• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root [CDMA] calling someone with adb experience,and an unlocked hboot

scotty85

scotty85

Extreme Android User
i recently came across this thread on xda: http://forum.xda-developers.com/showthread.php?t=1970252

im 99.9% sure the cdma 3d has the lock flag in the same location,but if someone could dump that memory block for me,and either upload or email that block,id like to take a look and make sure.

you can be s on or s-off,just need to be rooted.

open,cmd in your adb/fastboot directory,plug in phone,debug on,charge only,etc.

enter:
adb devices

adb shell if you get a $ prompt,enter su (have phone awake and watch for superuser request)

at the "#>" prompt,enter:
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3

exit (exit again if you end up in $>)

this wont make any changes,or harm your phone at all,its just making a copy of that mmcblk,and leaving the copied image on your sd card. enable usb storage and you should find it there. or you can pull it with this command,and it will end up in your adb folder on the PC:
adb pull /sdcard2/mmcblk0p3

pm me with a link or for email addy. an md5 sum would be nice also :)

thanks in advance :smokingsomb:
 
Damn I wish I saw this earlier, I would have done this for you, on my way out to work right now, I will check it when I get to work, and see if I have time to do this for you from there. If you don't get this then I will definitely do this tonight for you ;)
 
Hmm.....

44897d1354900884-calling-someone-adb-experience-unlocked-hboot-cmd.png
 

Attachments

  • Cmd.png
    Cmd.png
    42.8 KB · Views: 227
I was just going to say it looks like .IMG was missing and then I saw your second post. ;)

Check your DB link, I checked it and comes up with an error here, could be my internet, just checking




Brian706 said:
Ah, I see! You left .img off the command!

should be dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3.img


Here you go:
https://dl.dropbox.com/u/100923173/mmcblk0p3.img

md5: 25F4BD66F05D56D1586E1809C4B3197D
Click to expand...
 
DonB said:
I was just going to say it looks like .IMG was missing and then I saw your second post. ;)

Check your DB link, I checked it and comes up with an error here, could be my internet, just checking
Click to expand...

Thank you!! I see what the problem was. Dropbox does it with text files too, which I actually like! When you click the link to a text file, it opens it in the browser as a text file rather than prompting to download. Looks like it was trying to do it with the .img file as well but it was causing an error without the right tools to view the .img file!

Zipped up the file and fixed link! Should download now!
 
Yep fine now, but prior worked in IE but not FF, which was weird. you figured both would have the same end result.
 
DonB said:
Yep fine now, but prior worked in IE but not FF, which was weird. you figured both would have the same end result.
Click to expand...

It must have something to do with the way firefox handles file extensions :confused:
Where as IE's default might be to download .img where as firefox tries to open it? I dunno, I'm not up on my internets knowledge!
 
Brian706 said:
Ah, I see! You left .img off the command!

should be dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3.img


Here you go:
https://dl.dropbox.com/u/100923173/mmcblk0p3.img

 md5: 25F4BD66F05D56D1586E1809C4B3197D
Click to expand...

lol brian i figured youd be all over this :smokingsomb: im not sure why you had to add the .img,it should have worked fine without it. maybe something to do with your version of adb,or possibly the rom youre on? :confused:

here it is on my rezound:
Code: 
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]

c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HTxxxxxxxxxx    device


c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
shell@android:/ $ [COLOR="red"]su[/COLOR]
su
shell@android:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
shell@android:/ # [COLOR="red"]exit[/COLOR]
exit
shell@android:/ $ [COLOR="red"]exit[/COLOR]
exit

c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
2292 KB/s (33143808 bytes in 14.116s)

c:\mini-adb_vigor>

wich does not neccessarily result in an .img file,wich is ok.

unfortunately,we still need a volunteer who is either unlocked or relocked on the hboot.

it certainly looks the same,but since youre locked,offset 0x8400 is all zeros. unfortunately,we cant be sure wether HTCU/HTCL would occur at 0x8404 or not. it could be very dangerous to edit this mmcblock incorrectly,so we need to find someone whose locked state is unlocked or relocked so we can see where the flag pops up.

heres a couple screen shots for further education :)

the first one is from the rezound,wich clearly shows the HTCU. the second is the image you dumped. if you look at offset 8400 youll see all the zeros :eek:

it works on the rezound,so im sure it will work on the cdma 3d,and others. i did it last night- edited 0x8400 to 0x00000000 and voila... **locked** again. flashed the original back(with HTCU starting at 0x8404) and back to unlocked with no flashing or retrieving unlock tokens. :cool:
 

Attachments

  • mmcblk-scotty-rznd.jpg
    mmcblk-scotty-rznd.jpg
    649.6 KB · Views: 161
  • mmcblk-brian-e3d.jpg
    mmcblk-brian-e3d.jpg
    655 KB · Views: 117
Totally forgot! Wasn't thinking about being locked again! :o

Maybe we can get dragonslayer in here. He should be a pro with adb after the deep sleep fiasco! He's unlocked s-on unless he finally went s-off after getting his phone back up and running?
 
