[Status] VZW M8 Bootloader Unlock / S-Off Method topic

Current Status: Bootloader Unlock / S-Off - NOT POSSIBLE

The HTC M8 has launched for Big Red, and much to our dismay, HTCDev does not allow for us to unlock the bootloader through the traditional avenues.

Presently, there is no known workaround.

Thus, this is a thread for conversations regarding any progress being made on a bootloader unlock/S-Off method for the VZW HTC One M8.

Try to avoid being speculative as much as possible. Please post any updates you see in other threads and on other sites. Also, if notable champions of previous unlock methods/exploits want to post their efforts here (*ehem beaups et. al...), by all means, feel free!

This is not a bounty thread.

[Tutorial] New method for advanced menu topic

After being bombarded by an old friend to get back into game hacking. I came back out of retirement with some fresh ideas.

With this return, I wanted to have one the snazziest menu available. While putting in the minimal amount of work possible.




The idea is simple. Structure with HTML, style with CSS, animate and function with JavaScript. Things I already do on a daily basis for a living.

The menu "emulator" is a C# executable with a WebBrowser control. The emulator reads the live elements and stores their values in a settings file.

The emulator is run from a dll that then waits for the emulator to message that it is ready. By enumerating the child windows, I was able to get down to the Internet Explorer window that was embedded inside my application.

Using PrintWindow() and a HBITMAP variable. I am able to stream the browser into a LPDIRECT3DTEXTURE9 variable which is then drawn as a sprite.

Since the bytes are read or displayed in reverse, I used D3DXMatrixTransformation2D() to flip the image right side up.

Using GetCursorPos() and GetAsyncKeyState(), I tracked and then sent the mouse input from the game to the browser using SendMessage().

I essentially made a quick in game browser that only displays my menu.
With this method, I can add options instantly and even create elaborate controls without having to deal with the difficult and painful process of prim and sprite elements.

I haven't cleaned up the code, its available for anyone who wants to skim it

PHP Code:

---


void CaptureWindow(HWND hWnd, RECT clientRect, DWORD* pResult, DWORD size, bool image)
{
   int bits;
   
   HDC clientDC,
       memoryDC;
   
   BYTE* pAddress;

   DWORD* pRet;
   
   HBITMAP hBitmap;

    BITMAPINFO bmpInfo;

   
   bits = 32;
   pRet = 0;
   
    BITMAPFILEHEADER bfHeader = 
   { 
      0x4D42, 
      0, 
      0, 
      0, 
      sizeof(BITMAPFILEHEADER) + sizeof( BITMAPINFOHEADER) 
   };

    BITMAPINFOHEADER biHeader = 
   {
      sizeof( BITMAPINFOHEADER ),
        clientRect.right,
        clientRect.bottom,
        1,
        bits,
        BI_RGB,
        NULL, NULL, NULL, NULL, NULL 
   };


    bmpInfo.bmiHeader = biHeader;

    clientDC = GetDC(hWnd);
   memoryDC = CreateCompatibleDC(clientDC);
    hBitmap = CreateDIBSection(clientDC, &bmpInfo, (bits == 32 ? DIB_RGB_COLORS : DIB_PAL_COLORS), (VOID**)&pAddress, NULL, NULL);

    SelectObject(memoryDC, hBitmap);
      
   PrintWindow(hWnd, memoryDC, NULL);

    DeleteDC(memoryDC);
    ReleaseDC(hWnd, clientDC);


   if(image == true)
   {
      memcpy(pResult,                                                         &bfHeader,  sizeof(BITMAPFILEHEADER));
      memcpy((DWORD*)((DWORD)pResult + sizeof(BITMAPFILEHEADER)),                              &biHeader,  sizeof(BITMAPINFOHEADER));
      memcpy((DWORD*)((DWORD)pResult + sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER)),   pAddress,   size);
   }
   else
      memcpy(pResult, pAddress, size);

    DeleteObject(hBitmap);
}

bool IsFocused()
{
   DWORD id1,
         id2;

