Hello, I have been scouring the internet for ways to help people unlock their Motorola Photon 4G that had the newest soak update which was 2.3.5 from Motorola directly. I admit, I didn't find jack and they say it's impossible... So I gave up searching and went into my think tank.
I did recently hear that Motorola gave the XOOM users the ability to unlock the bootloader via the internet or using some sort of software just like HTC did. Well, what if we did this.
We found a way to port the XOOM's OS, in that case which is ICS and then matched up the version information for the XOOM and made it available on our Photon 4G? Like we could somehow change the information and make our Photon's be recognized as a XOOM?
I can't guarantee this will some how magically free up our Photon from the dreaded bootloader lock. I am not near in developmental stage but maybe this kind of information will get us users free from this hassle once and for all. Using the XOOM bootloader unlock maybe somehow we can figure out what kind of information that software uses to identify the XOOM as a REAL XOOM. The real questions what I really have below:
1. Does it use a certain encryption or special keys?
2. Does it only see the software version?
3. Does it recognize a certain type of hardware chip?
4. Is it software or hardware type lock?
I mean we can do this, we have tons of users already with unlocked bootloaders and it sounds like to meet it is a software issue. We install an update from Motorola and bam... No more unlocked bootloader.
I mean we already know how to create kernels, custom roms, recoveries. Why not try this? What do we have to lose?
Thanks guys,
- JWT
Very interesting. I wish you the best of luck.
Sent from my MB855 using xda premium
R2DeeTard said:
Very interesting. I wish you the best of luck.
Sent from my MB855 using xda premium
Click to expand...
Click to collapse
Thanks, I might try it later on when I start building my own custom ROMs for the Photon.
To answer your first question I'm pretty sure Motorola somehow sends you a special key. I think I read that somewhere.
Sent from my MB855 using xda app-developers app
FC809 said:
To answer your first question I'm pretty sure Motorola somehow sends you a special key. I think I read that somewhere.
Sent from my MB855 using xda app-developers app
Click to expand...
Click to collapse
If we can somehow change and/or decrypt that key, we can use a 2.3.4 SBF.
JustWorksTechnology said:
If we can somehow change and/or decrypt that key, we can use a 2.3.4 SBF.
Click to expand...
Click to collapse
The only thing is I think your suppose to give your device ID, and then Motorola will send you a specific key for your phone (maybe). Something I found funny off the unlocking page.
WARNING: Motorola strongly recommends against unlocking the bootloader and/or modifying or altering a device's software or operating system. Doing so can have unintended, unforeseen, and dangerous consequences, such as rendering the device unusable, violating applicable laws, or causing property damage and/or bodily injury, including death.
Apparently you can die from unlocking your bootloader lol.
FC809 said:
The only thing is I think your suppose to give your device ID, and then Motorola will send you a specific key for your phone (maybe). Something I found funny off the unlocking page.
WARNING: Motorola strongly recommends against unlocking the bootloader and/or modifying or altering a device's software or operating system. Doing so can have unintended, unforeseen, and dangerous consequences, such as rendering the device unusable, violating applicable laws, or causing property damage and/or bodily injury, including death.
Apparently you can die from unlocking your bootloader lol.
Click to expand...
Click to collapse
We maybe then can try to incorporate that key into our bootloader somehow and then Motorola will see that we have a "fake XOOM". This is really interesting!
I hope one of you geniuses find a way to do it if it's possible.
Sent from my MB855 using xda app-developers app
FC809 said:
I hope one of you geniuses find a way to do it if it's possible.
Sent from my MB855 using xda app-developers app
Click to expand...
Click to collapse
LOL I hope I can possibly be the first... Like I said, I am no where never becoming a developer but I am pretty bright at least I would say so myself. I fixed my first computer at the age of 15
Hey man your ahead of me. I don't even know all of the parts that make up a computer, and I'm about to start my first year of getting my degree in software engineering lol.
Sent from my MB855 using xda app-developers app
JustWorksTechnology said:
Hello, I have been scouring the internet for ways to help people unlock their Motorola Photon 4G that had the newest soak update which was 2.3.5 from Motorola directly. I admit, I didn't find jack and they say it's impossible... So I gave up searching and went into my think tank.
I did recently hear that Motorola gave the XOOM users the ability to unlock the bootloader via the internet or using some sort of software just like HTC did. Well, what if we did this.
We found a way to port the XOOM's OS, in that case which is ICS and then matched up the version information for the XOOM and made it available on our Photon 4G? Like we could somehow change the information and make our Photon's be recognized as a XOOM?
I can't guarantee this will some how magically free up our Photon from the dreaded bootloader lock. I am not near in developmental stage but maybe this kind of information will get us users free from this hassle once and for all. Using the XOOM bootloader unlock maybe somehow we can figure out what kind of information that software uses to identify the XOOM as a REAL XOOM. The real questions what I really have below:
1. Does it use a certain encryption or special keys?
2. Does it only see the software version?
3. Does it recognize a certain type of hardware chip?
4. Is it software or hardware type lock?
I mean we can do this, we have tons of users already with unlocked bootloaders and it sounds like to meet it is a software issue. We install an update from Motorola and bam... No more unlocked bootloader.
