• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Team Infernal FakeCid AUTOMATIC bootloader unlock

Search This thread

jose51197

Senior Member
Jan 15, 2012
807
654
24
Cartago
First of all i want to thank captainrewind without his help and his device this wouldnt be possible, i didnt even own the device myself im just planning to buy it and with him offering himself to test everything, well we combined knowledges and made it all you need to do is simple:

Anyone wanting to know how this Started read http://forum.xda-developers.com/showthread.php?t=1984936


mdmower experienced issues with ril(calls and else) and contacts not syncing so i worked with him and we discovered supercid is responsable for this so the only thing you got to do is reverse cid(thats option number 3 on script) and you are ready to go, no need to relock bootloader!!, they are 2 versions of script one with recovery one without its your choice, the recovery one is pretty big 8mb and without only a few kbytes, screenshots below
the one with recovery
attachment.php

The one without recovery
mdmower said
I have another script update. The temproot method is no longer used to change the cid after you're unlocked. Those procedures now assume you have superuser installed (root) and are much faster and more reliable.

My package still does not include a recovery image to reduce the size of the download, but I have included a menu option to install recovery - you simply need to download either CWM or TWRP and put recovery.img in the same directory as the script.

attachment.php


Special Note: If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time. I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.

Also please note as mdmower said Special Note: If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time. I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.

The script is attached below, script unlocks bootloader and installs a recovery for you, not root but you can find intructions on next post

THANKS:
Bin4ry for temproot method
Grankin01 for the cid base
mdmower for correcting script
Superdave for discovering temp root(forgot to mention before sorry)



The manual way!!!!

DO AN ADB BACKUP BEFORE STARTING AS THIS WILL RESTORE TO FACTORY DEFAULTS!

EVERYTIME WE SAY TYPE IT MEANS TYPING THE CODE AND PRESSING ENTER

SOME USERS ARE HAVING ISSUES TEMPROOTING. IF SO PLEASE DO FACTORY RESET AND/OR REINSTALL THE RUU BEFORE STARTING. Also, verify you are NOT using a USB 3.0 port by looking at the inside of the port itself on your computer. If it's blue, it's USB 3.0 and you need to use a different port.

Requirements:
•A hex editor
•Android sdk(fastboot and adb at least)
•Recommended 50% battery or more and usb debugging on
•Be updated to the latest ruu with sense 4.1 (version 2.17.605.2)

Quick how-to temproot (written by captainrewind):
Read here for some detail (FOR REFERENCE ONLY, all instructions are below): http://forum.xda-developers.com/showthread.php?t=1886460
Download the file http://ul.to/h44f6vni

So lets start:

First, if you haven't already, download and install the HTC drivers.

On your phone, go to Settings -> Developer options, and enable USB debugging.

Next, go to Settings -> Connect to PC and change Default connection type to Disk drive and disable Ask me.

Plug your phone into the computer, and wait until it pops up asking what you want to do with the newly plugged in phone.

Close the pop ups and go press the Start button and type "cmd". It should pop up with "cmd.exe". Right click on it and click Run as Administrator.

Download this file with the fake backup in it.
Once downloaded, unzip it to C:\Root.
Navigate to the folder in the command Prompt by typing
Code:
cd c:\Root\stuff
Now that you're there, type:
Code:
adb devices
If your phone pops up in the list, you're good to go!
Next, type
Code:
adb restore fakebackup.ab
DO NOT click OK to the restore on the device just yet!
Now type:
Code:
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done"
(errors will appear, ignore)
Accept the restore on the device, then type:
Code:
adb reboot
(At this time, you are temprooted, and the phone UI will be in an unusable state, with temproot shell.)
After reboot type:
Code:
adb shell
Verify that the prompt is "#" (meaning root) or "$" (meaning normal user). If it's not "#", please start over.
At this point, you can optionally do this ONLY if you want to revert changes:
Code:
rm /data/local.prop
exit
adb reboot

if everything went right proceed to second part

2nd part(written by me)
Obtaining supercid

type
Code:
dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4

Close cmd and start a new one then type
Code:
adb pull /sdcard/mmcblk0p4

Open the file (mmcblk0p4) with your hex editor.

Look for offset 00000210 and you should see VZW__001 with your imei on the right

Change VZW__001 to 11111111 and save the file as mmcblk0p4MOD

Now go back to your command prompt and type
Code:
adb push mmcblk0p4MOD /sdcard/mmcblk0p4MOD

Type
Code:
adb shell

Type
Code:
dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4
If suceeded close the window and start a new one and type "adb reboot bootloader" then "fastboot oem readcid" and that should show you 11111111

Now, go to htcdev.com website, sign up, login, and select the "Unlock Bootloader" option from their site and follow the instructions, selecting other supported devices from their dropdown menu.

bugs:
If you experience issues with com.android.phone crashing when placing/receiving calls or your contacts refuse to sync, you may need to change your cid back to its origintal state (VZW__001). This is proceure 3 in the script and will not affect your unlock or data (perform a backup just in case though!).



After that you can install a recovery or root the rom following captainrewind post below
 
Last edited:

CaptainRewind

Senior Member
Oct 19, 2009
154
150
Denver, CO
Honorable mention goes to superdave for discovering the temproot method by Bin4ry works after the latest RUU.

This is no joke people and it shows what a lot of support from those who came before us, a little persistence to try a combination of things, and collaboration can accomplish.
I made a new friend today as well. NOW BRING ON THE CUSTOM ROMS!

imag0577b.jpg


I've now successfully flashed TWRP and SU binary and Superuser.apk. Here's how:

CM Recovery:
See this thread for details on the CWM Recovery.

TWRP:
THANKS TO ANDYBONES FOR THE UPDATED TWRP LINKS AND INSTRUCTIONS!

TWRP Download:
http://dl.dropbox.com/u/26383143/HTC Incredible 4G/TWRP2.2_recovery.img

TWRP Instructions:
Code:
adb reboot bootloader
Once in the bootloader:
Code:
fastboot flash recovery TWRP2.2_recovery.img
Code:
fastboot reboot

Once TWRP is flashed:
Download the Superuser apk and binaries from here:
http://androidsu.com/superuser/

Then, push them to your EXTERNAL SD:
Code:
adb push "Superuser-3.1.3-arm-signed.zip" /sdcard/ext_sd

Then, reboot into recovery:
Code:
adb reboot recovery

From the TWRP Recovery, use the "Install" feature to select and install the zip.

Reboot

YOU ARE NOW ROOTED!
 
Last edited:

brycekerr

Senior Member
Aug 12, 2010
511
145
Dayton
I flipping love you guys
So why don't we have cm10 yet? ;)
Sent from my ADR6410LVW using Xparent Blue Tapatalk 2
 
Last edited:

Linch89

Senior Member
Jul 11, 2011
1,788
303
Jacksonville
i think we should wait for yall to finish whatever yall are doing before we (especially me) start asking boot questions about how to use this

---------- Post added at 07:04 PM ---------- Previous post was at 06:42 PM ----------

But seriously what does this mean :p

, and cd to the stuff/ dir inside the zip
 
Last edited:

andybones

Forum Moderator
Staff member
May 18, 2010
14,726
14,996
Google Pixel 5
Last edited:
  • Like
Reactions: bberryhill0

brycekerr

Senior Member
Aug 12, 2010
511
145
Dayton
Perfect, thanks! And that's why I wanted root lol, I ran that on my Rez

Error:
"while is not recognized as an internal/external command"
Is that the error we are supposed to ignore? and also I need a device encryption password to restore, anybody know what it is?
 
Last edited:

CaptainRewind

Senior Member
Oct 19, 2009
154
150
Denver, CO
So what do you recommend for a hex editor?

UltraEdit is a 30-day trial, download here: http://www.ultraedit.com/.
If you've used it before and are outside the 30-days, go OpenSource and use Frhed: http://frhed.sourceforge.net/en/

---------- Post added at 05:22 PM ---------- Previous post was at 05:19 PM ----------

i think we should wait for yall to finish whatever yall are doing before we (especially me) start asking boot questions about how to use this

---------- Post added at 07:04 PM ---------- Previous post was at 06:42 PM ----------

But seriously what does this mean :p

, and cd to the stuff/ dir inside the zip

Jose is updating it... it just means after you unzip it and open terminal to CD to the c:\path\of\unzipped\file\stuff\ dir

---------- Post added at 05:28 PM ---------- Previous post was at 05:22 PM ----------

Perfect, thanks! And that's why I wanted root lol, I ran that on my Rez

Error:
"while is not recognized as an internal/external command"
Is that the error we are supposed to ignore? and also I need a device encryption password to restore, anybody know what it is?

Whoops, sorry that's my mistake... that needs to be run from adb shell. Hang on, Jose is fixing. Encryption password should be blank.
 
Last edited:

brycekerr

Senior Member
Aug 12, 2010
511
145
Dayton
Upon reboot my phone starts to boot into the OS....I can see its connected to the network and stuff in the notification bar, but all I can see is the wallpaper and the screen is completely unresponsive

This is after adb reboot
 

Top Liked Posts

  • There are no posts matching your filters.
  • 69
    First of all i want to thank captainrewind without his help and his device this wouldnt be possible, i didnt even own the device myself im just planning to buy it and with him offering himself to test everything, well we combined knowledges and made it all you need to do is simple:

    Anyone wanting to know how this Started read http://forum.xda-developers.com/showthread.php?t=1984936


    mdmower experienced issues with ril(calls and else) and contacts not syncing so i worked with him and we discovered supercid is responsable for this so the only thing you got to do is reverse cid(thats option number 3 on script) and you are ready to go, no need to relock bootloader!!, they are 2 versions of script one with recovery one without its your choice, the recovery one is pretty big 8mb and without only a few kbytes, screenshots below
    the one with recovery
    attachment.php

    The one without recovery
    mdmower said
    I have another script update. The temproot method is no longer used to change the cid after you're unlocked. Those procedures now assume you have superuser installed (root) and are much faster and more reliable.

    My package still does not include a recovery image to reduce the size of the download, but I have included a menu option to install recovery - you simply need to download either CWM or TWRP and put recovery.img in the same directory as the script.

    attachment.php


    Special Note: If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time. I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.

    Also please note as mdmower said Special Note: If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time. I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.

    The script is attached below, script unlocks bootloader and installs a recovery for you, not root but you can find intructions on next post

    THANKS:
    Bin4ry for temproot method
    Grankin01 for the cid base
    mdmower for correcting script
    Superdave for discovering temp root(forgot to mention before sorry)



    The manual way!!!!

    DO AN ADB BACKUP BEFORE STARTING AS THIS WILL RESTORE TO FACTORY DEFAULTS!

    EVERYTIME WE SAY TYPE IT MEANS TYPING THE CODE AND PRESSING ENTER

    SOME USERS ARE HAVING ISSUES TEMPROOTING. IF SO PLEASE DO FACTORY RESET AND/OR REINSTALL THE RUU BEFORE STARTING. Also, verify you are NOT using a USB 3.0 port by looking at the inside of the port itself on your computer. If it's blue, it's USB 3.0 and you need to use a different port.

    Requirements:
    •A hex editor
    •Android sdk(fastboot and adb at least)
    •Recommended 50% battery or more and usb debugging on
    •Be updated to the latest ruu with sense 4.1 (version 2.17.605.2)

    Quick how-to temproot (written by captainrewind):
    Read here for some detail (FOR REFERENCE ONLY, all instructions are below): http://forum.xda-developers.com/showthread.php?t=1886460
    Download the file http://ul.to/h44f6vni

    So lets start:

    First, if you haven't already, download and install the HTC drivers.

    On your phone, go to Settings -> Developer options, and enable USB debugging.

    Next, go to Settings -> Connect to PC and change Default connection type to Disk drive and disable Ask me.

    Plug your phone into the computer, and wait until it pops up asking what you want to do with the newly plugged in phone.

    Close the pop ups and go press the Start button and type "cmd". It should pop up with "cmd.exe". Right click on it and click Run as Administrator.

    Download this file with the fake backup in it.
    Once downloaded, unzip it to C:\Root.
    Navigate to the folder in the command Prompt by typing
    Code:
    cd c:\Root\stuff
    Now that you're there, type:
    Code:
    adb devices
    If your phone pops up in the list, you're good to go!
    Next, type
    Code:
    adb restore fakebackup.ab
    DO NOT click OK to the restore on the device just yet!
    Now type:
    Code:
    adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done"
    (errors will appear, ignore)
    Accept the restore on the device, then type:
    Code:
    adb reboot
    (At this time, you are temprooted, and the phone UI will be in an unusable state, with temproot shell.)
    After reboot type:
    Code:
    adb shell
    Verify that the prompt is "#" (meaning root) or "$" (meaning normal user). If it's not "#", please start over.
    At this point, you can optionally do this ONLY if you want to revert changes:
    Code:
    rm /data/local.prop
    exit
    adb reboot

    if everything went right proceed to second part

    2nd part(written by me)
    Obtaining supercid

    type
    Code:
    dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4

    Close cmd and start a new one then type
    Code:
    adb pull /sdcard/mmcblk0p4

    Open the file (mmcblk0p4) with your hex editor.

    Look for offset 00000210 and you should see VZW__001 with your imei on the right

    Change VZW__001 to 11111111 and save the file as mmcblk0p4MOD

    Now go back to your command prompt and type
    Code:
    adb push mmcblk0p4MOD /sdcard/mmcblk0p4MOD

    Type
    Code:
    adb shell

    Type
    Code:
    dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4
    If suceeded close the window and start a new one and type "adb reboot bootloader" then "fastboot oem readcid" and that should show you 11111111

    Now, go to htcdev.com website, sign up, login, and select the "Unlock Bootloader" option from their site and follow the instructions, selecting other supported devices from their dropdown menu.

    bugs:
    If you experience issues with com.android.phone crashing when placing/receiving calls or your contacts refuse to sync, you may need to change your cid back to its origintal state (VZW__001). This is proceure 3 in the script and will not affect your unlock or data (perform a backup just in case though!).



    After that you can install a recovery or root the rom following captainrewind post below
    50
    Honorable mention goes to superdave for discovering the temproot method by Bin4ry works after the latest RUU.

    This is no joke people and it shows what a lot of support from those who came before us, a little persistence to try a combination of things, and collaboration can accomplish.
    I made a new friend today as well. NOW BRING ON THE CUSTOM ROMS!

    imag0577b.jpg


    I've now successfully flashed TWRP and SU binary and Superuser.apk. Here's how:

    CM Recovery:
    See this thread for details on the CWM Recovery.

    TWRP:
    THANKS TO ANDYBONES FOR THE UPDATED TWRP LINKS AND INSTRUCTIONS!

    TWRP Download:
    http://dl.dropbox.com/u/26383143/HTC Incredible 4G/TWRP2.2_recovery.img

    TWRP Instructions:
    Code:
    adb reboot bootloader
    Once in the bootloader:
    Code:
    fastboot flash recovery TWRP2.2_recovery.img
    Code:
    fastboot reboot

    Once TWRP is flashed:
    Download the Superuser apk and binaries from here:
    http://androidsu.com/superuser/

    Then, push them to your EXTERNAL SD:
    Code:
    adb push "Superuser-3.1.3-arm-signed.zip" /sdcard/ext_sd

    Then, reboot into recovery:
    Code:
    adb reboot recovery

    From the TWRP Recovery, use the "Install" feature to select and install the zip.

    Reboot

    YOU ARE NOW ROOTED!
    8
    New script v3

    I've overhauled the script to allow for new options, see the screenshot:
    attachment.php


    This should make it easier for everyone to change their CID if problems arise with SuperCID. A bit more automation has been put into the unlock process as well to prevent user error. I have tested processes 1-3 on my phone with success, but I haven't done testing beyond this, so the standard disclaimer applies: I am not liable for problems that may arise with your phone due to usage of this tool.

    Also, I've removed recovery and other unneeded files from the package to trim down the size (only 213KB now). You can follow the directions in Post 2 to flash a recovery like TWRP.

    Special Note: If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time. I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.

    EDIT: Scripts are now located in this thread.
    4
    I added a temp-root only option to the script for those who want more automation during the S-OFF process.

    attachment.php


    The following notes apply to all my script versions:
    1. The package does not include a recovery image; this helps reduce the size of the download. To use the menu option for recovery installation, you need to download either TWRP or CWM and put recovery.img in the same directory as the script.
    2. If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time (if they exist). I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.

    EDIT: Scripts are now located in this thread.
    4
    I have a cautionary tale from a recent experience. It's not meant to scare you, but rather to keep you informed so you know what to do in a similar situation.

    Some background: I was unlocked using this method, running stock with SU installed, and TWRP was flashed over my recovery

    On Tuesday, I could no longer make or receive calls. This was apparently a software issue because I could actually see a call trying to come through, then com.android.phone would crash. The same process would crash when I tried to dial out. Unfortunately it couldn't be fixed with the usual tricks:
    1. clearing data from phone, dialer, contacts app, and facebook sync
    2. factory reset from the bootloader
    3. switching ROMs to Viper (properly wiping along the way)
    4. re-locking the phone and running the RUU (both from the .exe and from the PJ53IMG.zip method), then factory resetting
    I was pretty bummed at this point.

    I had wondered about reverting the cid from SuperCid back to VZW__001, but didn't think it would mess with communication to the radio. jose51197 suggested that it actually could if integrity checks were being made by any processes, so I applied this hack again and set my cid back to VZW__001. After factory reset, my phone worked just fine. Note: factory reset after cid change likely not necessary, but remember to remove /data/local.prop so your phone can boot again.

    First and foremost, if you find yourself in a similar situation, know that it can be remedied. The only unanswered question right now, is what would happen to your phone if you revert your cid while your bootloader is still unlocked. I doubt this is advisable. To be on the safe side, lock your bootloader before changing your cid back to VZW__001.

    For those experiencing this issue, or for the cautious who want to take precautionary steps, you can follow this procedure:
    1. SuperCid
    2. Unlock bootloader
    3. Mess with stuff (install a new rom, flash a new recovery, flash a new package)
    4. Re-lock bootloader
    5. Revert cid to VZW__001
    I hope this doesn't become necessary for everyone, because it's cumbersome and requires you to keep messing with mmcblk0p4, but it is at least an option.

    EDIT: Another side effect of this issue was contacts refusing to sync. Of my 300 Google contacts, only 14 ever came through.