- 5,043,609
REGISTERED - 40,326
ONLINE NOW
April 18, 2012 By: Joseph Hindy
While it is still impossible (legally, anyhow) for users to transfer CDMA devices from one big provider to another (e.g. Sprint to Verizon), it is quite possible to switch from a big CDMA service provider to a smaller one. With tutorials on how to flash various CDMA devices to smaller carriers such as Boost or Virgin Mobile, users with CDMA devices may very well have more freedom than they initially assumed. For instance, owners of any of the HTC EVO devices, including the HTC EVO 3D, HTC EVO Shift 4G and the HTC EVO 4G can now flash their phones to a service provider named Page Plus.
XDA Senior Member Nevell has written a universal tutorial for all three devices that will get them off of Sprint’s network and onto Page Plus’ network with a little patience and a few modified files. The process is pretty long and will definitely take some time for first time users. The list of required software is pretty decent as well, including:
CDMA WorkShop (Paid or Demo) http://www.cdma-ware.com/workshop/demo/cdma_workshop.rar
QPST http://conflipper.com/Software/QPST_2.7_366.rar
Page Plus PRL’s (See below)
APN Backup and Restore
Page Plus APN’s
MSL Reader
Of course, you’ll need to be rooted in order to get the MSL and the HTC Drivers, including the Diagnostic Drivers to make it work as well. Next, there are many of small tasks, from obtaining the MSL to changing the APN. All in all, not a difficult process, but users attempting to do it should be very careful to follow all instructions to the letter to avoid messing anything up.
More information, the download link for the Page Plus files required for flashing, and the full instructions can be found in the original thread.
April 16, 2012 By: Joseph Hindy
Obtaining H-Boot S-Off makes up some of the most important and empowering development work on the forums. Back in the day, thanks to awesome developments teams such as Revolutionary, S-Off was nothing more than a minor annoyance. However, since the launch of the HTCDev website and the inclusion of newer, better security measures that prevent downgrading, achieving S-Off is now a bigger challenge than ever.
Not long ago, we reported that this problem had finally been solved on the HTC EVO 3D. Now the HTC EVO Shift 4G has joined the ranks. XDA Senior Member Indirect has posted a method that will get users down from the newer H-Boot and onto a version that can be made S-Off with relative ease and is available for Shift owners right now.
The method, while not as dangerous as the phone-bricking method used by its 3D cousin, should still be done with the utmost care. It isn’t particularly difficult and doesn’t require a lot of time, but it does employ ADB flashing files that Indirect has so kindly included. If you’re a little iffy on using ADB, be sure to read the instructions extra carefully before proceeding. Basically, it involves ADB flashing the popular tacoroot and then flashing an .img file over the bootloader partition, effectively downgrading it. Using this method, users can downgrade their H-Boots, obtain S-Off, and avoid all the S-On flashing woes.
For the full tutorial, download links, and discussion, check out the development thread. As stated, be sure to use the utmost care when performing the process.
April 10, 2012 By: Will Verduzco
We’ve said it before, and we’ll say it again: touch-based recoveries are the future. Aside from giving end users easier access to device firmware modification, they add a much needed element of polish to the Android hacking experience. While some may say that these upgrade recoveries take away from the feelings of thrill and excitement, I argue that they offer a more efficient interface and enable some truly unique new features not available in the recoveries of yesteryear.
In a rather large update to what is arguably the most popular touch-based recovery around, XDA Recognized Developer Dees_Troy presents to us Team Win Recovery Project (TWRP, for short) version 2.1. Aside from simply bringing a friendly UI, TWRP 2.1 packs a healthy feature punch by offering zip queuing, a basic file manager, and dual storage support for backups.
TWRP supports scripting via a new scripting engine called OpenRecoveryScript for use with GooManager. With ORS, users can install multiple update.zip files from within Android, wipe cache & dalvik, and run a backup. Furthermore, in the name of openness, Team Win has submitted ORS as a commit to ClockworkMod.
