FORUMS
Remove All Ads from XDA
H10 Turbo

Tutorial: How to Customize/Modify/Hack your HBoot.img

n/a posts
Thanks Meter: 0
 
By Modding.MyMind, Guest on 22nd November 2013, 03:38 AM
Post Reply Email Thread
This build is for
development purposes only
Do not distribute outside of HTC
without HTC's written permission.
Failure to comply may
lead to legal action.

Ok friends, as we all know, it is very possible to modify the HBoot and this isn't the first time it has been done before. @old.splatterhand has loaded and shared such HBoots for the K2_UL and K2_U variants. @russellvone has as well loaded and shared such HBoot for the K2_CL variant and currently has made one for Cricket users too.

What this tutorial will do for this community is explain how it is done so that we all as a family can learn and grow together. I am a hands on type of guy and one of my pep peeves is being left in the dark so I am taking the time to explain some things. So let's get started.

Requirements for this TUTORIAL:
- A good hex editor is needed so click and download HxD
- I also use IDA (but that is me and for other purposes mainly - so stick with HxD)
- HBoot.img - I won't be supplying this so, sorry everyone. You will need to grab it elswhere

Please keep in mind that if you install a custom HBoot and your device receives an OTA you may be required to flash back the stock HBoot just like you would with your stock recovery.

STEPS
Go ahead and open up HxD. Drag & drop the HBoot image file into the HxD Window.
Note - no matter if its a raw, dd, dumped, piece, or an .img or an .nb0 file - the edit will take place all the same.

I will be using HBoot 2.21 from the original 4.2.2 OTA during this tutorial. Now go ahead and hit CTRL+F or go to the Search tab then click Find. Search for "This build is" - without quotations...

You will then see this in HxD:

Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

0013C7F0  4F 2D 00 00 4F 70 65 6E 44 53 50 2D 00 00 00 00  O-..OpenDSP-....
0013C800  20 28 00 00 65 4D 4D 43 2D 62 6F 6F 74 00 00 00   (..eMMC-boot...
0013C810  25 73 20 25 64 4D 42 00 4F 63 74 20 32 38 20 32  %s %dMB.Oct 28 2
0013C820  30 31 33 2C 32 32 3A 30 39 3A 31 36 2E 25 64 00  013,22:09:16.%d.
0013C830  4F 63 74 20 32 38 20 32 30 31 33 2C 32 32 3A 30  Oct 28 2013,22:0
0013C840  39 3A 31 36 00 00 00 00 45 6E 74 65 72 69 6E 67  9:16....Entering
0013C850  20 52 65 63 6F 76 65 72 79 2E 2E 2E 00 00 00 00   Recovery.......
0013C860  45 6E 74 65 72 69 6E 67 20 4D 46 47 20 4B 65 72  Entering MFG Ker
0013C870  6E 65 6C 2E 2E 2E 00 00 45 6E 74 65 72 69 6E 67  nel.....Entering
0013C880  20 4D 44 4D 20 52 61 6D 64 75 6D 70 20 6D 6F 64   MDM Ramdump mod
0013C890  65 2E 2E 2E 00 00 00 00 54 68 69 73 20 62 75 69  e.......This bui
0013C8A0  6C 64 20 69 73 20 66 6F 72 00 00 00 64 65 76 65  ld is for...deve
0013C8B0  6C 6F 70 6D 65 6E 74 20 70 75 72 70 6F 73 65 73  lopment purposes
0013C8C0  20 6F 6E 6C 79 00 00 00 44 6F 20 6E 6F 74 20 64   only...Do not d
0013C8D0  69 73 74 72 69 62 75 74 65 20 6F 75 74 73 69 64  istribute outsid
0013C8E0  65 20 6F 66 20 48 54 43 00 00 00 00 77 69 74 68  e of HTC....with
0013C8F0  6F 75 74 20 48 54 43 27 73 20 77 72 69 74 74 65  out HTC's writte
0013C900  6E 20 70 65 72 6D 69 73 73 69 6F 6E 2E 00 00 00  n permission....
0013C910  46 61 69 6C 75 72 65 20 74 6F 20 63 6F 6D 70 6C  Failure to compl
0013C920  79 20 6D 61 79 00 00 00 6C 65 61 64 20 74 6F 20  y may...lead to 
0013C930  6C 65 67 61 6C 20 61 63 74 69 6F 6E 2E 00 00 00  legal action....
0013C940  5B 44 49 53 50 4C 41 59 5F 45 52 52 5D 20 61 6C  [DISPLAY_ERR] al
0013C950  6C 6F 63 61 74 65 20 68 65 61 70 20 66 6F 72 20  locate heap for 
0013C960  73 70 6C 61 73 68 20 69 6D 61 67 65 20 66 61 69  splash image fai
Please take note of what is written in red. This is that little pesky warning label that pops up when running a custom kernel and/or custom recovery.