   HWND hActive;


   hActive = GetActiveWindow();

   GetWindowThreadProcessId(hActive, &id1);
   id2 = GetCurrentProcessId();

   return id1 == id2;
}

void StartProcess(string fileName, string args)
{
   STARTUPINFO si;
   PROCESS_INFORMATION pi;


   ZeroMemory(&si, sizeof(si));
   si.cb = sizeof(si);
   ZeroMemory(&pi, sizeof(pi));

   CreateProcess(fileName.c_str(), (LPSTR)args.c_str(), NULL, NULL, FALSE, CREATE_NO_WINDOW, NULL, NULL, &si, &pi);
}


void DoMenu(LPDIRECT3DDEVICE9 pDevice)
{
   static string fileName;

   static DWORD lParam,
                frameCount;

   static D3DXMATRIX mat;

   static bool initailized,
               lButtonDown,
               menuVisible;

   static int iOverlayOpacity,
              iMenuOpacity,
              iMenuOffset,
              iTickCount;

   static HWND hBrowserMenu,
               hBrowser;
   
   static RECT menuSizeRect;

   static D3DXVECTOR2 vCenteredPos;

   static POINT ptCursor,
                ptLastCursor;

   static DWORD pixelAmount,
                imageAmount,
                timestamp,
                dwAsyncKeyState;

   static DWORD* pResult;
   
   static D3DLOCKED_RECT lockedRect;

   static LPDIRECT3DTEXTURE9 texBackground;

   static bool keyState[255] = { false };


   if(initailized == false)
   {
      settings.workingDirectory = workingDirectory;

      fileName = workingDirectory + /*svchost.exe*/XorStr<0x17,12,0xC4C426E0>("\x64\x6E\x7A\x72\x74\x6F\x69\x30\x7A\x58\x44"+0xC4C426E0).s;

      string params = string(/*svchost.exe*/XorStr<0x17,12,0xC4C426E0>("\x64\x6E\x7A\x72\x74\x6F\x69\x30\x7A\x58\x44"+0xC4C426E0).s) + string(" ");
      params += std::to_string((_ULonglong)GetCurrentProcessId());

      StartProcess(fileName, params);

      settings.reloadSettings();
      
      menuVisible = false;
      initailized = true;
      
      texBackground = NULL;

      menuSizeRect.left = 0;
      menuSizeRect.top = 0;
      menuSizeRect.right = 800;
      menuSizeRect.bottom = 600;

      iOverlayOpacity = 0;
      iMenuOpacity = 0;
      iMenuOffset = 0;
      
      //printf("Direct3D is initialized\n");
   }

   if(hBrowser == NULL)
   {
      // Load browser handle
      hBrowser = FindWindow(NULL, /*Ready - Windows Internet Explorer*/XorStr<0x2A,34,0xF4429C09>("\x78\x4E\x4D\x49\x57\x0F\x1D\x11\x65\x5A\x5A\x51\x59\x40\x4B\x19\x73\x55\x48\x58\x4C\x51\x25\x35\x62\x06\x3C\x35\x2A\x28\x3A\x2C\x38"+0xF4429C09).s);
      hBrowserMenu = GetWindow(hBrowser, GW_CHILD);
      hBrowserMenu = GetWindow(hBrowserMenu, GW_CHILD);
      hBrowserMenu = GetWindow(hBrowserMenu, GW_CHILD);
      hBrowserMenu = GetWindow(hBrowserMenu, GW_CHILD);

      if(hBrowserMenu != NULL)
      {
         //printf("Found the menu\n");

         // Allocate screenshot memory
         pixelAmount = menuSizeRect.bottom * menuSizeRect.right * 4;

         if(pixelAmount > 0)
         {
            imageAmount = pixelAmount + sizeof(BITMAPFILEHEADER) + sizeof(BITMAPINFOHEADER);
            pResult = (DWORD*)malloc(imageAmount);
         
