[how to] lock/unlock your bootloader without htcdev(s-off required)

Search This thread
By:
Advanced…
santidoo

santidoo

Member
Dec 18, 2012
43
7
scotty1223 said:
do not use this on the one v!!! the partition layout is completely different,and ive no idea what youre overwriting that could affect something else.

i am more than happy to help you look for it. lets start with partitions 3-7. ill need a set that are unlocked ,and dumps from someone who is is locked. if you cannot find someone with those criteria,then send dumps after locking the bootloader with fastboot oem lock

upload your dumps and pm me a link(dont post links publicly cause some partitions may contain personal info such as meid,esn,etc). name them in such a way that i can tell what they are.

dump them with:
dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3

dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4

and so on
Click to expand...
Click to collapse

Ok, thanks a lot. I will get the dump files in a while. I do not know noone with Locked bootloader, so I will relock my own and grab the dump files again.
Anyway, do you know any other way to back to LOCKED status?
 
wewenk

wewenk

Senior Member
Oct 26, 2010
789
256
To get s-off we have to get root right? and to get root we have to unlocked? CMIIW
So it is not work for device which never get htcdev unlocked before?

Sent from my HTC 802w using XDA Premium 4 mobile app
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
wewenk said:
To get s-off we have to get root right? and to get root we have to unlocked? CMIIW
So it is not work for device which never get htcdev unlocked before?

Sent from my HTC 802w using XDA Premium 4 mobile app
Click to expand...
Click to collapse

If you can get s off via some method that does not require htcdev unlock, then it is not required

Sent from my HTC6435LVW using Tapatalk
 
taha198

taha198

Senior Member
Dec 23, 2010
484
143
Mumbai
OPPO Reno 10x Zoom
Google Pixel 4a
Hi scotty buddy.
My Model id PN07110, cid HTC__38, hboot 1.56, android 4.4.2. Indian HTC one. I am soff and locked boot loader and not rooted. Need recovery zip to flash in ruu mode. Bro, can you make a proper recovery zip of twrp to flash in ruu mode. Thanks.

Sent from my HTC One using Tapatalk
 
N

nirez

Member
Mar 1, 2014
41
3
Hey, i tried to lock my bootloader on hboot 1.56 and with TWRP. It worked very well! But after the overwriting, it didnt rebooted my device, because it didnt read my device. So i manually rebooted to bootloader, and i see its ***LOCKED***. Thank you. :good:
 
M

MICH_**

Senior Member
Jul 5, 2013
720
82
Why do i need superuser for this? My phone is not on stock rom with stock recovery. I just want to lock the bootloader... Any way to do so?
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
MICH_** said:
Why do i need superuser for this? My phone is not on stock rom with stock recovery. I just want to lock the bootloader... Any way to do so?
Click to expand...
Click to collapse

No one said you needed to be on a stock room and recovery. You just need to be in a root shell to enter the lock command.

If you're not rooted, you can run the command in a custom recovery, or use a temp root.

Sent from my HTC6435LVW using Tapatalk
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
picard47 said:
I've used this method to lock the bootloader for shipping it to HTC service (camera issues).
Additionally I set the device back to S-ON.

Problem is that I am no longer able to unlock the bootloader with htcdev. The unlock-splash doesn't appear anymore. My guess is it could has something to do with this: http://xdaforums.com/showpost.php?p=50335978&postcount=197

So be careful with this.
Click to expand...
Click to collapse

Is your phone a converted GPE? Your error sounds consistent with converted phones. I've not heard this complaint on phones converted back to their original state.

I don't think the post you referenced is an issue. When you run the command,it only writes 4 bytes,im by no means an expert,but there is no evidence to me that the command is filling the rest of the partition with 00(it actually is all 00 allready) .

If you trace the origins of this all the way back to s_trace's original thread, you'll see that unlocking makes a couple other changes in other partitions. It may be possible we need to change more than the lock flag,but again,I've not heard of folks having trouble reunlocking again,other than the converted gpe phones.

IMO,people need to start understanding that s-off is not an indicator you have messed with the device,and stop turning the radio secure flag back on for warranty work. If you were still s off,you could easily install a recovery and re-root.

I apologize this mod has.gotten you into a pickle. Please keep us updated on your solution :) have you tried a.factory reset from hboot?

Thanks for bringing it to our attention,folks indeed should be careful.

