1. Mailinator. In some sense, a good idea. Namely, when it's only about cutting the link to your real-world identity when entering an e-mail address (like for registering on some site). You have to access Mailinator with TOR though or you might still get tracked down.
  2. mail.riseup.net: You need either two friends to refer you, or to wait between a day and some weeks to get approved for an e-mail account.

More on that: Section on e-mail in Tech Tools for Activism: "Signing up for an independent email address is not an immediate automated process, because of spammers. For example, aktivix.org issues email addresses though a friend-of-a-friend basis. If you know someone with an aktivix.org email address, you can fill in a the sign up form at www.aktivix.org   Alternatively, you can sign up for an account at riseup.net or autistici.org. You will need to fill in a short form letting them know why you want the email and they normally respond in 24 hours."

"Stay away from email services that make their money by collecting user data: it’s a business model that’s bad for privacy. You may have to pay a few dollars a month to a private email service that encrypts and securely stores your data. Some examples are Unspyable, Countermail, Silent Circle, or Lavabit." [source]

This documents the environment I use for software maintenance of Android phones. The emphasis is on efficient and repeatable results.

This is a work in progress!

Basic Android environment under Ubuntu Linux

  1. Install the adb and fastboot tools from Ubuntu packages according to these instructions.


This manual lists all the steps, in logical order, to go from a physically broken phone to a great working, free and open source phone. It links to several other articles on this blog for detailing individual aspects.


(1) Getting your hardware repair tools ready

I recommend these tools:

(2) Identifying hardware defects


(3) Repairing hardware defects



(4) Getting your software tools ready

Installing WIndows drivers for the phone: For the HTC Incredible, that means installing HTC Sync (see right column there for download!). You can uninstall this again after installing.

(5) Freeing the phone: Rooting and S-OFF

  1. Follow the All in One Noob Guide For Downgrade and S Off for HTC Incredible S. Here are my own notes: [TODO]
    • To decide if you need to do the HBOOT downgrading process at all you have to determine your HBOOT verion number at first. Basicall: boot into the bootloader, it’s written there [instructions].
    • For the HBOOT downgrading and rooting process, I used these instructions because I could not find the (more comfortable, less manual) Downgradekit from the above “All in One Noob Buide”. However, one step is missing in these instructions between 6. and 7.: you have to relock the bootloader [source and instructions].
    • After HBOOT downgrading and rooting, I proceeded with the All in One Noob Guide For Downgrade and S Off already linked above.
    • I had a problem to get the “Revolutionary” tool do its job under Windows XP, probably caused by some part of the HTC Sync software that I should have deinstalled before but could not find [source]. The error message was “rawadb_open remote closed the connection looking for target”.  Using Revolutionary on Linux was immediately successful – but remember to run it as root or add appropriate udev rules to get your device detected [source].
    • I did not install Clockwork Recovery, but the 4EXT one as I like it more. Means I chose “no” when Revolutionary asked if it should flash Clockwork to the phone, and did an ” fastboot flash recovery recovery.img” with the 4EXT recovery image.
  2. Install the unofficial CyanogeMod 10 ROM. It performed very well on my device, except that it needs the workaround for video recording as mentioned by the developer. Do not forget to install Google Apps at the same time, the link is also in that post.

(6) Installing a Custom ROM

This is well explained in the HTC Incredible S installation instructions for CyanogenMod. They use Clockword Recovery there, but it works just the same with 4EXT Recovery. It’s really simple!

(7) Installing great applications

See the article How to do unattended bulk installs of Android apps? on this site.

(8) Creating backups and a backup solution


Knowledge Resources


This solution was tested with Froxlor 0.9.27.

