firewater is officially discontinued, please read
For nearly 3 years, I have spent a significant portion of my personal time developing methods to unlock and s-off HTC devices. I’ve developed, or been a part of the development of 5 different s-off methods, all of which are used by many users every day.
firewater s-off was a unique product for a few reasons:
- It was based on a true “hardware exploit”
- It was able to execute fully in userspace from within Android
- It could not work on all targeted devices, even on release day
#3 is an important distinction. As many users discovered shortly after release, firewater could not work on many devices, even devices that seemingly were the “exact same” as other devices that firewater did work on. While I was very vague with users regarding the reason their device couldn’t be supported, users figured it out on their own: a specific brand of eMMC was not vulnerable to firewater’s attack.
Some time after firewater was released, HTC began shipping the m8. While the m8′s architecture is significantly different than the m7 that firewater initially targeted, I was able to find a method to adapt firewater’s strategy to the m8.
Much like the m7, that same specific brand of eMMC was used in many m8′s – rendering firewater useless on those devices- there are countless threads about firewater’s dreaded “whelp” message.
Besides the “whelp message”, firewater was always a tempermental thing – it relied on more than one hardware race condition, and as such took the average user nearly 5 runs to achieve success.
Since the release of firewater for the m8, we’ve seen HTC employ 4 different strategies to block firewater:
- patching the Android kernel to remove the hooks we target in userspace
- updating low level loaders to xpu-protect firewater’s target registers
- removing some critical kernel functions
- updating eMMC firmware in eMMC controllers that were “known-working”
None of this comes as any surprise to us, nor should it surprise you. Other projects I’ve been involved in have been patched at a similar pace – facepalm, moonshine, rumrunner, even sunshine – all of these vulnerabilities have been predictably addressed by HTC.
Prior to the release of firewater for the m8, I discovered the vulnerability that would later turn in to sunshine s-off, our first “paid” release. The sunshine team has shared many times our reasons for making sunshine s-off a paid product, I won’t regurgitate it all here. Sunshine s-off is a great product that took significant resources to develop. Most sunshine users are great supporters of the project and more importantly – they are satisfied with the product.
TLDR; why is firewater discontinued?
firewater is being discontinued for these reasons:
- due to all the mitigation strategies employed by HTC, it is not feasible for us to advise users whether or not firewater will work for them. As such, there are many reports of “chugging all 12 bottles and no buzz”. It is very difficult to accurately read and manage eMMC firmware versions
- Due to those same strategies, it no longer works on most m7′s or m8′s
The rampant speculation and accusations by many users that we have intentionally ruined firewater in order to spur sales of sunshine. I will update this page later with a list of all of those users, but rest assured: they have ruined it for the rest of you. While it disappointed me every time I saw a post about the dreaded “whelp message”, I’m truly shocked and disappointed to see the accusations that we are somehow doing this intentionally. jcase and I have spent far too much time defending ourselves in these cases, and it’s caused a SIGNIFICANT amount of wasted time and stress within the sunshine team. I’m truly disappointed to have had my credibility questioned – all for a product I provided FOR FREE.
- By discontinuing firewater, we can now end the speculation and related drama and focus our time and efforts on the future.
RIP firewater, I wish I could say I’d miss you.