Enable the Hidden Notification LED on the Google Nexus 6!

LED notification lights have existed on Android devices since the very beginnings … more

MX Player Ready to Rock on Lollipop

A good video player should be reliable and free. One of the XDA Community Apps, MX Player, meets both of … more

How to Disable Data Encryption on Nexus 6

In late September, Google decided to step on NSA’s toes and turn on encryption by default in … more

DJI Phantom 2 Vision+ Review – XDA TV

The holidays will be here in no time, so why not start thinking about gifts now? Youll be ahead … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

HTC One (M7) stuck in bootloader (Tampered, Relock, S-ON) - Please help!!

OP HunterT

1st September 2014, 06:17 PM   |  #1  
OP Junior Member
Thanks Meter: 0
 
18 posts
Join Date:Joined: Oct 2011
This thread is related to another thread that I posted a few months ago. Sorry for reopening just didn't know what to do since it is an old thread.

Before I started doing anything my phone had Cyanogen Mod on it. I have to return it back to Verizon within 5 days so I am trying to get it completely back to stock. I was following tutorials on how to LOCK the bootloader and turn S-ON. I ended up in the bootloader and there is no chance of starting the phone. I downloaded a couple of RUUs and tried flashing them from fastboot and the signature check fails because of S-ON most likely. Can someone please give me a short guide on how to get out of this whole mess and the proper order of how to do things. Unless someone knows where I can find a RUU that will pass signature check with S-ON.


Currently my bootloader screen looks like this:

*** TAMPERED ***
*** RELOACKED ***
*** Security Warning ***
S-ON


(bootloader) version: 0.5
(bootloader) version-bootloader: 1.56.0000
(bootloader) version-baseband: 1.13.41.0109_2
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.11.605.1
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_wlv
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0731000
(bootloader) cidnum: VZW__001
(bootloader) battery-status: good
(bootloader) battery-voltage: 3819mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-4dab9d12
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

CURRENT STATE:
VZW Htc One (m7) *** TAMPERED ***, ***RELOCKED*** S-ON

This all started when using revone with a different firmware/hboot then the tutorial I was watching.

Any ideas at all before I quit completely?
2nd September 2014, 11:10 AM   |  #2  
Senior Member
Flag Elyria
Thanks Meter: 64
 
204 posts
Join Date:Joined: Dec 2013
Donate to Me
More
Quote:
Originally Posted by HunterT

This thread is related to another thread that I posted a few months ago. Sorry for reopening just didn't know what to do since it is an old thread.

Before I started doing anything my phone had Cyanogen Mod on it. I have to return it back to Verizon within 5 days so I am trying to get it completely back to stock. I was following tutorials on how to LOCK the bootloader and turn S-ON. I ended up in the bootloader and there is no chance of starting the phone. I downloaded a couple of RUUs and tried flashing them from fastboot and the signature check fails because of S-ON most likely. Can someone please give me a short guide on how to get out of this whole mess and the proper order of how to do things. Unless someone knows where I can find a RUU that will pass signature check with S-ON.


Currently my bootloader screen looks like this:

*** TAMPERED ***
*** RELOACKED ***
*** Security Warning ***
S-ON


(bootloader) version: 0.5
(bootloader) version-bootloader: 1.56.0000
(bootloader) version-baseband: 1.13.41.0109_2
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.11.605.1
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_wlv
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0731000
(bootloader) cidnum: VZW__001
(bootloader) battery-status: good
(bootloader) battery-voltage: 3819mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-4dab9d12
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

CURRENT STATE:
VZW Htc One (m7) *** TAMPERED ***, ***RELOCKED*** S-ON

This all started when using revone with a different firmware/hboot then the tutorial I was watching.

Any ideas at all before I quit completely?

Can you boot into a rom? You are on 1.56 so if you can, you will be able to use firewater to get back to s-off.

If you can't boot up.......idk you might be screwed, not sure there is a signed RUU available for hboot 1.56.

To send back to verizon you should have flash an RUU, then switched back on locked and s-on after the RUU. Not taking any updates so you can redo the s-off if needed.

If you can't boot up from where you are at, you might be screwed, short of getting someone with a java card to crack it.
3rd September 2014, 04:00 AM   |  #3  
dottat's Avatar
Recognized Contributor
Flag york, pa
Thanks Meter: 1,351
 
3,038 posts
Join Date:Joined: Jan 2011
Donate to Me
More
Quote:
Originally Posted by HunterT

This thread is related to another thread that I posted a few months ago. Sorry for reopening just didn't know what to do since it is an old thread.