In the words of the developer:
Team Win Recovery Project 2.0, or twrp2 for short, is a custom recovery built with ease of use and customization in mind. We started from the ground up by taking AOSP recovery and loading it with the standard recovery options, then added a lot of our own features. It’s a fully touch driven user interface – no more volume rocker or power buttons to mash. The GUI is also fully XML driven and completely theme-able. You can change just about every aspect of the look and feel.
New features for version 2 of the recovery software:
Zip queuing as seen in TWRP 1.1.x is back
Dual storage capable (backup, restore, and install zips from internal or external storage – you choose)
Slider control (swipe to confirm most actions aka swipe to wipe)
Lockscreen (with slider to unlock)
Basic file manager (copy, move, delete, and chmod any file)
Added support for devices with /data/media (most Honeycomb tablets, new ICS devices like Galaxy Nexus)
Displays sizes of each partition in the backup menu
Added listbox GUI element (currently used for listing time zones)
Updated stock XML layouts to be more consistent and easier to port to different resolutions
XML layout files are significantly smaller
Partitions available backup are more accurate for some devices
Removed unneeded error messages (/misc errors, unable to stat sd-ext, etc.)
Fixed a bug with blkid detection code
Fixed bug where a blank line was inserted between every line of text during zip installs
Fixed a bug during zip installs where an invalid zip would cause TWRP to get stuck in the zip install
Added setting for themers to toggle simulation mode to make theming easier
New devices added – Galaxy Nexus GSM & CDMA (preview only, manual install), Acer Iconia Tab A500, HTC Vivid, Motorola Defy
Added support for .jpg images in the theme engine
Changed images for stock tablet theme – makes tablet builds about 500KB smaller
Removed unneeded non-GUI images from GUI – makes all builds about 100KB smaller
If you’re itching to get started, please visit the development threads listed below. If instead you are looking to theme the recovery, visit their theming guide.
October 27, 2011 By: egzthunder1
I know that it has been a few weeks already, but we finally have green light to keep on going with our exclusive series of security holes on HTC’s latest devices. In case you just tuned in on the whole issue, we will be talking about vulnerabilities found on HTC handsets across the globe, particularly on the EVO family of devices as well as some of the newer ones like the HTC Sensation and Kingdom. XDA Recognized Developer TrevE has been doing a fantastic job in uncovering the holes one by one, and after much testing, he found some rather interesting results of things that could easily be obtained from your device(s) due to pieces of code inside of the manufacturer’s handsets that are exclusively in charge of collecting data and information about you, your usage, and many other things that you don’t want to see floating around on the internet. We are happy to report that HTC got their act together with the first vulnerability and got rid of the code responsible for the threat (htcloggers.apk).
As it was agreed between TrevE and HTC, our dev has been giving HTC head starts (5 working days) on virtually all issues before publicly disclosing them. Well, HTC has been making good use of their time for issue #2 as they are currently working towards a solution, but we will go ahead and let you know what this one is about. Those of you who enjoy the speeds of WiMax on their 4G enabled devices are doing so with an inherent risk. It turns out that WiMax is even more open than the HTC logger app. The more technical details are basically that an attacker who gains control over this can potentially manipulate data connectivity and to go even as far as being able to completely reprogram your device’s CDMA parameters remotely! This is done through two open ports that basically require no authentication and just as before, the only thing required for a malicious app to do anything is INTERNET permission. The other interesting thing that came out of this discovery is that apparently you can also send commands to the radio via the WiMaxmonitoring port, and sending a single coma can create an “out of bounds range exception” basically crashing your device. Here is a more detailed explanations of the whole thing:
——————————