I mean we already know how to create kernels, custom roms, recoveries. Why not try this? What do we have to lose?
Thanks guys,
- JWT
Click to expand...
Click to collapse
the xoom is a nexus device, fastboot oem unlock does the trick, no special software needed.
the bootloader has to have the software to support this not just the tool. what that means is unless you plan on flashing the xoom bootloader (please dont do that) then your bypass for teh xoom isnt gunna mean anything. i could set the version strings and build.prop info all day long to whatever i wanted doesnt make my phone anything but a gnexus.
in order to get the token you have to enter your device key, i assure you they are gunna have a database so you cant just make one up. at which point the code they give you is only gunna match up with the device its paired to.
you wanna see if moto has any plans for photon officially any new updates (including the 2.3.5) try running fastboot oem get_unlock_data while in fastboot mode and see if you get an output. you do then there is a pretty damn good chance they are planning on adding support.
shabbypenguin said:
the xoom is a nexus device, fastboot oem unlock does the trick, no special software needed.
the bootloader has to have the software to support this not just the tool. what that means is unless you plan on flashing the xoom bootloader (please dont do that) then your bypass for teh xoom isnt gunna mean anything. i could set the version strings and build.prop info all day long to whatever i wanted doesnt make my phone anything but a gnexus.
in order to get the token you have to enter your device key, i assure you they are gunna have a database so you cant just make one up. at which point the code they give you is only gunna match up with the device its paired to.
you wanna see if moto has any plans for photon officially any new updates (including the 2.3.5) try running fastboot oem get_unlock_data while in fastboot mode and see if you get an output. you do then there is a pretty damn good chance they are planning on adding support.
Click to expand...
Click to collapse
Good point Shabbypenguin, but the whole point was missing. I wasn't planning on flashing the XOOM's bootloader but to imitate the XOOM's bootloader by somehow injecting a the token associated with the XOOM and their databases into our current bootloader... Either by an SBF flash with the current soak ota update.
Look I think moto is ready to release the tool to open the boot loader
h t t p s://motorola-global-portal.custhelp.com/app/standalone/bootloader/unlock-your-device-a
Related
Ok guys, before you start flaming, bear with me:
First of all, to get it out of the way, with the advent of 2nd init, a locked bootloader no longer prevents custom roms (CM7 2.3.4 runs fine on Defy and Droid X even though they only come with 2.2).
However, by having a locked bootloader, it is impossible for the user to hard-brick their device as no matter how bad you screw up, you can still always flash an SBF to recover. This would not be the case with an unlocked bootloader where someone accidentally overwrote their bl.
Thoughts?
<FLAMESUITON>
I don't believe so. How would someone accidentaly overwrite their bootloader? The person flashing a new kernel will understand the risks involved with tweaking all this low level stuff.
How often do you ever see someone totally brick their device from flashing kernels?
no
never a good thnig
LOTS of bricks were produced because people trying to unlock this thing
Sinful Animosity said:
I don't believe so. How would someone accidentaly overwrite their bootloader? ...
Click to expand...
Click to collapse
lsxrx7 said:
...
LOTS of bricks were produced because people trying to unlock this thing
Click to expand...
Click to collapse
That's one way LOL
Sinful Animosity said:
The person flashing a new kernel will understand the risks involved with tweaking all this low level stuff.
How often do you ever see someone totally brick their device from flashing kernels?
Click to expand...
Click to collapse
You don't really believe that, do you?
The by and large majority of users on this forum have very little understanding of what they're doing and are merely following the instructions posted. And I have seen plenty of "somebody please help me - I can't boot my device" threads!
Granted, a locked bootloader posses some difficulties/challenges for the true developers, but I'm coming around to the opinion that it also serves as a much needed buffer to the type of community that has become the norm on here. Just look at what's been going on in the dev forum since the Atrix came out: an experienced dev will start a thread, then 1k noobs post "is it done yet", or better yet start "demanding" support/results. The dev gets frustrated/irritated, voices his opinion, gets flamed, and moves to a different device. This has nothing to do with the locked bootloader (Moto Defy with a locked bootloader is now in the top 10 most installed/used devices for cyanogenmod), but more to do with the community/attitude...
Over the last few days alone, I have seen/been involved with at least a dozen bricks where a locked bootloader has saved someone's but and helped keep end-user device costs down (warranty).
Arg! I just don't know what to think anymore...
dew.man said:
That's one way LOL
You don't really believe that, do you?
The by and large majority of users on this forum have very little understanding of what they're doing and are merely following the instructions posted. And I have seen plenty of "somebody please help me - I can't boot my device" threads!
