AlphaRev - Full S-Off for HTC Handsets
Anyone tried this out yet? Full phone access, for a truly rooted phone.....
AlphaRev 1.1 HBOOT reflash utility
Code:
HTC implemented security on their newer generation phones. This flag, called @secuflag, controls whether your phone has
it's NAND or flash unlocked. Most noticeably, S-ON (security on) will read-lock your /system and /recovery partition, to name a few. Also, secuflag controls whether zip files being flashed through recovery or fastboot, are signed by HTC.
The now notorious S-OFF (security off) will disable this NAND security.
Since we are unable to access the Radio NVRAM itself (where secuflag is stored), we turned our attention to HBOOT.
AlphaRev has patched HBOOT images for several phones, whereas the HTC Desire (GSM) was our first victim.
Download:
AlphaRev 1.1 HBOOT reflash utility
Warning: Make sure you have read all the warnings below before attempting to run this utility!
Supported devices:
Soon to be supported devices:
- HTC Legend GSM
- HTC Aria GSM (Liberty)
- HTC Wildfire GSM (Buzz)
Requirements:
The only requirement right now is that the ROM you're running is rooted.
Changelog
- 1.1: Fixed a bug for busybox. We now push our own version, so need for it anymore! Just root is enough.
- 1.0: Initial Release.
The following patches were made:
- First and foremost, the security flag is ignored. HBOOT now always thinks the phone is S-OFF.
- Second, Fastboot extended commands are enabled. This is similar to engineering HBOOTS, these allow you to use commands like 'fastboot flash system system.img' (flashing a system image), or 'fastboot boot boot.img' (downloading and directly booting a kernel image and ramdisk).
Is there any risk involved?
Yes, there is. Flashing HBOOT will flash a critical part of your phone, if that gets corrupted, your phone WILL be bricked.
We do not accept any responsibility for bricked phones, even though we've attempted to make the actual flashing method as safe as possible.
If your phone no longer turns on anymore, please return to HTC for warranty purposes.
Should you still run this hack/program, you then hereby accept full responsibility.
So how does this work?
The image provided is an ISO image. You can either burn that on CD, and boot it. Instructions will be provided when you run the CD.
The actual tool is packaged in a Linux livecd, to ensure maximum compatibility.
On a sidenote: yes, you should be able to run this in VMWare or Virtualbox, as long as you enable the USB device to be routed to the livecd running.
Will my phone stay S-OFF forever?
Yes and no. As soon as you decide to flash a stock RUU that has a HBOOT update in it, this hacked HBOOT will be overwritten.
You do have the option to remove the HBOOT update from the rom.zip inside the RUU. Since your phone no longer checks signatures, you could easily do that.
Also, you then still have the option to flash custom recovery, or different kernels using the fastboot functions described above (fastboot flash, et al).
Will this work on my SLCD device?
Yes. For Desire, we've patched HBOOT 0.93, which has AMOLED and SLCD support. Through model ID checking, we determine if your device is supported.
If you run this tool on a device that is unsupported, but that you think is likely to be supported soon, then Contact Us.
Something went wrong! The livecd told me to get help!! Is my phone bricked?
First of all, leave your phone turned on and plugged in to USB. Your phone will most likely not be bricked, unless you REBOOT!
Before that happens, please contact an operator on irc.freenode.net , channel #alpharev , as instructed on the livecd.
The operators there should be able to provide you with some more hands-on help.
http://alpharev.shadowchild.nl/