  1. Create subdomain as full domain. As a Froxlor admin user, create a new domain and enter webmail.example.com as domain name. You can choose any host, ideally your main / default domain. This type fo configuration is called a "full domain", allowing full configuration like vhost file additions that are not available for subdomains created by customers.
  2. Make webmail available under your single subdomain. That is, either install your webmail package it in the default document root location provided by Froxlor, or  point that document root location with a symlink to the document root directory provided by your installation (for example /usr/share/roundcube for Roundcube installed as a Debian package).
  3. Adapt open_basedir. If you want to use the open_basedir PHP ini setting (available in the Froxlor domain configuration) for your webmail installation,  you may have to add some directories as explained here because for example, Roundcube needs to include PEAR classes, write to logs etc.. Check the Apache error log to know which ones to include. However, do not simply include the directories named in the error log, but check these paths for symlink components, and configure open_basedir with equivelanet paths that have no directory symlinks in them. It won't work otherwise! In my case it was finally:
      php_admin_value open_basedir "/usr/share/roundcube/:/var/lib/roundcube/:/var/log/roundcube/:/etc/roundcube/:/usr/share/php/:/tmp/"
  4. Add ServerAlias. Again in the "Own vHost settings" section the Froxlor domain configuration dialog of your webmail.example.com domain, add this line:
      ServerAlias webmail.*.*
  5. Make sure the webmail subdomain resolves to your server's IP for all customer domains. The simplest way to achieve this is to set "Enter as wildcard domain?: Yes" for all customer domains (that are not subdomains themselves). This option is only available when editing these domains with the customer's user in Froxlor, via "Resources -> Customers", then clicking a customer's name, which su's you to the customer's user, then editing the customer's domain. If this option is still not available it is because you have configured an insufficient number of subdomains for the respective customer in Froxlor; there has to be at least one per domain.
  6. Re-create configs. For that, do one of these:
    1. Execute this via SSH on the server:
      php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force
    2. Wait until the next Froxlor cron job runs, which will also rewrite all vhost configs that need changes. (Clicking "Server -> Re-create configs" in Froxlor won't speed that up, it just queues additional config files for re-creation.)
  7. Restart Apache. Because the config changes will not be picked up in all cases automatically. So:
    service restart apache2
  8. Test. Now, a webmail subdomain should be available for every second level domain hosted on your server: webmail.example1.com, webmail.example2.com etc..

Webmail subdomains at any level?

With Froxlor, it is not easily possible to add webmail subdomains also to subdomains, like webmail.sub.example.com or webmail.subsub.sub.example.com. However, this is hardly needed anyway. The only workaround so far is to create every subdomain as a "full domain" in Froxlor, like shown above, and to disable the "Enter as wildcard domain" setting for it. Note that you can create a "full domain" only as admin, but the "Enter as wildcard domain" setting is only available when modifying this domain as customer (completely counterintuitive to have settings hidden from admins!). Of course, when hosting websites for customers, you don't want them to bother you the admin whenever they need a new subdomain, so this solution is hardly practical for those cases.

The reason for this problem is something that I see as a bug in Froxlor: it creates a wildcard ServerAlias *.sub.example.com for every subdomain created by a customer user (that is, every non-full domain). And there's no way to disable that except for patching the source code. While for all domains added as full domains, there is an option to disable that (see above, and as explained in Froxlor issue 175).

Why is there no conflict between "Enter as wildcard domain" for a customer domain, and ServerAlias webmail.*.*?

The reason that the above ServerAlias wildcard directive for webmail subdomains works together with the "Enter as wildcard domain" setting for every second level domain is that the corresponding config file is included fist by Apache, so webmail.*.* takes precedence over *.example.com because Apache works on first-match basis here. And the reason it is included first is just that third-level domains (subdomains) created as "full domains" have a config file filename starting with "21_" while second-level domains (normal domains) start with "22_", respectively. We had good luck with a bad hack here 😉

Even more strange, the "Enter as wildcard domain" setting is even required to make in Froxlor if you followed the instructions above. But not to make the webmail subdomain resolve to the same content as the customer's domain, as intended by Froxlor. Rather to force the creation of a wildcard nameserver entry that resolves th webmail subdomain to the same IP address as the server, where it will then be picked up by "ServerAlias webmail.*.*", to show the content of your webmail system.

This is a list of what parts are interchangeable in the HTC Desire, Incredible and Sensation family of devices. Of all reasonably current devices that can run a custom Android ROM as of 2013-01), these devices are the most widespread in continental Europe (excluding the UK). Knowing about parts compatibility makes it even simpler to repair them.

All information in the chart is from various sources on the Internet and partially by own experience. No guarantees for correctness whatsoever!

    Desire Incredible Sensation  
  model no.s     S   HD  Z           XE  additional
accumulator BG32100
BA S450
BA S530
x x   x     7, Mozart, Salsa
BA S470
x       Inspire 4G
BA S410
x       Nexus One, Bravo
backside speaker                    
body parts   x x  
ear speaker                    
microphone     x x       x x Gratia, HD mini, Rhyme, Sensation XL, Titan, Touch Pro 2, Trophy
power button                    
volume button                    

Notes: "x" = compatible, "–" = not compatible, "  " = unknown but probably not. This is work in progress.


You are using the Froxlor open source webhosting admin panel, together with the Apache2 webserver and the mod_php5 PHP handler. You installed a PHP web application that wants to access files outside of its document root, or used an Alias Apache directive to the same effect. The vhost configuration for its domain is done inside Froxlor. And, you want to use the open_basedir PHP directive for added security.

The two  solutions below were tested with Froxlor 0.9.27.

Solution 1: Adding the same additional directories for all virtual hosts at once

In the Froxlor panel, go to "Server -> Settings -> Web Server Settings -> Configuration", where you'll find an option to append paths to the open_basedir setting of all your virtual hosts. Compared to the per-vhost setting below, this is a much simpler solution, so it is probably a good idea to add some standard paths here even if they're not needed by every single site. Like PHP Pear paths, for example.

