Taki7610
Unlock_GSM
[Hướng Dẫn] Unlock Sim Cho HTC MyTouch 4G Version 2.3.4 Hboot 0.89
- Nhận 4 cây mà toàn code not found giá chua, xtc và hxc xì quẻn, khách yêu máy nên giữ zin ko cho bung, làm theo mấy cái lụm luôn
1.Phone version cao 2.3.4 hboot 0.89 hạ về version 2.2.1 hboot 0.86 :
. Bỏ 4 cái này fre3vo.zip - misc_version_01.zip - flashgc.zip - gfree_02.zip vào ADB SDK tool
adb shell cat /dev/msm_rotator
/dev/msm_rotator: invalid length
adb push fre3vo /data/local/tmp
adb shell
$ chmod 777 /data/local/tmp/fre3vo
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
---> Hiện cái này là ok
Buffer offset: 00000000
Buffer size: 8192
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba90000...
Potential exploit area found at address fbb4d600:a00.
Exploiting device...
. Test Root :
adb shell
# exit
adb push misc_version /data/local/tmp/misc_version
adb push flashgc /data/local/tmp/flashgc
adb shell chmod 777 /data/local/tmp/*
adb shell
# cd /data/local/tmp
# ./misc_version -s 1.00.000.0
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...
# ./flashgc
# sync
# dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.001 secs (10000 bytes/sec)
2. Tải Rom .
adb reboot bootloader
fastboot oem rebootRUU
fastboot flash zip Rom.zip
fastboot reboot
3. Unlock Sim ( S-Off - Off Radio )
. Cài com.modaco.visionaryplus.r14 vào phone chọn dòng 3 và Temproot now.
C:\adb>adb push gfree /data/local
2573 KB/s (134401 bytes in 0.051s)
C:\adb>adb shell
$ su
su
# cd /data/local
cd /data/local
# chmod 777 gfree
chmod 777 gfree
# ./gfree -f
./gfree -f
--secu_flag off set
--cid set. CID will be changed to: 11111111
--sim_unlock. SIMLOCK will be removed
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.21-g899d047
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
- Address: c02a63a4, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02a6000
Kernel memory mapped to 0x40011000
Searching for brq filter...
- Address: 0xc02a63a4 + 0x34c
- 0x2a000012 -> 0xea000012
Patching and backing up partition 7...
patching secu_flag: 0
Done.
# ./gfree --secu_flag off --cid 11111111
./gfree --secu_flag off --cid 11111111
--secu_flag off set
--cid set. CID will be changed to: 11111111
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.21-g899d047
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
- Address: c02a63a4, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02a6000
Kernel memory mapped to 0x40011000
Searching for brq filter...
- Address: 0xc02a63a4 + 0x34c
- ***WARNING***: Found fuzzy match for brq filter, but conditional branch isn't
. (0xea000012)
Patching and backing up partition 7...
patching secu_flag: 0
Done.
# exit
.
- Nhận 4 cây mà toàn code not found giá chua, xtc và hxc xì quẻn, khách yêu máy nên giữ zin ko cho bung, làm theo mấy cái lụm luôn
1.Phone version cao 2.3.4 hboot 0.89 hạ về version 2.2.1 hboot 0.86 :
. Bỏ 4 cái này fre3vo.zip - misc_version_01.zip - flashgc.zip - gfree_02.zip vào ADB SDK tool
adb shell cat /dev/msm_rotator
/dev/msm_rotator: invalid length
adb push fre3vo /data/local/tmp
adb shell
$ chmod 777 /data/local/tmp/fre3vo
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
---> Hiện cái này là ok
Buffer offset: 00000000
Buffer size: 8192
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba90000...
Potential exploit area found at address fbb4d600:a00.
Exploiting device...
. Test Root :
adb shell
# exit
adb push misc_version /data/local/tmp/misc_version
adb push flashgc /data/local/tmp/flashgc
adb shell chmod 777 /data/local/tmp/*
adb shell
# cd /data/local/tmp
# ./misc_version -s 1.00.000.0
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...
# ./flashgc
# sync
# dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.001 secs (10000 bytes/sec)
2. Tải Rom .
adb reboot bootloader
fastboot oem rebootRUU
fastboot flash zip Rom.zip
fastboot reboot
3. Unlock Sim ( S-Off - Off Radio )
. Cài com.modaco.visionaryplus.r14 vào phone chọn dòng 3 và Temproot now.
C:\adb>adb push gfree /data/local
2573 KB/s (134401 bytes in 0.051s)
C:\adb>adb shell
$ su
su
# cd /data/local
cd /data/local
# chmod 777 gfree
chmod 777 gfree
# ./gfree -f
./gfree -f
--secu_flag off set
--cid set. CID will be changed to: 11111111
--sim_unlock. SIMLOCK will be removed
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.21-g899d047
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
- Address: c02a63a4, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02a6000
Kernel memory mapped to 0x40011000
Searching for brq filter...
- Address: 0xc02a63a4 + 0x34c
- 0x2a000012 -> 0xea000012
Patching and backing up partition 7...
patching secu_flag: 0
Done.
# ./gfree --secu_flag off --cid 11111111
./gfree --secu_flag off --cid 11111111
--secu_flag off set
--cid set. CID will be changed to: 11111111
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.21-g899d047
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
- Address: c02a63a4, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02a6000
Kernel memory mapped to 0x40011000
Searching for brq filter...
- Address: 0xc02a63a4 + 0x34c
- ***WARNING***: Found fuzzy match for brq filter, but conditional branch isn't
. (0xea000012)
Patching and backing up partition 7...
patching secu_flag: 0
Done.
# exit
.