            // Load first screenshot
            CaptureWindow(hBrowserMenu, menuSizeRect, pResult, pixelAmount, true);
            D3DXCreateTextureFromFileInMemoryEx(pDevice, pResult, imageAmount, D3DX_DEFAULT_NONPOW2, D3DX_DEFAULT_NONPOW2, D3DX_DEFAULT, 0, D3DFMT_R8G8B8, D3DPOOL_MANAGED, D3DX_DEFAULT, D3DX_DEFAULT, 0, NULL, NULL, &texBackground);
         
            //printf("Captured the menu\n");
         }
      }
   }

   if(frameCount%2 == 0)
   {
      if(GetAsyncKeyState(VK_INSERT)&1)
      {
         //printf("Toggled the menu\n");
         menuVisible = !menuVisible;

         settings.reloadSettings();
         settings.bIsMenuVisible = menuVisible;
      }

      if(menuVisible == true && frameCount % 10 == 0)
      {
         settings.reloadSettings();
         settings.SetHaveSettingsChanged(true);
      }

      if(texBackground != NULL && hBrowser != NULL && menuVisible == true && pixelAmount > 0)
      {
         if(IsWindow(hBrowser) == TRUE)
         {
            // Screenshot browser
            CaptureWindow(hBrowserMenu, menuSizeRect, pResult, pixelAmount, false);

            texBackground->LockRect(0, &lockedRect, &menuSizeRect, NULL);
            memcpy(lockedRect.pBits, pResult, pixelAmount);
            texBackground->UnlockRect(0);

            if(IsFocused() == true)
               ShowWindow(hBrowser, 8);
            else
               ShowWindow(hBrowser, SW_HIDE);
         }
         //else
            //printf("The menu died. Long live the king.\n");
      }
   }

   if(menuVisible == true && settings.bHideMenu == false)
   {
      if(iOverlayOpacity < 150)
         iOverlayOpacity += 10;

      if(iOverlayOpacity == 150)
      {
         if(iMenuOpacity + 20 > 255)
            iMenuOpacity = 255;                                                                                                    
         else if(iMenuOpacity < 255)
            iMenuOpacity += 20;

         if(iMenuOffset > 0)
            iMenuOffset -= 20;
      }
      
      cD3D::Instance()->DrawFilledRectangle(0.0f, 0.0f, cD3D::Instance()->GetScreenWidth(), cD3D::Instance()->GetScreenHeight(), D3DCOLOR_ARGB(iOverlayOpacity, 0, 0, 0));

      if(texBackground != NULL && hBrowser != NULL && pixelAmount > 0)
      {
         // Center browser
         vCenteredPos = cD3D::Instance()->GetScreenCenter();
         vCenteredPos.x -= menuSizeRect.right/2 - iMenuOffset;
         vCenteredPos.y -= menuSizeRect.bottom/2;
      
         // Draw browser
         D3DXMatrixTransformation2D(&mat, &D3DXVECTOR2(0.0f, (FLOAT)menuSizeRect.bottom/2.0f), 0.0, &D3DXVECTOR2(1.0f, -1.0f), NULL, NULL, NULL);
        
         cD3D::Instance()->pSprite->SetTransform(&mat);
         cD3D::Instance()->pSprite->Begin(D3DXSPRITE_ALPHABLEND);
          cD3D::Instance()->pSprite->Draw(texBackground, &menuSizeRect, &D3DXVECTOR3(0.0f, 0.0f, 0.0f), &D3DXVECTOR3((FLOAT)vCenteredPos.x, (FLOAT)-vCenteredPos.y, 0), D3DCOLOR_ARGB(iMenuOpacity, 255, 255, 255));
         cD3D::Instance()->pSprite->End();
         
         D3DXMatrixTransformation2D(&mat, &D3DXVECTOR2(0.0f, (FLOAT)menuSizeRect.bottom/2.0f), 0.0, &D3DXVECTOR2(1.0f, 1.0f), NULL, NULL, NULL);
         cD3D::Instance()->pSprite->SetTransform(&mat);

