Root [CDMA] calling someone with adb experience,and an unlocked hboot

[Brian706]

Sorry it's taking so long. I'm on a bad rom to tinker with. It randomly won't boot every so often so I keep having to re-flash

 

[Brian706]

Okay! Added download to other post. Should be a winner this time!

 

[scotty85]

yes sir!

awsome sauce :smokingsomb:

at 0x8404,right where it should be!

since i see youve got a hex editor,if youre comfortable editing it,just change 8404-8407 to 0's. dont change the period side,it wont be the same result(tho when you enter the zeros,the HTCU will change to periods)

 

[scotty85]

*make 100% sure that you do not change any other parts of the file,or change the offsets by accidentally deleting something.

after youve made your edit,save it as "mmcblk0p3mod" dont change the file type.

put the file on your sd card. by mounting,or with:
adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod

now,
adb shell (su to get the # if needed)

write the new block:
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
*very important! make sure you get the same bytes and records in/out as when you pulled it. if you do not, DO NOT REBOOT

reboot to bootloader:
exit (exit again,if you need to)

adb reboot bootloader

you should be back to **locked**

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Scott>cd c:\mini-adb_vigor

c:\mini-adb_vigor>adb devices
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HTxxxxxxxxx    device


c:\mini-adb_vigor>adb shell
shell@android:/ $ su
su
shell@android:/ # dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
[COLOR="red"]64734+0 records in[/COLOR]         
[COLOR="red"]64734+0 records out[/COLOR]
[COLOR="blue"]33143808 bytes[/COLOR] transferred in 9.519 secs (3481858 bytes/sec)
shell@android:/ # exit
exit
shell@android:/ $ exit
exit

c:\mini-adb_vigor>adb pull /sdcard2/mmcblk0p3
2292 KB/s ([COLOR="blue"]33143808 bytes[/COLOR] in 14.116s)

c:\mini-adb_vigor>adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod
2478 KB/s ([COLOR="blue"]33143808 bytes[/COLOR] in 13.059s)

c:\mini-adb_vigor>adb shell
shell@android:/ $ su
su
shell@android:/ # dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
[COLOR="red"]64734+0 records in[/COLOR]
[COLOR="red"]64734+0 records out[/COLOR]
[COLOR="blue"]33143808 bytes[/COLOR] transferred in 18.937 secs (1750214 bytes/sec)
shell@android:/ # exit
exit
shell@android:/ $ exit
exit

c:\mini-adb_vigor>adb reboot bootloader

c:\mini-adb_vigor>

 

[scotty85]

last and not least,the md5 i get for your modded mmcblk0p3 is:
mmcblk0p3mod 462ed8ae6522abe663d5daf403e1459f

 

[DonB]

Scotty just got back here, what are you trying to achieve here ?? Just curious. Very impressive on the knowledge, I use to use that same Hex code app for when I was working on Sat receivers, LOL

 

[Brian706]

Scotty just got back here, what are you trying to achieve here ?? Just curious. Very impressive on the knowledge, I use to use that same Hex code app for when I was working on Sat receivers, LOL

I think his goal is to make a flashable zip that will return the bootloader to "locked" state. Currently that can only be achieved by the wire trick which is definitely not a convenient way to lock the bootloader. Editing the hex in this file can return you to locked status, which we are discovering. He wants to make a zip that automates the process!

 

[scotty85]

I think his goal is to make a flashable zip that will return the bootloader to "locked" state. Currently that can only be achieved by the wire trick which is definitely not a convenient way to lock the bootloader. Editing the hex in this file can return you to locked status, which we are discovering. He wants to make a zip that automates the process!

correct!

 

[DonB]

I knew there was a reason in your madness. Damn Brian, I am truly amazed on how much you have learned and grown here, very impressive.

Scotty what is the RL next to the S-OFF in my screen shot above mean. I really never had the urge to get into the technical aspect of the phone as I have always left that to the tech junkies, also I guess I never really had the time, LOL I must say though, I am really getting more intrigued about it now though and I guess the more you know the easier it becomes to help others and understand the core of the issues.

 

[scotty85]

don,im not 100% sure what the RL means... my rezound is RH. i read something about it being speculated to be a production or location code of some sort.

in other news,i modified s-trace's recovery script,and have tested it on my rezound,my sensation,and my gsm 3d.

anyone thats s off and running a STOCK hboot is welcome to try it the patched revolutionary and jpbear hboots ignore the lock flag,constantly displaying their respective banners. flashing the zips with these hboots should not hurt anything,but the banner wont change until you flash back to a stock hboot.

this is not doing any device checks,so do not run it on a device equpped with anything other than the qualcom s3 processor,as it may have the lock flag in a different location.

simply download,wipe cache and dalvik(prolly not needed,but i always do for good measure) ,and flash the appropriate zip in recovery.

id recomend to run "query" first so you are reasonably sure the script is compatible.

if anyone trys it,please report back that it works so i can make appropriate threads and link them in the stickys,change other posts,etc.