Brian706 said:
Totally forgot! Wasn't thinking about being locked again! :o

Maybe we can get dragonslayer in here. He should be a pro with adb after the deep sleep fiasco! He's unlocked s-on unless he finally went s-off after getting his phone back up and running?
Click to expand...

yup! hed be fine,if hes willing. hell just need to re-unlock,install recovery and superuser. i was gonna give him a couple days to recooperate from his cold :)

we dont need an s-on phone however. s-off is fine... bootloader unlocked or relocked are the important factors :)

for S&Gs:
Code: 
c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
2478 KB/s (33143808 bytes in 13.059s)

c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
shell@android:/ $ [COLOR="red"]su[/COLOR]
su
shell@android:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
shell@android:/ #[COLOR="red"] exit[/COLOR]
exit
shell@android:/ $ [COLOR="red"]exit[/COLOR]
exit

c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]

c:\mini-adb_vigor>
before:
IMAG0020.jpg


after:
IMAG0021-1.jpg
 
scotty85 said:
yup! hed be fine,if hes willing. hell just need to re-unlock,install recovery and superuser. i was gonna give him a couple days to recooperate from his cold :)

we dont need an s-on phone however. s-off is fine... bootloader unlocked or relocked are the important factors :)

for S&Gs:
Code: 
c:\mini-adb_vigor>[COLOR=Red]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
2478 KB/s (33143808 bytes in 13.059s)

c:\mini-adb_vigor>[COLOR=red]adb shell[/COLOR]
shell@android:/ $ [COLOR=red]su[/COLOR]
su
shell@android:/ # [COLOR=red]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
shell@android:/ #[COLOR=red] exit[/COLOR]
exit
shell@android:/ $ [COLOR=red]exit[/COLOR]
exit

c:\mini-adb_vigor>[COLOR=red]adb reboot bootloader[/COLOR]

c:\mini-adb_vigor>
before:
IMAG0020.jpg


after:
IMAG0021-1.jpg
Click to expand...

I just figured if he has gone s-off then he will be locked again because of the s-off procedure... I was thinking about unlocking lol, but then I have to s-off again if I want to get it locked... :/ What about your new 3vo? Don't want to unlock the bootloader?
 
Brian706 said:
I just figured if he has gone s-off then he will be locked again because of the s-off procedure... I was thinking about unlocking lol, but then I have to s-off again if I want to get it locked... :/ What about your new 3vo? Don't want to unlock the bootloader?
Click to expand...

my gsm 3d is unlocked. ill try it with it,but since the thread is about the gsm 3d theres not much question it works ;)

if you arnet skeert,you can easily chage back to locked,thats what this is all about! a way back to locked for the folks that acidentally,or on purpose,re-unlocked after s-off,not realizing that they were resetting the lock flag.

before i found this,the only way i knew of to gain the locked status back was to s-on,then re-s off. this is quite a bit easier.

i plan to try it on my sensation and one x as well. ill check my thunderbolt,inc 2 and inspire,but i dont think the lock flag will be in the same spot. on the older phones.

if you want to try it ill help you in much more detail with the steps. id prolly recomend being on a rooted stock rom,tho if youre on something heavily custom.

basically,we just:
-dump mmcblk0p3(without having to add the .img command)
-very carefully hex edit it
-reflash the edited version.

you can swap between locked and unlocked just by flashing the different mmcblk0p3.

if we knew for a fact that the flag started at 0x8404 we could even unlock you by just hex editing the image. :cool: then lock you back by reflashing the original :smokingsomb:

since none of my phones have a factory warranty,i always run unlocked. but this was a pretty cool find to me,in case i ever do want to change it.
 
