[how to] lock/unlock your bootloader without htcdev(s-off required)

Search This thread

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
this thread will let you unlock your bootloader without htcdev,or let you change your hboot watermark from relocked or locked back to stock.

originally,we used a zip file flashable in recovery. i have found it to work on gsm devices with 1.44 hboot and CW recovery. it did not work with twrp. if the following is too scary,feel free to test the zip files. that thread,info,and downloads can be found here. since not all recoverys are working,these values can be changed with simple adb commands.

advantages
-no hassle with htcdev,tokens,or unlock codes
-no submitting your phones personal info to htc
-the ability to get back to 100% stock without any visual traces or records of having been s off or unlocking your bootloader.

you do NOT need to downgrade your hboot. this simple adb command works without any scary hboot downgrades.

*you must be s off.
*you must have superuser installed(see this thread if you need help installing superuser. use the keep bootloader locked directions)

read this:
this will not work if your s on. its not a way to magically unlock

the usual disclaimers:
use this info at your own risk. if it melts your phone into a little pile of aluminum goo,its not my fault.

credits
-beaups for giving me the echo comand,so yall didnt need to dump,edit with a hex editor,and copy back
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
-kdj67f for fearlessly testing and putting up some screenshots in post 5. thanks!

IF you are an advanced user with adb/fastboot set up and some basic knowlede of the cmd window,you can skip to #2
1)set up adb


-download this file
-install drivers: if you have htc sync installed,you should allready have drivers. if not,you can install htc sync,or install these modified htc drivers from revolutionary (driver mirror)
-unzip your miniadb_v1031.zip file. this is native funtionality in windows 7. you otherwise may need a utility such as "7-zip" to extract,or unzip it. place the unzipped folder onto the root of your C drive on your PC. root means the top level,not inside any folders. so just copy and paste,or drag and drop the folder onto C with everything else that is there. you may want to rename it to "miniadb_m7" since youll be putting some device specific files in here.
-open a command window. on windows 7,click the start bubble in the lower left and type "command" in the search box. xp i believe is similar or the same. doing this should open a small black command window.
-change to your miniadb_m7 directory. type the following at the prompt in your cmd window:

cd c:\miniadb_m7

your command promt should change to "c:miniadb_m7>" provided you: 1)unzipped the miniadb_v1031 zip file,and 2)put the folder on your c drive,and 3)entered the name of the folder correctly ("miniadb_m7" in this case)

-now make sure usb debugging is checked in developer options(you will need to turn it on first),and plug your phone into your PC with a usb cable
-make sure your phone is being recognized- type:

adb devices

if your drivers are installed correctly,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.

if you get your serial number back,then enter this command:
adb reboot bootloader

this should take your phone to the "fastboot" screen,wich is white with colored letters. this is one mode of your bootloaders interactive modes. at the top youll see fastboot devices as confirmation youre in fastboot.

now enter:
fastboot devices
again,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.

if you get your serial number back,you can enter the following to boot back to the phones OS:
fastboot reboot

and now,youve installed adb/fastboot and tested youre phones drivers. if at either spot,you have trouble and dont get your serial number back,there is some sort of connection issue. use these steps to troubleshoot:
troubleshooting connectivity issues:
-try a reboot of the PC
-try different usb cables and ports
-dont use a usb hub
-dont use usb 3.0
-make sure nothing capable of comunicating with the phone is enabled and running. htc sync,pdanet,easy tether,and even itunes have all been known to cause issues.
-windows 8 has been known to have issues. try a windows 7 or older machine

failing the above,
-i use these drivers for fastboot and adb(donwload and run as admin): http://downloads.unrevoked.com/HTCDriver3.0.0.007.exe (mirror)

failing that,try manually updating the drivers in the following manner:
-put the phone in fastboot mode(select fastboot from the hboot menu)
-open device manager on the PC
-plug in phone,watch for it to pop up in device manager.
-update drivers with device manager,pointing the wizard to the extracted
driver download folder from above

note that you can check the connectivity of the phone,and make sure drivers are working by in the following manner:
-open cmd window. change to directory containing adb/fastboot utilities

-adb with the phone in the booted OS,usb debug enabled,enter:
adb devices in a cmd window

