• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root [International] [Stock ROM] Easy Aroma Reset's | Many Versions | ROM + Recovery + Radio | Get OTA's

crushalot

Newbie
If you want a simple way to return to the stock ROM and also be able flash back the stock radio and recovery then this may be for you.

XDA member migascalp gave me the idea of packaging stock ROMs with the aroma installer and include the ability to flash the stock recovery also as sort of a poor mans RUU since so many still are S-on and cannot properly run a RUU.

I have been making these for a few different versions depending on if we have the stock recovery, so mainly only major versions with a full stock dump or RUU.
See here: Collection of HTC One Graphical Reset Downloads. Stock Rom + recovery

While you can flash these roms on any M7_U or M7_UL, they are made to match the version base and respective device type.
Also note that these packages do not update any firmware. However when you choose to install the stock recovery you will then be able to get OTA updates (If applicable for the version) after locking your bootloader. ** Remember that if you are S-On, you must have an unlocked bootloader to install a recovery (custom or stock) so make sure you bootloader is unlocked if you are going to choose the install the stock recovery during the install.

**Also note that for OTA updates to work properly you must have the stock or matching CID for the version of the ROM. Same goes for MID.

Many have already used these packages to get back to stock and get OTA's or for returning for service, but I never got around to making a post for them, so here it is. Also before using you can check out the full collection of return to stock items in the Collection Thread and Return To Stock Guide Thread.


You simply flash these in recovery (CWM/TWRP) like installing any other rom.

Here is a video Demo of the install. This demo is of the AT&T OTA but the install and procedure is the same. I will update this video for the roms in the this thread later:
Using Guru Reset to Install AT&T Stock ROM and Recovery to update to Android 4.3 - YouTube

Here are the screen shots of the Aroma Installer. Sorry for some the bad edits, its really hard to get a good pic taken manually at bootloader or recovery:



gurupost2.1.jpg
.

gurupost2.3.jpg


7guruready.jpg


gurupost2.4.jpg



I test each of these packages myself thoroughly before posting. However I make no guarantee's on the subject of OTA's because I do not use them, but many of the users of these packages report on the success of that aspect.

You should re-lock your bootloader to get OTA updates.
Here are the instructions.
As long as you chose to install the stock recovery and didn't add root, all you should have to do is re-lock your bootloader after this and you will be almost out of the box stock. You can re-lock your bootloader with this fastboot command:

Code:
fastboot oem lock

If you are S-on and that doesn't work you may have to use this:

Code:
fastboot oem relock

Remember that if you are S-On and re-lock your bootloader, it will say RELOCKED instead of LOCKED.

If you are S-Off then you should be able to get to Locked with this ADB Shell command from scotty1223's thead:

Code:
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796

Or if using an older hboot this revone command:

Code:
revone -l

Also if you chose to flash the stock recovery during the rom install, and your phone doesn't boot or you experience any other issues remember you will have to reload your custom recovery via fastboot:
Code:
fastboot flash recovery twrp.img

I will continue to make more of these and I would prefer to keep it to roms for which we have a full stock dump, but the requests are overwhelming for just about everything, so I may start with some popular carrier versions based off of user submitted backups or stock rom only dumps.


You should choose the version that matches your firmware. Your firmware version can be found from a
Code:
fastboot getvar all

However certain conditions don't require that the version match. For instance if you just need a stock ROM to do a SIM Unlock or need a stock ROM to gain S-off with rumrunner, just about any of the 2.24 stock ROMs can be used.

Here are the Download Links:


Guru Reset M7 2.24.401.8

md5: b576ec69ff7ea86d4be2dbc3a8e15cc0



Guru Reset M7 2.24.401.1

md5: a5e4b3f512a6aa6b9acf2e9a4b6ee995



Guru Reset M7 3.22.1540.1

md5: 21325c8a7737b4521ee392d7af9333e1



Guru Reset M7 3.62.401.1

md5: 6444b41a1f332f31345d5ead674382d7



Guru Reset M7 2.24.707.1

md5: e9f6aba0e6cd997899382cbda2da1ebe



Guru Reset M7 2.24.709.1

md5: d4c3eee1a5ddc6d5903d98e48f93c6f0



Guru Reset M7 2.24.163.2

md5: ce009d2262fa1f98f7800ec69680180a



Guru Reset M7 2.24.111.3

md5: bf991f8a4767249da5238502befcc627



Guru Reset M7 2.24.161.1

md5: f3d237594e8c21c63da51ba4ae4988f1



Guru Reset M7 2.24.771.3

md5: 4226b81cb1dfd483f36b6d4a75e1474e



Guru Reset M7 2.24.73.1

md5: cdc043cd7941f8157e1e16aa3d549a9a



Guru Reset M7 2.24.841.1

md5: ca37c13808ba61bd48b91ac1cd25e480



Guru Reset M7 2.24.980.2

md5: d530dcef4cf842e3ba87457da5226e2c



Guru Reset M7 2.24.1020.1

md5: 9cfb71bdb6919521a459211e80f63cf5



Guru Reset M7 1.29.401.13

md5: 92987058e9e8c83cd4d88b2f523e359f




AT&T Versions:

Guru Reset M7 1.26.502.12

md5: 30c0072fb5a02ca75a609bc57a3f34e9



Guru Reset M7 1.26.502.15

md5: 79d290ec018ea3761e8ad35f62476c5a




T-Mobile Version:

Guru Reset M7 T-Mobile 1.27.531.11

md5: f7bd2e1e2e89fab44d8713eda693c0a3




Sprint Versions:

Guru Reset M7 Sprint 1.31.651.2

md5: f3d055dea52b60674833c2cbb87893fb



Guru Reset M7 Sprint 1.29.651.10

md5: 29a4b3cd30a848a8e6c9e1e7bd079740



........Credits........​
Thanks to baadnewz for most of the stock dumps
Thanks to V6-Maniac for the 3.22.1540.1 Dump
Thanks to Indirect for the 1.31.651.2 Stock ROM
Thanks to migascalp for the 2.24.73.1 and 2.24.1020.1 Stock Dumps and the general idea of packing Stock ROM + Recovery
Thanks to Mike1986 for the 3.62.401.1 Stock Dump



If these helped you out please consider a small donation or just a thanks would be great.

sig.jpg
 
Super !!
Welcome on board, Great to have you here.

I have posted links to your firmware many times here and hope everyone here see's the value in your work as much as I do.
 
an excellent idea!

does fastboot oem relock actually work?? ive always used fastboot oem lock on s on phones as well.

revone has issues with certain hboots and is,IMO,somewhat of a clunkier method to lock

you can lock the bootloader and eliminate the tampered banner with a couple simple adb commands,wich should work from recovery. feel free to incorporate them:
http://androidforums.com/internatio...bootloader-without-htcdev-s-off-required.html
http://androidforums.com/internatio...t/786814-how-remove-your-tampered-banner.html

you can also change your mid:
http://androidforums.com/internatio...w-change-your-mid-without-eng-bootloader.html

the above all require s off,of course.

thanks again for posting here :cool:
 
an excellent idea!

does fastboot oem relock actually work?? ive always used fastboot oem lock on s on phones as well.

revone has issues with certain hboots and is,IMO,somewhat of a clunkier method to lock

you can lock the bootloader and eliminate the tampered banner with a couple simple adb commands,wich should work from recovery. feel free to incorporate them:
http://androidforums.com/internatio...bootloader-without-htcdev-s-off-required.html
http://androidforums.com/internatio...t/786814-how-remove-your-tampered-banner.html

you can also change your mid:
http://androidforums.com/internatio...w-change-your-mid-without-eng-bootloader.html

the above all require s off,of course.

thanks again for posting here :cool:

Thanks Scotty. I had already replaced the revone steps with links to your threads for setting Locked with no Tampered in my Return to Stock Guide.

I also have been able to use just fastboot oem lock on S-on phones, but some users reported that it didn't work and they had to use the relock command. Not sure why.

One issue that some noobs have encountered with your method is that since you need to be rooted to do them, they install a custom recovery again, root and perform the steps. Then something in removing SU and flashing back stock recovery steps gets screwed up and they end up S-on with Tampered.