—————————— ——————
Vulnerability: Android Security Elevation/Wimax Information Leak/Out of Bounds Crash
Products Affected: Any HTC device with wimax services running on ports 7773/7774/7775/7776
Vulnerability reported By: TrevE
———————————————————— ——————
Attached is a proof of concept showing manipulating wimax data connectivity. Reading will only be demonstrated, but if someone was clever a few different attacks could be performed from stealing below information, to reprogramming with bogus/destructive values, possibly MITM data connections and more. WimaxMonitoring port also is able to crash the device if a comma is sent, it creates an index out of range exception. The following services are able to be read and written by a malicious app with only permission INTERNETnetstat:
tcp 0 0 ::ffff:127.0.0.1:7775 :::* LISTEN 4327/system_server
tcp 0 0 127.0.0.1:7776 0.0.0.0:* LISTEN 4230/wimaxDaemonsystem_server (port 7775) is a Wimax Monitoring socket. Not all commands are known at this time outside of:
getNaiDecoration
isDunMode
isReleaseKey/system/bin/wimaxDaemon (port 7776) Not all commands are known at this time outside of:
getMac
dumpMacTreeFromFlash
saveMacTreeToFlash
lockMacTree
unlockMacTree/system/bin/(get|set)WiMAXPropDaemon :
allows standard users read/write to root only file /data/wimax/wimax_properties used to manipulate wimax data connectivity (4g radio) by sending commands to TCP ports 7773/7774 with no authentication. Netstat:
tcp 0 0 127.0.0.1:7773 0.0.0.0:* LISTEN 4210/setWiMAXPropDaemon
tcp 0 0 127.0.0.1:7774 0.0.0.0:* LISTEN 4211/getWiMAXPropDaemon
File Accessed by method proving it should not be read from other than root or written at all:
-r–r—– 1 root root 1048576 Oct 5 23:25 wimax_properties
Props able to be read/written:
persist.wimax.Cold_Boot_Flag
persist.wimax.STANDBY_TIME
persist.wimax.SCAN_RATE
persist.wimax.Realm
persist.wimax.CenterFrequency
persist.wimax.Bandwidth
persist.wimax.0.Man
persist.wimax.0.Mod
persist.wimax.0.FwV
persist.wimax.0.HwV
persist.wimax.0.SwV
persist.wimax.0.MAC
persist.wimax.0.TO-FUMO-REF ./FUMO
persist.wimax.TO-WiMAX-REF ./WiMAXSupp
persist.wimax.IPv4
persist.wimax.IPv6
persist.wimax.ServerInitiated
persist.wimax.CLInit.PollSuprt
persist.wimax.CLInit.PollIntrvl
persist.wimax.WorkMode
persist.wimax.Session_Conti
persist.wimax.Scan_Timeout
persist.wimax.Scan_Retry
persist.wimax.Idle_Sleep
persist.wimax.Entry_RX
persist.wimax.Entry_CINR
persist.wimax.Entry_Delay
persist.wimax.Exit_CINR
persist.wimax.Exit_Delay
persist.wimax.0.H-NSP-ID
persist.wimax.OperatorName
persist.wimax.PollingInterval
persist.wimax.Primary.Name
persist.wimax.Primary.Activated
persist.wimax.0.METHOD-TYPE
persist.wimax.0.VENDOR-ID
persist.wimax.0.VENDOR-TYPE
persist.wimax.0.USER-IDENTITY
persist.wimax.0.PSEUDO-IDENTITY
persist.wimax.0.PASSWORD
persist.wimax.0.REALM
persist.wimax.0.USE-PRIVACY
persist.wimax.0.ENCAPS
persist.wimax.0.VFY-SRVR-REALM
persist.wimax.0.S-RLM.0.S-RLM
persist.wimax.0.To-IP-REF ./IP
Now, according to TrevE there are a few things that simply stand out as big “Why”‘s in here. Why is there a need for a WiMax monitoring port that can gather every single bit of information about your device and that can easily grant access to the device? This monitoring port also can check what you are running on your device (release keys) and finally it can check on the tethered state of the device. Secondly, and while this could be a simple coincidence, the timing from Sprint to limit the previously unlimited 4G seems a little odd. There could be a correlation between the existence of this reporting port to the usage of 4G in the network, which if TRUE, would mean that Sprint has been playing rather dirty all along, all that while putting our privacies at risk.
Well folks, there you have it. The holes in the different areas seem to have rather large implications if they are not taken care of soon enough. That being said, we have always been a proactive bunch when it comes to fixing broken code. Let’s get our heads together to ensure that HTC gets it done right the first time around, and as an added bonus for HTC, TrevE has been kind enough to provide a patch that completely eliminates this, which can be found here. Also, here is a description if you would rather apply this by hand:
To use edit init.shooter.rc to appear as below (or wherever binaries are started in ramdisk) and manually start them when you are going on 4g with attached app.