Granted, a locked bootloader posses some difficulties/challenges for the true developers, but I'm coming around to the opinion that it also serves as a much needed buffer to the type of community that has become the norm on here. Just look at what's been going on in the dev forum since the Atrix came out: an experienced dev will start a thread, then 1k noobs post "is it done yet", or better yet start "demanding" support/results. The dev gets frustrated/irritated, voices his opinion, gets flamed, and moves to a different device. This has nothing to do with the locked bootloader (Moto Defy with a locked bootloader is now in the top 10 most installed/used devices for cyanogenmod), but more to do with the community/attitude...
Over the last few days alone, I have seen/been involved with at least a dozen bricks where a locked bootloader has saved someone's but and helped keep end-user device costs down (warranty).
Arg! I just don't know what to think anymore...
Click to expand...
Click to collapse
Yea but the only reason they were " saved by the boot loader" is because it's locked in the first place and they're trying to unlock it.
Sent from my MB860 using Tapatalk
Clienterror said:
Yea but the only reason they were " saved by the boot loader" is because it's locked in the first place and they're trying to unlock it.
Sent from my MB860 using Tapatalk
Click to expand...
Click to collapse
No you misunderstood - the soft-bricks that I've dealt with this weekend were on different devices with inexperienced people trying to flash their devices and missing a step here or using a wrong file there...
dew.man said:
No you misunderstood - the soft-bricks that I've dealt with this weekend were on different devices with inexperienced people trying to flash their devices and missing a step here or using a wrong file there...
Click to expand...
Click to collapse
That's their fault. The guidelines are there, and it's the persons responsibility to know if something is going to brick their device, and it's their responsibility to follow all the instructions completely. Now, sometimes, the devs post some crappy tutorial, and it's a possible brick.
If they're on XDA, they know the risks.
Signed bootloaders present nothing but problems.
PixoNova said:
That's their fault. The guidelines are there, and it's the persons responsibility to know if something is going to brick their device, and it's their responsibility to follow all the instructions completely. Now, sometimes, the devs post some crappy tutorial, and it's a possible brick.
If they're on XDA, they know the risks.
Click to expand...
Click to collapse
Not making excuses for them! Merely pointing out that the locked bootloader does not necessarily hamper customization, but does help keep device costs down.
dew.man said:
Not making excuses for them! Merely pointing out that the locked bootloader does not necessarily hamper customization, but does help keep device costs down.
Click to expand...
Click to collapse
It does hamper it down. Imagine a Samsung Captivate without the lagfix. I would've returned mine longggg ago if it hadn't been for that. That's not available with a locked bootloader.
PixoNova said:
It does hamper it down. Imagine a Samsung Captivate without the lagfix. I would've returned mine longggg ago if it hadn't been for that. That's not available with a locked bootloader.
Click to expand...
Click to collapse
Not familiar with with Captivate, but I have a hard time believing that it could not have been fixed even with the locked bootloader. Why not? Heck, we can now overclock a locked kernel?
dew.man said:
Not familiar with with Captivate, but I have a hard time believing that it could not have been fixed even with the locked bootloader. Why not? Heck, we can now overclock a locked kernel?
Click to expand...
Click to collapse
Kernel modules. Ours isn't functional just yet though. Still interacts with the kernel, it just isn't native.
And I don't believe converting all partitions to ext4 is possible without low level access.
Should we easily able to get these applications working? Is there something we still missing or the Devs are just taking the time and working on gingerbread right now (understandable)?
Bump, Bump, Bump
I've bumped the thread in the Dev section because I desperately want HDMI mirroring in landscape mode. No one's answering the call though.
Could you maybe bump it? Hopefully it catches someone's attention!
Where are they? They are patiently waiting to be developed and then implemented into a rom. Just b/c the bootloader was unlocked doesn't mean every option you desire will just appear. These things take time. Im sure you didn't mean to sound demanding but you did. Maybe make a simple request instead and more importantly, have patience.
Sent from my MB860 using Tapatalk
J-man67 said:
Where are they? They are patiently waiting to be developed and then implemented into a rom. Just b/c the bootloader was unlocked doesn't mean every option you desire will just appear. These things take time. Im sure you didn't mean to sound demanding but you did. Maybe make a simple request instead and more importantly, have patience.
Sent from my MB860 using Tapatalk
Click to expand...
Click to collapse
I know that, bro.
There are people who've said they were looking into it, and having an unlocked bootloader means a plethora or new venues are available to explore. Some have stated that a port of code from other devices might easily attain this once the bootloader was unlocked as well. So it's not unreasonable to ask if anyone's at least checked into it since the bootloader has been unlocked.
Not a peep has been spoken by any devs, which is why I'm asking for someone to break the silence. I'm not asking them to do this just for me, come to my house, flash it to my device and rub my feet.
Sent from my R800x using xda premium
? I have found nothing yet for this ps I love this phone for gaming
Sent from my R800x using xda premium
First you have to get your bootloader unlocked which there is only a paid way to do that right now. After you get your phone's bootloader unlocked, you download and copy RootXperia.zip to your SD card. Then you download and copy recoveryPLAY.img to the same directory on your PC as adb and fastboot.
