testers needed- reset your lock status flag

Search This thread
By:
Advanced…
C

CastleBravo

Senior Member
Dec 29, 2011
103
50
Los Angeles
  • Like
Reactions: emilio3435 and scotty1223
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
CastleBravo said:
Successfully tested the query, unlock, and lock zip files (didn't bother with the relocked one, its kinda pointless anyway). All worked with the newest CWM touch recovery without any errors. I also dumped mmcblk0p3 after testing, and the 01 remained untouched by the zip.

Here are the requested pics:

unlocked, before flashing zip

locked, after flashing zip

unlocked, after reverting from locked with zip
Click to expand...
Click to collapse

awsome! thnks for all your support and testing :cool:
 
Serinety

Serinety

Account currently disabled
Aug 29, 2010
821
354
GB
meettomy.site
I think the work on this is great. Thanks for the time spent on this.

But... Has anyone had a problem getting replacement devices? I have easily had close to 100 or more replacement devices over the last 10 years as a vzw customer. I'm the guy you all hate, when I scratch my screen I call up customer service and male up some lame excuse about how something isn't working right and they send me a replacement. Point is, I send all my phones back, rooted, unlocked, and running roms. I've never been, ever, had an issue. So while I can appreciate the work being done, I question the necessity.

Can any one tell me why I would ever need to do this? Is the warranty issues I don't know about where being unlocked would cause a problem?


To be clear, I am not in anyway discrediting these guys, what they do is incredible, and I sincerely appreciate it. I just don't know I would use it, so I'd like someone to hook me up with info :)


Sent from my HTC6435LVW using Tapatalk 2
 
Last edited:
C

CastleBravo

Senior Member
Dec 29, 2011
103
50
Los Angeles
Serinety said:
I think the work on this is great. Thanks for the time spent on this.

But... Has anyone had a problem getting replacement devices? I have easily had close to 100 or more replacement devices over the last 10 years as a vzw customer. I'm the guy you all hate, when I scratch my screen I call up customer service and male up some lame excuse about how something isn't working right and they send me a replacement. Point is, I send all my phones back, rooted, unlocked, and running roms. I've never been, ever, had an issue. So while I can appreciate the work being done, I question the necessity.

Can any one tell me why I would ever need to do this? Is the warranty issues I don't know about where being unlocked would cause a problem?

Sent from my HTC6435LVW using Tapatalk 2
Click to expand...
Click to collapse

I just switched to vzw from t-mo in December and I haven't had to send back a device yet so I don't have any personal experience of how picky they are, but back on t-mobile they were crazy about this type of thing. Sometimes people got away with it, sometimes they didn't, but there were a significant number of people that got caught. To get a replacement you first had to take it to a store where they checked the bootloader and a few other things (they cared enough to train every employee to check the bootloader of every type of phone... fairly significant effort went into this) and they checked it again at the repair center. Even if it was a hardware problem completely unrelated to rooting, they'd say flat out no at the store if it was unlocked. If they found it at the repair center they'd sometimes want people to pay for the repairs or to replace the whole device. Back on the htc sensation forums, people would occasionally hard brick phones to stop them from finding out if for some reason they couldn't get it back to stock s-on.

So I'm still kinda paranoid about it from t-mobile... And the actual method is in another thread and is completed and noob-proof, so theres no harm in doing it anyway if you need it.
 
Serinety

Serinety

Account currently disabled
Aug 29, 2010
821
354
GB
meettomy.site
CastleBravo said:
I just switched to vzw from t-mo in December and I haven't had to send back a device yet so I don't have any personal experience of how picky they are, but back on t-mobile they were crazy about this type of thing. Sometimes people got away with it, sometimes they didn't, but there were a significant number of people that got caught. To get a replacement you first had to take it to a store where they checked the bootloader and a few other things (they cared enough to train every employee to check the bootloader of every type of phone... fairly significant effort went into this) and they checked it again at the repair center. Even if it was a hardware problem completely unrelated to rooting, they'd say flat out no at the store if it was unlocked. If they found it at the repair center they'd sometimes want people to pay for the repairs or to replace the whole device. Back on the htc sensation forums, people would occasionally hard brick phones to stop them from finding out if for some reason they couldn't get it back to stock s-on.

So I'm still kinda paranoid about it from t-mobile... And the actual method is in another thread and is completed and noob-proof, so theres no harm in doing it anyway if you need it.
Click to expand...
Click to collapse

I could definitely understand the paranoia coming from t-mobile lol. Well on vzw, it's a 5 min process over the phone "hi, my phone doesn't <insert random unfixable, hardware problem here > I've done a master reset and bought a new charger but it's still doing it." "okay sir, a new one is on its way, anything else?"