-fastboot with phone in fastboot,enter:
fastboot devices in cmd window

in either case,a properly connected phone with working drivers installed should report back the phones serial number.

this process,in your cmd window,should look something like this:
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Scott>[COLOR="red"]cd c:\miniadb_m7[/COLOR]

c:\miniadb_m7>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
FAxxxxxxxxxx    device


c:\miniadb_m7>[COLOR="red"]adb reboot bootloader[/COLOR]

c:\miniadb_m7>[COLOR="red"]fastboot devices[/COLOR]
FAxxxxxxxxxx    fastboot

c:\miniadb_m7>[COLOR="red"]fastboot reboot[/COLOR]
rebooting...

finished. total time: 0.037s

c:\miniadb_m7>


2)reset your "lock status flag"

to LOCK your bootloader,enter the following:

adb devices

adb shell

su (if needed to get a # prompt)

echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)

exit
(exit a second time if you need to to get back to a normal > prompt)

adb reboot bootloader

verify you are now locked
_____________________________________________________________________________________________

to UNLOCK your bootloader,enter the following:

adb devices

adb shell

su (if needed to get a # prompt)

echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)

exit
(exit a second time if you need to to get back to a normal > prompt)

adb reboot bootloader

verify you are now unlocked



*i have tested this on my gsm htc one. if someone wants to test on vzw,ill add you to the credits :)




 
Last edited:

kdj67f

Senior Member
Jan 23, 2008
665
72
Maple Valley
So, this will work with hboot 1.54? And are you sure the memory blocks are correct for Verizon? ;) I will test...
I'm s-off, stock Rom, cwm recovery and rooted.

Sent from my HTC6500LVW using XDA Premium 4 mobile app
 

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
So, this will work with hboot 1.54? And are you sure the memory blocks are correct for Verizon? ;) I will test...
I'm s-off, stock Rom, cwm recovery and rooted.

Sent from my HTC6500LVW using XDA Premium 4 mobile app

99% sure ;) we can certainly dump p3 and have a look-see first,if you'd like. We woukd need a dump from someone whose unlocked or relocked

Sent from my HTC One using Tapatalk 2
 

kdj67f

Senior Member
Jan 23, 2008
665
72
Maple Valley
99% is good enough for me haha! Phone just hut 50% charged, give me a minute. Will post back with pictures.

Sent from my HTC6500LVW using XDA Premium 4 mobile app

---------- Post added at 08:56 PM ---------- Previous post was at 08:41 PM ----------

Confirmed, code working. Flags set/reset. Phone even reboots and works :D will upload pics/screenshots.

Thanks!

Starting out unlocked:

Locking:

Locked:

Unlocking:

Re-unlocked:


Very good work!
 
Last edited:

bjorheden

New member
May 30, 2011
2
0
99% sure ;) we can certainly dump p3 and have a look-see first,if you'd like. We woukd need a dump from someone whose unlocked or relocked

Verizon HTC One here, S-Off with SuperSU but otherwise stock, locked bootloader, hboot 1.54. I just did
Code:
dd if=/dev/block/mmcblk0p3 of=orig bs=1 seek=33796 count=4
and looked at the resulting dump and it has "PGFS" not nulls at that offset. I'm wondering if we should write "PGFS" back on Verizon/hboot 1.54 and not nulls?
 

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
Verizon HTC One here, S-Off with SuperSU but otherwise stock, locked bootloader, hboot 1.54. I just did
Code:
dd if=/dev/block/mmcblk0p3 of=orig bs=1 seek=33796 count=4
and looked at the resulting dump and it has "PGFS" not nulls at that offset. I'm wondering if we should write "PGFS" back on Verizon/hboot 1.54 and not nulls?

sounds like youre looking at offsets 00 01 02 03. every device ive looked at so far has the PGFS at that location. i havent looked ata vzw p3,but t mobile follows that. youll find the HTCU,HTCL,or nulls at 8404 8505 8406 8407.

im not sure your command is showing you the correct location. id dump and look at the whole thing.
dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3
 

isdnmatt

Senior Member
Jan 30, 2007
341
59
Hey Scotty,

I can't thank you enough for this info. I really didn't want to unlock via htcdev and it's been getting tiring making zips for everything I want to flash. This solved my problem and is reversible without record. You are the man and thanks for putting in the time.
 

