, incluging Bootloader security status changing (S-on/off)
-Yes, backup will help. But only if You still have original parts on Your PCB. If You change anything important- backup will not help You. To check how it's working We need to get 2 OneX with same version of SW, clean and not touched. Make backups and look inside. Mayby We can find differences and make solution for EFS repair. The sad things is 90% of broken OneX has HW problem, not SW.
- Still I have not Java card (White Card), but it's probably some universal device for new HTC models, but I'm affraid it can not work with International OneX, because of additional Tegra3 security. But mayby Java Card has some Tegra Security unlock instruction inside. Who knows
- I know some people just buy unlocked devices (for devs). Like I said before, I don't know how Java card is working, if it can disable Tegra security, then bootloader can be fully unlocked.
- Fater get SBK We can unlock bootloader, but for IMEI repair We need to understand OneX EFS construction, to know what should be change to see our IMEI and whole Radio back
For now I'm waiting for Z3X team progres on repair Nvidias HTC, they can directly flash eMMC, now, They're working on repair broken IMEI etc. That's the goal now.
Correction: ATT Model is Tegra 3
Sent from my HTC One X+ using Tapatalk 4
sixcarnage said:
Correction: ATT Model is Tegra 3
Sent from my HTC One X+ using Tapatalk 4
Click to expand...
Click to collapse
No way! http://www.gsmarena.com/htc_one_x_at&t-4614.php
AT&T One X has snapdragon cpu
AT&T One X"+" has Tegra3
Sent from my HTC One X+ using xda app-developers app
This is a One X+ thread go talk about One X elsewhere. AT&T One X+ is a Tegra 3 model.
Sent from my HTC One X+ using Tapatalk 4
sixcarnage said:
This is a One X+ thread go talk about One X elsewhere. AT&T One X+ is a Tegra 3 model.
Sent from my HTC One X+ using Tapatalk 4
Click to expand...
Click to collapse
Chillax bro, LoLzZzZ (so swag, i know) . Well Since both phones do have similar hardware, except the AT&T One X , So the ideas are joined. So even if you own a tegra 3 HOX, it's fine that you post here if you have something to say. I think he just misread the forum , its fine
Yeah, sorry, I was reading posts on HOX and HOX+ forums and just wrote on bad section. Sorry again, but HOX and HOX+ are similar phones. HOX+ has a little better CPU. S-off problem is same, Nvidia security is probably same. So, We still can't do anything.
I don't know much about programming, but if We can unlock bootloader via HTCdev, then must be some backdoor on Nvidia security, or mayby seucrity is disabled during bootloader unlocking operation. Mayby this is the way. Or mayby this part of bootloader security is somewhere else and Nvidia key not blocking this. I don't know. Any Dev is needed here.
Gotta love it when I resurrect an old thread (oh resurrect. Such a big word)
I've been wondering for quite a while about this question.
Turing on "Power saving" mode in the sense rom, turns down your CPU to 1.3GHZ, which means it UNDERCLOCKS your device. Correct me If I am wrong, if you are S-On you neither can underclock nor overclock your cpu . Right?
I know this has been thought by other great developers before, but is there no way to de-compile just the power saving function and inspecting to see how it gains the S-Off access? I mean the answer must be there.

Categories

Resources