I have never in 10 years gone into a store for any service. I only deal with 611

Sent from my HTC6435LVW using Tapatalk 2
 
  • Like
Reactions: CastleBravo
C

CastleBravo

Senior Member
Dec 29, 2011
103
50
Los Angeles
Serinety said:
I could definitely understand the paranoia coming from t-mobile lol. Well on vzw, it's a 5 min process over the phone "hi, my phone doesn't <insert random unfixable, hardware problem here > I've done a master reset and bought a new charger but it's still doing it." "okay sir, a new one is on its way, anything else?"

I have never in 10 years gone into a store for any service. I only deal with 611

Sent from my HTC6435LVW using Tapatalk 2
Click to expand...
Click to collapse

Every day I start liking Verizon even more lol.
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
Serinety said:
I'm the guy you all hate, when I scratch my screen I call up customer service and male up some lame excuse about how something isn't working right and they send me a replacement.
Click to expand...
Click to collapse

You're right with that statment. The fact that folks will use it for fraudulent claims makes me not even want to share info like this.

I'm of the opinion if you break your stuff you should man up to it,and pay for it. Your fraudulent warranty claims are making device and service prices higher for the rest of us. Thanks :rolleyes:

How you've conned vzw out out a hundred devices is not something I would brag about.

Sent from my ADR6425LVW using Tapatalk 2
 
  • Like
Reactions: trickster2369 and Bigandrewgold
Serinety

Serinety

Account currently disabled
Aug 29, 2010
821
354
GB
meettomy.site
scotty1223 said:
You're right with that statment. The fact that folks will use it for fraudulent claims makes me not even want to share info like this.

I'm of the opinion if you break your stuff you should man up to it,and pay for it. Your fraudulent warranty claims are making device and service prices higher for the rest of us. Thanks :rolleyes:

How you've conned vzw out out a hundred devices is not something I would brag about.

Sent from my ADR6425LVW using Tapatalk 2
Click to expand...
Click to collapse

Well you're right, and my point was not to brag, it was to under stand the need to do this.

As far as me, personally being responsible for your extra costs, that's a stretch. I worked as a store manager for a major retail chain for many years, and I can assure, at least at my stores, frodulent returns were the least of my concerns. We had a budget specifically for RTMs, (return to manufacturer) that was there regardless of the legitimacy of the return. I suspect vzw has the same budget and credits in place.

Anyway, i dont want to venture anymore off topic than this, thanks for your work none the less :)



Sent from my HTC6435LVW using Tapatalk 2
 
B

Bigandrewgold

Senior Member
Mar 26, 2011
2,373
530
Serinety said:
Well you're right, and my point was not to brag, it was to under stand the need to do this.

As far as me, personally being responsible for your extra costs, that's a stretch. I worked as a store manager for a major retail chain for many years, and I can assure, at least at my stores, frodulent returns were the least of my concerns. We had a budget specifically for RTMs, (return to manufacturer) that was there regardless of the legitimacy of the return. I suspect vzw has the same budget and credits in place.

Anyway, i dont want to venture anymore off topic than this, thanks for your work none the less :)



Sent from my HTC6435LVW using Tapatalk 2
Click to expand...
Click to collapse

And none of that makes it any less illegal or morally wrong to file tens of thousands of dollars worth of false claims.

Sent from my HTC6435LVW using xda app-developers app
 
  • Like
Reactions: scotty1223
B

beaups

Senior Recognized Developer
Nov 28, 2007
3,276
7,257
Dublin, OH
Nice work scotty, but are we over complicating things?

if we want to lock:

adb shell
su
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33780

if we want to unlock

adb shell
su
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33780

Don't screw up these commands btw (copy paste them).
 
  • Like
Reactions: Milly7
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
beaups said:
Nice work scotty, but are we over complicating things?

if we want to lock:

adb shell
su
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33780

if we want to unlock

adb shell
su
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33780

Don't screw up these commands btw (copy paste them).
Click to expand...
Click to collapse

thanks for the reply beaups! thats defaintely easier than the dump/reflash mmcblk0p3 method,and prolly faster than flashing the zip files. the zip files may have less of a margin for error,check out this thread if you havent seen it: http://xdaforums.com/showthread.php?t=2160677

is there a flag for the "tampered" banner as well? if so do you guys know where it is? inside hboot itself? the next thing we could work on is being able to reset that flag,so folks dont need to flash new bootloaders or run ruus to get rid of it. :)

thanks again for the addidional info :cool:
 
  • Like
Reactions: Milly7
B

beaups

Senior Recognized Developer
Nov 28, 2007
3,276
7,257
Dublin, OH
scotty1223 said:
thanks for the reply beaups! thats defaintely easier than the dump/reflash mmcblk0p3 method,and prolly faster than flashing the zip files. the zip files may have less of a margin for error,check out this thread if you havent seen it: http://xdaforums.com/showthread.php?t=2160677

is there a flag for the "tampered" banner as well? if so do you guys know where it is? inside hboot itself? the next thing we could work on is being able to reset that flag,so folks dont need to flash new bootloaders or run ruus to get rid of it. :)

thanks again for the addidional info :cool:
Click to expand...
Click to collapse

tampered I "believe" lives inside misc. I see /sbin/tpd wanting to set some flags, but haven't really spent the time to track it down.

