[ROOT] Think-tank - AT&T, Rogers HTC One X, Telstra One XL

So, I'm starting this thread to start trying to put a root method together.
I've started work on a unsecure boot image using the at&t boot.img from 1.68
(going to try and get a 'INSECURE BOOT AND ROOT' going for our devices that paulobrien already has going for teg3 models)
I'd like a confirmation that the at&t 1.68 ruu does indeed work 100% without issue on the rogers devices. As there's no Rogers RUU, I'm taking a big leap with semi-bricking a pretty expensive device that I bought outright and would like to minimize risk (I still am willing to take the risk)
Also, any other information/help/idea's from other dev's or users alike would also be appreciated.
Let's get this ball rolling without waiting for the at&t release...
Edit: Has anyone attempted to compare the partition table to the one already somewhat put together for the Tegra 3 One X ?
PS: I'm going over information regarding the regular one x, and comparing them to the extracted items from the 1.68 evita ruu (so I can get a sense of the makeup of our devices) ... I might have to make us a partition table comparison similar to mike1986's

from my understanding and research... the Rogers and AT&T are identical minus the HIGHEND bloadware

Even the CID is the same?!
Wow that's good news for AT&T people, they can flash the Rogers RUU to gain more features
For rooting... Possible to unlock with htcdev?
Then we only need a custom recovery to push busy box and whatever to get root

ytwytw said:
Even the CID is the same?!
Wow that's good news for AT&T people, they can flash the Rogers RUU to gain more features
For rooting... Possible to unlock with htcdev?
Then we only need a custom recovery to push busy box and whatever to get root
Click to expand...
Click to collapse
I haven't done it myself yet, but some misguided users did unlock their bootloader and flashed the CWM for the Tegra edition of the One X. So I'd assume we're good on that front. I was going to start trying to compile CWM for our device on the weekend, but life got in the way.

I've unlocked my bootloader through HTCDev. I also believe the CID are the same but please don't quote me on that. I spent hours trying to correct my device so everything is a blur.
I believe that outside the carrier bloatware that the Rogers and AT&T devices are completely identical. I've killed just about every piece of Sense software too and my device is running flawlessly. On a side note, I'm quite impressed at how polished this is and that Sense isn't the beast it was on previous devices. Re-enabled a lot of features and I quite enjoy them.

LNKNPRKFN said:
from my understanding and research... the Rogers and AT&T are identical minus the HIGHEND bloadware
Click to expand...
Click to collapse
The same was the case between the Telus DHD and the Inspire 4G... But one was the PD9814000, while the other was a PD9812000 (ordered respectively). I wouldn't doubt the same. The original DHD was PD9810000 (DHD 9191), and there was also a PD9815000 as well floating around in the asian market (I think Korea) and was simply another variant of the TelusDHD/Inspire (9192).
If someone were to hop into an at&t store and check their display model, what it says on the back under the FCC logo .. or better yet install terminal on it and run /sbin/grep and get the androidboot.mid value to accurately get the CID, would be best.
Sent from my HTC One X using xda premium

craig0r said:
I haven't done it myself yet, but some misguided users did unlock their bootloader and flashed the CWM for the Tegra edition of the One X. So I'd assume we're good on that front. I was going to start trying to compile CWM for our device on the weekend, but life got in the way.
Click to expand...
Click to collapse
Well, if our recovery sits in the same partition as the teg3 device, then we might actually have a chance.
Sent from my HTC One X using XDA premium

Also, here's a link to a 1.68 mirror I put up. More reliable that the one's currently available.
http://d-h.st/hoA
Will upload more as I get them (clicking my user name will get the full listing of items I have available; 'ER3BUS' is NOT for the One X if anyone's wondering)
Sent from my HTC One X using XDA Premium

JSLEnterprises said:
The same was the case between the Telus DHD and the Inspire 4G... But one was the PD9814000, while the other was a PD9812000 (ordered respectively). I wouldn't doubt the same. The original DHD was PD9810000 (DHD 9191), and there was also a PD9815000 as well floating around in the asian market (I think Korea) and was simply another variant of the TelusDHD/Inspire (9192).
If someone were to hop into an at&t store and check their display model, what it says on the back under the FCC logo .. or better yet install terminal on it and run /sbin/grep and get the androidboot.mid value to accurately get the CID, would be best.
Sent from my HTC One X using xda premium
Click to expand...
Click to collapse
On the Rogers unit, it's NM8PJ83100.
I believe some AT&T customers here said they had the same number on their pre-orders.

JSLEnterprises said:
Well, if our recovery sits in the same partition as the teg3 device, then we might actually have a chance.
Sent from my HTC One X using XDA premium
Click to expand...
Click to collapse
(This may be a dumb question.)
Even if it's not on the same partition, does that really matter when we can just "fastboot flash recovery cwm.img?" Of course we'd have to find the partition locations, but I think fastboot should be enough to get us off to a start. Maybe I'm wrong. I've never had the chance to work on rooting a device, but with this one being so new, I'm hoping I get a chance to help out.

craig0r said:
(This may be a dumb question.)
Even if it's not on the same partition, does that really matter when we can just "fastboot flash recovery cwm.img?" Of course we'd have to find the partition locations, but I think fastboot should be enough to get us off to a start. Maybe I'm wrong. I've never had the chance to work on rooting a device, but with this one being so new, I'm hoping I get a chance to help out.
Click to expand...
Click to collapse
Compiling a proper working cwm 'port' (if you will), kinda requires adaptation of code to correspond to the device's partition table... values need to change for commands for it to work properly and not cause your device to brick (you wouldnt want to flash the recovery to mmcblk0p05 if the recovery isnt in that partition)
(think back to the sd partition issue with cwmrecovery early last year which repartitioned some device's emmc instead of the sd)
I personally havent dabled in kernel / recovery compiling... so I'm only going off the amount of knowledge that I know; I could be wrong however.