Sent from my HTC PG09410 using Tapatalk 2

edit:
a bit of research before i have to leave for the day shows its an issue with some real GPE phones as well,possibly some sort of mismatch with the 4.4 update.

if you have a "normal" phone,it sounds like one of your partitions may be something other than what the phone is expecting(tho not extreme enuff to invoke a "do not boot" mode).

i had similar issue with an att one x. i did not get the splash failure error,but did get the failure of an unlock splash/option to appear :eek: in my case,i had hex edited the misc partition to a lower main version,and after i restored the original,the unlock worked successfully.

i did find references to GPE s-off folks who got your same error being able to downgrade to 4.2.2,and then fastboot oem unlock worked again. doesnt help you much,but may add to the liklehood that the prollem lies within the 4.4 update

my only suggestion is at this time is to try and find a working temp root and then run firewater. a bit more info about your phone may help... specs of before and after if its a converted phone,and maybe a getvar all
 
Last edited:
P

picard47

Senior Member
Jul 19, 2011
130
63
Rostock(Germany)
Factory Reset was one of the first things I tried. Didn't help.

Converted GPE means it originally was a Google Edition converted to a Stock Edition? In this case - no. It was a european unbranded "401" phone. I only converted it once in the other direction to a GPE by this thread. Maybe this cause my problem.
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
picard47 said:
Factory Reset was one of the first things I tried. Didn't help.

Converted GPE means it originally was a Google Edition converted to a Stock Edition?.
Click to expand...
Click to collapse

No... The other way. As you did.

Very likely the issue is missing bits of other firmware done the conversion ruu is not complete and signed by HTC.

You should have gone back to stock .401 if you wanted to turn s on.

Did you change cid/mid as well?

Sent from my HTC6435LVW using Tapatalk
 
P

picard47

Senior Member
Jul 19, 2011
130
63
Rostock(Germany)
Oh ok, I wasn't aware of that.

Before I locked the phone I flashed the original 2.24.401.1 firmware and Stock Odexed ROM inclusive Stock Recovery and CID HTC__102 but I assume there was something the GPE RUU changed I didn't roll back before locking. You could say I locked out myself and flushed the key down the toilet :D.
 
You must log in or register to reply here.

Similar threads

H
  • Locked
[Guide] Firewater S-Off
Replies
2K
Views
614K
LenAsh
LenAsh
electronical
[GUIDE] Rumrunner S-Off for HTC One M7 International
Replies
1K
Views
713K
mitchst2
mitchst2
nintendolinky
[Discussion] HTC One - Updates
Replies
11K
Views
2M
RobeStar
RobeStar
crushalot
[GUIDE] How to Return to 100% Stock
Replies
2K
Views
577K
K
killutekero
K
[GUIDE] China Unicom 802W Dual Sim.. how to root and install Google Apps
Replies
2K
Views
552K
Shikaiya
Shikaiya

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 87
    scotty1223
    scotty1223
    *this thread is for m7. it will not work on m8,m9, or any other newer devices! search m8 general for the thread there(same name)


    this thread will let you unlock your bootloader without htcdev,or let you change your hboot watermark from relocked or locked back to stock.

    originally,we used a zip file flashable in recovery. i have found it to work on gsm devices with 1.44 hboot and CW recovery. it did not work with twrp. if the following is too scary,feel free to test the zip files. that thread,info,and downloads can be found here. since not all recoverys are working,these values can be changed with simple adb commands.

    advantages
    -no hassle with htcdev,tokens,or unlock codes
    -no submitting your phones personal info to htc
    -the ability to get back to 100% stock without any visual traces or records of having been s off or unlocking your bootloader.

    you do NOT need to downgrade your hboot. this simple adb command works without any scary hboot downgrades.

    *you must be s off.
    *you must have superuser installed(seethis post] if you need help installing a recovery so you can install superuser)

    read this:
    this will not work if your s on. its not a way to magically unlock

    the usual disclaimers:
    use this info at your own risk. if it melts your phone into a little pile of aluminum goo,its not my fault.

    credits
    -beaups for giving me the echo comand,so yall didnt need to dump,edit with a hex editor,and copy back
    -strace for originally discovering the location of the lock status flag(check out this thread for more info)
    -kdj67f for fearlessly testing on vzw m7_wlv and putting up some screenshots in post 2. thanks!
    -matthew0776 for fearlessly testing for sprint m7_wls

    IF you are an advanced user with adb/fastboot set up and some basic knowlede of the cmd window,you can skip to #2
    1)set up adb


