since s-off has the power to change anything, is there anyway to make the boatloader report locked instead relocked?
i know this is not necessary for doing anything at all since it is already s-off, but i'm just wondering what keeping this locking flag/status...
found this:
http://forum.xda-developers.com/showthread.php?t=1970252
http://forum.xda-developers.com/showthread.php?t=2168578
i have dumped the mmcblk0p3, and found the same "HTCU" (unlocked) or "HTCL" (relocked) string at 8404 address. so i went to modify it to x00 x00 x00 x00 and viola, it become "LOCKED" now.
here is the command that i used:
adb shell
su
dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3
exit
exit
adb pull /sdcard/mmcblk0p3
copy mmcblk0p3 mmcblk0p3mod
hexalter mmcblk0p3mod 0x8404=0x00,0x00,0x00,0x00
adb push mmcblk0p3mod /sdcard/mmcblk0p3mod
adb shell
su
dd if=/sdcard/mmcblk0p3mod of=/dev/block/mmcblk0p3
exit
exit
so in summary, we can quickly jump from lock to unlocked, or unlocked to relocked/locked without using the token...
i found :
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Code:
[COLOR="Red"]This build is for development purposes only.
Do not distribute outside of HTC without HTC's written permission.
Failure to comply may lead to legal action.[/COLOR]
in : hboot_signedbyaa.img
Do you think we use hexalter to remove "Disclaimer on HTC Splash Screen" ?
Not sure about that, I have not see the flag to control that yet... I think you can change that, but finding the right location for that flag might be difficult...
For this lock/relock/unlock flag, people is able to find it by comparing the rom during before and after, validate the result using other phone, and confirm the finding with other users...
If you don't have other phone to use as experiment and other people to confirm your finding, I afraid it is going to be very hard, you are just like walking in the dark...
Sent from my HTC Butterfly using Tapatalk 2
gbear said:
Not sure about that, I have not see the flag to control that yet... I think you can change that, but finding the right location for that flag might be difficult...
For this lock/relock/unlock flag, people is able to find it by comparing the rom during before and after, validate the result using other phone, and confirm the finding with other users...
If you don't have other phone to use as experiment and other people to confirm your finding, I afraid it is going to be very hard, you are just like walking in the dark...
Sent from my HTC Butterfly using Tapatalk 2
Click to expand...
Click to collapse
But I think we cant do that, coz hboot ship is sign hboot, we will brick our phone! So flashing eng boot with that hex editor to remove will help, but i dont wana to take that risk..
? Killx Kernel ?
Related
My buddy tested this out on his Butterfly and it turned out to work good. Full ROOT with S-OFF.
I am not the creator of this one click, but I was told it could be shared freely, as it also describes in the .ZIP contents.
I did not personally try this out myself (My One X is already rooted + S-OFF) so be sure to check it out and read all the documents before trying out this new root exploit.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
It did finally pick up my One X after about 10 mins (more like 2), but like I said I'm already rooted. It looks like it supplies a good amount of phones, and with the 3 different methods for rooting, especially the third, hopefully we will see some good results!
I'm not responsible for harm that comes from this file, I have ran and tested it out to SOME EXTENT. Please be aware of this, and like I said, READ THE DOCUMENTATION.
It states it can:
Root Android 2.x
Root Android 3.x
Root Android 4.x
Rooting Phones and Tablets
Supplies S-OFF as well (80% Chance)
So, like I said, try it out and let me know if it works!
Nice one !
Sent from my HTC Butterfly using xda premium
somebody please explain to us noob, what is the advantage of s-off? mine is rooted but s-on. is this worth the risk? Thank you!
royskeyz said:
somebody please explain to us noob, what is the advantage of s-off? mine is rooted but s-on. is this worth the risk? Thank you!
Click to expand...
Click to collapse
What Is S-OFF?
In their devices, HTC have installed a sort of security check whose level is determined by S-OFF/S-ON. Essentially, this security level is a flag stored on the device’s radio that checks signature images for any firmware before it is allowed to be written to system memory. This hinders using any custom ROMs, splash images, recovery etc., and also restricts access to the NAND flash memory. However, when security level is set to S-OFF, the signature check is bypassed, allowing a user to upload custom firmware images, unsigned boot, recovery, splash and HBOOT images, as well as official firmware that has been modified, this enabling maximum customization of your HTC Android device.
Furthermore, S-OFF also reduces restrictions on accessing the NAND flash memory on the device, allowing all partitions (including /system) to be mounted in write mode while the operating system is booted.
Is this for the X920D/X920E/Both? Really happy to know it works
Doesn't work.. I tried on the x920d (UB1).. while on, while in bootloader, while in fastboot.. doesn't work.. just sits there with message "looking for HTC Butterfly" for almost 20 mins, before I closed it.
Since I have tested it myself, I am going to close this thread, just incase someone tries something else and has a brick.
First off would like to say hello to the M8 community.
Just come from the S4
Here's a quick explanation, I rooted and installed SU 1.94, got root. Read and watched videos on how to s-off and unlock boot loader.
Set up phone for debugging . Installed drivers on Windows 7 and ADB during first attempt got to step two phone waiting on fire wire never got passed that. Deleted every thing and started over. Now ADB will not run looks Like the cmd isn't see the path. I really need some help, sent a good day trying this with no luck ?
I've have attached a screen of base band info. Help help plz.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent from my HTC6525LVW using Xparent Cyan Tapatalk 2
It would help if you were a little more descriptive. Do you have the ADB path set up in your Windows Environment Variables? If not you can just put everything where you have ADB "installed" and just run the command line prompt from within that folder to start. I'm not sure exactly what your problem is though...
brandogg said:
It would help if you were a little more descriptive. Do you have the ADB path set up in your Windows Environment Variables? If not you can just put everything where you have ADB "installed" and just run the command line prompt from within that folder to start. I'm not sure exactly what your problem is though...
Click to expand...
Click to collapse
Thanks for the help!
I didn't think that I needed to record the issues, as I didn't expect to run into any. But I do see that I should have.
I will try your recommendation to run adb (Windows +right click, open command window) from the folder. This way no need to insert the path ,correct?
Sent from my HTC6525LVW using Xparent Cyan Tapatalk 2
Hmm so see tons off "unlock moto G" stuff but generally boot loader stuff requires the official MotoPho website. The problem I face and I'm assuming the rest of cricket users. I can get a temp-root but can't make it stay, nor can I use tools to unlock or flash a new recovery. Just would like to know what next I should do.
Android version 4.4.2
Can't get unlock code from MotoPho
Phone is from cricket (at&t company)
Temp root works for a bit.
Can I flash via a /dev/block?
camwinnn said:
Hmm so see tons off "unlock moto G" stuff but generally boot loader stuff requires the official MotoPho website. The problem I face and I'm assuming the rest of cricket users. I can get a temp-root but can't make it stay, nor can I use tools to unlock or flash a new recovery. Just would like to know what next I should do.
Android version 4.4.2
Can't get unlock code from MotoPho
Phone is from cricket (at&t company)
Temp root works for a bit.
Can I flash via a /dev/block?
Click to expand...
Click to collapse
How are you getting a temp root? I'm curious if Sunshine theroot ninja tool works if you already have temp root when you run it?
Getting temp root via towel pie root app, used a similar one for my nexus 7 but that stays, I have used a root checker and it says all good.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
And SuperSu will even update or at least has but sometimes it fails, as well as I believe I've gotten root explorer to mount /system as r/w but as I try to replicate it atm its not tho SU pops up to ask for permission.
Twrp an cwm app both install the Recovery's but of course bootloaders locked so doesn't boot into it.
Edit: Sunshine says it will work so guess I'll try that next.
Hi,
I never saw this problem
My phone is unlocked (since a year more or less) and I can't install TWRP nor CWM. I tried many tutorials such as all the root methods listed on XDA for this smartphone.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Any idea would be really appreciated!
Thanks
There might be a problem with your drivers. You can try uninstalling and reinstalling them. Also, try using fastboot commands manually
Sent from my Mate
unlock again
Thank you. I'd like not to have to relock it as it's already done and rooted. Could you please tell me what drivers to install? I tested many of them (https://i.imgur.com/wBgsezr.png) but it seems I don't have the right ones then.
I'm using Win7 64bits.
Thanks again!
Use adbdriveinstaler and when it's install you can push recovery to add folder and try this command
cd C:/adb
Fastboot flash recovery recovery.img
Change name your twrp or cwm to recovery
Send frome globe
Okay. Here we go
ADB driver installed (https://i.imgur.com/PWrZoHH.png)
Went to flash and... still not allowed.
And in fastboot/rescue mode on my phone it's written PHONE Unlocked.
WTF
BTW, is there any other way to upgrade the phone? Cause every time I go to the software update in the menu i'm told it's up-to-date, but it's not... Android 4.4.2 & EMUI 3.0.
I read about a "local update" but can't find out how to update from the SDcard, I only have OTA.
Bud64 said:
Okay. Here we go
ADB driver installed (https://i.imgur.com/PWrZoHH.png)
Went to flash and... still not allowed.
And in fastboot/rescue mode on my phone it's written PHONE Unlocked.
WTF
BTW, is there any other way to upgrade the phone? Cause every time I go to the software update in the menu i'm told it's up-to-date, but it's not... Android 4.4.2 & EMUI 3.0.
I read about a "local update" but can't find out how to update from the SDcard, I only have OTA.
Click to expand...
Click to collapse
In your screen you have locked bootloader. Unlock againg
Send frome globe
Okay, I sent an email to Huawei, I'll get back in a few days.
So in terms of getting my HTC One S repartioned I need to get hboot 2.16. In terms of getting hboot 2.16 i need my phone S-OFF. In terms of getting my phone S-OFF I need to get Super cid: 11111111. (What kind of absurd adventure is that? seriously!)
So in that very last step of the chain I landed here and while going through this instruction I fail getting permissions:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Guys, and tell me: Is it really that complicated or am I just missing something? I mean what is with that endless IF-Chain?
/edit: I am getting desperate here. I have even tried this rumrunner.us-thing.
Resultet in this:
Castor-designs said:
So in terms of getting my HTC One S repartioned I need to get hboot 2.16. In terms of getting hboot 2.16 i need my phone S-OFF. In terms of getting my phone S-OFF I need to get Super cid: 11111111. (What kind of absurd adventure is that? seriously!)
So in that very last step of the chain I landed here and while going through this instruction I fail getting permissions:
Guys, and tell me: Is it really that complicated or am I just missing something? I mean what is with that endless IF-Chain?
/edit: I am getting desperate here. I have even tried this rumrunner.us-thing.
Resultet in this:
Click to expand...
Click to collapse
is your device rooted, you need root to use rumrunner, and maybe close your virus program on you pc.
which windows version you have?
pauldey said:
is your device rooted, you need root to use rumrunner, and maybe close your virus program on you pc.
which windows version you have?
Click to expand...
Click to collapse
Yes My device is rooted, I have enabled root for both apps and adb and I also have superSU with the default option to allow root enabled. So I also see in the log, that shell is performing some root-action-stuff.
Windows 7. all Firewalls are off.