I look forward to this part as I will be showing how to remove it - and any of you can too (manually of course).

Now, in this particular HBoot (2.21) you find that the text begins at Offset 0013C890

Code:
0013C890  65 2E 2E 2E 00 00 00 00 54 68 69 73 20 62 75 69  e.......This bui
The beginning of the warning from HTC starts with the letter T from the word This. Remember how I said to take notice of the highlighted red? If you look at number 54 you notice it is the beginning of this warning. Don't worry, HxD will show you where it begins. Just use the mouse to click where that letter or symbol is and it will show a dotted line box around that number as being the reference point from there forward (or backwards lol).

To edit and remove this warning label is very simple. You will be hex editing this image file needless to say - if you haven't realized it yet. YOU WILL NOT BE MAKING ANY CHANGES ON THE RIGHT OF HxD!!!!

We will be replacing ALL of the letters with text by spacing it. To do so we must first find out what number represents a 'space'. This is simple, as you only need to hover your mouse over a space in between two letters in which it will highlight its number with a dotted line box. In this case a space would be the number 20. So what we are going to do is remove every text of that warning label with a space by implementing the number 20 in the proper places to each of the given text letter.

PLEASE NOTE!! ---- It is HIGHLY recommended that you DO NOT replace each text letter in the left panel with the number 00.
- The reason for this is because 00 stands for blank which in the Hex world is not consider a 'text'. Where as a space is considered a text and since we are replacing text it would be best to do so with other text so the HBoot will still see text even though the warning label will no longer show up anymore. It just would seem to be of best interests and just overall safer.

This is what you will see after you replace all the text letters with the number 20:

Code:
Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

0013C7F0  4F 2D 00 00 4F 70 65 6E 44 53 50 2D 00 00 00 00  O-..OpenDSP-....
0013C800  20 28 00 00 65 4D 4D 43 2D 62 6F 6F 74 00 00 00   (..eMMC-boot...
0013C810  25 73 20 25 64 4D 42 00 4F 63 74 20 32 38 20 32  %s %dMB.Oct 28 2
0013C820  30 31 33 2C 32 32 3A 30 39 3A 31 36 2E 25 64 00  013,22:09:16.%d.
0013C830  4F 63 74 20 32 38 20 32 30 31 33 2C 32 32 3A 30  Oct 28 2013,22:0
0013C840  39 3A 31 36 00 00 00 00 45 6E 74 65 72 69 6E 67  9:16....Entering
0013C850  20 52 65 63 6F 76 65 72 79 2E 2E 2E 00 00 00 00   Recovery.......
0013C860  45 6E 74 65 72 69 6E 67 20 4D 46 47 20 4B 65 72  Entering MFG Ker
0013C870  6E 65 6C 2E 2E 2E 00 00 45 6E 74 65 72 69 6E 67  nel.....Entering
0013C880  20 4D 44 4D 20 52 61 6D 64 75 6D 70 20 6D 6F 64   MDM Ramdump mod
0013C890  65 2E 2E 2E 00 00 00 00 20 20 20 20 20 20 20 20  e.......        
0013C8A0  20 20 20 20 20 20 20 20 20 00 00 00 20 20 20 20           ...    
0013C8B0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C8C0  20 20 20 20 20 00 00 00 20 20 20 20 20 20 20 20       ...        
0013C8D0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C8E0  20 20 20 20 20 20 20 20 00 00 00 00 20 20 20 20          ....    
0013C8F0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C900  20 20 20 20 20 20 20 20 20 20 20 20 20 00 00 00               ...
0013C910  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C920  20 20 20 20 20 00 00 00 20 20 20 20 20 20 20 20       ...        
0013C930  20 20 20 20 20 20 20 20 20 20 20 20 20 00 00 00               ...
0013C940  5B 44 49 53 50 4C 41 59 5F 45 52 52 5D 20 61 6C  [DISPLAY_ERR] al
0013C950  6C 6F 63 61 74 65 20 68 65 61 70 20 66 6F 72 20  locate heap for 
0013C960  73 70 6C 61 73 68 20 69 6D 61 67 65 20 66 61 69  splash image fai
Once you have completed the task of overwriting the bytes then go ahead and save your work. Now comes the MOST IMPORTANT PART EVER!!!