Fastboot boot recoveryPLAY.img
Then choose to install zip which will be the RootXperia.zip on your SD card.
Or simply.....
Unlock bootloader, flash doomlord's v3 kernel which installs root, then flash back stock kernel.
Ok so you do need to get it unlocked I thought you might be able to get root without unlockex bootloader
Sent from my R800x using xda premium
There is no working root for the R800x without an unlocked bootloader.
Sent from my R800x using XDA App
Don't flash doomlords kernel if u did the 2.3.3 update. We don't have the 2.3.3 kernel and 2.3.2 Kernels will break ur wifi on a 2.3.3 system.
Unfortunately I did the update and wifi doesn't stay connected which is no good to play games like modern combat an 9mm, was hoping to some how root this or crack the bootloader so I can run different rom I don't like sonys at all
Sent from my R800x using xda premium
my question is since when does a locked bootloadert stop development from my experience with xda its more of a challenge, i would like to unlock it free if possible theres got to be a solution to this problem i dont want the gsm version its weak if someone can point me in the right direction i can start to try an unlock the bootloader
crisis187 said:
my question is since when does a locked bootloadert stop development from my experience with xda its more of a challenge, i would like to unlock it free if possible theres got to be a solution to this problem i dont want the gsm version its weak if someone can point me in the right direction i can start to try an unlock the bootloader
Click to expand...
Click to collapse
You can start by reading the 400+ reply thread here on the subject and then wash it down with the entire saga of bootloader unlocking roller coaster that SE sent us through on the 280 post thread located here.
Those would be a couple of good places to start. And its not the locked bootloader thats stopped development. Its the fact that you cant flash anything when its locked. There is no root exploit for gingerbread. Look at any of the other phones. The whole community is at a standstill on devices running gingerbread (except for the blur-based exploit of recent moto's).
But yet there's a paid version and dev stopped is it really worth payment, cause I did read them they are all dead an, and I'm kinda see'ing if anyone else still has the same problem someone had a solution but didn't release it cause of the paid version and would like to continue were was left off
Sent from my R800x using xda premium
crisis187 said:
But yet there's a paid version and dev stopped is it really worth payment, cause I did read them they are all dead an, and I'm kinda see'ing if anyone else still has the same problem someone had a solution but didn't release it cause of the paid version and would like to continue were was left off
Sent from my R800x using xda premium
Click to expand...
Click to collapse
Crisis,
Dev work pretty much stopped because there's nothing that can be done. If a gingerbread-specific exploit is found, then we will reap the benefits along with every other gingerbread device. Otherwise, the problem is this - we need to reverse engineer Sony's hashing algorithm. See this thread for the specifics. If you figure out how to do it, you're a much smarter person than the rest of us and you should be working for the government or something, because reverse engineering a hashing algorithm is designed to be pretty fracking impossible. And we don't access to enough computing power to even think about attempting to brute force it, and even if we did we can't because we don't know the algorithm being used so we don't even know where to start.
so then are you saying this method doesn't work with verizon plays? http://unlockbootloader.sonyericsson.com/instructions
how sad I just got a free one today and was looking forward to some cm7
flamesbladeflcl said:
so then are you saying this method doesn't work with verizon plays? http://unlockbootloader.sonyericsson.com/instructions
how sad I just got a free one today and was looking forward to some cm7
Click to expand...
Click to collapse
This is where Sony is outright lying to us. Yes, the R800x can get into Fastboot no problem, which by their instructions means it should be unlockable (and it is!). But the catch is you have to use Sony's submission form to get the unlock code. It's unique to every device, and it's a value created from the result of applying a hash algorithm against a devices IMEI (GSM) or MEID (CDMA).
If you go to the form and attempt to enter in your MEID, it will fail and say it's not a valid IMEI (Which of course it's not). However in the past their web form coding sucked, and all the validation of the form was client-side in the browser. So if you just manually formulated an HTTP POST request with the correct parameters, it would accept your MEID blindly in the IMEI post var without checking it. With the help of Mills and Asher, I wrote a console app in C# that would do just that. And sure enough, their code will apply their hash algorithm and spit you out a valid unlock key.
However, one day it got published in the bootloader cracked thread how we were doing the end-around their javascript validation. Within 48 hours Sony pulled the site down for maintenance and when it came back up, they had added a CAPTCHA to the form and also added server side checking on the postvar containing the IMEI. So even if you manually make a request now, it will error off. This is what cut off our free unlocking.
So in short, their web based unlocking system can unlock our phones, they just won't let us, and claim that "They cannot unlock CDMA Plays at this time, and they are working on it".
If you can come up with a way to publicly shame Sony into removing this restriction, well, we're all ears.
Root!!
Ladies & Gentlemen, brought to you by CrimsonSentinal13, root with a locked bootloader!!
http://forum.xda-developers.com/showthread.php?p=18615502&posted=1#post18615502
I did not create "it", but the unlock tool is here: link
I am really looking forward to the first ROMs
I just saw that and not sure (afraid) to try it yet 'couse I just got mine TFP. It will break all agreement with ASUS.
