[HOWTO] Remove the Hero's security and CID locks

Search This thread
By:
Advanced…
A

agent-5

Member
Oct 9, 2009
22
0
Software

Hi everyone,

I've just got all the parts for the cable and will build it tonight. One small oversight, does anyone know of any suitable (and free!) software that I can use on a Windows 64x Vista System? :eek:

I notice the author of this thread is using a terminal under Linux. I've downloaded Ubuntu and am going to start using it soon and learning Linux (thanks HTC Hero!). But for the mean time, if someone could point me in the right direction that would be great.

Thanks in advance.
 
A

agent-5

Member
Oct 9, 2009
22
0
Half way there

Hi everyone,

I've built the cable and it connects to the phone with no problems at all. I'm using 'Advanced Serial Port Terminal 5.5' to access the phone and can see an echo of whats being displayed in the terminal window.

A few problems though:

1. I'm using version HBOOT-1.76.0007 and not the recommended 1.76.0004 version

2. Fastboot boot hackspl.img does not work. It gives me the error:

downloading 'boot.img'... FAILED (remote: not allow)

I've got an image of 0004 HBOOT and I'm running Cyanogens latest recovery ROM, so if anyone could give me some help reverting back to 0004, that would be fantastic!

Thanks in advance.
 
Jesterz

Jesterz

Retired Moderator
Apr 27, 2006
443
122
agent-5 said:
Hi everyone,

I've built the cable and it connects to the phone with no problems at all. I'm using 'Advanced Serial Port Terminal 5.5' to access the phone and can see an echo of whats being displayed in the terminal window.

A few problems though:

1. I'm using version HBOOT-1.76.0007 and not the recommended 1.76.0004 version

2. Fastboot boot hackspl.img does not work. It gives me the error:

downloading 'boot.img'... FAILED (remote: not allow)

I've got an image of 0004 HBOOT and I'm running Cyanogens latest recovery ROM, so if anyone could give me some help reverting back to 0004, that would be fantastic!

Thanks in advance.
Click to expand...
Click to collapse


if you can, just run this update.zip and downgrade your SPL, also make sure you use the correct radio rom mentioned in the first post.

I've attached the SPL in update.zip format for more people if needed.

(just rename the zip file to update.zip and run it from the recovery rom)
 

Attachments

  • Hero-spl-1.76.0004-signed.zip
    204.3 KB · Views: 179
A

agent-5

Member
Oct 9, 2009
22
0
Jesterz said:
if you can, just run this update.zip and downgrade your SPL, also make sure you use the correct radio rom mentioned in the first post.

I've attached the SPL in update.zip format for more people if needed.

(just rename the zip file to update.zip and run it from the recovery rom)
Click to expand...
Click to collapse

Thanks Jesterz. Trying it now.

UPDATE:

Can confirm that my phone is now CID unlocked. (Had to downgrade my radio, but once I upgraded back to the latest version, the CID lock was still off.) Great stuff!

Thanks again to everyone!
 
Last edited:
packetlss

packetlss

Senior Member
Aug 10, 2009
236
8
agent-5 said:
Thanks Jesterz. I may be being dumb here (long day at work), so I just add the file you provided to my SD card (called update.zip) and use Cyanogen Recovery rom to apply the update? Will this affect my MoDaCo ROM and would I have to reinstall everything?

Thanks.
Click to expand...
Click to collapse
No, it will only flash your bootloader, nothing else is touched.
 
A

ash1980

New member
Oct 19, 2009
3
0
Hi,
im new to this,
i have an UK orange locked phone bought from ebay. I requested code from various unlocking websites. No joy.
Will this method of removing the cid locks using the debug cable aslo remove my simlock?
 
A

Al936

Senior Member
Mar 10, 2007
269
248
Did it!

Just did it.
Thanks a lot to adq and others!!!
This actually works and my Hero became security unlocked and is super-CID.

Some questions:
1. I have upgraded back to radio 6.35.07.08. But how to revert back to hboot 1.76.0007?

2. Before remove the Hero's security and CID locks I made nandroid backup.
If I will do nandroid RESTORE, will this affect my security unlocking and super-CID status?

Alex
 
Last edited:
A

agent-5

Member
Oct 9, 2009
22
0
004 or 007

Just a thought:

I've been using my Hero for the last few days and forgot to update the Boot Image back to 007 from 004 after the CID-Unlock process. I can't really see a difference in boot speed and only switch my phone on in the morning and off in the evening.

Seeing as its a prerequisite to have 004 before CID-Unlocking, would it be better to leave it 'as-is' rather than upgrading back to 007? Does 004 give more functionality (with the USB/Serial and Terminal programs) than 007?

I've not ventured into the low-level commands yet (may never need to), so any forum members have any comments? :confused:

004 or 007, please cast your votes now!
 
Last edited:
Jesterz

Jesterz

Retired Moderator
Apr 27, 2006
443
122
although a good point, this goes outside the scope of removing the security/cid lock, so create a new thread if you want to discuss which SPL is better :)
 
N

neosub

New member
Jul 21, 2007
3
0
Help

Hi everyone

I need help. Can u tell me how i can upgrade my hero with any rom. I buy it on internet in hongkong. I tried to put a new official rom but the process stop before end and impossible. Is it meen than i have to make the cid unlock process if i want to put any roms.

Thanks
 
I

irishandrew

Member
Jun 12, 2007
20
0
Hey Guys,

Thanks to the OP (adq) for the instructions - built a cable and unlocked my Orange Hero without issue.

For the poster (ash1980) asking if this network unlocks the hero (I presume that's what you meant?) - in my case (with Orange UK) it unlocked the CID, however I still needed to input the network unlock code to enable the use of other SIM's (running it on Vodafone at the moment). This might not be the case all the time though? Particularly if it is locked on another network? (We know how ridiculous Orange are being with their policies, especially considering unsubsidised phones).

However with the SuperCID enabled, and the networklock altered through the cable, the code worked without issue - unlike before where it would say unlocked yet be unable to register on the network, and relock on reboot.

Thanks again to everyone's advice :)

Andrew.
 
P

patp

Senior Member
Oct 27, 2006
697
39
Just to be clear, will this method sim unlock a current Orange branded Hero, or does one need to buy an unlock code separately?
 
I

irishandrew

Member
Jun 12, 2007
20
0
co

Just to be clear, my Orange locked hero required the CID unlock AND a purchased unlock code to work.

Accesing the phone using the cable allowed for the unlock code to function. This may not always be the case as the unlock should theoretically enable the network unlock following superCID.

Alternatively it has been mentioned by a few people that flashing the modaco custom ROM 2.8 has made the previously non-functioning codes to work and is a good first step before messing about with serial cables.

-andrew
 
A

Al936

Senior Member
Mar 10, 2007
269
248
irishandrew,

Let me ask the following way.
If I have Orange locked hero and would like to unlock it so it can work with any SIM card. What I need to do:
1. To purchase unlock code and apply it?
2. To make CID unlock using the cable as described in the first post?
3. point 2 above plus point 1 above?
4. something not mentioned by me?


Thanks,
Alex
 
Z!L0G80

Z!L0G80

Senior Member
Sep 22, 2007
114
40
CPU
"[email protected]=1,%x,%s",0xD,0
"[RADIO_ERR] >Enable SimLock %x error!",0xA,0

"[email protected]=2,1,%s",0xD,0
"[RADIO_ERR] >Add Network Code error !",0xA,0

"[email protected]?%x",0xD,0
"[RADIO_ERR] >List SimLock Code %x error!",0xA,0

"[email protected]=3,%x",0xD,0
"[RADIO_ERR] >Clear SimLock Code error !",0xA,0

"[email protected]?4" ; DATA XREF: sub_8F047324+14o
"[RADIO_ERR] >Get SimLock error !",0xA,0