So if they happen to have an early hboot it may be earlier for some to use revone for the Relocking process.

I wonder if maybe your commands could be run somehow without root by using a root hack like that is in revone rather than installing SU?

Thanks
 
IMO, it is not worth the effort to try and make the commands work without having to install root access.

Since the commands are easily run first when going back to stock, I personally think it is a good learning experience for the noobs to have to reinstall recovery and root, and start the process over when they dont follow directions. ;)

What I actually meant was, feel free to use the commands in your aroma Rom/recovery reset. Since there is a root shell in recovery, I would think it would be fairly easy to run the commands as part of your process :)
 
IMO, it is not worth the effort to try and make the commands work without having to install root access.

Since the commands are easily run first when going back to stock, I personally think it is a good learning experience for the noobs to have to reinstall recovery and root, and start the process over. ;)

What I actually meant was, feel free to use the commands in your aroma Rom/recovery reset. Since there is a root shell in recovery, I would think it would be fairly easy to run the commands as part of your process :)

Thanks. I have been wanting to make the Reset's for S-off users with the ability to flash the correct touchscreen drivers, but the tp_SYN3202.img component doesn't seem to go into any emmc partition that I can find. You don't happen to know the destination of that piece?

Also if I make an option to use your commands during the stock rom install, and the user selects to remove Tampered and Lock the bootloader but has a firmware version that doesn't match the stock software, will the outcome simply be that Tampered will come back after they S-on?

PM me if you want to discuss outside of the thread.

Thanks again.
 
Thanks. I have been wanting to make the Reset's for S-off users with the ability to flash the correct touchscreen drivers, but the tp_SYN3202.img component doesn't seem to go into any emmc partition that I can find. You don't happen to know the destination of that piece?
ive wondered that myself. before t mobile started releasing RUUs,i dumped everything so i could make myself an unsigned rescue RUU in case i got into some trouble,but couldnt figure out how to dump/find the tp image. admittedly,i didnt really try very hard, i ended up just pulling the image from asimilar era att ruu.

theres only a couple partitions not spoken for,no idea if it may be one of them or if it lives inside another partition :confused:

heres the table,im sure youve seen it.
Code:
major   minor    #blocks  name

 179        0   30535680 mmcblk0
 179        1        128 mmcblk0p1   sbl1
 179        2        256 mmcblk0p2   sbl2
 179        3     130671 mmcblk0p3   pg1fs
 179        4          1 mmcblk0p4   ?
 179        5         16 mmcblk0p5   board_info
 179        6        256 mmcblk0p6   mfg
 179        7      15577 mmcblk0p7   pg2fs
 179        8        256 mmcblk0p8   sbl2_update
 179        9       1024 mmcblk0p9   sbl3
 179       10        256 mmcblk0p10  rpm
 179       11       2048 mmcblk0p11  tz
 179       12       2080 mmcblk0p12  hboot
 179       13       5120 mmcblk0p13  sp1
 179       14       1024 mmcblk0p14  wifi
 179       15       1024 mmcblk0p15  dsps
 179       16      61441 mmcblk0p16  adsp
 179       17       8190 mmcblk0p17  radio_config
 179       18      32768 mmcblk0p18  reserve_1
 179       19       1022 mmcblk0p19  misc
 179       20       4096 mmcblk0p20  modem_st1
 179       21       4096 mmcblk0p21  modem_st2
 179       22      20480 mmcblk0p22  devlog
 179       23          4 mmcblk0p23  debug_config
 179       24        256 mmcblk0p24  pdata
 179       25         16 mmcblk0p25  control
 179       26       1280 mmcblk0p26  local
 179       27         64 mmcblk0p27  extra
 179       28       1024 mmcblk0p28  cdma_record
 179       29      98727 mmcblk0p29  reserve
 179       30      54270 mmcblk0p30  reserve_2
 179       31      76800 mmcblk0p31  radio
 179       32      98303 mmcblk0p32  ?
 179       33      16384 mmcblk0p33  boot
 179       34      16383 mmcblk0p34  recovery
 179       35    1900543 mmcblk0p35  system
 179       36     655359 mmcblk0p36  cache
 179       37   27262976 mmcblk0p37  userdata