It could be in p3, but p3 is wp after the early bootloaders so I find it unlikely.

What's the story on 0x83F8 in p3?

Or, it could just be hboot's response to seeing unsigned kernel and/or recovery.
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
beaups said:
tampered I "believe" lives inside misc. I see /sbin/tpd wanting to set some flags, but haven't really spent the time to track it down.

It could be in p3, but p3 is wp after the early bootloaders so I find it unlikely.

What's the story on 0x83F8 in p3?

Or, it could just be hboot's response to seeing unsigned kernel and/or recovery.
Click to expand...
Click to collapse

not sure on 0x83F8. ive not looked at the whole partition,i dont have one of these so ive only see 0x8400 that several folks have reported.

can someone upload or email me their entire p3?
 
B

beaups

Senior Recognized Developer
Nov 28, 2007
3,276
7,257
Dublin, OH
t1gartist said:
Won't

fastboot oem write secureflag 3 lock the device s-on and fastboot write secureflag 1 unlock the device
Click to expand...
Click to collapse

3 will s-on and if you have any mods to hboot will instantly brick. 0 is s-off and you cannot execute that command, you would need to exploit again.

Sent from my HTC6435LVW using Tapatalk 2
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
t1gartist said:
oh i thought you could if you have eng hboot and didnt think about needing exploit again
Click to expand...
Click to collapse

1)turning s on with eng hboot will prolly brick the device,assuming it to be signed with the debug signiture,and not a release signiture.

2)even if it didnt,write suefcureflag 0 requires a special file to be present on the extenal sd on older phones,and may require an external sd mounted OTG via the microusb in this case. ive not known the writesecureflag 0 to ever work,even with an eng h boot on older phones
 
B

beaups

Senior Recognized Developer
Nov 28, 2007
3,276
7,257
Dublin, OH
scotty1223 said:
thanks for the reply beaups! thats defaintely easier than the dump/reflash mmcblk0p3 method,and prolly faster than flashing the zip files. the zip files may have less of a margin for error,check out this thread if you havent seen it: http://xdaforums.com/showthread.php?t=2160677

is there a flag for the "tampered" banner as well? if so do you guys know where it is? inside hboot itself? the next thing we could work on is being able to reset that flag,so folks dont need to flash new bootloaders or run ruus to get rid of it. :)

thanks again for the addidional info :cool:
Click to expand...
Click to collapse

btw I had the wrong offset, should be 33796, and, yes, it does work.
 
  • Like
Reactions: scotty1223
zounduser

zounduser

Senior Member
Mar 2, 2012
6,025
1,934
sioux falls SD
scotty, i need to change my cid. and s-on. any help would b great bro. im already on locked bootloader, and ruu ran. thanks

---------- Post added at 10:13 PM ---------- Previous post was at 10:10 PM ----------

fastboot oem write secureflag3 is s-on command? i should know this, but fortunately i havent had to s-on a device!!! lmao! my biggest worry is changing the cid back to vzw_001 or whatever its supposed to say.
 
B

Bigandrewgold

Senior Member
Mar 26, 2011
2,373
530
zounduser said:
scotty, i need to change my cid. and s-on. any help would b great bro. im already on locked bootloader, and ruu ran. thanks

---------- Post added at 10:13 PM ---------- Previous post was at 10:10 PM ----------

fastboot oem write secureflag3 is s-on command? i should know this, but fortunately i havent had to s-on a device!!! lmao! my biggest worry is changing the cid back to vzw_001 or whatever its supposed to say.
Click to expand...
Click to collapse

fastboot oem writesecureflag 3

And you don't really need to worry about your cid. No ones gonna plug it into a computer to check the cid.

Sent from my HTC6435LVW using xda app-developers app
 
You must log in or register to reply here.