Solution 2: Adding different directories for different virtual hosts

  1. Create this domain as a "main domain" within Froxlor. As, only main domains can have domain-specific vhost configuration. If you created it as a subdomain (that is, using a Froxlor customer user instead of an admin user), you have to delete it there and re-create it as main domain using an admin user. (Froxlor will not delete your domain's PHP etc. files when deleting it in Froxlor's panel). You can create a Froxlor "main domain" even for a subdomain, but be sure to set the "This domain is subdomain of:" setting correctly then.
  2. Disable the OpenBasedir setting for this domain. This is done in the settings while creating the domain, and can be changed later. It is needed to prevent Froxlor from generating an open_basedir setting, as we want to create our own custom setting for that below.
  3. Add your own open_basedir settings in "Own vHost Settings:". This is done in the settings while creating the domain, and can be changed later. You should enter there a line that includes both the values that Froxlor normally uses for open_basedir (namely, the document root directory and /tmp) and the additional values you need. So for example something like:
      php_admin_value open_basedir "/var/customers/webs/customer1/sub-example-com/:/tmp/:/usr/share/pear/"
    Note the two spaces in the front – this will nicely indent your line in the Apache config file 😉
  4. Re-create configs. For that, do one of these:
    • Execute this via SSH on the server:
      php /var/www/froxlor/scripts/froxlor_master_cronjob.php --force
    • Wait until the next Froxlor cron job runs, which will also rewrite all vhost configs that need changes. (Clicking "Server -> Re-create configs" in Froxlor won't speed that up, it just queues additional config files for re-creation.)
  5. Restart Apache. Because the config changes will not be picked up in all cases automatically. So:
    service restart apache2
  6. Test the effect. Create a <?php phpinfo(); ?> script in a phpinfo.php the affected domain's document root, open it in your browser and look for the value of open_basedir.


There would normally be a lot of alternative ways to solve this, but they're all blocked for various reasons:

  • You cannot simply change the Froxlor-generated vhost configuration file (for example /etc/apache2/conf.d/22_manual_fix_vhost_sub.example.com.conf) because your change will be lost when Froxlor re-generates all the config files after the next change done to any domain configuration in the Froxlor backend.
  • You cannot manually create another Apache configuration file, say /etc/apache2/conf.d/45_manual_fix_vhost_sub.example.com.conf, to overwrite the Froxlor-provided open_basedir setting with your own value. That's because (according to my tests at least), Apache2 will only accept the first <VirtualHost ...></VirtualHost> configuration directive it finds per named virtual host.
  • In PHP, there is no way to give open_basedir values globally in php.ini that would be appended to by the open_basedir directive. Instead, they will be overwritten. However there's a feature request for some time now to change that behavior.
  • There is no Froxlor setting to add another directory to every open_basedir line it generates, even though that would be helpful for things like PEAR.
  • You cannot provide this vhost configuration setting for all virtual hosts at once via the settings for one IP in Froxlor's "Server -> IPs and Ports" view. Because the open_basedir setting has to include a domain-specific value or it won't make much sense.

This is a stub! This article is just a stub since a working solution via JTAG so far seems only available for HTC Dream / Magic. You may search for software-based debricking solutions, maybe it can solve your problem.

Creating “open source phones”. The background to this experiment is that I want to have “open source phones”: phones that you can operate and repair fully on your own with open source hardware and software tools, needing the manufacturer no longer after manufacturing the device. The tools needed for this are very different for different phones, so I specialize here on JTAG enabled smartphones, esp. HTC Desire HD and HTC Desire S. (Note that JTAG is quite a universal standard in modern smartphones, so it does not make much sense to deal with older, even more proprietary devices.) This article is immediately applicable to these models only, but will work for other HTC models and mostly also generically for JTAG enabled devices.

Now the toolbox for maintaining and repairing most HTC phones consists of (gratis or free) software tools to be found via famous XDA Developers, but not all tasks can be done by software. Esp. for some variants of unbricking, a hardware device is needed because the JTAG port has to be accesses. The task of this article is to explore this JTAG-related part of the toolbox, which seems to be so far the biggest gap for a fully open source toolchain for operating and repairing modern (Android based) smartphones.

Desired features of the open source JTAG tools. For the concept of “open source phones”, it is not really necessary that all tools involved in rooting, setting S-OFF, SIM unlocking etc. are open source. Because a phone is an “open source phone” only once being in this freed condition, so it does not matter if the tools to free it are as proprietary as those used to lock it down in the first place. However all tools needed at any point of the life cycle of a “freed phone” have to be open source software and hardware. This means, additionally to all the custom ROMs available and the techniques to apply them, the following:

  • open hardware JTAG adapter (this is just the hardware to connect a computer to the phone’s JTAG interface)
  • open source software and instructions for debricking / resurrecting the phone
  • open source boundary scan test software for identifying hardware damages to the phone via JTAG
  • open source software for changing IMEI, CID and model ID (however, be sure to respect the legal boundaries in your jurisdiction regarding these operations)

This also means that only those phones can become “open source phones” for which all challenges of freeing it have been solved (for HTC phones: S-OFF, radio S-OFF, permanent rooting, flashing a custom ROM). Simply ignore other models, as they’re not yet part of the free world 😉

Component: open source JTAG hardware adapter

This is just an idea list of principal alternatives so far. I did not investigate them more than detailed below.

  1. Bus Blaster v2. An open source hardware piece for just 35 USD that can cooperate with lots of open source JTAG debugging and flashing software, including Open OCD and urJTAG. At first sight, seems like the first solution to try.
  2. Open JTAG. This is an open source hardware project for a JTAG adapter. It is available fully assembled for ca. 80 EUR as of 2013-01.
  3. GoodFET. Another JTAG interfacing open source hardware that can flash chips, also including client software. However I could not find out so far if it can be used to access HTC phones; this should probably start by looking at their list of supported chips.
  4. Proprietary hardware (for use with open source software). Might be a good first step: finding or creating open source software to use in collaboration with an existing commercial JTAG box like the RIFF box. Notes: I do not know yet if and which means the RIFF box uses to secure access from other software.
    1. RIFF box. This is a great (widespread and recommended) choice. Ca. 130 USD [example]. It is possible to unbrick many devices [list], including HTC Desire HD and Desire S. Their software is proprietary and for Windows XP / Vista / 7 only [source]. Also see their manual and support documents and an additional official support forum.
    2. ORT-JTAG. The Omnia Repair Tool, a JTAG flasher and emulator that supports various CPU types and platforms, including the HTC Desire HD and HTC Desire S [source]. It is possible to unbrick the HTC Desire HD with this tool [instructions]. Price is 150 USD as of 2013-01 [source].
    3. XTC Clip. This is an unlocking device, not an unbricking device. However, as I do not know if RIFF box can do S-OFF for all models it supports, and as there are models where S-OFF can not be done by software only, you may need the XTC Clip for some purposes.
    4. Some other boxes. Not all available boxes used for phone service are based on the JTAG interface. It seems that JTAG is only available on newer phones, so a box like the Saras Twister cannot be hacked to do JTAG stuff.

Component: open source JTAG software

  1. goJTAG. A free and open source software package developed by universities that makes exhaustive use of JTAG capabilities, including your own boundary scan tests. [TODO: Find out if it is capable of flashing to devices as well.] It normally is meant to work with the commercial PicoTAP JTAG hardware adapter, but the great news is that now you can use the open source Bus Blaster v2 as well.
  2. OpenOCD. The “Open On-Chip Debugger” project, a mature, sophisticated, flexible software suite for dealing with all things JTAG. Esp., it can be adapted to work with several JTAG debug adapters [source], but you may have to write an own config.
  3. UrJTAG. An open source project to create a universal JTAG library, server and tools. From superficial impression, it seems that OpenOCD is more mature and more active in development, however. But UrjTAG has great documentation with interesting background infos.

Creating a solution

There is no ready-made solution for unbricking most phones with these open source tools so far. But I found one great example process, based on OpenOCD: JTAG Softboot for HTC Dream / Magic. It shows that several security measures have to be dealt with in order to flash, and the development of that process shows a strategy how to develop it for other phones like (in my case here) the HTC Desire HD and Desire S.

This knowledge about security workarounds etc. is what the authors of commercial tools (RIFF box, ORT-JTAG) have developed, and guard in their software and firmware. So maybe the simplest solution is to reverse engineer it from there.

Anyway, getting these tools to work for unbricking phones is a lot of work. The first few steps, in my view:

  1. Get a JTAG cable adapter for the phone in question, like this for HTC Desire HD or this for HTC Desire S.
  2. Get yourself an open source JTAG hardware interface, such as the Bus Blaster v2.
  3. Find out the JTAG pinout for the phone in question.
  4. Find working OpenOCD / UrJTAG / goJTAG configurations for the phone in question. One can also create them oneself, but it’s not a straightforward job as even with the same processor, devices have other configurations for access with JTAG [source, example for HTC Wildfire S].
  5. Find every piece of information about debricking the phone in question, incl. the security measures to deal with in order to flash a working bootloader again. This may include the reverse engineering just mentioned, which you would carry out by sniffing and looking at the live communication between commercial software, its JTAG hardware interface, and the actual phone.
  6. Create a script or instructions that use a suitable open source JTAG software package to execute the proper debricking method for the device.