scotty85 said:
my gsm 3d is unlocked. ill try it with it,but since the thread is about the gsm 3d theres not much question it works ;)

if you arnet skeert,you can easily chage back to locked,thats what this is all about! a way back to locked for the folks that acidentally,or on purpose,re-unlocked after s-off,not realizing that they were resetting the lock flag.

before i found this,the only way i knew of to gain the locked status back was to s-on,then re-s off. this is quite a bit easier.

i plan to try it on my sensation and one x as well. ill check my thunderbolt,inc 2 and inspire,but i dont think the lock flag will be in the same spot. on the older phones.

if you want to try it ill help you in much more detail with the steps. id prolly recomend being on a rooted stock rom,tho if youre on something heavily custom.

basically,we just:
-dump mmcblk0p3(without having to add the .img command)
-very carefully hex edit it
-reflash the edited version.

you can swap between locked and unlocked just by flashing the different mmcblk0p3.

if we knew for a fact that the flag started at 0x8404 we could even unlock you by just hex editing the image. :cool: then lock you back by reflashing the original :smokingsomb:

since none of my phones have a factory warranty,i always run unlocked. but this was a pretty cool find to me,in case i ever do want to change it.
Click to expand...

I'm not scared! I'll unlock for you! You know I'd always be game to test any of your projects. I'd love to be a part of the fun!

Eta: Do I need to go to the stock rom to unlock? I don't have time to do all that right now!!!
 
Scotty I am on Hboot 1.4 S-Off, the issue is I can't do this right now as I have guest here at the house, so if you don't find someone, then I will do it a little later, or tomorrow, NP
 
Brian706 said:
I'm not scared! I'll unlock for you! You know I'd always be game to test any of your projects. I'd love to be a part of the fun!

Eta: Do I need to go to the stock rom to unlock? I don't have time to do all that right now!!!
Click to expand...

you dont need to go back to stock to unlock,but i think i would recomend being stock for the other part,since im not sure why you had to add the ".img" to make it work. id feel more comfortable if we can do it with the above commands,im not sure dd-ing back an image in place of whatever the file dumps is a good idea :eek:

there is no hurry. you can do it whenever you have time,if you want to :)
 
DonB said:
Scotty I am on Hboot 1.4 S-Off, the issue is I can't do this right now as I have guest here at the house, so if you don't find someone, then I will do it a little later, or tomorrow, NP
Click to expand...

thanks don,are you locked from s off still? if so,your output doesnt tell us much,like brians above(all 0's at 0x8400)

if you do happen to be unlocked or relocked,feel free to dump it whenever you get a minute :cool:
 
scotty85 said:
you dont need to go back to stock to unlock,but i think i would recomend being stock for the other part,since im not sure why you had to add the ".img" to make it work. id feel more comfortable if we can do it with the above commands,im not sure dd-ing back an image in place of whatever the file dumps is a good idea :eek:

there is no hurry. you can do it whenever you have time,if you want to :)
Click to expand...

Also, I think it is something weird with this rom. I have had a harder time with adb ever since flashing this version of the rom. I had a heck of a time using adb push, and the adb mount command was returning errors that I didn't have permission. Obviously I have it working now, but this rom is the only time I've had any problems with adb, which is fine, because it's not something I normally use.
 
Unlocked. Restoring a nandroid now. Will post the new info once I'm booted.

Scotty, could you peak in here please? I've been doing my best to answer all the questions, but I feel that you might be able to elaborate a little more than me and clear a couple things up?....
 
Here you go, lol

attachment.php



scotty85 said:
thanks don,are you locked from s off still? if so,your output doesnt tell us much,like brians above(all 0's at 0x8400)

if you do happen to be unlocked or relocked,feel free to dump it whenever you get a minute :cool:
Click to expand...
 

Attachments

  • Pic.jpg
    Pic.jpg
    82.3 KB · Views: 255
I'm having odd problems with unlocking. When I choose yes to unlock, it sits there doing nothing. Eventually I just hit no, and the phone restarted. Checked bootloader and it said unlocked. Went into bootloader again later and it said locked...

Just tried unlocking again and same thing. After hitting yes, it just sat there doing nothing. Hit no, rebooted into bootloader and it says unlocked again... I am going to try again while it says unlocked. Why would it go back to locked again though?
 
Not sure about going back to locked... That's not a usual occurance :eek:

The rest of it was prolly cause you are running a custom recovery. Unlocking normally causes the stock recovery to do a factory reset,so a custom recovery likely has it confused ;)
 
You must log in or register to reply here.
Back
Top Bottom