Please post any results and experiences.
Nice
Sent from my Transformer Prime TF201 using xda premium
Anyone tried it yet? Lol.
mutiny said:
Anyone tried it yet? Lol.
Click to expand...
Click to collapse
and what do you think?
allready running with unlocked bootloader
I just read the other threads (I should have before asking --lol) and I've come to the conclusion that right now, at least for me, it's not worth unlocking yet. Here are my reasons:
1. There are zero development on the Prime as of now, so why unlock besides to void warranty?
2. If you do unlock and knock-on-wood something happens to your Prime before we get CM9 or other roms, what do you do?
3. Unless you're a dev or someone who is fairly knowledgeable/confident in your rom-development skills, what are you going to do with your unlocked Prime?
Are there any advantages I'm missing? I'm not sure if anyone agrees with me, but that's how I feel right now. Note that I am not at all gun shy about dumping my warranty for the real good stuff. Like many here, all Android phones I've ever owned, including my entire family's Android phones and tablets (also my other tablet --a Xoom) are rooted with custom roms and recoveries.
I advised those who don't develop or don't know much about rooting to not try this. There are just too many "what-ifs" against this method. For example, what if someone comes up with a way to unlock that doesn't go through Asus? By some miracle, if that happens, everyone who uses Asus' unlock will have a very iffy device with no warranty coverage whatsoever. Just a thought.
mutiny said:
I just read the other threads (I should have before asking --lol) and I've come to the conclusion that right now, at least for me, it's not worth unlocking yet. Here are my reasons:
1. There are zero development on the Prime as of now, so why unlock besides to void warranty?
2. If you do unlock and knock-on-wood something happens to your Prime before we get CM9 or other roms, what do you do?
3. Unless you're a dev or someone who is fairly knowledgeable/confident in your rom-development skills, what are you going to do with your unlocked Prime?
Are there any advantages I'm missing? I'm not sure if anyone agrees with me, but that's how I feel right now. Note that I am not at all gun shy about dumping my warranty for the real good stuff. Like many here, all Android phones I've ever owned, including my entire family's Android phones and tablets (also my other tablet --a Xoom) are rooted with custom roms and recoveries.
I advised those who don't develop or don't know much about rooting to not try this. There are just too many "what-ifs" against this method. For example, what if someone comes up with a way to unlock that doesn't go through Asus? By some miracle, if that happens, everyone who uses Asus' unlock will have a very iffy device with no warranty coverage whatsoever. Just a thought.
Click to expand...
Click to collapse
Right this minute, it's not necessary to unlock. However, my guess is that in less than a day we'll have a ClockworkMod version for the prime and you will need an unlocked bootloader to utilize it. This will allow you to make a full backup of your device (stock) and have a good backup plan should you run into issues in the future with an OTA, etc. The roms will be coming very soon.
Video about it is here!
http://www.youtube.com/watch?v=YBY6GY8G5lg&hd=1&list=PLFA87501087653A16
I'm gonna do it! I want to install Ubuntu on mine. Please watch the video, and subscribe if you liked it!
CWM Recovery is already out too
http://forum.xda-developers.com/showthread.php?t=1510983
does anyon know yet what "SERVICES" they blocked with the unlock, i read somewhere a LOOOONG time ago that they were going to block certain services when they released the bootloader unlock
If I remeber correctly, you're not able to use google music with an unlocked bootloader, because of the DRM security.
Bart1981 said:
If I remeber correctly, you're not able to use google music with an unlocked bootloader, because of the DRM security.
Click to expand...
Click to collapse
I'm not sure about that since I use it on my Galaxy Nexus with an unlocked bootloader.
ASUS’s reason for locking the bootloader was simply to comply with DRM protected content. Which a fair response. Not really something many of really are interested in any ways with services like Netflix and Google Music though.
Click to expand...
Click to collapse
source
Not shure though if they mean with 'comply' if you're not able to use it anymore with an unlocked bootloader.
edit:
Here's some more info about unlocking the bootloader and the DRM content.
Regarding the bootloader, the reason we chose to lock it is due to content providers' requirement for DRM client devices to be as secure as possible. ASUS supports Google DRM in order to provide users with a high quality video rental experience. Also, based on our experience, users who choose to root their devices risk breaking the system completely. However, we know there is demand in the modding community to have an unlocked bootloader. Therefore, ASUS is developing an unlock tool for that community. Please do note that if you choose to unlock your device, the ASUS warranty will be void, and Google video rental will also be unavailable because the device will be no longer protected by security mechanism.
Click to expand...
Click to collapse
Bart1981 said:
If I remeber correctly, you're not able to use google music with an unlocked bootloader, because of the DRM security.
Click to expand...
Click to collapse
You can't use the movie rental service I know that but never heard anything about music
Does this wipe the tablet like when unlocking the nexus?