Also if I make an option to use your commands during the stock rom install, and the user selects to remove Tampered and Lock the bootloader but has a firmware version that doesn't match the stock software, will the outcome simply be that Tampered will come back after they S-on?

tampered is triggered when the phone detects a recovery,boot,or system image whose signiture it doesnt recognize after being unlocked. if the hboot matches the rom,recovery and kernel,id say they would be ok. the more likely scenario is if the phone sees different recovery or software is being trapped in bootloader with a security warning. not a terribly big deal,they just need to re-unlock.

now if the phone encounters a different radio or other firmware,the result could be tampered,security warning,or in a worse case a processor "do not boot" situation(read "really hardcore soft brick") :eek:

youd have to put up a pretty big disclaimer about the potential dangers of turning s on with mismatched firmware/software. since the s off crowd has prolly modified other partitions,theyre much better off running an ruu,even if its an older one,if at all possible. for the s on crowd,theyve likely not changed much,so as long as you restore the right radio/recovery for the build whose nadroid youre using,its prolly a pretty safe bet the rest of it will match. even then if they had stayed on old firmware while flashing roms,and tried to s on with new software on old firmware,theyre likely to have issues,but being s on, probably not fatal ones like could happen while s off.

hope that all makes sense :o

PM me if you want to discuss outside of the thread.

its up to you,this is your dev thread. i dont mind the dicussion here or in another thread,or a PM :)
 
ive wondered that myself. before t mobile started releasing RUUs,i dumped everything so i could make myself an unsigned rescue RUU in case i got into some trouble,but couldnt figure out how to dump/find the tp image. admittedly,i didnt really try very hard, i ended up just pulling the image from asimilar era att ruu.

theres only a couple partitions not spoken for,no idea if it may be one of them or if it lives inside another partition :confused:

heres the table,im sure youve seen it.
Code:
major   minor    #blocks  name

 179        0   30535680 mmcblk0
 179        1        128 mmcblk0p1   sbl1
 179        2        256 mmcblk0p2   sbl2
 179        3     130671 mmcblk0p3   pg1fs
 179        4          1 mmcblk0p4   ?
 179        5         16 mmcblk0p5   board_info
 179        6        256 mmcblk0p6   mfg
 179        7      15577 mmcblk0p7   pg2fs
 179        8        256 mmcblk0p8   sbl2_update
 179        9       1024 mmcblk0p9   sbl3
 179       10        256 mmcblk0p10  rpm
 179       11       2048 mmcblk0p11  tz
 179       12       2080 mmcblk0p12  hboot
 179       13       5120 mmcblk0p13  sp1
 179       14       1024 mmcblk0p14  wifi
 179       15       1024 mmcblk0p15  dsps
 179       16      61441 mmcblk0p16  adsp
 179       17       8190 mmcblk0p17  radio_config
 179       18      32768 mmcblk0p18  reserve_1
 179       19       1022 mmcblk0p19  misc
 179       20       4096 mmcblk0p20  modem_st1
 179       21       4096 mmcblk0p21  modem_st2
 179       22      20480 mmcblk0p22  devlog
 179       23          4 mmcblk0p23  debug_config
 179       24        256 mmcblk0p24  pdata
 179       25         16 mmcblk0p25  control
 179       26       1280 mmcblk0p26  local
 179       27         64 mmcblk0p27  extra
 179       28       1024 mmcblk0p28  cdma_record
 179       29      98727 mmcblk0p29  reserve
 179       30      54270 mmcblk0p30  reserve_2
 179       31      76800 mmcblk0p31  radio
 179       32      98303 mmcblk0p32  ?
 179       33      16384 mmcblk0p33  boot
 179       34      16383 mmcblk0p34  recovery
 179       35    1900543 mmcblk0p35  system
 179       36     655359 mmcblk0p36  cache
 179       37   27262976 mmcblk0p37  userdata



tampered is triggered when the phone detects a recovery,boot,or system image whose signiture it doesnt recognize after being unlocked. if the hboot matches the rom,recovery and kernel,id say they would be ok. the more likely scenario is if the phone sees different recovery or software is being trapped in bootloader with a security warning. not a terribly big deal,they just need to re-unlock.

