this thread will let you unlock your bootloader without htcdev,or let you change your hboot watermark from relocked or locked back to stock.
originally,we used a zip file flashable in recovery. i have found it to work on gsm m7_ul devices with 1.44 hboot and CW recovery. it did not work with twrp. if the following is too scary,feel free to test the zip files. that thread,info,and downloads can be found here. since not all recoverys are working,these values can be changed with simple adb commands.
advantages
-no hassle with htcdev,tokens,or unlock codes
-no submitting your phones personal info to htc
-the ability to get back to 100% stock without any visual traces or records of having been s off or unlocking your bootloader.
prerequsites
*you must be s off.
*you must have superuser installed(see this thread if you need help installing superuser. use the keep bootloader locked directions)
read this:
this will not work if your s on. its not a way to magically unlock
the usual disclaimers:
use this info at your own risk. if it melts your phone into a little pile of aluminum goo,its not my fault.
it has been successfully tested on t6ul with MID 0P3P51000. i feel it is safe for other t6ul users,all MIDs,however,you are welcome to dump and we can verify the flag locations if you have concern.
if you have a different variant than t6ul,please pm me for more info prior to trying this.
credits
-beaups for giving me the echo comand,so yall didnt need to dump,edit with a hex editor,and copy back
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
-kdj67f for fearlessly testing on vzw m7_wlv and putting up some screenshots in post 2. thanks!
-matthew0776 for fearlessly testing for sprint m7_wls
*pradeepvizz for getting the ball rolling for t6 users-dumping partitions,testing commands and providing screenshots. make sure to give him a big thanks
*Jm@n for testing on sprint t6
*droidrev71 and oneandroidnut for testing vzw t6
IF you are an advanced user with adb/fastboot set up and some basic knowlede of the cmd window,you can skip to #2
1)set up adb
2)reset your "lock status flag"
to LOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now locked
_____________________________________________________________________________________________
to UNLOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now unlocked
Please Note:
*you must remove the tampered banner as well in order for the fingerprint scanner to work.
remove your tampered banner
originally,we used a zip file flashable in recovery. i have found it to work on gsm m7_ul devices with 1.44 hboot and CW recovery. it did not work with twrp. if the following is too scary,feel free to test the zip files. that thread,info,and downloads can be found here. since not all recoverys are working,these values can be changed with simple adb commands.
advantages
-no hassle with htcdev,tokens,or unlock codes
-no submitting your phones personal info to htc
-the ability to get back to 100% stock without any visual traces or records of having been s off or unlocking your bootloader.
prerequsites
*you must be s off.
*you must have superuser installed(see this thread if you need help installing superuser. use the keep bootloader locked directions)
read this:
this will not work if your s on. its not a way to magically unlock
the usual disclaimers:
use this info at your own risk. if it melts your phone into a little pile of aluminum goo,its not my fault.
it has been successfully tested on t6ul with MID 0P3P51000. i feel it is safe for other t6ul users,all MIDs,however,you are welcome to dump and we can verify the flag locations if you have concern.
if you have a different variant than t6ul,please pm me for more info prior to trying this.
credits
-beaups for giving me the echo comand,so yall didnt need to dump,edit with a hex editor,and copy back
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
-kdj67f for fearlessly testing on vzw m7_wlv and putting up some screenshots in post 2. thanks!
-matthew0776 for fearlessly testing for sprint m7_wls
*pradeepvizz for getting the ball rolling for t6 users-dumping partitions,testing commands and providing screenshots. make sure to give him a big thanks
*Jm@n for testing on sprint t6
*droidrev71 and oneandroidnut for testing vzw t6
IF you are an advanced user with adb/fastboot set up and some basic knowlede of the cmd window,you can skip to #2
1)set up adb
2)reset your "lock status flag"
to LOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now locked
_____________________________________________________________________________________________
to UNLOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now unlocked
Please Note:
*you must remove the tampered banner as well in order for the fingerprint scanner to work.
remove your tampered banner
Last edited:
