Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,805,363 Members 44,435 Now Online
XDA Developers Android and Mobile Development Forum

HTC One (M7) stuck in bootloader (Tampered, Relock, S-ON) - Please help!!

Tip us?
 
HunterT
Old
#1  
Junior Member - OP
Thanks Meter 0
Posts: 18
Join Date: Oct 2011
Unhappy HTC One (M7) stuck in bootloader (Tampered, Relock, S-ON) - Please help!!

This thread is related to another thread that I posted a few months ago. Sorry for reopening just didn't know what to do since it is an old thread.

Before I started doing anything my phone had Cyanogen Mod on it. I have to return it back to Verizon within 5 days so I am trying to get it completely back to stock. I was following tutorials on how to LOCK the bootloader and turn S-ON. I ended up in the bootloader and there is no chance of starting the phone. I downloaded a couple of RUUs and tried flashing them from fastboot and the signature check fails because of S-ON most likely. Can someone please give me a short guide on how to get out of this whole mess and the proper order of how to do things. Unless someone knows where I can find a RUU that will pass signature check with S-ON.


Currently my bootloader screen looks like this:

*** TAMPERED ***
*** RELOACKED ***
*** Security Warning ***
S-ON


(bootloader) version: 0.5
(bootloader) version-bootloader: 1.56.0000
(bootloader) version-baseband: 1.13.41.0109_2
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.11.605.1
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_wlv
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0731000
(bootloader) cidnum: VZW__001
(bootloader) battery-status: good
(bootloader) battery-voltage: 3819mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-4dab9d12
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

CURRENT STATE:
VZW Htc One (m7) *** TAMPERED ***, ***RELOCKED*** S-ON

This all started when using revone with a different firmware/hboot then the tutorial I was watching.

Any ideas at all before I quit completely?
 
ccarr313
Old
#2  
Senior Member
Thanks Meter 63
Posts: 203
Join Date: Dec 2013
Location: Elyria

 
DONATE TO ME
Quote:
Originally Posted by HunterT View Post
This thread is related to another thread that I posted a few months ago. Sorry for reopening just didn't know what to do since it is an old thread.

Before I started doing anything my phone had Cyanogen Mod on it. I have to return it back to Verizon within 5 days so I am trying to get it completely back to stock. I was following tutorials on how to LOCK the bootloader and turn S-ON. I ended up in the bootloader and there is no chance of starting the phone. I downloaded a couple of RUUs and tried flashing them from fastboot and the signature check fails because of S-ON most likely. Can someone please give me a short guide on how to get out of this whole mess and the proper order of how to do things. Unless someone knows where I can find a RUU that will pass signature check with S-ON.


Currently my bootloader screen looks like this:

*** TAMPERED ***
*** RELOACKED ***
*** Security Warning ***
S-ON


(bootloader) version: 0.5
(bootloader) version-bootloader: 1.56.0000
(bootloader) version-baseband: 1.13.41.0109_2
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.11.605.1
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_wlv
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0731000
(bootloader) cidnum: VZW__001
(bootloader) battery-status: good
(bootloader) battery-voltage: 3819mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-4dab9d12
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

CURRENT STATE:
VZW Htc One (m7) *** TAMPERED ***, ***RELOCKED*** S-ON

This all started when using revone with a different firmware/hboot then the tutorial I was watching.

Any ideas at all before I quit completely?
Can you boot into a rom? You are on 1.56 so if you can, you will be able to use firewater to get back to s-off.

If you can't boot up.......idk you might be screwed, not sure there is a signed RUU available for hboot 1.56.

To send back to verizon you should have flash an RUU, then switched back on locked and s-on after the RUU. Not taking any updates so you can redo the s-off if needed.

If you can't boot up from where you are at, you might be screwed, short of getting someone with a java card to crack it.
VZW HTC One
1.57 HBoot/Radio 1.13.41.0421
Philz CWM 6
 
dottat
Old
#3  
dottat's Avatar
Recognized Contributor
Thanks Meter 987
Posts: 2,240
Join Date: Jan 2011
Location: york, pa

 
DONATE TO ME
Quote:
Originally Posted by HunterT View Post
This thread is related to another thread that I posted a few months ago. Sorry for reopening just didn't know what to do since it is an old thread.

Before I started doing anything my phone had Cyanogen Mod on it. I have to return it back to Verizon within 5 days so I am trying to get it completely back to stock. I was following tutorials on how to LOCK the bootloader and turn S-ON. I ended up in the bootloader and there is no chance of starting the phone. I downloaded a couple of RUUs and tried flashing them from fastboot and the signature check fails because of S-ON most likely. Can someone please give me a short guide on how to get out of this whole mess and the proper order of how to do things. Unless someone knows where I can find a RUU that will pass signature check with S-ON.


Currently my bootloader screen looks like this:

*** TAMPERED ***
*** RELOACKED ***
*** Security Warning ***
S-ON


(bootloader) version: 0.5
(bootloader) version-bootloader: 1.56.0000
(bootloader) version-baseband: 1.13.41.0109_2
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.11.605.1
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_wlv
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0731000
(bootloader) cidnum: VZW__001
(bootloader) battery-status: good
(bootloader) battery-voltage: 3819mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-4dab9d12
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

CURRENT STATE:
VZW Htc One (m7) *** TAMPERED ***, ***RELOCKED*** S-ON

This all started when using revone with a different firmware/hboot then the tutorial I was watching.