         // Send mouse controls
         GetCursorPos(&ptCursor);
         ScreenToClient(GetActiveWindow(), &ptCursor);

         ptCursor.x -= (LONG)vCenteredPos.x;
         ptCursor.y -= (LONG)vCenteredPos.y;

         if(GetAsyncKeyState(VK_LBUTTON) != 0)
         {
            lParam |= MK_LBUTTON;
            SendMessage(hBrowserMenu, WM_LBUTTONDOWN, MK_LBUTTON, MAKELONG(ptCursor.x, ptCursor.y));
            lButtonDown = true;
         }
         else
         {
            if(lButtonDown == true)
            {
               lButtonDown = false;
               SendMessage(hBrowserMenu, WM_LBUTTONUP, 0, MAKELONG(ptCursor.x, ptCursor.y));
            }
         }

         if(ptLastCursor.x != ptCursor.x || ptLastCursor.y != ptCursor.y)
         {
            SendMessage(hBrowserMenu, WM_MOUSEMOVE, lParam, MAKELONG(ptCursor.x, ptCursor.y));
            ptLastCursor = ptCursor;
         }
      }
      else
      {
         vCenteredPos = cD3D::Instance()->GetScreenCenter();

         cD3D::Instance()->DrawSafeCenteredText(vCenteredPos.x, vCenteredPos.y, D3DCOLOR_XRGB(255, 255, 255), "Loading...");
      }
   }
   else
   {
      if(iOverlayOpacity > 0)
         iOverlayOpacity -= 10;

      if(iMenuOpacity - 5 < 0)
         iMenuOpacity = 0;
      else if(iMenuOpacity > 0)
         iMenuOpacity -= 5;

      if(iMenuOffset < 100)
         iMenuOffset += 10;
   }
} 





---

Method to Root Samsung Galaxy Note 3 topic

Follow the below mentioned link to Root your Samsung Galaxy Note 3 in the simplest, effective and in the most safest way. Each and every step is explained in detail along with precautions. A truely simple and effective guideline.
http://blog.brokenlcds.com/root-samsung-galaxy-note-3/

possible method CWM RECOVERY.. topic

hi there,
after searching number of CWM injecting possibilities,
i found a method an automatic CWM building website

builder.clockworkmod.com

the procedure is, u have to upload stock recovery image of device(grand 2 in our case)
and upload extra files(optional) related to recovery.
then our uploaded file will be queued...
there will be a progressbar shown about the completion of building recovery.

once it gets completed then there are number of files shown including the builded CWM recovery
(unfortunately i can't download them due to my internet issues)

so please someone try this method..
thanks in advance :)

ODIN ROOTing METHOD topic

I am very comfortable rooting a Galaxy Note i717 via odin. Reading through captivate method I am not following it too well and I am not confident that I can do it without bricking the phone. I am wondering if the odin method for i717 is confirmed to work on this phone as well? It's stock 2.3.5

[Q] Another method for rooting Samsung Galaxy Core Plus topic

I`m using Samsung Galaxy Core Plus SM-G350
Android version: 4.2.2.
Baseband: G350XXUAMJ7
Kernel ver: 3.4.5-1845929 dpi@DELL212 #1
Build num: JDQ39.G350XXUAMKC

And I try almost all versions of Framaroot but I only got Aragorn exploit (wich fails to root).
I see that Gandalf can root, but i didnt see it. I didnt got this expoit with any of downloaded app.

I`m using Linux so I cant run Oneclickroot (btw: trojan is binded to this software.)
And someone mention SRSRoot (and this software have binded virus too)
Cause I`m new i can post proofs about viruses, cause i cant post outside links, but who wants proof. PM me!

Is there any other way to root my phone?