———————-
service wimaxDaemon /system/bin/wimaxDaemon
user root
group root
disabled
oneshot# setWMXPropd daemon
service setWMXPropd /system/bin/setWiMAXPropDaemond
user root
group root
disabled
oneshot# getWMXPropd daemon
service getWMXPropd /system/bin/getWiMAXPropDaemond
user root
group root
disabled
oneshot
And remember, there are still more vulnerabilities to come, so please stay tuned for more.
You can find more information in the original thread ( http://forum.xda-developers.com/showthread.php?t=1322437) and here ( http://infectedrom.com/showthread.php/600-Vunerability-2-WiMax-Connectivity-Reprogramming)
Want something published in the Portal? Contact any News Writer.
Thanks TrevE for everything!
October 26, 2011 By: egzthunder1
Earlier today, we saw that Sprint decided to hit the EVO family of devices with a much needed update for the security updates depicted in what we like to call PoC#1 (proof of concept #1), which was presented by XDA Recognized Developer TrevE. This security vulnerability basically allowed open access to sensitive device information thanks to a service built into the device of an apk called htclogger. As of the latest patch rolled out by HTC, this issue has finally been put to bed. It was confirmed that HTC has indeed removed said apk from the system thus effectively taking care of the original concern regarding consumer’s sensitive data being at stake. This was a good move by HTC and considering that the amount of bureaucracy and legal hoops that they must have gone through (let alone the amount of Quality Assurance and Final Testing by both HTC and the carriers), it was a remarkable thing that they were able to get a patch out in such a short period of time.
On the other hand, as with most processes that involve more than just one entity, there is always a bottleneck, something that will almost 100% guarantee that the update will not get to you at the same time as others. In this case, we have Sprint to blame for that and the reason is rather simple. Just think about the massive amount of data that needs to be moved and pushed to the millions of customers across their network, even if it is only 5 MB, as it was the case with the latest patch, when you multiply this by the number of users who will need this, the capacity of the network becomes a concern. They need to maintain service also for those millions of customers and if they were to push out the update to everyone all at once, you’d likely experience service interruptions. Sprint’s (and really most carrier’s) technique to avoid this is to push the OTA updates in waves.
Now that we laid down the groundwork for the point, lets cut right down to the chase. The roll-out to customers via OTA updates is a rather unnecessary step in this whole process. Why? I don’t know about you, but my EVO 3D is fitted with a wonderful tiny radio chip that allows me to connect via Wifi and I also have a quizillion other ways to get to the internet. See where I am going? What is the point of rolling something like this via OTA? I have personally followed HTC’s website for a very long time and as far as I can remember, they have always offered updates via direct downloads in their site. I understand that not everyone will know how to run a RUU or to even flash a zip as not every Android owner knows what he/she has in their hands, but allowing the end user to apply the patch directly from the manufacturer’s site would have the following impacts:
We’ll see you on PoC#2! Hopefully, you will consider some of this.June 16, 2011 By: orb3000
XDA member kbrn told us about the Gingerbread OTA update for HTC Evo 4G Shift: Apparently, the update will roll out on June 20 but today, the Sprint page said that the manual update is ready for download. All you have to do is go to Menu>Settings>System updates>HTC software Update and start the process. In addition to the Gingerbread update, you’ll get improved download management, and fixes for media streaming. If, for some reason, you want to wait for the update to be pushed to you, Sprint will start force-feeding it on Monday.
Let us know how this update is working for you.
Originally posted by kbrn
HTC EVO Shift 4G Getting Gingerbread 2.3 OTA Starting June 20thLooks like we are finally gonna get the official GB update.
It will start pushing the 20th but as of the 17th you can manually update by going to MENU>SETTINGS>SYSTEM UPDATES>HTC SOFTWARE UPDATE
Sourcehttp://androidcommunity.com/htc-evo-…20th-20110615/
well I just hope it is not like the damn evo 4g gingerbread update full of bugs lol
Continue to the discussion thread.