Sent from my Transformer Prime TF201 using Tapatalk
since some people don't do research
please before you start.. and if you have root
Code:
adb logcat > output.txt
when all **** is done, please upload it to a pastebin or send it to me in a private message..
p.s. you can do this when you have adb set up or in the terminal from the device itselve.
Cm9 is booted on the Device!
Now a little waiting for the custom roms and probably a proper dual boot solution with windows just for the hell of it. Things are looking great so far with CWR already a go. I love the devs here.
Asus delivers in the end. Cheers.
The obvious question that I haven't seen asked yet...will it be possible to develop a tool to lock your bootloader again? If the bootloader can be unlocked with an apk file, there should at least be hope to lock it again by reversing whatever the apk did.
Nothing changed since this thread opened, got a new question just jump to page 2
I am well aware that till now unless you have a developer phone with CID 11111111 you can't gain SuperCID which will make you able to S-Off your device (For those who are not aware what is S-Off , Its making the security on your bootloader "off" hence enabling you to flash your roms without the need to fastboot flash your boot.img)
But on a developer side, what do the devs need for the "Great Dream" of S-Off to be achieved for all of us?
Files, source codes , exploits. What exactly?
I am aware that this topic has seen the light of day more than once, but every time this topic is opened, no more than a week later its "dead". Why is it THAT impossible to figure out?
I am vaguely aware that it has something to do with the "Tegra 3" chip, but why? If it has something to do with the "Source Code" is there a class talking about security that the devs just removes from the equation then flashes it instead?
I am quite interested in this topic and I tried to look around, but I don't really know the process of what is actually going on under the hood. So Any general help/discussion is welcomed (and encouraged) . If anyone with any "IDEA" about how its done wanna join in (even if he isn't quite sure) or if a DEV from another device did it and can help please do. It's basically a GENERAL discusison that might help brainstorm some ideas .
As always, links to other threads explaining the whole process is welcomed, but just please don't reply with "IDK" because that's basically considered spam
I Also found this out : HTCDev.com uploaded a couple of source codes about their kernel : http://www.htcdev.com/devcenter/downloads which includes the HOX+ if that will be of any help.
Final words: I know that this thread won't probably magically just solve it, But it's just mostly for me and other users to learn
Edit: Since its not really a Q&A Section and more of a general discussion in my opinion so I posted it in general because I want all devs to just talk, since its not really an "Answer the question" thread. MODs you can move the thread if you find it in the wrong section, thank you.
~Ghandour
SuperCID is not a prerequisite to S-Off. Infact it's the other way round, you need to remove the security flag (S-Off) before you have the nessesary permission to modify your Carrier-ID. .
There are ways for end users to attain S-Off but it's either very pricey (Buying a SETool box/Card/Credits and using LGTool to S-Off) or very risky (Sending your phone to someone who already has the equipment to S-Off your phone and hope they dont steel it) lol
Sent from my HTC One X+ using Tapatalk
AndroHero said:
SuperCID is not a prerequisite to S-Off. Infact it's the other way round, you need to remove the security flag (S-Off) before you have the nessesary permission to modify your Carrier-ID. .
There are ways for end users to attain S-Off but it's either very pricey (Buying a SETool box/Card/Credits and using LGTool to S-Off) or very risky (Sending your phone to someone who already has the equipment to S-Off your phone and hope they dont steel it) lol
Sent from my HTC One X+ using Tapatalk
Click to expand...
Click to collapse
OH I forgot to mention, I am well aware that you can S-Off your device using expensive equipment (javacard) and so forth and so on, but this thread was meant for pure normal S-Off the old fashioned way, which you can do without any fancy equipment. Because I am sure that the other phones that can be "S-Off"ed don't really require you to buy all those tools. ^^
They can but it's alot harder for us because of our Tegra SOC's.
I've always wondered why we dont start a donation thread, we could raise the money for the equipment and give it to a trusted member to buy (Someone like lloir but with more time) Then the members who donated could send their phone to this trusted member and get it S-Off'd...
Sent from my HTC One X+ using Tapatalk
AndroHero said:
They can but it's alot harder for us because of our Tegra SOC's.
I've always wondered why we dont start a donation thread, we could raise the money for the equipment and give it to a trusted member to buy (Someone like lloir but with more time) Then the members who donated could send their phone to this trusted member and get it S-Off'd...
Sent from my HTC One X+ using Tapatalk
Click to expand...
Click to collapse
Well there is a thread about sending your phone to the US to an XDA Member with a java card somewhere around but that's not the point at all....
The thread was meant to understand why is it hard? Why can't it be achieved? What is the issue exactly? (From a developer's point of view)
I found this thread : http://forum.xda-developers.com/showthread.php?t=2057105
EDIT: This thread is helpful however the thread remains unsolved. What exploits do the dev try to find when trying to figure out a way to S-Off the device? Leaked DIAG zips ?