Some su that I can push via adb or some other way?
Please help :)

[ROOT] Easy Method To RooT Note II Official Android 4.3 Jelly Bean and Remove Knox topic

1. Download and Flash Philz Recovery through pc odin in Pda Tab
Download Recovery - https://www.dropbox.com/s/67k66hjize...-n7100.tar.md5
Download Odin - https://www.dropbox.com/s/oa2q08x0v2...din3-v1.85.zip
2. Download DrKetan_MultiTool_AdvanceV5 and Put it In Internal sd Of the Phone
Download - https://db.tt/TRhWlBds
3. Go To Recovery Mode (Hold power + Home + Volume Up Together) and Flash DrKetan_MultiTool_AdvanceV5
4. Now the Multi Tool Window Will Appear
5. Now just Inject Root And Busybox
6. It Will Automatically Remove Knox and After Phone Reboots , You will see Supersu In App Drawer , Dont Open It and Go to play store and Update SuperSu
7. Enjoy

[Discuss] Best method of intercepting a window's events topic

I'm looking for a way of intercepting window events (EG: WM_PAINT, WM_LBUTTONDOWN) that would be hard to detect. Any ideas? Bonus points if it works externally (though it is not necessary).

iBall Andi KKe+ Rooting method topic

This is a thread for iBall Andi KKe+ Rooting method
Step 1:- Download and install Framaroot from here
Step 2:- Click on Boromir
Step 3:- Reboot manually (auto didn't worked)
Congrats, your iball andi kke+ has rootnow

Credits:alephzain for framaroot and mefor rooting method

[Q] [DOWNGRADE] Safe method to downgrade ? topic

I want to downgrade my Nexus from 4.4.2 (Omni nightly) to 4.3.1 (any custom rom). I tried flashing 4.3.1 PSX but was stuck in a bootloop. So I want to know the safest method to downgrade to 4.3.1 ?

Confused on which *rever back to stock* method i should use VS980 topic

So i just got my replacement device since the other one has been locking and unlocking itself its been really annoying. I just got the replacement device meaning i need to send back the other one but i need to return it back to stock. I did some research and i dont know which method to use. I found like 3 and i dont want to use the wrong one.

I have TWRP 2.3.4 installed with malladus rom but im still on the 11A build. So which guide should i use?

http://forum.xda-developers.com/show....php?t=2432476

http://theunlockr.com/2013/10/31/unroot-lg-g2-verizon/

http://forum.xda-developers.com/show....php?t=2471370

[HOWTO][ROOT] Confirmed method to root the 98.30.1 & 9.8.1 firmware. topic

Thanks to k1mu for figuring this trick out.
It's originally a Samsung Galaxy S4 root method but does infact work for the Razr M.

Here is a link to the zip file. Saferoot.zip

1. Download & Unzip/Extract saferoot.zip


2. Plug your RAZR M into your PC via the USB Cable and Make sure the USB Mode is set to MTP.


3. Enable USB Debugging on your phone.
   In Developer Options, make sure "USB Debugging" is checkmarked.
   --Go to "Settings", "More...", then "Developer Options".
   If "Developer Options" doesn't appear, then you'll need to enable it - go to "Settings", "More", "About Phone". Scroll down so the "Build Number" is visible, then tap on that several times until developer mode is enabled.


4. Allow your computer to access ADB.
   Make sure that your computer is allowed to use USB debugging on your phone. To do this, unplug your phone and unlock it. Then, plug in the USB cable.
   If you see an "Alllow USB debugging?" window pop up, tap on the "Always allow from this computer" to check it, then tap OK.
   If you don't see that popup, it's OK, you should be OK to proceed.


5. On WINDOWS - run 'Install.bat' and follow on screen instructions


6. On LINUX & MacOS - To run this root, download and unzip the zip file. Open a shell window, and to change to the directory where you unpacked saferoot.zip, and type "sh ./install.sh". Follow the onscreen instructions and once complete your Razr M should now have root.

If the embedded adb fails, you'll need to have the Android Debugging Bridge (adb) installed and configured and on your path. You can test that it's ready by opening a shell (Terminal) window and typing "adb shell". If you get a shell prompt on the phone, type "exit" and you're ready to go.