[BREAKING] S-OFF Available for the HTC One from Revolutionary
In light of HTC’s persistent refusal to give in, and stop wasting their customers’ money on their failed attempts to lock down bootloaders, it is rather pleasing to note that the Revolutionary team has made its return to the HTC One forums, to present their early-access developer preview of Revone.
Posted by XDA Recognized Developer ieftm, it appears the Revolutionary team have been busy once again. The current tool is clearly labelled as an early access preview, and it is worth heeding the warnings. That said, this appears ready to use if you have suitable experience in working with command line tools such as adb and fastboot.
The exploit takes the form of a single binary, which is pushed to /data/local/tmp (a location where the user has free access to write files to using the adb service, and execute them from within), and run the prepare command (revone -P) in order to prepare the device for the process of gaining S-OFF. The next step is arguably of most interest, where the bootloader can be unlocked, locked (without setting the re-locked flag), relocked (leaving the relocked flag in place), and the tamper flag can be reset.
With the ability to reset flags like the tamper flag, one really must question the usefulness of such a “security” feature. If it can be reset solely using software, does it offer much protection whatsoever? Bootloader locks are a useful security feature when they can only be removed by the legitimate owner, but unfortunately HTC continues to offer incomplete locks to developers, and the community has once again taken it upon itself to right this.
Do bootloader locks help with device security, or do they simply serve to satisfy controlling carriers’ thirst to exert control over devices on their network? Either way in this case, it is clear the Revolutionary team has shown they offer little in the way of security. Those looking to get started should head over to the development thread for more details.