- Compare both the original and modified HBoot.img file and MAKE SURE that the modified image is reading the exact same bytes in size as the original!
- If the modified file is just ONE byte to large or to small when compared to the original file then you better delete that file and try the whole process over again!! DO NOT FLASH THAT MODIFIED FILE IF THE BYTES SIZE IS NOT THE SAME AS THE ORIGINAL FILE OR YOU WILL BRICK YOUR DEVICE!.
- If both files are the exact same sizes then you are clear to flash the new modified HBoot image which will remove that pesky red text. There is much more that can be done with the HBoot, but for starters this tutorial will suffice for now.

If this tutorial was helpful to you then please click on thanks

---- Happy hunting.
The Following 11 Users Say Thank You to Modding.MyMind For This Useful Post: [ View ] Gift Modding.MyMind Ad-Free
 
 
9th December 2014, 12:05 PM |#2  
rb2tfm's Avatar
Member
Flag Walk -n- Dont walk
Thanks Meter: 20
 
More
Thank You for the tut. I only have a few questions.

1) Is there anyway through adb or otherwise to 'pull' the original hboot file from the phone ?

2) Does the newly created hboot file need to be zipped or flashed in fstboot the way it is?

Thank You for your time =)
1st May 2015, 01:10 AM |#3  
Junior Member
Thanks Meter: 0
 
More
extracting your hboot.img
Quote:
Originally Posted by rb2tfm

1) Is there anyway through adb or otherwise to 'pull' the original hboot file from the phone ?

I think this might work:
$ adb shell
shell:/ $ su
shell:/ # dd if=/dev/block/mmcblk0p12 of=/sdcard/hboot.img
shell:/ # exit
shell:/ $ exit
$ adb pull /sdcard/hboot.img
5th August 2015, 08:24 AM |#4  
SidRobo's Avatar
Senior Member
Flag Tehran
Thanks Meter: 88
 
Donate to Me
More
Quote:
Originally Posted by gepr

I think this might work:
$ adb shell
shell:/ $ su
shell:/ # dd if=/dev/block/mmcblk0p12 of=/sdcard/hboot.img
shell:/ # exit
shell:/ $ exit
$ adb pull /sdcard/hboot.img

hi. i copied hboot.img from my phone but when i want to open it with HxD, it shows just 0 but no number or red note
SHM
9th August 2015, 12:35 AM |#5  
Guest
Thanks Meter: 0
 
More
Quote:
Originally Posted by SidRobo

hi. i copied hboot.img from my phone but when i want to open it with HxD, it shows just 0 but no number or red note

Hello, I am the original member that made this thread a while back. Grab the hboot.img from the OTA and you will find what you are looking for.

But do know that the following command will properly dump your hboot.img:
Code:
dd if=/dev/block/mmcblk0p12 of=/sdcard/hboot.img
As you can see in the picture below, I could easily modify this right on my phone and not even touch a computer , but of course at the time that I wrote this thread I did not know the potentials for being able to conduct "development" projects without the use of a pc and simply right on the device.



Sent from my C525c using Tapatalk
9th August 2015, 08:53 AM |#6  
SidRobo's Avatar
Senior Member
Flag Tehran
Thanks Meter: 88
 
Donate to Me
More
Quote:
Originally Posted by SHM

Hello, I am the original member that made this thread a while back. Grab the hboot.img from the OTA and you will find what you are looking for.

But do know that the following command will properly dump your hboot.img:

Code:
dd if=/dev/block/mmcblk0p12 of=/sdcard/hboot.img
As you can see in the picture below, I could easily modify this right on my phone and not even touch a computer , but of course at the time that I wrote this thread I did not know the potentials for being able to conduct "development" projects without the use of a pc and simply right on the device.