I'm an AT&T rep, and I have a One X on hand. I can't take it home with me, but here's some info that you guys have been needing. Let me know what else you guys need me to find out/dump.
CID is CWS_001
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

danielsaenz said:
I'm an AT&T rep, and I have a One X on hand. I can't take it home with me, but here's some info that you guys have been needing. Let me know what else you guys need me to find out/dump.
CID is CWS_001
[ two images]
Click to expand...
Click to collapse
Thanks.
I also have a modelid confirmation that the 1.68 is indeed the same as the 'release' firmware, and that our devices are identical.
I'll be attempting a down n dirty 'boot n root' tonight.

k4p741nkrunch said:
Also, I think the only holdup is finding and verifying the partitions then you just sign up to HTCdev, get the unlock.bin file and fastboot flash the modded cwm.
Click to expand...
Click to collapse
I'd rather fastboot flash a modded boot image (since thats easy to change) rather than flash an untested recovery, espeically since I'm the one changing the default prop values, and permissions in init.rc the boot.img. lol.
Edit: The boot image i'll be modifying is the 1.68 boot image.
k4p741nkrunch said:
Root access shouldn't be necessary to cat the init file and list the partitions right?
Click to expand...
Click to collapse
no, you dont need root for that.

danielsaenz said:
What is the command to get the partition table?
Is it done on the phone, fastboot, or adb?
Let me know and I will find that out for you.
Click to expand...
Click to collapse
dev: size erasesize name
mmcblk0p23: 000ffa00 00000200 "misc"
mmcblk0p22: 00fffe00 00000200 "recovery"
mmcblk0p21: 01000000 00000200 "boot"
mmcblk0p33: 67fffc00 00000200 "system"
mmcblk0p30: 00140200 00000200 "local"
mmcblk0p34: 0ffffe00 00000200 "cache"
mmcblk0p35: 97fffe00 00000200 "userdata"
mmcblk0p26: 01400000 00000200 "devlog"
mmcblk0p28: 00040000 00000200 "pdata"
mmcblk0p36: 27be00000 00000200 "fat"
mmcblk0p31: 00010000 00000200 "extra"
mmcblk0p17: 02d00000 00000200 "radio"
mmcblk0p18: 00a00000 00000200 "adsp"
mmcblk0p16: 00100000 00000200 "dsps"
mmcblk0p19: 00500000 00000200 "wcnss"
mmcblk0p20: 007ffa00 00000200 "radio_config"
mmcblk0p24: 00400000 00000200 "modem_st1"
mmcblk0p25: 00400000 00000200 "modem_st2"
---
Using ADB - adb shell cat /proc/emmc
dsixda's kitchen auto root did not work for the stock ROM, it results in bootloop. Also, my other bootimg decompilation tools aren't working either. I know what to do, just not how to get it to boot on my phone. logcat doesn't pick anything up, either. If anyone has any ideas on how to get the boot.img decompiled/recompiled, feel free to send it my way.

So, I think Paul may have beaten me to it.
But I'm still going to test my edits later tonight anyways. heh

RMatt1992 said:
dev: size erasesize name
mmcblk0p22: 00fffe00 00000200 "recovery"
Click to expand...
Click to collapse
Just make's you wonder what's actually sitting in our 5th partition (the recovery location of the endeavor)
RMatt1992 said:
dsixda's kitchen auto root did not work for the stock ROM, it results in bootloop. Also, my other bootimg decompilation tools aren't working either. I know what to do, just not how to get it to boot on my phone. logcat doesn't pick anything up, either. If anyone has any ideas on how to get the boot.img decompiled/recompiled, feel free to send it my way.
Click to expand...
Click to collapse
dsixda's kitchen is really only for gingerbread devices.
I use that kitchen... just to 'cook' the final release into a signed zip.

FYI, Rogers CID = ROGER001, so they are different unfortunately.

RMatt1992 said:
FYI, Rogers CID = ROGER001, so they are different unfortunately.
Click to expand...
Click to collapse
doesnt matter...
ro.aa.modelid=PJ831000 <- key value (this is what usually denotes hardware variance... usually the third last '0' becomes a different number)
same as the at&t one x.
the maincid and cidlist values mean nothing other than software branding.

JSLEnterprises said:
doesnt matter...
ro.aa.modelid=PJ831000 <- key value (this is what usually denotes hardware variance... usually the third last '0' becomes a different number)
same as the at&t one x.
the maincid and cidlist values mean nothing other than software branding.
Click to expand...
Click to collapse
Cheers, I thought the CID was important for something.

Related

Bootloader update 1.33.2005

just got this pushed to my Mytouch 3G. maybe this will be rootable
Sounds promising. How did you push SPL 1.33.2005 to your Mytouch3G?
got a pop up on my phone for the update. although not that im trying to download it, I keep getting an error
i have the mytouch 3g as well and i'm getting the same error... it doesn't seem to want to install...
my predictions is that this is a new modified SPL, probably not going to help in the rooting department... i personally think that it is a bootloader update as well as a sherpa + app pack update for the current mytouch's that are out and about
motivecc said:
i have the mytouch 3g as well and i'm getting the same error... it doesn't seem to want to install...
my predictions is that this is a new modified SPL, probably not going to help in the rooting department... i personally think that it is a bootloader update as well as a sherpa + app pack update for the current mytouch's that are out and about
Click to expand...
Click to collapse
Might be a little small for all of that. Its only 184 kb
yes, i know the 184kb size is going to small, but what i'm saying is that it is probably a new even more secure SPL designed specifically for the mytouch so that sherpa + t-mobile apps are going to be much harder to extract and pull to other phones, as i'd imagine these apps are specifically for the mytouch and possibly g1 users
Can we have the url to this update? Use logcat or ddms while downloading the update. 2005 is normally an engineerings spl...
seems to be some issue downloading the update. maybe it will be fixed soon
here is the link:
https://android.clients.google.com/updates/internal/hboot-1.33.2005.7d682800.zip
Thanks for the link
Main questions : Does the update work?!
If so, so you have "fastboot reboot recovery.img" possibilities now?
as of now i don't know of anybody that has been able to successfully install this update... i've tried deleting everything that could possibly be related to the issue on my sd card, as well as doing several reboots and even a wipe and it still doesn't want to install
motivecc said:
as of now i don't know of anybody that has been able to successfully install this update... i've tried deleting everything that could possibly be related to the issue on my sd card, as well as doing several reboots and even a wipe and it still doesn't want to install
Click to expand...
Click to collapse
the update is probably signed with test keys, if you put it on your sd and rename to update, you get verification failed -no signature.
[ nevermind lol ]
Just got this update sent to my, My Touch as well. I am also experiencing the problem that it won't install. Did anyone else notice what it says below the update information? Direct quote from the phone "This software update will prepare your device to receive an update to the operating system. You will not lose any data as a result of this upgrade. You will be notified of another update once this has been installed." I wonder what will be included in that update? On a side note anyone using a T-Mobile My Touch 3g missing the Exchange support that is supposedly included? I know that unbranded magic have it already but I thought that T-Mobile's My Touch was going to have it as well. Anyhow hope I am able to install this update soon.
Has anyone on other networks eg Vodafone received this?
Wonder what T-Mobile have in store that other carriers haven't yet launched?
Far too early for Donut
As has been said probably to further lock the devices down
It also says "You will be notified of another update one this has been installed."
I want my Exchange support and visual voicemail!!!!
Install on my Magic
Sapphire Pvt 32B ENG S-OFF G
HBOOT-1.33.2005 (SAPP10000)
CPLD-10
Radio-2.22.19.26I
May 5 2009,01:19:59
dev: size erasesize name
mtd0: 00040000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00280000 00020000 "boot"
mtd3: 05a00000 00020000 "system"
mtd4: 05000000 00020000 "cache"
mtd5: 127c0000 00020000 "userdata"
Crios said:
Install on my Magic
Sapphire Pvt 32B ENG S-OFF G
HBOOT-1.33.2005 (SAPP10000)
CPLD-10
Radio-2.22.19.26I
May 5 2009,01:19:59
dev: size erasesize name
mtd0: 00040000 00020000 "misc"
mtd1: 00500000 00020000 "recovery"
mtd2: 00280000 00020000 "boot"
mtd3: 05a00000 00020000 "system"
mtd4: 05000000 00020000 "cache"
mtd5: 127c0000 00020000 "userdata"
Click to expand...
Click to collapse
did it work on your magic? is that what you are saying? by the S=OFF that means its fastboot'able. what phone do you have? is it a vodaphone/Rogers???
korndub said:
did it work on your magic? is that what you are saying? by the S=OFF that means its fastboot'able. what phone do you have? is it a vodaphone/Rogers???
Click to expand...
Click to collapse
Works perfectly on my Vodafone MAGIC (PVT 32B)
and is possible use fastboot boot ...
Crios said:
Works perfectly on my Vodafone MAGIC (PVT 32B)
and is possible use fastboot boot ...
Click to expand...
Click to collapse
Crios - different phone - the update i provided is signed with test keys as i speculated.... the VOdafone magic is bootloader unlocked (S-Off) the mytouch S-ON..

[How To] Flash ICS ROMs with S-ON Unlocked

This only really applies to those with S-ON Unlocked, HBOOT 1.45.0013. Once we figure out how to get S-OFF on all phones, this guide will become unneeded! In the meantime, this is here for those of us that are S-ON but want to play with ICS.
THIS TUTORIAL ALSO APPLIES TO ANY CUSTOM ROMS THAT REQUIRE A CUSTOM KERNEL.
If you're S-ON LOCKED, go HERE and UNLOCK your phone!
I'm assuming you have
Fastboot set up as a PATH, or copied to the folder you are extracting boot.img to
HTC Drivers installed
Clockwork Recovery
1.) Grab your ROM of choice.
2.) Open up your ROM in 7zip or another file compression program.
3.) Extract the "boot.img" file that's inside to a folder.
4.) Open the command prompt and go to the folder you extracted the "boot.img" file too.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
"cd" in the command prompt stands for "change directory", so you will need to type that before the path to where your boot.img file is located.
5.) Reboot your phone into fastboot mode. To do this, turn off your phone by holding down the "Volume down" and "Power" buttons until the fastboot screen arrives. There should be three Androids on skateboards on the bottom.
6.) Press the power button once on the "fastboot" option. Your phone should now connect to the computer and it should say "fastboot usb" on your phone.
7.) In the command prompt, type the following command:
Code:
fastboot flash boot boot.img
8.) Assuming you've done everything properly, this will overwrite the existing kernel on your phone with the kernel that comes with your ROM.
9.) Now, reboot your phone into Recovery. At this point, flash your ROM by flashing the zip file.
10.) Reboot and enjoy your new ROM!
Thanks to Blue6IX for telling me how to do this and to yogi2010 for making me realize I forgot to tell people to actually flash the ROM itself. Figured I'd make a guide for those that didn't know about it since it's probably hidden somewhere underneath pages and pages of comments on other ROMs.
probably worth stickying for a while till we get to know how to downgrade to an s-offable state?
Amazing work guys.
I'm also lucky the phone I purchased off Craigslist was root able.
Sent from my HTC myTouch_4G_Slide using xda premium
I can confirm this does indeed work as advertised. I'm S-On Unlocked with latest HBOOT, installed pyr-o-ice 1.1.1 yesterday, its running as it should.
ZeikHunter said:
I can confirm this does indeed work as advertised. I'm S-On Unlocked with latest HBOOT, installed pyr-o-ice 1.1.1 yesterday, its running as it should.
Click to expand...
Click to collapse
Nice to hear that
We need this stickied, don't we? Who do we have to contact?
sent from HTC Doubleshot pyroiced
tbalden said:
Nice to hear that
We need this stickied, don't we? Who do we have to contact?
sent from HTC Doubleshot pyroiced
Click to expand...
Click to collapse
We should just get you and Blue moderator status lol
Limewirelord said:
We should just get you and Blue moderator status lol
Click to expand...
Click to collapse
This thread's been reported!
And thusly stickied. Voila!
Will this method work for all of the ROMs we have here for the mt4gs? One I have been looking at is Bulletproof. If I use the same technique you've explained, will I get the same end result?
Just got a MT4GS a couple days ago. It was updated to 1.45.0013. I read up to see that it couldn't be S-OFF'd or rooted due to locked bootloader..."oh crap!". Searched more and ran into this... "hells yeah!" Worked like a charm! Now running Pyr-o-ice desensed...awesome stuff! Thanks a lot!
xzuhto said:
Will this method work for all of the ROMs we have here for the mt4gs? One I have been looking at is Bulletproof. If I use the same technique you've explained, will I get the same end result?
Click to expand...
Click to collapse
yep, it will work!
Awesome I look forward to flashing.
Sent from my myTouch_4G_Slide using Tapatalk
hi, pls excuse my ignorance.
does this method grant su access?
j.books said:
hi, pls excuse my ignorance.
does this method grant su access?
Click to expand...
Click to collapse
All of the ICS roms (and all of the custom GB roms as far as i know) are rooted here, and include the 'su' binary and superuser apk. That's what counts, so short answer:
yes
YESSSSS!!! But got damn I can't wait until S-OFF is a reality. This sucks lol but its better than having Tmobile take over ym phone with retarded apps. Thanks to all you DEV dudes who work hard for this device..
d3athb4dishonor said:
YESSSSS!!! But got damn I can't wait until S-OFF is a reality. This sucks lol but its better than having Tmobile take over ym phone with retarded apps. Thanks to all you DEV dudes who work hard for this device..
Click to expand...
Click to collapse
We'll nail it eventually. It's a tough nut to crack, but at least along the way we found a temporary fix.