as usual,please check md5s:
query:query_bootloader.zip
query_bootloader.zip f335f78f9f46469c823da0c671026de5

unlock:unlock_bootloader.zip
unlock_bootloader.zip f335f78f9f46469c823da0c671026de5

lock:lock_bootloader.zip
lock_bootloader.zip f335f78f9f46469c823da0c671026de5

 

[DonB]

K, at first I thought it meant ReLocked, LOL thanks for the info Scotty

You might also want to put a small description how one knows if they are locked or unlocked, I have been asked in numerous PM's. I could post but might not be as eloquent as your explanation, so best coming from the expert

 

[scotty85]

K, at first I thought it meant ReLocked, LOL thanks for the info Scotty

You might also want to put a small description how one knows if they are locked or unlocked, I have been asked in numerous PM's. I could post but might not be as eloquent as your explanation, so best coming from the expert

besides looking at the hboot screen at the banner,running the "query" zip will display on the recovery screen the lock status

a couple of pics:

ive flashed the zips numerous times on all my devices,and checked the banner in hboot,and with the query zip in recovery. gone from locked to unlocked and back again,and back to unlocked

if you want the banner to display "relocked" you technically can rename one of the zips to "relock_bootloader" and it will change the banner to that. i left that option out,as i figured there would be zero demand.

im pretty excited that it works. flashing a zip in recovery is better,IMO,for the noobs that need fastboot flash and fastboot boot commands than flashing a new hboot,plus its alot quicker than using htcdev :smokingsomb:

 

[Brian706]

Downloaded. Will try in a bit. All 3 files were named unlock_bootloader. Did the same file get uploaded for each one? Or is the name just the same?

They all have the same md5 too?

 

[scotty85]

They should be named query,lock,and unlock. I checked the links they look correct.

The md5s are the same cause they are technically all the same zip,lol. Just the name is different... The script works by the name of the zip. You can technically download it once and just change the name.
Lock_boot loader
Unlock_bootloader
Query_boot loader

 

[DonB]

So if I am understanding you, the Query Zip you created will tell you if you are locked or unlocked, and the other 2 will change the banner to either Locked or Unlocked ??

They should be named query,lock,and unlock. I checked the links they look correct.

The md5s are the same cause they are technically all the same zip,lol. Just the name is different... The script works by the name of the zip. You can technically download it once and just change the name.
Lock_boot loader
Unlock_bootloader
Query_boot loader

 

[scotty85]

So if I am understanding you, the Query Zip you created will tell you if you are locked or unlocked, and the other 2 will change the banner to either Locked or Unlocked ??

Yup. You are correct sir

 

[DonB]

Nice, damn I will have to try this here while at work, I try to make it a point not to mess with the phone while at work incase but I may not be able to wait that LONGGGGGGGGGGGG LOL

When the query is run how does it tell you if your locked or unlocked

 

[scotty85]

It will print it on the recovery screen

 

[DonB]

I assume you know why I am asking these questions, to have them on the record I will think of other possible ones I am sure.

It will print it on the recovery screen

 

[DonB]

I just thought of another, when you download the query files, are they all called Query, or do they have 3 different names ??

For the record if they are all the same files folks simply create 3 different folder on your desktop

 

[Brian706]

They should be named query,lock,and unlock. I checked the links they look correct.

The md5s are the same cause they are technically all the same zip,lol. Just the name is different... The script works by the name of the zip. You can technically download it once and just change the name.
Lock_boot loader
Unlock_bootloader
Query_boot loader

That's kind of what I was thinking, but wanted to make sure before flashing. I assumed you named each download accordingly, but at least on my end, no matter which one I download they are named unlock_bootloader. No big deal! I already renamed, but just letting you know!

 

[DonB]

No the download files are all named Query Bootloader, i just checked here after i posted the question about

That's kind of what I was thinking, but wanted to make sure before flashing. I assumed you named each download accordingly, but at least on my end, no matter which one I download they are named unlock_bootloader. No big deal! I already renamed, but just letting you know!

 

[Brian706]

No the download files are all named Query Bootloader, i just checked here after i posted the question about

Must be some sort of glitch. For me, they all display right. When I click on each link, it shows each file with it's respective name, but upon downloading they are all unlock_bootloader.zip for me... Odd! Obviously not a big deal but might confuse people.

 

[DonB]

Yep I have seen this before, that is why I posted the question, so our life is a little easier, I recall seeing 3 files before and for some reason they all downloaded the same name, when I tried download them they showed the correct name, but once I click on save, they showed the same name, so I simply renamed them, but I know we will be asked.

I will try it again, I am using FF by thew way, I will try with IE to see if it does the same.

Must be some sort of glitch. For me, they all display right. When I click on each link, it shows each file with it's respective name, but upon downloading they are all unlock_bootloader.zip for me... Odd! Obviously not a big deal but might confuse people.

 

[Brian706]

Works like a charm! Scotty, you are a freaking genius! Literally takes seconds to switch between locked and unlocked! Amazing!

Locked:

Spoiler

Unlocked:

Spoiler