Any ideas at all before I quit completely?
Screwed man. Java card. Jtag. . Wait eternally for a signed encrypted ruu.

Sorry. S on and locked on vzw is not good
 
synisterwolf
Old
#4  
synisterwolf's Avatar
Recognized Contributor
Thanks Meter 2,186
Posts: 6,401
Join Date: Sep 2010
If you download the latest RUU posted in the development section and you can use a cool tool called ruuveal to recrypt it if you need to RUU your device without having s-off.
Quote:
Originally Posted by The Internet
You learn something new everyday. Unless you have a brain injury, then it's all pretty much yelling and coloring.
Congratulations on being the kind of person who corrects the grammar of others, unsolicited. You're the Microsoft Word Paperclip.
 
santod040
Old
#5  
santod040's Avatar
Recognized Developer / Recognized Contributor
Thanks Meter 8,297
Posts: 6,158
Join Date: Nov 2008
Location: NorCal

 
DONATE TO ME
Quote:
Originally Posted by synisterwolf View Post
If you download the latest RUU posted in the development section and you can use a cool tool called ruuveal to recrypt it if you need to RUU your device without having s-off.
Unfortunately that won't work.
As 're-encrypting it will not create the HTC signatures required for flashing to an s-on device.
Current Devices: HTC Thunderbolt | HTC Droid DNA | HTC One - m7 | HTC One - m8


Follow me on Twitter
ULTIMATE WALLS WVGA Wallpaper Collection
Donations always appreciated! Never required!


 
synisterwolf
Old
(Last edited by synisterwolf; 4th September 2014 at 03:35 PM.)
#6  
synisterwolf's Avatar
Recognized Contributor
Thanks Meter 2,186
Posts: 6,401
Join Date: Sep 2010
Quote:
Originally Posted by santod040 View Post
Unfortunately that won't work.
As 're-encrypting it will not create the HTC signatures required for flashing to an s-on device.
Removed by request.



Sent from my iPhone 5s using Tapatalk pro
Quote:
Originally Posted by The Internet
You learn something new everyday. Unless you have a brain injury, then it's all pretty much yelling and coloring.
Congratulations on being the kind of person who corrects the grammar of others, unsolicited. You're the Microsoft Word Paperclip.
 
santod040
Old
#7  
santod040's Avatar
Recognized Developer / Recognized Contributor
Thanks Meter 8,297
Posts: 6,158
Join Date: Nov 2008
Location: NorCal

 
DONATE TO ME
Quote:
Originally Posted by synisterwolf View Post
Actually the tool injects the signature during the encryption process and works as intended. I've done this a few times on a HTC One, Fireball, Max, thunderbolt, and sonic.

I will not post the re-encrypted file on xda due to other members being hit with DCMA takedowns and its against XDA rules.

Spoiler:
Google search will find what I've done and any user with a Linux machine can duplicate what I've posted above. That's all I will be saying on the subject so I don't jeopardize my ability to stay on this site.



Sent from my iPhone 5s using Tapatalk pro
Hmm, last I checked it wasn't able to re-create HTC's RSA signatures.
But that's very cool that you have been able to do so.
I think at the very least, that you would have to start with an actual RUU though, not just a zipped up dump of partitions, as is the kk ruu we currently have. Maybe I'm wrong.
But since that wasn't an actual RUU to begin with, you are saying the tool creates an HTC signature on its own?

Last I knew, the creator posted this regarding signatures:

Quote:
The leading 256 bytes is the signature of the zip file, you'll need to disregard it. There's no way we can sign the zip correctly without HTC's private key.

The differing 5 bytes are the bytes I talked about.

The trailing bytes are probably a bug - I'll investigate further when I get some time but it's not a priority since it's not causing HBOOT to fail to flash the zip.

Thanks for the detailed analysis/comparison :+1:

I'm going to merge the encrypt branch onto the master branch in the next few days since it seems to be working okay.
Not in any way trying to argue or anything like that, just honestly didn't think it was possible to replicate an HTC signature,.
If I'm wrong, then that's great!
Current Devices: HTC Thunderbolt | HTC Droid DNA | HTC One - m7 | HTC One - m8


Follow me on Twitter
ULTIMATE WALLS WVGA Wallpaper Collection
Donations always appreciated! Never required!



Tags
htcone, htconem7, locked, tampered, vzw
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


CyanogenMod 11 M10 Available for Supported Devices

Summer vacation isover for most students out there, and it’s the time to get back to … more

XDA Forums Added for the First Batch of Android One Devices!

Just yesterday, we talked about the highly anticipated launch of the first batch … more

XDA Xposed Tuesday: DonkeyGuard, Don’t Be a Donkey, Control Your Device – XDA Developer TV

Some applications ask for the world … more

Use Facebook Pictures as a LWP with Facebook View

One of the best things that Android has always offeredits users is the ability to tailor … more