We can now go back to S-ON from S-OFF, and the standard response to how to do that for the longest time was 'it's not possible'. Anything is possible with the right amount of effort invested. I am sure we'll come up with some more goodies along the way...some are brewing even now.
I've made S-ON to S-OFF my life's work until it's done, and have mostly given up on everything else I was working on to achieve that end.
There are a few other devs who have been spending a lot of time on this as well, and we are working together and unraveling the issue one layer at a time.
We'll get it, but it's the toughest nut to crack - the manufacturer is doing whatever they can to prevent us from being able to do so...there is a specific effort to block us from doing it that must be overcome.
Meantime, since we don't have a real RUU for this phone on any software version, the search for one came back with the leaked copy of the OTA as an official signed HTC package. ( To me it seemed like a consolation prize after the exhausting search for an RUU...didn't get one, but got at least this )
I'm glad someone went ahead and made a guide for people to use it to at least get unlocked since HTC broke the OTA they actually pushed over-the-air, this package is what it was supposed to be.
Hang in there, we'll get all you guys S-OFFed as soon as we can!
Y'all are doing a kickass job man. I'm sure once this phone is all the way opened up and dev see that, it will gain more publicity. I unlocked my phone with the htcdev.com, but haven't loaded up a rom yet. All I've really done is uninstalled a few bloatware apps, but can't wait until I can have total access to everything and see what this badboy has to offer.
Sent from my myTouch_4G_Slide using xda premium
ok.. noob question, can I flash boot after flashing custom rom?
First off: Thanks are due across the board, as well as to the man who made the .exe Noob-proof app it helped a little bit and worked great
Second: Okay.. I recieved a warranty replacement..new HBoot. following this guide I did all required.
UPON using fastboot command to boot the boot.img it reboots and starts to boot up PyroIce 1.1.2..... which you say isnt right since i need to flash the ROM again in Recovery..
If i Do that it wont boot again and hangs on the MT4GS splash screen, i think it is actually due to the fact that i also flash the adreno drivers patch, but i am not going to try and tinker with it.
bottom line, working... thanks so much guys
shazam1203 said:
ok.. noob question, can I flash boot after flashing custom rom?
Click to expand...
Click to collapse
I've seen that boot.img is where the kernels are, and I've seen that to flash an ICS ROM in that thread that in order to flash an ICS ROM on a MT4GS you need to flash a kernel after the ROM, in the form of a boot.img.
So I'll say, hesitantly, "yes".
Unless, of course, you meant something else. That, or, I misunderstood something somewhere...
---------- Post added at 08:34 PM ---------- Previous post was at 08:18 PM ----------
CoNsPiRiSiZe said:
First off: Thanks are due across the board, as well as to the man who made the .exe Noob-proof app it helped a little bit and worked great
Click to expand...
Click to collapse
I don't know about the dot-exe but I'll agree nonetheless.
CoNsPiRiSiZe said:
Second: Okay.. I recieved a warranty replacement..new HBoot. following this guide I did all required.
UPON using fastboot command to boot the boot.img it reboots and starts to boot up PyroIce 1.1.2..... which you say isnt right since i need to flash the ROM again in Recovery..
If i Do that it wont boot again and hangs on the MT4GS splash screen, i think it is actually because i also flash the adreno drivers patch, but i am not going to try and tinker with it.
bottom line, working... thanks so much guys
Click to expand...
Click to collapse
I don't know much about the whole ROM thing and Android in general. I come from G1 land, where everything was easy . You just flash the ROM and you're done. However, if I understand correctly, here you just flash the ROM you want (ICS whatever) and then the kernel (boot). Did I miss something along the way?
I would think that the kernel should be no different conceptually than the one in Linux (or Windows, or OS-X, or...). It's the interface between the software packages ("Android", plus the apks, framework, all that) and the hardware. So really, I don't see why any ROM shouldn't work as long as your kernel has everything the ROM needs to interface with the hardware and the framework has everything the ROM needs to interface with the software (or the software with the kernel). Do I understand correctly?
[EDIT]
I just reread that... you booted the hboot via fastboot instead of writing it to the phone first... which I guess is smarter than what I did -- cus if it won't work at least you don't brick it that way. Do you have a link to the howto for that? I'm sure it's simple and easy, I just have never done it...
[/EDIT]

[Q] Firmware Images from RUUs and OTAs

Does anybody know what the tz.img and rpm.img are for? (Or point me to where this is explained.)
From the looks of it, tz has to do with encryption and security,
and rpm has to do with clocks, voltages (power management).
Those of us with older hboots who don't take RUUs or OTAs but manually flash radios will fall behind on those. Since that typically involves radio (cellular/gps/..?), wcnss (wifi) and adsp (audio processing and routing?).
I don't think I'm too interested in updating tz.img, in case it causes more restrictions, much like updating hboot,
but I wonder whether updating rpm.img could be beneficial, or at some point even necessary for compatibility.
(rpm goes in mmcblk0p10, tz goes in mmcblk0p11)
Thanks,
-Jobo
Edit: Ok, so I flashed the rpm.img from the 2.31 OTA, and I can hereby report that
* it takes (I extracted it again after a reboot and it was the new one) and
* it does not brick the device, nothing seems broken.
touch of jobo said:
Does anybody know what the tz.img and rpm.img are for? (Or point me to where this is explained.)
From the looks of it, tz has to do with encryption and security,
and rpm has to do with clocks, voltages (power management).
Those of us with older hboots who don't take RUUs or OTAs but manually flash radios will fall behind on those. Since that typically involves radio (cellular/gps/..?), wcnss (wifi) and adsp (audio processing and routing?).
I don't think I'm too interested in updating tz.img, in case it causes more restrictions, much like updating hboot,
but I wonder whether updating rpm.img could be beneficial, or at some point even necessary for compatibility.
(rpm goes in mmcblk0p10, tz goes in mmcblk0p11)
Thanks,
-Jobo
Edit: Ok, so I flashed the rpm.img from the 2.31 OTA, and I can hereby report that
* it takes (I extracted it again after a reboot and it was the new one) and
* it does not brick the device, nothing seems broken.
Click to expand...
Click to collapse
do you notice any differences whatsoever? How do you know it properly flashed?
-Sent from my HTC One S.-
chrikenn said:
do you notice any differences whatsoever? How do you know it properly flashed?
Click to expand...
Click to collapse
I know it flashed, because after a reboot I extracted the partition again from the device. What I got out was the same as what I put in, not the same as what was in there before. (So at least hboot-1.06 lets you do this.)
I don't notice any difference. Everything just works like it did. Keep in mind that this is nothing exotic. Everyone who took the OTA now has this same image in place, but they're now on hboot-1.14.0002.
touch of jobo said:
I know it flashed, because after a reboot I extracted the partition again from the device. What I got out was the same as what I put in, not the same as what was in there before. (So at least hboot-1.06 lets you do this.)
I don't notice any difference. Everything just works like it did. Keep in mind that this is nothing exotic. Everyone who took the OTA now has this same image in place, but they're now on hboot-1.14.0002.
Click to expand...
Click to collapse
I'm also on hboot 1.06 and resisting ruus. What command did you use to flash? Fastboot flash rpm rpm.img?
-Sent from my HTC One S.-
chrikenn said:
What command did you use to flash?
Click to expand...
Click to collapse
dd in an adb shell in recovery, same as with radio images.
touch of jobo said:
dd in an adb shell in recovery, same as with radio images.
Click to expand...
Click to collapse
hmm that's beyond my expertise. Notice any differences at all yet?
-Sent from my HTC One S.-
What is going on!!
I have a T-MO one s came from a S2 t-989. WHY are flashing new radios so complicated with this new phone!! they need to make thread specifically for the tmo variant...
Will someone nice please help me out... I read that the 2.21 radio is the best at the moment and that is the one I want
Currently I have HBOOT 1.09, radio 0.16.31501S.16_2 and says tampered and unlocked
I already have ViperOneS on my phone and it works good but the signal is poor goes from G, to 3G, and under one circumstance it said 4g...
I live in Texas and when it was stock I had 4G ALL the time...
Used the all in one kit to flash TWRP and was lucky enough to get the rom on there
The reason I am posting here is because it wont let me in the dev section