Before I started doing anything my phone had Cyanogen Mod on it. I have to return it back to Verizon within 5 days so I am trying to get it completely back to stock. I was following tutorials on how to LOCK the bootloader and turn S-ON. I ended up in the bootloader and there is no chance of starting the phone. I downloaded a couple of RUUs and tried flashing them from fastboot and the signature check fails because of S-ON most likely. Can someone please give me a short guide on how to get out of this whole mess and the proper order of how to do things. Unless someone knows where I can find a RUU that will pass signature check with S-ON.


Currently my bootloader screen looks like this:

*** TAMPERED ***
*** RELOACKED ***
*** Security Warning ***
S-ON


(bootloader) version: 0.5
(bootloader) version-bootloader: 1.56.0000
(bootloader) version-baseband: 1.13.41.0109_2
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.11.605.1
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_wlv
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0731000
(bootloader) cidnum: VZW__001
(bootloader) battery-status: good
(bootloader) battery-voltage: 3819mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-4dab9d12
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

CURRENT STATE:
VZW Htc One (m7) *** TAMPERED ***, ***RELOCKED*** S-ON

This all started when using revone with a different firmware/hboot then the tutorial I was watching.

Any ideas at all before I quit completely?

Screwed man. Java card. Jtag. . Wait eternally for a signed encrypted ruu.

Sorry. S on and locked on vzw is not good
3rd September 2014, 06:09 PM   |  #4  
synisterwolf's Avatar
Recognized Contributor
Thanks Meter: 2,237
 
6,511 posts
Join Date:Joined: Sep 2010
More
If you download the latest RUU posted in the development section and you can use a cool tool called ruuveal to recrypt it if you need to RUU your device without having s-off.
4th September 2014, 12:58 AM   |  #5  
santod040's Avatar
Recognized Developer / Recognized Contributor
Flag NorCal
Thanks Meter: 10,452
 
7,108 posts
Join Date:Joined: Nov 2008
Donate to Me
More
Quote:
Originally Posted by synisterwolf

If you download the latest RUU posted in the development section and you can use a cool tool called ruuveal to recrypt it if you need to RUU your device without having s-off.

Unfortunately that won't work.
As 're-encrypting it will not create the HTC signatures required for flashing to an s-on device.
4th September 2014, 01:42 AM   |  #6  
synisterwolf's Avatar
Recognized Contributor
Thanks Meter: 2,237
 
6,511 posts
Join Date:Joined: Sep 2010
More
Quote:
Originally Posted by santod040

Unfortunately that won't work.
As 're-encrypting it will not create the HTC signatures required for flashing to an s-on device.

Removed by request.



Sent from my iPhone 5s using Tapatalk pro
Last edited by synisterwolf; 4th September 2014 at 04:35 PM.
4th September 2014, 01:58 AM   |  #7  
santod040's Avatar
Recognized Developer / Recognized Contributor
Flag NorCal
Thanks Meter: 10,452
 
7,108 posts
Join Date:Joined: Nov 2008
Donate to Me
More
Quote:
Originally Posted by synisterwolf

Actually the tool injects the signature during the encryption process and works as intended. I've done this a few times on a HTC One, Fireball, Max, thunderbolt, and sonic.

I will not post the re-encrypted file on xda due to other members being hit with DCMA takedowns and its against XDA rules.

Spoiler:
Google search will find what I've done and any user with a Linux machine can duplicate what I've posted above. That's all I will be saying on the subject so I don't jeopardize my ability to stay on this site.



Sent from my iPhone 5s using Tapatalk pro

Hmm, last I checked it wasn't able to re-create HTC's RSA signatures.
But that's very cool that you have been able to do so.
I think at the very least, that you would have to start with an actual RUU though, not just a zipped up dump of partitions, as is the kk ruu we currently have. Maybe I'm wrong.
But since that wasn't an actual RUU to begin with, you are saying the tool creates an HTC signature on its own?

Last I knew, the creator posted this regarding signatures:

Quote:

The leading 256 bytes is the signature of the zip file, you'll need to disregard it. There's no way we can sign the zip correctly without HTC's private key.

The differing 5 bytes are the bytes I talked about.

The trailing bytes are probably a bug - I'll investigate further when I get some time but it's not a priority since it's not causing HBOOT to fail to flash the zip.

Thanks for the detailed analysis/comparison :+1:

I'm going to merge the encrypt branch onto the master branch in the next few days since it seems to be working okay.

Not in any way trying to argue or anything like that, just honestly didn't think it was possible to replicate an HTC signature,.
If I'm wrong, then that's great!

Post Reply Subscribe to Thread

Tags
htcone, htconem7, locked, tampered, vzw
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes