You know what they say, irc logs are the first draft of history and they're linked from the wiki, so I'll make this brief. Scotty2, whose early successes include hacking the unhackable gsm RAZR, had a plan of attack that went directly for the eMMC chip through a kernel module. Though sidetracked by a month of other avenues, including the traditional radio and bootloader exploits, buffer overflows and the rest while building a war chest of knowledge about kernel modules (try building a kernel module for a kernel without source sometime) and patiently educating me (sometimes too patient), it came back to the same GPIO 88 that had been looked at a month earlier, and the same method. After the "hard reset" attempt of the eMMC module failed it was clear to him that only powering down the chip would allow the write protect to be disabled (or a reset line but that was either/both not connected or disabled in the eMMC's configuration). So the next month was spent trying to find a way to power down this chip. The reality is HTC was really clever and didn't actually use GPIO 88 itself in the traditional way, but instead used it as a pull down against the eMMC's power line (we think) so that changing the GPIO's configuration and not it's level would reset the chip. This is exactly what HTC's bootloader does when it needs to disable the write protect. If you follow the IRC logs from last night you'll see that it was finally looking at what parameters were being passed to the gpio_config (name is guessed) function, which didn't make any sense for just switching the value of the GPIO line. I know, personally, I had fun and hope you can see that from all the source on github.com/tmzt which is scotty2's, mine, and others. It's all there for anyone who needs to get into a locked down kernel (tivoized) on ARM, so you don't have to start from scratch.

While the core parts of the kernel are difficult for a beginner to understand, especially one without the background in computer science, there are some things that you can do with the kernel that pretty much anybody with programming experience (in C) can do. For instance, starting a port to a new ARM device. Anybody who wants to join #htc-linux on freenode I'd be happy to give an early lesson sometime.