"[email protected]?AA",0xD,0
"[RADIO_ERR] >Get Security Flag error !",0xA,0

"[email protected]=7,%d",0xD,0
"[RADIO_ERR] >Set Security Flag error !",0xA,0

"[email protected]=9,%x",0xD,0
"[RADIO_ERR] Unlock SimLock by SmartCard NG",0xA,0

:)
 
I

irishandrew

Member
Jun 12, 2007
20
0
@Alex,

Ok, let me break it down;

There are 2 types of Orange Hero out there:

a) Normally network locked hero that can be unlocked with a purchased code
b) CID/Security locked hero that will not successfully unlock with a code (unless the code is supplied directly from Orange).

As far as I know there is no way to tell which one you have until you try and unlock it with a code. In this case, you will get a message saying Network Unlock Successful, however the phone will not register on a network (and may display the sim card symbol with a red "X" on it). Similarly on a reboot it will once again ask for the network unlock code. The phone cannot be used like this.

For unlocking, the best sequence is as follows:
1) Buy a code and try it, you might be lucky with which batch your hero came from and it may just work.

2) If this fails, flash the MoDaCo Custom ROM 2.8 and retry using the above code; this appears to have worked for a few people.

3) If the above 2 methods fail, the cable unlock seems the most reliable. During the process there is a terminal command:
[email protected]=8,0
This disables the security lock, however NOT the network lock. What that means (to my understanding at least) is that it removes the lock in place that prevents the purchased code from functioning. In other words it DOES enable the code to work - and did so in my case.

So even if you need to go the cable route, you'll need a code anyhow, and as such it makes sense to purchase a code first and try method 1 & 2 above just in case - saving the expense of making the cable. For me that wasn't much - I only needed the extUSB connector and the USB/UART PCB, as I already have my own wire and soldering equipment, but for someone who doesn't have access to such things (perhaps at a university or school you could get access?) it might be a bit pricey, especially considering the need for the code anyhow...

If you find for some reason that you don't need the code (you'll know straight away after the cable unlock as when you boot with the new SIM in place it will ask you for the Network Unlock Code) then request a refund, on the basis that it did not actually work for you and you had to seek another method. I find this an unlikely outcome however, I believe you still need the code?

Perhaps there is a way of bypassing the network lock through the terminal using the serial connection - however I am afraid I do not know it!

Hope this was helpful
-Andrew.

Al936 said:
irishandrew,

Let me ask the following way.
If I have Orange locked hero and would like to unlock it so it can work with any SIM card. What I need to do:
1. To purchase unlock code and apply it?
2. To make CID unlock using the cable as described in the first post?
3. point 2 above plus point 1 above?
4. something not mentioned by me?


Thanks,
Alex
Click to expand...
Click to collapse
 
You must log in or register to reply here.

Similar threads

elelinux
[ROM]Elelinux-7.2-Hero-v3.9 Android 2.3.7 (2012-07-03)
Replies
5K
Views
2M
danielsf
danielsf
Jesterz
[HOWTO] Create a GoldCard - Bypassing the RUU/SPL CID check to Root/Downgrade
Replies
272
Views
294K
nikz106
nikz106
nprussell
  • Locked
[ROM]04/05/10 - VillainROM 5.5: Release Version - for GSM HERO
Replies
5K
Views
875K
MacaronyMax
MacaronyMax
Amon_RA
[Recovery ROM] [15-August-2010] RA-hero-v1.7.0.1
Replies
1K
Views
688K
M
MMartins
nprussell
  • Locked
[ROM]-[13/03/10- 14:48 GMT] VillainROM 3.4! (HTC Sense - Android 2.1)
Replies
8K
Views
1M
MacaronyMax
MacaronyMax

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 2
    A
    adq
    This should allow you to remove the security and CID locks from the HTC Hero.

    Do *not* attempt this if you haven't done this sort of thing before or are at all unsure; I can't be held responsible if you break your phone.

    You will need:
    * An HTC debug *serial* cable. There are instructions on how to build one elsewhere on xda-developers.com.
    * Serial terminal software - I use minicom under linux myself.
    * A USB cable.
    * The zip file downloaded from here.
    * A PC with a copy of the "fastboot" program.
    * A HERO handset with the 63.18.55.06_6.35.04.25 radio firmware version and the 1.76.0004 HBOOT version. Other versions can probably be supported, but I've no interest in doing this myself. However, source is included in the download for others to do so if they wish.


    Overview:

    The MSM7201A used on the Hero has two CPU cores, an ARM9 and an ARM11. The ARM9 runs the radio software, and the ARM11 runs android. The ARM9 boots its own bootloaders first, which sets up the radio, and security. It then boots the ARM11 CPU, which runs its own bootloader, providing the "fastboot" functionality amongst other things.

    Both CPUs use the same DRAM, but there is a hardware paritioning system built into the MSM7201A which prevents each CPU from writing to each others memory spaces. Luckily this can be disabled.

    The ARM9 bootloader can be entered by holding VOLUP when powering up. The phone will vibrate three times and the power LED will be green. However the screen will remain black. This supports many serial commands, only a few of which are available in security-locked mode.

    The ARM11 bootloader can be entered by holding VOLDOWN or BACK when powering up. It shows the three-androids-on-skateboards logo. It supports USB control using the android-specific fastboot protocol, but also has a serial HBOOT mode which supports a few commands. There is a second hidden set of commands which are not accessible without software patching.

    This patch will:
    * Temporarily enable the additional ARM11 commands.
    * Temporarily disable checks on a few ARM9 radio AT commands to allow the removal of locks.

    The patches to the software are done in RAM, so the patches will "vanish" on a powercycle. However, executing the patched AT commands below will write to HTC config area in flash, so the security-off and super-CID modes /will/ persist.



    Instructions:

    Note: all commands obviously need <ENTER> pressed after them :)

    1. Connect the serial cable and start your terminal software (115200 8N1)
    2. Power up the phone holding down VOLDOWN (this boots into the ARM11 HBOOT mode). You should see various messages and get a command prompt.
    3. Type "rtask b" and wait for a while until it says "AT-Command Interpreter ready" (this starts the radio software running on the ARM9 and accesses its AT interface).
    4. Type "retuoR" (this returns to the ARM11 HBOOT software).
    5. Enter fastboot mode by pressing the "BACK" button on the phone.
    6. Unplug the serial cable and plug in the USB cable.
    7. Boot the hackspl.img by running "fastboot boot hackspl.img" on your PC.
    8. The screen will go black and show the normal boot logo. However if you press "VOLDOWN" the screen should clear and you'll re-enter HBOOT mode.
    9. Unplug the USB cable and plug in the serial cable again.
    10. Type "rtask b" - This will enter the radio AT interface.
    11. Type "ATE1" - this will enable character echo mode, which helps with typing a lot!
    12. Type "[email protected]=8,0" - this will disable security. It should print "0" when done, which may take a few seconds.
    13. Type "[email protected]=11111111" - this will set the "Super-CID". It should print "0" when done, which may take a few seconds.
    14. Type "retuoR" - returns to the ARM11 bootloader.
    15. Type "erasebcid" - this will erase the "backup CID" from the ARM11.

    After this lot, your phone should be security unlocked and be super-CID. On reboot, the ARM11 skateboard screen should say "S-OFF" instead of "S-ON"
    on the top line. On a normal boot, you should see "Device is Super-CID" printed over the serial port at some point before it boots android.

    You will be able to flash system/boot/recovery etc directly using the fastboot command from your PC.

    If you type "h" after step 15, you'll see a much bigger list of commands than normal - these are the ARM11 hidden commands.

    If you boot into the ARM9 bootloader (hold VOLUP on powerup) with security-off, and type "h" you'll see a list of some of the ARM9 commands. There are actually more; it just doesn't list them in the help screen.
    View

New posts