Sent from my C525c using Tapatalk

hi. thank you for the answer but could you pls explain more, I'm noob
how is it possible without pc?????!!!
SHM
9th August 2015, 09:09 AM |#7  
Guest
Thanks Meter: 0
 
More
Quote:
Originally Posted by SidRobo

hi. thank you for the answer but could you pls explain more, I'm noob
how is it possible without pc?????!!!

Using a hex editor such as what you saw in the picture would suffice. Then, comparing the size of the non modified hboot.img with the modified hboot.img as I mentioned in the instructions. Then, when all is good, I use the following command to write the modified hboot.img to my partition.
Code:
dd if=/sdcard/modified_hboot.img of=/dev/block/mmcblk0p12
But be careful when doing all of this. You mess up on the hboot and you will find yourself with a hard bricked device.

Sent from my C525c using Tapatalk
9th August 2015, 03:41 PM |#8  
SidRobo's Avatar
Senior Member
Flag Tehran
Thanks Meter: 88
 
Donate to Me
More
Quote:
Originally Posted by SHM

Using a hex editor such as what you saw in the picture would suffice. Then, comparing the size of the non modified hboot.img with the modified hboot.img as I mentioned in the instructions. Then, when all is good, I use the following command to write the modified hboot.img to my partition.

Code:
dd if=/sdcard/modified_hboot.img of=/dev/block/mmcblk0p12
But be careful when doing all of this. You mess up on the hboot and you will find yourself with a hard bricked device.

Sent from my C525c using Tapatalk


Sorry man because i'm noob
My problem is with this part ***Grab the hboot.img from the OTA and you will find what you are looking for.***
I don't know exactly what ota is and how to get hboot
Could u plz explain more about it or but a link?
Again Sorry for disturbing u
And sorry for my bad english

Sent from my Desire 300 X515e using XDA Forums
SHM
9th August 2015, 07:48 PM |#9  
Guest
Thanks Meter: 0
 
More
Quote:
Originally Posted by SidRobo

Sorry man because i'm noob
My problem is with this part ***Grab the hboot.img from the OTA and you will find what you are looking for.***
I don't know exactly what ota is and how to get hboot
Could u plz explain more about it or but a link?
Again Sorry for disturbing u
And sorry for my bad english

Sent from my Desire 300 X515e using XDA Forums

I just noticed your signature shows you using a Desire phone. Do you own an HTC One SV? This thread is based on the HTC One SV so I want to verify before I continue.

Sent from my C525c using Tapatalk
9th August 2015, 08:16 PM |#10  
SidRobo's Avatar
Senior Member
Flag Tehran
Thanks Meter: 88
 
Donate to Me
More
Quote:
Originally Posted by SHM

I just noticed your signature shows you using a Desire phone. Do you own an HTC One SV? This thread is based on the HTC One SV so I want to verify before I continue.

Sent from my C525c using Tapatalk

i have a htc desire 300
INFOversion: 0.5
INFOversion-bootloader: 1.18.0002
INFOversion-baseband: 14.11.36Q4.21
INFOversion-cpld: None
INFOversion-microp: None
INFOversion-main:
INFOversion-misc: PVT SHIP S-OFF
INFOserialno: ----------------
INFOimei: ----------------
INFOmeid:
INFOproduct: g3u
INFOplatform: HBOOT-8225
INFOmodelid: 0P6A10000
INFOcidnum: 11111111
INFObattery-status: good
INFObattery-voltage: 4340mV
INFOpartition-layout: HTC
INFOsecurity: off
INFObuild-mode: SHIP
INFOboot-mode: FASTBOOT
INFOcommitno-bootloader: dirty-e1c32097
INFOhbootpreupdate: 12
INFOgencheckpt: 0
SHM
9th August 2015, 08:21 PM |#11  
Guest
Thanks Meter: 0
 
More
Then mmcblk0p12 probably isn't the partition that holds the hboot on your device. You need to go to your device forum and request a link for the most recent OTA made available. Should be compress as a zip. When you extract there will be another compressed zip typically called, firmware.zip. Extract and you should hopefully find your signed hboot.img.

Sent from my C525c using Tapatalk
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes