1. Completely erases (filling 0x00) mmcblk0p23 (data).
2. All files deleted from /cache/ partition (but partition itself NOT fills with 0x00).
3. On partition mmcblk0p16 erases (overwriting with 0x00) 10 bytes at offset 0xA0 (mine was "3.08.401.1").
4. In paritions mmcblk0p16 and mmcblk0p31 written 0x01 at offset 0xC40 (was 0x00). I don't know what is it, but maybe it's related to "unlocked" bootloader problems.
5. In partition mmcblk0p3 at offset 0x424 written 4 bytes, replacing existing values: 0x74B50109 (was 0x4ED7B921) - it's not text string.
6. In partition mmcblk0p3 at offset 0x8404 written 4 bytes: HTCU.
On relocking bootloader using fastboot oem lock i seen following changes:
1. In partition mmcblk0p3 at offset 0x424 written 4 bytes, replacing existing values: 0xE6D84D2B - it's not text string.
2. In partition mmcblk0p3 at offset 0x8404 written 4 bytes: HTCL.
to really unlock bootloader (checked if it's only text in BOOT changed or really unlocked by command fastboot boot boot.img, on locked I got FAILED (remote: not allowed)) You need do only last steps, writting into parttion mmcblk0p3 at offset 0x8404 HTCU for unlocked, HTCL for relocked or 0x00000000 for locked.
read partition image using terminal commands
su (and gain root access to terminal)
dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3.img
then mount SDCARD to PC over USB and edit mmcblk0p3 using WinHEX or another HEX editor, jump to offset 0x8404 and write HTCU for unlocked, HTCL for relocked or 0x00000000 for locked.
Then umount SDCARD from PC and write modified partition image back to phone memory using command
dd if=/sdcard/mmcblk0p3.img of=/dev/block/mmcblk0p3
That's all. Please post Your zipped mmcblk0p3.img files with HBOOT/firmware/radio/baseband version descriptions to find if 5 bytes at offset 0x424 same for all phones, or individual.
P.S. I have HBOOT 1.49.0018. mmcblk0p3 is 31.6Mib, but zips to ~32Kb