    -download this file
    -install drivers: if you have htc sync installed,you should allready have drivers. if not,you can install htc sync,or install these modified htc drivers from revolutionary (driver mirror)
    -unzip your miniadb_v1031.zip file. this is native funtionality in windows 7. you otherwise may need a utility such as "7-zip" to extract,or unzip it. place the unzipped folder onto the root of your C drive on your PC. root means the top level,not inside any folders. so just copy and paste,or drag and drop the folder onto C with everything else that is there. you may want to rename it to "miniadb_m7" since youll be putting some device specific files in here.
    -open a command window. on windows 7,click the start bubble in the lower left and type "command" in the search box. xp i believe is similar or the same. doing this should open a small black command window.
    -change to your miniadb_m7 directory. type the following at the prompt in your cmd window:

    cd c:\miniadb_m7

    your command promt should change to "c:miniadb_m7>" provided you: 1)unzipped the miniadb_v1031 zip file,and 2)put the folder on your c drive,and 3)entered the name of the folder correctly ("miniadb_m7" in this case)

    -now make sure usb debugging is checked in developer options(you will need to turn it on first),and plug your phone into your PC with a usb cable
    -make sure your phone is being recognized- type:

    adb devices

    if your drivers are installed correctly,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.

    if you get your serial number back,then enter this command:
    adb reboot bootloader

    this should take your phone to the "fastboot" screen,wich is white with colored letters. this is one mode of your bootloaders interactive modes. at the top youll see fastboot devices as confirmation youre in fastboot.

    now enter:
    fastboot devices
    again,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.

    if you get your serial number back,you can enter the following to boot back to the phones OS:
    fastboot reboot

    and now,youve installed adb/fastboot and tested youre phones drivers. if at either spot,you have trouble and dont get your serial number back,there is some sort of connection issue. use these steps to troubleshoot:
    troubleshooting connectivity issues:
    -try a reboot of the PC
    -try different usb cables and ports
    -dont use a usb hub
    -dont use usb 3.0
    -make sure nothing capable of comunicating with the phone is enabled and running. htc sync,pdanet,easy tether,and even itunes have all been known to cause issues.
    -windows 8 has been known to have issues. try a windows 7 or older machine

    failing the above,
    -i use these drivers for fastboot and adb(donwload and run as admin): http://downloads.unrevoked.com/HTCDriver3.0.0.007.exe (mirror)

    failing that,try manually updating the drivers in the following manner:
    -put the phone in fastboot mode(select fastboot from the hboot menu)
    -open device manager on the PC
    -plug in phone,watch for it to pop up in device manager.
    -update drivers with device manager,pointing the wizard to the extracted
    driver download folder from above

    note that you can check the connectivity of the phone,and make sure drivers are working by in the following manner:
    -open cmd window. change to directory containing adb/fastboot utilities

    -adb with the phone in the booted OS,usb debug enabled,enter:
    adb devices in a cmd window

    -fastboot with phone in fastboot,enter:
    fastboot devices in cmd window

    in either case,a properly connected phone with working drivers installed should report back the phones serial number.
    Click to expand...
    Click to collapse

    this process,in your cmd window,should look something like this:
    Code: 
    Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Scott>[COLOR="red"]cd c:\miniadb_m7[/COLOR]

c:\miniadb_m7>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
FAxxxxxxxxxx    device


c:\miniadb_m7>[COLOR="red"]adb reboot bootloader[/COLOR]

c:\miniadb_m7>[COLOR="red"]fastboot devices[/COLOR]
FAxxxxxxxxxx    fastboot

c:\miniadb_m7>[COLOR="red"]fastboot reboot[/COLOR]
rebooting...

finished. total time: 0.037s

c:\miniadb_m7>


    2)reset your "lock status flag"

    to LOCK your bootloader,enter the following:

    adb devices

    adb shell

    su (if needed to get a # prompt)

    echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
    (i would very strongly recomend you copy/paste this)

    exit
    (exit a second time if you need to to get back to a normal > prompt)

    adb reboot bootloader

    verify you are now locked
    _____________________________________________________________________________________________

    to UNLOCK your bootloader,enter the following:

    adb devices

    adb shell

    su (if needed to get a # prompt)

    echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
    (i would very strongly recomend you copy/paste this)

    exit
    (exit a second time if you need to to get back to a normal > prompt)

    adb reboot bootloader

    verify you are now unlocked



    *i have tested this on my gsm htc one. if someone wants to test on vzw,ill add you to the credits :)




    View
    12
    scotty1223
    scotty1223
    99% is good enough for me haha! Phone just hut 50% charged, give me a minute. Will post back with pictures.

    Sent from my HTC6500LVW using XDA Premium 4 mobile app

    ---------- Post added at 08:56 PM ---------- Previous post was at 08:41 PM ----------

    Confirmed, code working. Flags set/reset. Phone even reboots and works :D will upload pics/screenshots.

    Thanks!

