Archive

Archive for the ‘Reverse Engineering’ Category

Playing with HTC’s hboot 2.00.0002

October 23rd, 2011 4 comments

It’s been a long time since I last updated my blog. I have been very busy and I had no time to write a complete post. I have started writing some posts but I never managed to finish them. To be honest I knew that this may happen from very beginning, when I installed wordpress! So, I decided that from now on I will not create drafts, and publish even very small articles!

I am owner of an HTC Desire S smartphone which runs Android. It uses the Sense user interface which I like very much and that’s why I never used a ROM such as CyanogenMod. There are Sense based ROMs but I preferred to use the original one. If you don’t understand anything I said till now, you should visit the xda-developers forum and come back later!

Unfortunately, even if HTC uses an open operating system for its phones, the bootloader, known as hboot, is locked. A locked bootloader means that you cannot change the radio, the recovery, the boot, system and other partitions, and many other important stuff. Even if you get temporary root at your android it is very difficult to make it permanent. The lock depends on the @secu_flag variable which is stored in the radio NVRAM and it is not accessible from the user. This variable controls if your phone is S-ON, meaning it is secured, or S-OFF, meaning it’s unsecured. Currently, the best way to root the phone is change the hboot in order to report that the flag is off, even if it’s on. And this is what revolutionary by Unrevoked and AlphaRev does. You can visit their site to find out more. I had hboot version 0.98.0002 which is supported, so I used it and after one or two minutes I had permanent root, a modified hboot to report S-OFF and ClockworkMod, a much better recovery than the one HTC preinstalls.

Recently, HTC pushed a new OTA update to all Desire S phones, featuring the new Sense 3.0. And since I really like Sense, I couldn’t wait so I installed it. I had to do some work because I didn’t have the original hboot and recovery which are needed for the update. Unfortunatelly, the update also changed my hboot to version 2.00.0002. This version apart from all other locks also prohibits changes to the bootloader, so even if you have temporary root you cannot install your own ‘cracked’ hboot. I searched a little bit but I couldn’t find any information, so I started my own research. For the moment I have cracked the hboot (at least I believe so! 🙂 so it reports that you have an S-OFF phone. You can download the patched version here. In case you want to study it yourself, the changes are at the function starting at offset 0x9fa4. If you need more information about the disassembly you can leave a comment or mail me. I chatted a little bit with hyuh at #revolutionary@freenode and he told me that maybe downgrading to an older hboot and upgrading to this one could S-OFF my phone but I really don’t want to try this at the moment. The updated created a new partition for /system/lib which is not supported at older hboot versions, so I don’t want to start playing and brick my phone! I’m searching for new ways, and if I make any progress I will report it here, so stay tuned!

Categories: Android, Reverse Engineering Tags:
SEO Powered by Platinum SEO from Techblissonline

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close