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
Hey Scotty,

I can't thank you enough for this info. I really didn't want to unlock via htcdev and it's been getting tiring making zips for everything I want to flash. This solved my problem and is reversible without record. You are the man and thanks for putting in the time.

glad to help :)
 
  • Like
Reactions: yashade2001

BaBnkr

Senior Member
Feb 1, 2011
68
5
Can someone explain the benefits to me of being able to change between locked/unlocked? If not.... That's cool.

Sent from my HTC6500LVW using Tapatalk now Free
 

kdj67f

Senior Member
Jan 23, 2008
665
72
Maple Valley
Can someone explain the benefits to me of being able to change between locked/unlocked? If not.... That's cool.

Sent from my HTC6500LVW using Tapatalk now Free

For this thread and most people's needs, unlocking this way after s-off saves time. Re-locking just proved it was reversible in case someone did want to be locked again. Another way to get back to stock for warranty purposes, etc...

Most importantly, to prove it can be done!

Sent from my HTC6500LVW using XDA Premium 4 mobile app
 

icest0rm

Senior Member
Jan 15, 2008
93
12
Fantastic, can this work for HTC One S too?

maybe needs finding correct blocks?

what it is unclear to me is that:

your method to unlock bootloader needs S-OFF, but S-OFF needs Unlocked bootloader and SuperCID, so maybe for HTC One S it's different :confused:

thanks for clarification
 

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
Fantastic, can this work for HTC One S too?

maybe needs finding correct blocks?

what it is unclear to me is that:

your method to unlock bootloader needs S-OFF, but S-OFF needs Unlocked bootloader and SuperCID, so maybe for HTC One S it's different :confused:

thanks for clarification

blocks are the same for one s.

method does indeed need s off. most common way to achieve s off for devices on the unlock program is via intial unlock thru htcdev to install root and recovery. at this point the commands are useful to get back to locked,and if one needs unlock after being locked for some reason. vzw is a bit different in that they cannot use htcdev,so a hack is needed to temproot,then s off. this does give them the luxury of being able to unlock without htcdev alltogether.

its also possible to s off via a java card,or be lucky enuff to find a user trial device that came that way. in this situation htcdev can be left out of the picture entirely.

hope that clarifes it :)
 
  • Like
Reactions: UrbanJester

icest0rm

Senior Member
Jan 15, 2008
93
12
blocks are the same for one s.
ok!

method does indeed need s off. most common way to achieve s off for devices on the unlock program is via intial unlock thru htcdev to install root and recovery. at this point the commands are useful to get back to locked,and if one needs unlock after being locked for some reason.
ok...clear

vzw is a bit different in that they cannot use htcdev,so a hack is needed to temproot,then s off. this does give them the luxury of being able to unlock without htcdev alltogether.
ehm...sorry...what is vzw?

its also possible to s off via a java card,or be lucky enuff to find a user trial device that came that way. in this situation htcdev can be left out of the picture entirely.

hope that clarifes it :)
thanks :good:
 

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
ah ok...
but since they need a temproot to get unlock without htcdev, wouldn't this be possible for all htc one (s)?
why is it limited to vzw?

technically,yes. you could use a temp root and make a tool for any other carriers device so you would not have to unlock.

however, temp root exploits are typically patched quickly. htcdev is a reliable means of root to make other tools/exploits work. its much,much easier to simply unlock and install root and recovery than to keep looking for softwate temp root exploits.

with verizon you have no choice,since they do not allow official unlock.
 

S0wL

Senior Member
Jul 29, 2013
114
9
Hello, can you please tell me why do i get this error ?
 

Attachments

  • Untitled.png
    Untitled.png
    44 KB · Views: 393
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 31
    this thread will let you unlock your bootloader without htcdev,or let you change your hboot watermark from relocked or locked back to stock.

    originally,we used a zip file flashable in recovery. i have found it to work on gsm devices with 1.44 hboot and CW recovery. it did not work with twrp. if the following is too scary,feel free to test the zip files. that thread,info,and downloads can be found here. since not all recoverys are working,these values can be changed with simple adb commands.

    advantages
    -no hassle with htcdev,tokens,or unlock codes
    -no submitting your phones personal info to htc
    -the ability to get back to 100% stock without any visual traces or records of having been s off or unlocking your bootloader.

    you do NOT need to downgrade your hboot. this simple adb command works without any scary hboot downgrades.