Because I am aware that the "S-ON" Policy is mostly only done by HTC. So How are other phones exploited? For example, the HTC One has a fully functional FULL S-OFF : http://forum.xda-developers.com/showthread.php?t=2473644
So Does this App contains the "Diag" zip found in the app or what? Any dev explanation would be helpful.
Attaining SuperCID
I attempted attaining SuperCID by combining this method with this information about the HOX+. It does not appear to have changed anything, so it looks like that part of the memory can't be modified, which probably rules out any method similar to that.
WindyCityRockr said:
I attempted attaining SuperCID by combining this method with this information about the HOX+. It does not appear to have changed anything, so it looks like that part of the memory can't be modified, which probably rules out any method similar to that.
Click to expand...
Click to collapse
Alright, So the issue we are talking about here is that the memory doesn't become saved. So the exploit basically will make it become saved.
So can't we talk about repeating the process over and over and over again till it actually works? Can't we remove the usb in the middle of the process and force a hard reboot?
Tell you what, I think i might try this out. Let's hope the phone keeps on running QQ
"Theoratically" speaking, what if we copy all that partition of the storage to our PC, format the partition then we push it. I know there will be a huge risk of break but in theory can this work without breaking the phone?
Ghand0ur said:
Alright, So the issue we are talking about here is that the memory doesn't become saved. So the exploit basically will make it become saved.
So can't we talk about repeating the process over and over and over again till it actually works? Can't we remove the usb in the middle of the process and force a hard reboot?
Tell you what, I think i might try this out. Let's hope the phone keeps on running QQ
"Theoratically" speaking, what if we copy all that partition of the storage to our PC, format the partition then we push it. I know there will be a huge risk of break but in theory can this work without breaking the phone?
Click to expand...
Click to collapse
Im willing to try whatever you want with my AT&T HOX+. Its a second phone that i dont use anyways. Just let me know what you want me to try. I would love S-OFF on it because then it might become useful to me.
m1ke420 said:
Im willing to try whatever you want with my AT&T HOX+. Its a second phone that i dont use anyways. Just let me know what you want me to try. I would love S-OFF on it because then it might become useful to me.
Click to expand...
Click to collapse
Well I admit that I don't have experience with development yet so I can't ask you to brick your phone with "false" claims So That's out of the question for me. HOWEVER, If any exploit is discovered since I have an international phone , AT&T will be required to test it as well.. But that's not for the near future on my part .. haha and generally speaking if any dev wants you to risk your phone before he risks his then he is not worthy imo.
Anyway back to topic:
Now for the general understanding @WindyCityRockr This post : http://forum.xda-developers.com/showthread.php?t=1671396 says that you pull a file edit it with HEX Code editor and then push it again. I read somewhere that someone changed the paritition setup so basically the "SDCard" became a whole different partition. Can you elaborate on what file you pulled and tried? Where to find it if the location changed?
EDIT: I found it in the root section /dev/block/ the mmc files are there
What I understand is that the "unlock_code.bin" gained from HTCDev makes you gain partial unlock, Did anyone try to edit that file? I mean Maybe the key answer lies in that file. Maybe if you can edit this file then you flash it maybe you gain S-Off?
Now generally speaking, if you are unlocked with S-ON, on other devices where you can use an app to gain S-Off, do you need to relock your bootloader and flash RUU and stock recovery before you try to S-Off your device? What will happen if you dont.
Anyway I will try to load up the file and inspect it abit then report back
Would be a pleasure if more devs join in.
Problem with S-Off on OneX/X+ exists because of different hardware between this phones and any other HTCs. For now there is no way to restore Your phone even with JTAG (tegra has disabled JTAG). No one know what is exactly needed to repair baseband/IMEI after direct flashing eMMC. We can restore phone, but baseband is still dead. We know also there are 3 chips needed to be paired. CPU, eMMC and XGold 626. If You change only one of them- phone has no IMEI, being SIM locked or boot only in bootloader. There is also problem with bootloader- is locked. That's why You can't totaly brick Your phone. There is no way to change anything in bootloader, so We can't S-off phone. Probably even with Java card. I have some diag files for OneX, but not working. We stuck. We need to know how to get SBK for Tegra 3
kwaku85 said:
Problem with S-Off on OneX/X+ exists because of different hardware between this phones and any other HTCs. For now there is no way to restore Your phone even with JTAG (tegra has disabled JTAG). No one know what is exactly needed to repair baseband/IMEI after direct flashing eMMC. We can restore phone, but baseband is still dead. We know also there are 3 chips needed to be paired. CPU, eMMC and XGold 626. If You change only one of them- phone has no IMEI, being SIM locked or boot only in bootloader. There is also problem with bootloader- is locked. That's why You can't totaly brick Your phone. There is no way to change anything in bootloader, so We can't S-off phone. Probably even with Java card. I have some diag files for OneX, but not working. We stuck. We need to know how to get SBK for Tegra 3
Click to expand...
Click to collapse
Alright, just let me comment or rather ask about some few points.