now if the phone encounters a different radio or other firmware,the result could be tampered,security warning,or in a worse case a processor "do not boot" situation(read "really hardcore soft brick") :eek:

youd have to put up a pretty big disclaimer about the potential dangers of turning s on with mismatched firmware/software. since the s off crowd has prolly modified other partitions,theyre much better off running an ruu,even if its an older one,if at all possible. for the s on crowd,theyve likely not changed much,so as long as you restore the right radio/recovery for the build whose nadroid youre using,its prolly a pretty safe bet the rest of it will match. even then if they had stayed on old firmware while flashing roms,and tried to s on with new software on old firmware,theyre likely to have issues,but being s on, probably not fatal ones like could happen while s off.

hope that all makes sense :o



its up to you,this is your dev thread. i dont mind the dicussion here or in another thread,or a PM :)
Thanks for all the info. I have seen the partition table and now I am quite sure the touchscreen component doesn't live in any emmc partition as I have dumped every single one and went through them all with a hex editor. No big deal on that one.

I have been working hard on getting a simple aroma installer to perform the actions of Locking and removing Tampered but not having much success.

I'll keep you updated if I get it to work.

Thanks
 
Scotty,

The reason the flashable zips don't work in TWRP for changing the bootloader is because that partition is not writable under TWRP. CWM allows it.
I spent a while trying to code around it but it just won't work if using TWRP, so I have held off on posting the Aroma package with the nice GUI to lock and unlock the bootloader.

I have alerted TWRP of this issue and perhaps they will allow this action in future releases.

Thanks
 
Scotty,

The reason the flashable zips don't work in TWRP for changing the bootloader is because that partition is not writable under TWRP. CWM allows it.
I spent a while trying to code around it but it just won't work if using TWRP, so I have held off on posting the Aroma package with the nice GUI to lock and unlock the bootloader.

I have alerted TWRP of this issue and perhaps they will allow this action in future releases.

Thanks

when i first got the one,i tried the zip files with hboot 1.44 and they did work fine for me in cw,and not in twrp. if i remember correctly,twrp would flash the "query" zip but not the lock or unlock zip. i stated this in the OP in my xda nd threads here,and had a user on xda tell me twrp worked fine :confused: not sure why he had success if that was true,unless it was on older version or something,or maybe even a different device.

were you able to remove tampered with cw as well?
 
when i first got the one,i tried the zip files with hboot 1.44 and they did work fine for me in cw,and not in twrp. if i remember correctly,twrp would flash the "query" zip but not the lock or unlock zip. i stated this in the OP in my xda nd threads here,and had a user on xda tell me twrp worked fine :confused: not sure why he had success if that was true,unless it was on older version or something,or maybe even a different device.

were you able to remove tampered with cw as well?
I didn't try the Tampered command because I already removed it from my phone. I was mainly just messing with the lock and unlock commands in both recoveries.

The user who reported success on TWRP must have been on another device as I do not believe any of the previous versions of TWRP for the One allowed writing to this partition.

The query can work because you can read the partition fine in TWRP just can't make any changes to it.

By the way since I was programming for the aroma environment, the echo command with quotes and back ticks was a problem for the Locked string. So this command will work for locking from ADB shell or CWM the same as your string without using echo:

dd if=/dev/zero of=/dev/block/mmcblk0p3 bs=1 count=4 seek=33796 conv=notrunc

Haven't heard back from TWRP, so I guess it won't ever work in TWRP unless they change their minds on being able to write to that partition.

I could work on a apk app to automate the locking/unlocking/tampered as I see there are some apps in the Play store for this function on Nexus devices, but I don't see much value in it plus I have never made an android application before.

Thanks
 
if you have a notion to mess with the tampered banner,you can reset it by changing the 00 to an 02 for gsm variants(at least for t mobile. vzw is 04,for some reason :confused:)

let me know if you need anything else... i could prolly be talked into testing anything you come up with and are considering releasing :)
 
if you have a notion to mess with the tampered banner,you can reset it by changing the 00 to an 02 for gsm variants(at least for t mobile. vzw is 04,for some reason :confused:)

let me know if you need anything else... i could prolly be talked into testing anything you come up with and are considering releasing :)
So not sure if it was my contacting them or not, but the latest version of TWRP allows writing to the partition now for locking and unlocking. So I am moving forward with the development of the aroma script to reset all.

So to be clear you can use 00 or 02 for the value at 4265988 to reset Tampered on M7 UL and M7 U? (GSM, T-mo inlcuded would have used the command you have up on your thread right which is 00) Also if 00 is the value for Tampered to be removed, what is the default value when Tampered appears?
I still having to check that TWRP allows writing to that partition but even if it doesn't, being able to Lock and Unlock from aroma installer would be cool.

Also aside from the different value of 04 (so 00 doesn't work) on Verizon do you know of any other variants that have different values or different locations?
Also do you know a full list of compatible devices as the values are the same for other phone types on that thread with the flashable zips in it.

Thanks again,
 
So not sure if it was my contacting them or not, but the latest version of TWRP allows writing to the partition now for locking and unlocking. So I am moving forward with the development of the aroma script to reset all.

So to be clear you can use 00 or 02 for the value at 4265988 to reset Tampered on M7 UL and M7 U? (GSM, T-mo inlcuded would have used the command you have up on your thread right which is 00) Also if 00 is the value for Tampered to be removed, what is the default value when Tampered appears?
I still having to check that TWRP allows writing to that partition but even if it doesn't, being able to Lock and Unlock from aroma installer would be cool.
sorry,i guess i was a bit unclear :o the flag is the value at 4265988. if the device hboot finds 00,then the tampered banner is not displayed. if it finds 02( or 04 for vzw) then the banner IS displayed.

so simply running
echo -ne '\x02' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988

on m7_ul will make the banner pop back up. i filp flopped it several times :D

im not 100% sure if m7_u has the same 02 value for tampered on. my dad has one of those,so at some point i mght be able to verify it for sure.

Also aside from the different value of 04 (so 00 doesn't work) on Verizon do you know of any other variants that have different values or different locations?
Also do you know a full list of compatible devices as the values are the same for other phone types on that thread with the flashable zips in it.

Thanks again,

again,sorry i was a bit unclear. 00 does work on vzw to remove the banner. 00 across the board is "no banner". you need to change 4265988 to 04 on vzw to make the banner come back( echo -ne '\x04' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988 )

as for different variants,the quest started to find the flag for the vzw crowd who was unable to use revone,and left with the banner after java card s off,so ive only looked at vzw p7's and t mobile p7,since i have that.

i am 99% sure that all m7_ul will use the 02 value,and fairly sure that m7_u will as well.

sprint m7_wls seems would share the 04 value with vzw,but things are not always logical ;) we would be ahead to dump a tampered sprint p7,along with any other variants that you may want to include.

the location im 99% sure is same,across the board,and prolly same even for other devices with s4 processors.

as for other devices, the rezound has the same flag,in p7,but at 4391940(hex 430404). its using the same 00 banner off and 02 on values. based on what ive found on s3 devices with other flags,id venture to guess that is true for all s3 variants(mtg4s,sensation,evo3d,amaze,jetstream,etc)

hope that helps :)
 
@crushalot I just wanted to say thanks again

I used the Guru Reset for the Developers Edition and installed the 4.4 update today and everything worked exactly as planned.

I have a TWRP backup of the install on androidfilehost for you
Great work Thanks again
 
@crushalot I just wanted to say thanks again

I used the Guru Reset for the Developers Edition and installed the 4.4 update today and everything worked exactly as planned.

I have a TWRP backup of the install on androidfilehost for you
Great work Thanks again
Thanks. Downloading it now. I should be able to make a stock ROM reset from it.
 
I heard they were pushing it out in a weird schedule. Did you get it yet? That would be odd to have factory stock from a RUU and not get it.


No,I dint have the patience,lol. I'd have prolly got it in a couple days,but I ended up just downloading a posted ota package and manually applying it.
 
Back
Top Bottom