    *you must be s off.
    *you must have superuser installed(see this thread if you need help installing superuser. use the keep bootloader locked directions)

    read this:
    this will not work if your s on. its not a way to magically unlock

    the usual disclaimers:
    use this info at your own risk. if it melts your phone into a little pile of aluminum goo,its not my fault.

    credits
    -beaups for giving me the echo comand,so yall didnt need to dump,edit with a hex editor,and copy back
    -strace for originally discovering the location of the lock status flag(check out this thread for more info)
    -kdj67f for fearlessly testing and putting up some screenshots in post 5. thanks!

    IF you are an advanced user with adb/fastboot set up and some basic knowlede of the cmd window,you can skip to #2
    1)set up adb


    -download this file
    -install drivers: if you have htc sync installed,you should allready have drivers. if not,you can install htc sync,or install these modified htc drivers from revolutionary (driver mirror)
    -unzip your miniadb_v1031.zip file. this is native funtionality in windows 7. you otherwise may need a utility such as "7-zip" to extract,or unzip it. place the unzipped folder onto the root of your C drive on your PC. root means the top level,not inside any folders. so just copy and paste,or drag and drop the folder onto C with everything else that is there. you may want to rename it to "miniadb_m7" since youll be putting some device specific files in here.
    -open a command window. on windows 7,click the start bubble in the lower left and type "command" in the search box. xp i believe is similar or the same. doing this should open a small black command window.
    -change to your miniadb_m7 directory. type the following at the prompt in your cmd window:

    cd c:\miniadb_m7

    your command promt should change to "c:miniadb_m7>" provided you: 1)unzipped the miniadb_v1031 zip file,and 2)put the folder on your c drive,and 3)entered the name of the folder correctly ("miniadb_m7" in this case)

    -now make sure usb debugging is checked in developer options(you will need to turn it on first),and plug your phone into your PC with a usb cable
    -make sure your phone is being recognized- type:

    adb devices

    if your drivers are installed correctly,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.

    if you get your serial number back,then enter this command:
    adb reboot bootloader

    this should take your phone to the "fastboot" screen,wich is white with colored letters. this is one mode of your bootloaders interactive modes. at the top youll see fastboot devices as confirmation youre in fastboot.

    now enter:
    fastboot devices
    again,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.

    if you get your serial number back,you can enter the following to boot back to the phones OS:
    fastboot reboot

    and now,youve installed adb/fastboot and tested youre phones drivers. if at either spot,you have trouble and dont get your serial number back,there is some sort of connection issue. use these steps to troubleshoot:
    troubleshooting connectivity issues:
    -try a reboot of the PC
    -try different usb cables and ports
    -dont use a usb hub
    -dont use usb 3.0
    -make sure nothing capable of comunicating with the phone is enabled and running. htc sync,pdanet,easy tether,and even itunes have all been known to cause issues.
    -windows 8 has been known to have issues. try a windows 7 or older machine

    failing the above,
    -i use these drivers for fastboot and adb(donwload and run as admin): http://downloads.unrevoked.com/HTCDriver3.0.0.007.exe (mirror)

    failing that,try manually updating the drivers in the following manner:
    -put the phone in fastboot mode(select fastboot from the hboot menu)
    -open device manager on the PC
    -plug in phone,watch for it to pop up in device manager.
    -update drivers with device manager,pointing the wizard to the extracted
    driver download folder from above

    note that you can check the connectivity of the phone,and make sure drivers are working by in the following manner:
    -open cmd window. change to directory containing adb/fastboot utilities

    -adb with the phone in the booted OS,usb debug enabled,enter:
    adb devices in a cmd window

    -fastboot with phone in fastboot,enter:
    fastboot devices in cmd window

    in either case,a properly connected phone with working drivers installed should report back the phones serial number.

    this process,in your cmd window,should look something like this:
    Code:
    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    
    C:\Users\Scott>[COLOR="red"]cd c:\miniadb_m7[/COLOR]
    
    c:\miniadb_m7>adb devices
    * daemon not running. starting it now on port 5037 *
    * daemon started successfully *
    List of devices attached
    FAxxxxxxxxxx    device
    
    
    c:\miniadb_m7>[COLOR="red"]adb reboot bootloader[/COLOR]
    
    c:\miniadb_m7>[COLOR="red"]fastboot devices[/COLOR]
    FAxxxxxxxxxx    fastboot
    
    c:\miniadb_m7>[COLOR="red"]fastboot reboot[/COLOR]
    rebooting...
    
    finished. total time: 0.037s
    
    c:\miniadb_m7>


    2)reset your "lock status flag"

    to LOCK your bootloader,enter the following:

    adb devices

    adb shell

    su (if needed to get a # prompt)

    echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
    (i would very strongly recomend you copy/paste this)

    exit
    (exit a second time if you need to to get back to a normal > prompt)

    adb reboot bootloader

    verify you are now locked
    _____________________________________________________________________________________________

    to UNLOCK your bootloader,enter the following:

    adb devices

    adb shell

    su (if needed to get a # prompt)

    echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
    (i would very strongly recomend you copy/paste this)

    exit
    (exit a second time if you need to to get back to a normal > prompt)

    adb reboot bootloader

    verify you are now unlocked



    *i have tested this on my gsm htc one. if someone wants to test on vzw,ill add you to the credits :)




    7
    99% is good enough for me haha! Phone just hut 50% charged, give me a minute. Will post back with pictures.

    Sent from my HTC6500LVW using XDA Premium 4 mobile app

    ---------- Post added at 08:56 PM ---------- Previous post was at 08:41 PM ----------

    Confirmed, code working. Flags set/reset. Phone even reboots and works :D will upload pics/screenshots.

    Thanks!

    Starting out unlocked:

    Locking:

    Locked:

    Unlocking:

    Re-unlocked:


    Very good work!
    3
    fastboot oem unlock does not work (for me at least). It returns an error. So, for instance, if you happen to wipe your ROM and can't run those ADB commands, you can at least still unlock this way.

    The reason I went through this was when RUUing. When you RUU, you have to lock your bootloader. Once the RUU happens, you are locked and you're stuck with stock recovery/no root. Still S-Off, but locked.

    Any suggestions as to how to unlock otherwise?

    Also, I did not know that about the token. That's interesting. Going to give it a try later today. (I'm hard-headed)

    never said fastboot oem unlock would work. on all het devices(with exception of GPE one and nexus one) youll need to submit an identifier token(wich contains all personal info,uncluding your htcdev registered name) and get an unlock_code.bin.

    sure,if you have an locked botloader and a non booting phone,you could change cid and unlock. however:
    -you do not need to relock to run an ruu while s off. go ahead and give that a shot too while your confirming ;) if you like an unlocked bootloader no need to ever lock it.
    -if youre s off,you dont actually need to unlock. you can install any image to any partition you want by packing a properly named image with a correct android info document and flashing it via fastboot and RUU mode on the phone:

    fastboot oem rebootRUU (will boot phone to ruu mode- black screen with silver htc)

    fastboot flash zip zipname.zip (full ruus may need run twice as hboot and radio are sometimes updated before the rest can continue)

    fastboot reboot-bootloader (takes you back to normal fastboot)

    on the token,change of any parameter(cid,mid,esn,etc) will prevent the unlock_code.bin from working.

    further questions? :)
    2
    Go back to post 14 ( http://xdaforums.com/showthread.php?p=47249943 )

    You will need to be rooted

    Sent from my HTC PG09410 using Tapatalk 2

    I feel stupid the thread was only 3 pages long and my lazy mass didn't read. I've been hopping back and forth aaaall night (and morning) trying to find a solution for this. Thanks! I'm giving it a shot now!

    WORKED! :) Now I can finally get some sleep! Thanks a lot scotty1223!!! Saved me the headache of finding a solution to the whole unlocktoken crap!
    2
    Hey Scotty,

    I can't thank you enough for this info. I really didn't want to unlock via htcdev and it's been getting tiring making zips for everything I want to flash. This solved my problem and is reversible without record. You are the man and thanks for putting in the time.