-I get that the international version and AT&T are different , one having LTE and the other dont, so does that mean that the S-Off here will be different between the international and the AT&T? If so, which is easier?
-You said if you change only one you become sim-locked, So did anyone succeed in changing one permenantly?
-There was a thread saying that you can make a backup of your IMEI folder and paste it , shouldn't that fix the IMEI issue?
-So you are saying even with a Java card and the original DIAGs we can't S-Off? How is that possible even though there are people who actually succeeded in doing so ?
So all these issues will be solved if we get the SBK? [Secure Boot Key] ?
Ghand0ur said:
Alright, just let me comment or rather ask about some few points.
-I get that the international version and AT&T are different , one having LTE and the other dont, so does that mean that the S-Off here will be different between the international and the AT&T? If so, which is easier?
-You said if you change only one you become sim-locked, So did anyone succeed in changing one permenantly?
-There was a thread saying that you can make a backup of your IMEI folder and paste it , shouldn't that fix the IMEI issue?
-So you are saying even with a Java card and the original DIAGs we can't S-Off? How is that possible even though there are people who actually succeeded in doing so ?
So all these issues will be solved if we get the SBK? [Secure Boot Key] ?
Click to expand...
Click to collapse
International and AT&T are different. International has Tegra3 CPU, AT&T is standard Snapdragon phone. It's just OneS in One X skin. So. probably for this last OneS S-Off solution should be working after some modifications. Need to ask some good devs. This version is also supported for JTAG flashing, IMEI repair etc.
Almost all HTCs has standard Qualcomm processors (even HTC One) and similar construction. International OneX is different. Completly different CPU (and GPU), different and locked by Nvidia bootloader. Security flags are in bootloader, so, We can't even touch it.
-I never heard about anyone who change any of this parts and bring phone to live. If anyone can do this- probably We can do everything else, incluging Bootloader security status changing (S-on/off)
-Yes, backup will help. But only if You still have original parts on Your PCB. If You change anything important- backup will not help You. To check how it's working We need to get 2 OneX with same version of SW, clean and not touched. Make backups and look inside. Mayby We can find differences and make solution for EFS repair. The sad things is 90% of broken OneX has HW problem, not SW.
- Still I have not Java card (White Card), but it's probably some universal device for new HTC models, but I'm affraid it can not work with International OneX, because of additional Tegra3 security. But mayby Java Card has some Tegra Security unlock instruction inside. Who knows
- I know some people just buy unlocked devices (for devs). Like I said before, I don't know how Java card is working, if it can disable Tegra security, then bootloader can be fully unlocked.
- Fater get SBK We can unlock bootloader, but for IMEI repair We need to understand OneX EFS construction, to know what should be change to see our IMEI and whole Radio back
For now I'm waiting for Z3X team progres on repair Nvidias HTC, they can directly flash eMMC, now, They're working on repair broken IMEI etc. That's the goal now.
Correction: ATT Model is Tegra 3
Sent from my HTC One X+ using Tapatalk 4
sixcarnage said:
Correction: ATT Model is Tegra 3
Sent from my HTC One X+ using Tapatalk 4
Click to expand...
Click to collapse
No way! http://www.gsmarena.com/htc_one_x_at&t-4614.php
AT&T One X has snapdragon cpu
AT&T One X"+" has Tegra3
Sent from my HTC One X+ using xda app-developers app
This is a One X+ thread go talk about One X elsewhere. AT&T One X+ is a Tegra 3 model.
Sent from my HTC One X+ using Tapatalk 4
sixcarnage said:
This is a One X+ thread go talk about One X elsewhere. AT&T One X+ is a Tegra 3 model.
Sent from my HTC One X+ using Tapatalk 4
Click to expand...
Click to collapse
Chillax bro, LoLzZzZ (so swag, i know) . Well Since both phones do have similar hardware, except the AT&T One X , So the ideas are joined. So even if you own a tegra 3 HOX, it's fine that you post here if you have something to say. I think he just misread the forum , its fine
Yeah, sorry, I was reading posts on HOX and HOX+ forums and just wrote on bad section. Sorry again, but HOX and HOX+ are similar phones. HOX+ has a little better CPU. S-off problem is same, Nvidia security is probably same. So, We still can't do anything.
I don't know much about programming, but if We can unlock bootloader via HTCdev, then must be some backdoor on Nvidia security, or mayby seucrity is disabled during bootloader unlocking operation. Mayby this is the way. Or mayby this part of bootloader security is somewhere else and Nvidia key not blocking this. I don't know. Any Dev is needed here.
Gotta love it when I resurrect an old thread (oh resurrect. Such a big word)
I've been wondering for quite a while about this question.
Turing on "Power saving" mode in the sense rom, turns down your CPU to 1.3GHZ, which means it UNDERCLOCKS your device. Correct me If I am wrong, if you are S-On you neither can underclock nor overclock your cpu . Right?
I know this has been thought by other great developers before, but is there no way to de-compile just the power saving function and inspecting to see how it gains the S-Off access? I mean the answer must be there.