Similar threads

Newt
  • Locked
[ROM]9.24.2013 NOS M7 v3.0.7 [Sense 5.0 JB 4.2.2]Optimized&Stable
Replies
10K
Views
1M
TonyStark R.I.P.
TonyStark R.I.P.
nitsuj17
  • Locked
(7.17.13) Team Venom Presents ViperDNA
Replies
6K
Views
685K
Vinchenzop
Vinchenzop
nitsuj17
(1.28.14) Team Venom Presents ViperDNA Sense5 2.5.2
Replies
2K
Views
269K
takota6
takota6
uppon2
[VERY EASY GUIDE] ADB/FASTBOOT/RECOVORY *FULL GUIDE* for flashing ROMs, Kernels, APKs
Replies
113
Views
464K
J
jon-e-o
B
  • Locked
HTC Droid DNA Bootloader Unlock/New Method UPDATED 2/7/2013
Replies
507
Views
314K
B
beaups

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 5
    scotty1223
    scotty1223
    since the current s-off method is not resetting your lock status flag, i figured there would be a demand for this. it all started from this thread in the gsm evo 3d section: http://xdaforums.com/showthread.php?t=1970252

    *this is not a modified or hex edited hboot. this is resetting your lock flag,so that your phone will correctly display locked on the hboot screen

    ive verified the lock location on just about every s3 phone jpbear supports,as well as a couple s4 dual core devices- LTEvo,inc 4g LTE,and one S.

    ive had a friend dump his DNA mmcblk0p3 and the lock flag location is the same,with an extra character that ive not seen prior. he cannot test the mods,as he is dependent on his phone for work,and cant be without it.

    0x8400 on his dna looked like this:
    Code: 
    03 00 00 00 48 54 43 55 01 00 00 00 00 00 00 00....HTCU........

    the "01" after 48 54 43 55 i have never seen on any other device.

    now that we have s off,we an explore this further. first test would be to dump mmcblk0p3, hex edit it,changing 0x8400 to 00000000,and reflash it. id like someone fairly savy to do this,as i cant gaurantee it wont melt your shiny dna into a smoldering pile of goo :eek:

    dump,edit and reflash in this manner:
    Code: 
    Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]

c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HTxxxxxxxxxx    device


c:\mini-adb_vigor>[COLOR="Red"]adb shell[/COLOR]
shell@android:/ $ [COLOR="red"]su[/COLOR]
su
shell@android:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
shell@android:/ # [COLOR="red"]exit[/COLOR]
exit
shell@android:/ $ [COLOR="red"]exit[/COLOR]
exit

c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
2292 KB/s (33143808 bytes in 14.116s)

[COLOR="Blue"]*modify mmcblk0p3 with a hex editor[/COLOR]

c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
2478 KB/s (33143808 bytes in 13.059s)

c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
shell@android:/ $ [COLOR="red"]su[/COLOR]
su
shell@android:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
shell@android:/ #[COLOR="red"] exit[/COLOR]
exit
shell@android:/ $ [COLOR="red"]exit[/COLOR]
exit

c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]

c:\mini-adb_vigor>


    if this is successful,some less experienced users are welcome to try flashing this zip files. see the following thread for zip file links and instructions: http://xdaforums.com/showthread.php?t=2155955

    again,this has not been tested on a quad core s4 phone. i cannot gaurantee the hex edit zips wil work,fail,or brick your phone.

    i just wanted to get this info to the comunity so we can figure it out :)
    View
    3
    C
    CastleBravo
    .torrented said:
    Lets say I flash this and Lock my bootloader... is it stuck like that or can I use my Unlock_code.bin to re-unlock it?
    Click to expand...
    Click to collapse

    This can only be done if you are s-off, in which case the bootloader will be locked, but you will still be s-off, meaning you can flash roms etc. If necessary, you can revert it and have both s-off and an unlocked bootloader. If you lock the bootloader with this and then change it back to s-on, it will be completely locked and you can then return it for warranty. But if you need to do it now, don't flash the files because they aren't correct right now; you will have to manually copy your mmcblk0p3 partition, hex edit it with the modified data from my post on page 3, and reflash it with the commands the OP.

    ---------- Post added at 04:49 PM ---------- Previous post was at 04:46 PM ----------
    kern3l said:
    doesn't "fastboot oem lock" do the same thing ?
    Click to expand...
    Click to collapse

    Using the lock command will change it from ***UNLOCKED*** to ***RELOCKED***, so htc/vzw will still know that you unlocked the bootloader and possibly try to void your warranty. Using this, you can change it to ***LOCKED***, and it will appear to be the same as it was when you bought it.
    View
    2
    T
    treadwayj
    hope this helps

    http://db.tt/MnpgVk7N
    View
    2
    T
    treadwayj
    i have a locked phone that was s-off when i got it and i never unlocked it, so i was able to flash the eng hboot without having to unlock, not sure if that would help or not.
    View
    2
    T
    treadwayj
    ran it and received the following...

    261342+0 records in
    261342+0 records out
    133807104 bytes transferred in 35.374 secs (3782639 bytes/sec)

    not sure where and what file i am looking for to upload though
    View

New posts