    Starting out unlocked:

    Locking:

    Locked:

    Unlocking:

    Re-unlocked:


    Very good work!
    View
    4
    scotty1223
    scotty1223
    akuma24 said:
    Any idea how you would get rid of the tampered flag?

    Sent from my HTC One using xda app-developers app
    Click to expand...
    Click to collapse

    http://xdaforums.com/showthread.php?t=2477792
    View
    4
    nkk71
    nkk71
    scotty1223 said:
    you dont really need to unlock. pack your recovery image with an android info text document for your variant. you can get the document from an OTA firmware package or decrypted ruu.

    you can install this type of zip file in the following manner:
    if youre working with a booted,operational phone,you can flsh the file in the following manner:

    -open a cmd window

    -change to adb/fastboot directory
    cd c:\foldername
    (cd c:\mini-adb if youve used any of my guides :))

    -place the zip file you want to flash into adb/fastboot directory

    -enable usb debug,disable fastboot,plug in phone

    -check for connectivity
    adb devices (should return serial number)

    -boot to fastboot
    adb reboot bootloader

    -check for connectivity again
    fastboot devices

    -flash the file
    fastboot erase cache

    fastboto oem rebootRUU (will put you in ruu mode,black screen silver htc letters)

    fastboot flash zip zipfilename.zip (will send and flash the file. dont interupt it while the cmd window shows its writinging,and the green status bar is moving on the phone screen)

    *sometimes a file will fail with a pre-update error. this is normal,just enter again:
    fastboot flash zip zipfilename.zip
    and this time it will finish

    -when you get "finished" and "OK"
    fastboot reboot-bootloader (takes you back to fastboot)

    -reboot back to the OS
    fastbooot reboot

    you can use this if you dont have an operational phone as well. you just need to manually put the phone in fastboot(select from hboot menu) then skip the "adb" commands and start with fastboot devices


    once you have a custom recovery you can add superuser,or flash a rom. you do not need to unlock,but you can if you want after adding superuser,or by just running the command in recovery,as most custom recoverys have an adb root shell access.
    Click to expand...
    Click to collapse

    Hi scotty, love your work :good:

    Just dropped by to leave this here: TWRP/CWM for RUU mode for M7_U/UL only

    these are packaged with an android-info.txt that has PN0710000 through PN0714000 and all CIDs should work (except 1 or 2 very rare ones).


    in bootloader/FASTBOOT USB:
    fastboot oem rebootRUU
    fastboot flash zip fw_m7ul_TWRP_2.6.3.3_1.26.401.33.zip
    fastboot reboot-bootloader

    -> enter RECOVERY (should be TWRP or CWM now)

    and use @scotty1223's commands in custom recovery http://xdaforums.com/showthread.php?t=2475914 to unlock bootloader


    Code: 
    C:\ADB3>[B][COLOR="Blue"]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx    recovery [I]<- you need to be in custom recovery to
                            ensure [B]root[/B] privileges
                            i.e. an adb shell with [B]#[/B] as opposed to [B]$[/B][/I]


C:\ADB3>[B][COLOR="Blue"]adb shell[/COLOR][/B]

[SIZE="1"][I][U]Note[/U]
CWM shell prompt usually looks like [B]~#[/B]
TWRP shell prompt usually looks like [B]~ # ←[6n[/B]
it doesn't matter, you just type (or even better copy/paste) the commands in bold blue
[/I][/SIZE]

[I][SIZE="1"]Setting UNLOCKED[/SIZE][/I]
~ # [B][COLOR="Blue"]echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796[/COLOR][/B]
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796 
4+0 records in
4+0 records out
4 bytes (4B) copied, 0.007691 seconds, 520B/s

~ # [B][COLOR="Blue"]exit[/COLOR][/B]
exit

C:\ADB3>[B][COLOR="Blue"]adb reboot bootloader[/COLOR][/B]
^^ if this doesn't work in your particular version, just select reboot to bootloader in TWRP.


    ps: your version-main will now say 1.26.401.33 (reflecting the recovery version 2.6.3.3); it didn't actually change, but version-main always show the last thing flashed in ruu mode.
    .
    View
    4
    scotty1223
    scotty1223
    miggsr said:
    If you lock it yes it will be as it was stock locked now you still can flash roms and firmware with a locked Bootloader only thing you can't do is flash recovery
    Click to expand...
    Click to collapse

    you can still flash a recovery. you just need to pack it up in a zip file with an android info document and flash via ruu mode.

    you do not need to be unlocked for anything. it is strictly a personal preference(of youd rather use fastboot flash than a zip file)
    View

New posts