Partition brick.! Please help.!!! SOLVED

So yesterday i decided to flash CWM touch on my phone manually. I decided to do it through the phone on terminal emulator,
i wrote:
su
dd if=/sdcard/recovery.img of=/sdcard/dev/block/mmscsomething/13
note i used 13, cause i saw it on a thread. I think that's the problem.
IT said something like not enough memry. but it did it anyway.
I tried restoring. Odin back to stock... flashing new ROMs. but NOTHING WORKS. PLEASE help me. it does turn on but it's supper laggy. i tried resetting, wiping cache & dalvik.. but nothing works.. I do recall never being able to wipe my dalvik... is that a problem.?? Help!
i think my case is special. I've NEVER heard of this. Maybe i discovered a new kind of brick. Semi-brick? I have no idea what to do. Is there a way to revert the dd if=\ command? or a way to COMPLETLY wipe my phone. I mean COMPLETELY factory. NOthing but stock.
I think i might move to a windows phone. Where's there's slim chances of me F*cking up BIG TIME. D;
I'm gonna try to 'fix' my recovery with ROM manager to flash it for me.
I hate it that now the recoveries come out as .img format. >=[
I know have CWM but still same problem. WTF.??
GOnna wipe.
Nothing.! OMG i'm gonna cry.... ;(
WTF happened, I swear.!!!
I think i know my problem... since i think i put the wrong number... it sort of bricked my phone. Can i recover from this at all.???
My problem is partition brick. Any help?
unicorndust98 said:
My problem is partition brick. Any help?
Click to expand...
Click to collapse
Woah! Come down lol
Sent from my SGH-T769 using xda premium
im_awesome_right? said:
Woah! Come down lol
Sent from my SGH-T769 using xda premium
Click to expand...
Click to collapse
Lol. But i'm really freaked out. This may be unfixable for me.
I am COMPLETELY UNABLE to fix this.
I even tried to re-partition in Odin while returning to stock, with just the pit, and while flashing CWM.
& I can't even afford a new phone.
Well, back my old one.
Thanks Blaze community. It's been great here, but due to my ignorance I've fried my partitions and am unable to fix it.
If anyone is interested in a defective, faulty Blaze... Hmu.
( I mean software-ish defective. My phone is in brand new cond. 9/10 definetly)
unicorndust98 said:
I am COMPLETELY UNABLE to fix this.
I even tried to re-partition in Odin while returning to stock, with just the pit, and while flashing CWM.
& I can't even afford a new phone.
Well, back my old one.
Thanks Blaze community. It's been great here, but due to my ignorance I've fried my partitions and am unable to fix it.
If anyone is interested in a defective, faulty Blaze... Hmu.
( I mean software-ish defective. My phone is in brand new cond. 9/10 definetly)
Click to expand...
Click to collapse
If you're really selling the phone let me know how much I might be able to use it as a dev phone
----------------------------------------------
If helped don't be afraid to hit the thanks button it doesn't bite lol
Dude, leaving the phone seems a bit extreme. If you just fubar'd one partition, it'll be fairly easy to fix it. Partition 13 is the misc firmware partition. If it was the EFS partition, I'd worry, but it isn't. It's got fairly static stuff in it. I'm not volunteering (because I have like 0 time right now), but I'm sure someone here will be able to help you:
figure out if you actually screwed the partition
get a new copy of the partition installed if there really is a problem
I'm sure you could probably also solve this problem by flashing a fully stock firmware. Either way, going crazy over a matter of a few hours is no way to solve your problem over a perfectly good phone.
Instead of going crazy, ask the questions that will help you figure out what partition 13 should look like. If you have a phone to fall back to, well... fall back to it for the moment. Fix your phone, move forward.
Well, I already tried Odin to stock like 4 times,but the problem persists. Although, you are a GREAT motivation. Thanks, dude.
Okay, so I'm gonna try doing a FULL Odin to stock with ALL the files there. Only problem is that I don't know where to get the: CSC, BOOTLOADER, or PHONE files. I saw here that it worked. Can someone show me where to get them?
EDIT: I'm downloading one from SamMobile. Hope this works.
Oh my F GOD. It worked.! I fixed it.! YAY.!!! Thank you SO much dr4stic.. Thanks a TON.!! saved me hundreds.
If anyone somwhoe manages to mess up their partitions too. but still can get to download mode, All i did was download my firmware from sammobile.. (its the ICS one). Flash it along with the pit (don't know if it was necessary to include it but i did and ALSO ticked repartition). And I am now good.!
I did this now I'm screwed......
dd if=/dev/block/mmcblk0p6 of=/sdcard/mmcblk0p6.backup bs=4096
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p6 bs=4096
nothing no response hard brick......Anyone help?
theprogram1 said:
I did this now I'm screwed......
dd if=/dev/block/mmcblk0p6 of=/sdcard/mmcblk0p6.backup bs=4096
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p6 bs=4096
nothing no response hard brick......Anyone help?
Click to expand...
Click to collapse
Bro.. I TOLD you pay the $2, better than paying that *100+
I did NOT understand any of that before i did it, nor do i now..
But i was lucky enough to not screw up the CORE partition..
theprogram1 said:
I did this now I'm screwed......
dd if=/dev/block/mmcblk0p6 of=/sdcard/mmcblk0p6.backup bs=4096
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p6 bs=4096
nothing no response hard brick......Anyone help?
Click to expand...
Click to collapse
if you can't get the phone back into download mode, you're pretty much screwed.
Do you guys know what these partitions mean?
mmcblk0p22: 00fffc00 00000200 "recovery"
mmcblk0p8: 01000000 00000200 "boot"
mmcblk0p24: 5ffffc00 00000200 "system"
mmcblk0p26: 13fffe00 00000200 "cache"
mmcblk0p25: 9ffffe00 00000200 "userdata"
I don't know what partition 6 or 13 are, but you guys need to stop shooting from the hip. The guides for other phones DO NOT NECESSARILY APPLY to this phone.
You will hose your device.
dr4stic said:
if you can't get the phone back into download mode, you're pretty much screwed.
Do you guys know what these partitions mean?
mmcblk0p22: 00fffc00 00000200 "recovery"
mmcblk0p8: 01000000 00000200 "boot"
mmcblk0p24: 5ffffc00 00000200 "system"
mmcblk0p26: 13fffe00 00000200 "cache"
mmcblk0p25: 9ffffe00 00000200 "userdata"
I don't know what partition 6 or 13 are, but you guys need to stop shooting from the hip. The guides for other phones DO NOT NECESSARILY APPLY to this phone.
You will hose your device.
Click to expand...
Click to collapse
Yeah, I agree with 3rd paragraph. Lol
Sent from my YP-G70 using xda app-developers app

[how to]reset your lock status flag

since the current s-off method is not resetting the "lock status" flag,i thot there would be a need for this.
i happened across this thread inthe gsm evo 3d forum: http://forum.xda-developers.com/showthread.php?t=1970252 and found it to work on the HOXL,rezound,inc 4g,sensation 4g,cdma evo 3d,MT4GS,Amaze 4g,one s,droid DNA,and prolly several others.
this does NOT mean you can unlock your bootloader without going thru htcdev. all this means,is that if your bootloader is unlocked after s-off,you can get rid of the relocked watermark and get back to 100% locked prior to s-on for legitimate warranty purposes.
ive always been unlocked. for S&Gs,i dumped mmcblk0p3 and found the described "HTCU" at 0x8404. changed it to 0x00000000 and voila! back to locked
afterward,relfashed my origianl mmcblk0p3,wich brought me back to unlocked with no getting or flashing tokens.
this is NOT a patched or hex edited hboot.again,this is ONLY to get back your original ***locked*** status.
*this is for s-off phones only
2 ways to do it:
1)old school
this assumes you to have drivers,adb/fastboot,a hex editor,a fair understanding about what youre doing,and the ability to follow directions on the linked thread
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]
c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HTxxxxxxxxxx device
c:\mini-adb_vigor>[COLOR="Red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
[email protected]:/ # [COLOR="red"]exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
2292 KB/s (33143808 bytes in 14.116s)
[COLOR="Blue"]*modify mmcblk0p3 with a hex editor[/COLOR]
c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
2478 KB/s (33143808 bytes in 13.059s)
c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
[email protected]:/ #[COLOR="red"] exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]
c:\mini-adb_vigor>
2)noob friendly
-download the appropriate zips,place on sd card.
-boot to recoverywipe cache/dalvik
-flash in recovery. i recomend to run query first,to make sure its working. tested on my personal HOXL,one s,amaze,jetstream,rezound,inc 4g,sensation,MT4GS,and gsm evo 3d. tested by castlebravo on DNA.
query:query_bootloader.zip
query_bootloader.zip f335f78f9f46469c823da0c671026de5
unlock:unlock_bootloader.zip
unlock_bootloader.zip f335f78f9f46469c823da0c671026de5
lock:lock_bootloader.zip
lock_bootloader.zip f335f78f9f46469c823da0c671026de5
a little bit of explanation. yes,the md5s are all the same. its the same file,just named differently. the script behaves based on the name of the zip. i knew if i only included 1 download and instructed folks to change the name there would be confusion,so this is my attempt to keep it simple. feel free to download one file and just change the name to make the other zips.
it also works to make your phone relocked if for some reason you want it that way(rename relock_bootloader.zip). i didnt include a zip for that because i figued there would be no demand.
before:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
after:
sure,i could have easily faked the above photos,but i dint.
again,all credit goes to s trace on the above thread,be sure to click the thanks button on his post. all i did was remove the device check per his instruction. DO NOT flash on other devices without checking for the proper location of the lock flag first.
DISCLAIMER:this is not my work. i have tested it on my own device,but use it at your own risk. if it melts your phone into a lil pile of goo,its not my fault.
enjoy
special thanks
-BC for originally dumping mmcblk0p3 for me to know this was worth exploring for dna
-CastleBravo for testing and suport on the original test thread,as well as the pics you see here
-treadwayj for dumping mmcblk0p3 from his still locked dna.
-brian for unlocking his bootloader,then dumping mmcblock0p3 to make sure it would work for cdma evo3d phones too
-brian and donb for fearless testing of the zip files on evo3d cdma
mine
Cool. Way faster than running ruu and unlocking again. Nice find
Sent from my VENOMized HoxL
very useful haha thx!
Can this be used to remove tampered text or just to change locked status?
liamstears said:
Can this be used to remove tampered text or just to change locked status?
Click to expand...
Click to collapse
Tempered can be eliminated by flashing a new hboot or running an ruu
Sent from my ADR6425LVW using Tapatalk 2
scotty1223 said:
Tempered can be eliminated by flashing a new hboot or running an ruu
Sent from my ADR6425LVW using Tapatalk 2
Click to expand...
Click to collapse
Flashing a new hboot doesn't work, ruu does but wondered if this would be a quicker way of doing it, need to find out what the ruu does to remove it and make a simple way of doing it I suppose
Reflashing same hboot may not work,flash a different one then your current one back. When s on you get tampered from a custom recovery or boot image. When s off those checks are not done,so you won't see it again after you get rid of it.
Running an ruu is easy and a good way to make sure your firmware is matching.
Sent from my ADR6425LVW using Tapatalk 2
scotty1223 said:
Reflashing same hboot may not work,flash a different one then your current one back. When s on you get tampered from a custom recovery or boot image. When s off those checks are not done,so you won't see it again after you get rid of it.
Running an ruu is easy and a good way to make sure your firmware is matching.
Sent from my ADR6425LVW using Tapatalk 2
Click to expand...
Click to collapse
When my phone was stock (1.77), I got tampered simply by rooting the phone with whatever popular adb script that was at the time. So it said Tampered and Locked for a couple months until I finally got the courage to HTCDev unlock and flash TWRP.
Sent from my HTC One X using xda app-developers app
I suppose the phone is still unlocked just showing the locked text? thanks!
mrjayviper said:
I suppose the phone is still unlocked just showing the locked text? thanks!
Click to expand...
Click to collapse
No this is the way to truly set back the locked flag
You're s-off so you don't need an unlocked boot loader
Sent from my One X using Tapatalk 2
mrjayviper said:
I suppose the phone is still unlocked just showing the locked text? thanks!
Click to expand...
Click to collapse
No! As I said in the first post,this not a hex edited hboot,it is reverting you back to stock,out of the box,honest locked. You can unlock or lock at anytime by flashing the appropriate zip.
Edit: dint notice the reply by superchilpil
Sent from my HTC PG09410 using Tapatalk 2
mmcblk0p3 on my phone is around 130MB. is this normal? what exactly is this partition? thanks!
Ok just to verify before I do this. This can be flashed in TWRP right? Flash the query first than the lock? Thanks!
EDIT NVM i just flashed it and it works
Sent from my HTC One X using Tapatalk 2
performed the trick on my phone using "old style" method and worked perfectly.
mrjayviper said:
mmcblk0p3 on my phone is around 130MB. is this normal? what exactly is this partition? thanks!
Click to expand...
Click to collapse
Sounds about right. The codebox is from wen I did my resound,don't compare size to that.
Sent from my HTC PG09410 using Tapatalk 2
superchilpil said:
No this is the way to truly set back the locked flag
You're s-off so you don't need an unlocked boot loader
Sent from my One X using Tapatalk 2
Click to expand...
Click to collapse
Wait don't need unlocked for anything anymore...?
Sent from my HTC One X+ using xda app-developers app
meatwad0222 said:
Wait don't need unlocked for anything anymore...?
Sent from my HTC One X+ using xda app-developers app
Click to expand...
Click to collapse
You can be unlocked if you still wish to fsdtboot flash recveries.
but no... you do not need unlocked with s off. There are other ways to skin the cat as far as installing recoveries,radios,splash image,etc.
Sent from my HTC One XL using Tapatalk 2
hey scotty i could really use your help!
my phone is messed up and i need to send it in under warranty, im currecntly rooted, s off, with twrp and bootloader showing tampered/unlocked.
i need to get my phone back to exactly stock for att warranty.
my question is other then using this tool what else will i have to do? (which ru should i flash? do i need to remove root?, change cid back? etc)
basically
what else do i need to do to get back to completely stock, and what order do i need to do it in?
i would be grateful if you could help me!!!
(also, nice avatar btw. used to love that show).
Not at my PC ATM,but in a nutshell:
1 flash lock zip
2 run most current att ruu
3 change cid
4 turn on secureflag
Use this thread for reference:
http://androidforums.com/showthread.php?t=691213
Just use a one x ruu and change to att cid(CWS__001)
Hope that helps
Sent from my ADR6425LVW using Tapatalk 2

Categories

Resources