Root SuperCID - wrong direction?

[dupek]

I spend few hours to investigate the mmcblk0p4. Using Android Commander, I was able to copy mod file to /dev/block. I restarted computer and start the AC. Went to /dev/block and the mod file was there. ON phone - I use Root browser and check the /dev/block - the mod file was there. I use Total Commander and the file was there. Reboot the phone and file was gone. The /dev/block is virtual folder/partition. Trying to get supercid by change the string will not work.
The question that I have - why do we need to change carrier ID to have s=off and why someone would point us to file that can not be change(virtual).
Any change to mmcblk0p4 will be lost upon reboot.

 

[Altaone]

Some phones that have updated to JB are write protected - I bought a one s for a family member and mmcblk0p4 was write protected...tried all kinds of ways but CID kept coming back t-mobo10. there was a post that said someone was able to get it done with estrongs file explorer - I doubt it ... of course I did not want to brick my device so I did not push at it real hard.

 

[dupek]

Is not much as write protected as much as virtual. I was able to write and change the file, but when I issue the fastboot command( fastboot oem readcid) it come back as tmob because the file was not physically written to. The file is in ram and when you reboot the phone, any changes are gone. It could be the Android Commander operating in virtual mode. I do not know. I was able to change the attribute of the /dev folder and the files itself to read/write, but was gone after reboot. Strange.

 

[scotty85]

Is not much as write protected as much as virtual. I was able to write and change the file, but when I issue the fastboot command( fastboot oem readcid) it come back as tmob because the file was not physically written to. The file is in ram and when you reboot the phone, any changes are gone. It could be the Android Commander operating in virtual mode. I do not know. I was able to change the attribute of the /dev folder and the files itself to read/write, but was gone after reboot. Strange.

im am not quite certain what you mean by virtual.

what you are describing is basically how write protection works. you can mod the file after boot just fine,and as long as the phone is on,it will stay as you changed it. however,its not really changed permantly in the phones file system.

write protection is applied at boot. the boot is done using the actual files stored in emmc,wich were not changed.

i dont know if ive explained that well,but the short answer is that write protected files are restored to original at boot.

 

[scotty85]

The question that I have - why do we need to change carrier ID to have s=off

that is how this particular exploit works. the block containing the radio secure flag(mmcblk0p3) is write protected,and thus unable to be changed,much like what youre now experienceing with mmcblk0p4.

the exploit that was found,is that when superCID is found when flashing an official file,the phone is able to be booted with no write protection,enabling the secure flag to be changed.

since the CID block was not protected at first,it was easy to:
-supercid
-exploit WP and change secure flag
-restore original CID if desired,as there are no security checks or WP with s off.

why someone would point us to file that can not be change(virtual).

becasue this is a recent development. there were several generations of OTA that allowed CID to be changed in this manner. the most recent JB OTAs have changed some phones to add WP to mmcblk0p4.

the more puzzling thing(to me anyway) is that some folks have not experienced this,and have been able to superCID and then s off after the most recent OTAs. we are unsure at this point if its certain CIDs,model IDs,or some other factor that WP has been added to.

 

[dupek]

According to WIki the /dev is a Ram (virtual) partition. That would explain the effect of not being written to after reboot. That come another question-where is coming from?. My best guess would be from boot.img. Could we "fool" the phone and get s=off?. I was looking at those steps for supercid and s=off, and wander if we could omit some steps. I already have mod file on my hd an sd. All what I need to do is push it into phone and replace. If I boot into fastboot, the do the adb command:
dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4
now, the trick is not to reboot but directly goes to s=of procedure.
Just curious if that will work.

 

[scotty85]

Unfortunately,that will not work. You cannot use adb in fastboot. Revolutionary has come out with a command line tool for the HTC one. You might check that out... It's possible it may work or could be adapted.

 

[dupek]

I did try that revone and did not worked. I got "./revone -P" with error 1, but with ./revone -p I got successful. I reboot and did the "./revone -s 0 -u"
It come up successful, but when I got to bootloader - still S=ON. I guess that revone do not work with this phone. Did you try the fastboot "fastboot oem writecid 11111111". I am going to try that and see if I can go from there.
Getting closer.