April 26, 2011 By: egzthunder1
We all love flashing our Android devices constantly, no matter if it is apps, kernels, roms, recoveries, etc. If it is in zip format, we will flash it. There are various apps out there that will allow you to start the flashing process, or at least make you boot into recovery to flash whatever it is that you want to flash. XDA member joeykrim has created an app called Flash Image GUI, which as its name clearly states, it is a graphical user interface to easily choose and flash kernels, roms, and recovery images, all from the comfort of your OS. There are other apps that will allow you to do certain things such as Rom Manager and Kernel Manager. However, this app is an all in one.
It is still in early development, and aside from a few something devices being supported, only the EVO and the EVO Shift can be flashed via this app. Please leave some feedback for the dev if you found this useful.
flash_image (bmlwrite) is an extremely useful utility for flashing custom kernels, boot logos and recoveries. This binary has made it possible to easily flash all these items and is used almost everywhere behind the scenes (i.e. in custom recoveries, packaged into kernel /sbin, etc).
You can find more information in the application thread.
Want something published in the Portal? Contact any News Writer.
January 28, 2011 By: egzthunder1
XDA moderator toastcfh comes bearing a nice little gift, courtesy of HTC. If you were happy about getting perm root on your HTC EVO Shift 4G, this will likely make a tear roll down your cheek. HTC just released the sources for the “speedy” kernel used in the aforementioned device. To the end user, this probably doesn’t mean much at this stage, but for kernel devs, this is the equivalent of someone having opened a candy store in front of a bunch of toddlers. Possibilities from this will include: fixes and improvements to the current kernel for the EVO Shift, ports for other devices, and much more. So, if you were hesitant about getting your hands on one of these because of the lack of development, now is your chance to get one and get the most out of it.
Have you done any work on this kernel already? We would love to hear your experiences with this so far, so please share your findings.
no bs let the fun begin link below
You can find more information in the original thread.
Want something published in the Portal? Contact any News Writer.
January 28, 2011 By: egzthunder1
The third WiMax capable device to hit the US market has joined the ranks of its brethren, which have all been permanently rooted. XDA member bcnice20 along with the help of other devs heavily involved in the development of Android devices, has achieved permanent root on the HTC EVO Shift 4G. This means that all of you new Shift owners will be able to use Busybox, Titanium Backup, and change the look and feel of your device to your heart’s content. The process is not your typical 1 click root like unrEVOked or z4root. For this, you will have to have some familiarity with adb, pushing files, and a few other things. The guide is very well written and straight forward, but you must make sure that you follow it to the “T” in order to avoid problems down the road.
All the files and download links for the things you need are provided in the thread. Please leave feedback if you run into issues or if this guide simply “worked” for you.
Disclaimer
Please read each and every step in this guide and do them fully failure to do this exactly as it is layed out could result in a permanent brick as usual I am not responsible for anybody’s failure to read directions.
You can find more information in the guide thread.
Want something published in the Portal? Contact any News Writer.
January 11, 2011 By: egzthunder1
CES brought quite a few new surprises (and some not so new) to the table of mobile technology. There have been many Android devices that were unveiled (officially anyways) and we can’t help but to get excited as we think that this will bring newer life into our forums. With that being said, we wanted to introduce some of the already rumored devices that were going to hit our little world. There will be two 4G capable devices hitting both US major CDMA carriers that we believe are going to make a shift (no pun intended) in the way things go right now. Also, we are introducing a forum for Motorola’s first Tablet. The devices from the manufacturer have been officially tough nuts to crack, but we believe that this will give devs are run for their money. Lastly, the Advent Vega, which is yet another new comer into the Tablet race.
Do you think that you will be getting any of these? What are your thoughts on the announced performance of the Thunderbolt? Maybe you are looking into switching to the Shift 4G. If you are, we would love to hear what you think.
The HTC EVO Shift 4G Home.
The HTC EVO Thunderbolt Home.
The Motorola Xoom Home.
The Advent Vega Home.
YouTube
Follow
Like
Google+
