How to Listen to Beats 1 on Android Right Now

If you felt a bit left out by Apple launching their own online radio station Beats 1 … more

NVidia SHIELD TV – XDA TV Device Review

The SHIELD TV is a not an Android smartphone device. However, that doesn’t mean it … more

PSA: Having cellular connectivity or texting issues tonight?

You’re not alone…Tonight, many users are experiencing a myriad … more

Beats Music No Longer Accepting New Accounts

Whenever Apple launches a new product or service, it definitely manages to grab the … more

[UNLOCK] AT&T Bootloader Unlock Through HTC-Dev

971 posts
Thanks Meter: 659
By grankin01, Senior Member on 24th May 2012, 07:58 PM
Post Reply Subscribe to Thread Email Thread
You do this at your own risk!!! This could turn your new phone into a very expensive paperweight!!! If you don't know how to do it or are uncomfortable DON'T DO IT!!!

You need ADB and an understanding of how to use it and have a rooted device (although I didn't test this). You will also need a hex editor like HxD.


1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.

2. Type "su" and hit enter. You now have root privileges.

3. Next type "dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4" and hit enter. This will dump the partition to your sdcard.

4. Next type "exit", hit enter, type "exit", and hit enter again. This should take you back to a command prompt for your computer.

5. type "adb pull /sdcard/mmcblk0p4" and hit enter. NOTE THE SIZE OF THE FILE BEFORE THE NEXT STEP!

6. Open the file (mmcblk0p4) with your hex editor.

7. Look for offset 00000210 (if your on RUU version 1.82 the offset may be 00000214) and you should see CWS__001 with your IMEI number attached to it.

8. Change CWS__001 to 11111111 and save the file as mmcblk0p4MOD. This will give you SuperCID as well. MAKE SURE AT THIS POINT THAT THE FILE IS THE EXACT SIZE IT WAS BEFORE YOU HEX EDITED IT!

9. Now go back to your command prompt and type "adb push mmcblk0p4MOD /sdcard/mmcblk0p4MOD" and hit enter.

10. Type "adb shell" and hit enter then type "su" and hit enter again. This will put you back into the android shell and give you root privileges.

11. Type "dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4" and hit enter. To test if it worked restart the phone into fastboot (type "adb reboot bootloader" and hit enter) and once the bootloader screen comes up type "fastboot oem readcid" and hit enter. It should read "11111111".

12. Next type "fastboot oem get_identifier_token" and hit enter. Leave that up on your screen and go to Follow the instructions from there. Choose "All other supported models" from the dropdown menu.

For those having trouble with the hex editor portion of this I have posted a picture from Squeak22 showing exactly what it should look like. Thanks Squeak22!

Enjoy all!

Attached Thumbnails
Click image for larger version

Name:	20120524_141630.jpg
Views:	37541
Size:	255.5 KB
ID:	1081792   Click image for larger version

Name:	hexedit.jpg
Views:	40377
Size:	100.2 KB
ID:	1082790  
Last edited by grankin01; 25th May 2012 at 04:54 AM.
The Following 348 Users Say Thank You to grankin01 For This Useful Post: [ View ]
24th May 2012, 08:00 PM |#2  
sk806's Avatar
Senior Member
Flag Rye, New York
Thanks Meter: 1,433
Worked for me with CID 11111111.

Thanks, my friend, now I can stop that f'ing thread...

The Following 26 Users Say Thank You to sk806 For This Useful Post: [ View ]
24th May 2012, 08:03 PM |#3  
warri's Avatar
Senior Member
Flag Jupiter
Thanks Meter: 39
Donate to Me
I see a whole Case load of "Thanks" coming your way.

Now all we need is SK to finish CWM Recovery!


Confirmed working
Last edited by warri; 24th May 2012 at 09:35 PM.
The Following 3 Users Say Thank You to warri For This Useful Post: [ View ]
24th May 2012, 08:04 PM |#4  
grankin01's Avatar
OP Senior Member
Flag Georgetown, KY
Thanks Meter: 659
Donate to Me
LOL no prob. Glad we got it figured ... at least for now.
The Following 2 Users Say Thank You to grankin01 For This Useful Post: [ View ]
24th May 2012, 08:04 PM |#5  
Senior Member
Thanks Meter: 20
24th May 2012, 08:05 PM |#6  
Senior Member
Flag Long Island
Thanks Meter: 36
SO this is a NO-Go if we updated to the new 1.85 This morning? Have to wait for the 1.85 Root first correct?

24th May 2012, 08:06 PM |#7  
gunnyman's Avatar
Senior Member
Flag Greenville SC
Thanks Meter: 2,682
Donate to Me
HOLY CRAP! What a great day! Thanks DEVS!
24th May 2012, 08:06 PM |#8  
cranch's Avatar
Senior Member
Thanks Meter: 46
So this appears as an adaptation on how you were able to flip back and forth to older Firmware/RUUs with the changing the software version number? Nice find and congrats!
24th May 2012, 08:06 PM |#9  
Senior Member
Flag New Holland, Pennsylvania
Thanks Meter: 104
Holy big picture, batman.

Anyway, a huge thanks to all the devs who worked on this. Hopefully it still works in 4 hours when I get home
24th May 2012, 08:07 PM |#10  
niceppl's Avatar
Senior Member
Flag Toronto
Thanks Meter: 263
Donate to Me
high five !!
The Following User Says Thank You to niceppl For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes