Hiya!
I've disassembled hboot-0.35.0017 for the nexus one. Security check is done by a function that I have patched.
I attached my current IDA (5.5) Database. Patched HBOOT can be found here.
We still need a method/exploit to flash this modified HBOOT on our device so we can have S-OFF.
So does this mean we can lock or is it just a lock in progress and the modified hboot is it flashable
Sent from my Nexus One using XDA App
jdmoore81 said:
So does this mean we can lock or is it just a lock in progress and the modified hboot is it flashable
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
We just need to find a way to flash that modified HBOOT on the nexus one and we can lock it.
rolle3k said:
We just need to find a way to flash that modified HBOOT on the nexus one and we can lock it.
Click to expand...
Click to collapse
Awesome! even if I don't exactly know the variables in play this sounds good and exciting
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
jdmoore81 said:
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
As far as I understood this:
Code:
/* Bootloader / Recovery Flow
*
* On every boot, the bootloader will read the bootloader_message
* from flash and check the command field. The bootloader should
* deal with the command field not having a 0 terminator correctly
* (so as to not crash if the block is invalid or corrupt).
*
* The bootloader will have to publish the partition that contains
* the bootloader_message to the linux kernel so it can update it.
*
* if command == "boot-recovery" -> boot recovery.img
* else if command == "update-radio" -> update radio image (below)
* else if command == "update-hboot" -> update hboot image (below)
* else -> boot boot.img (normal boot)
*
* Radio/Hboot Update Flow
* 1. the bootloader will attempt to load and validate the header
* 2. if the header is invalid, status="invalid-update", goto #8
* 3. display the busy image on-screen
* 4. if the update image is invalid, status="invalid-radio-image", goto #8
* 5. attempt to update the firmware (depending on the command)
* 6. if successful, status="okay", goto #8
* 7. if failed, and the old image can still boot, status="failed-update"
* 8. write the bootloader_message, leaving the recovery field
* unchanged, updating status, and setting command to
* "boot-recovery"
* 9. reboot
*
* The bootloader will not modify or erase the cache partition.
* It is recovery's responsibility to clean up the mess afterwards.
*/
The bootloader is flashing itself, the recovery just informs it to do so.
jdmoore81 said:
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
+1. What if you just use a custom recovery with signiture verification off?
@rolle3k: Assuming the we can get it to flash, would you be able to make the same mod to the newer HBOOT HBOOT-0.35.0017
efrant said:
+1. What if you just use a custom recovery with signiture verification off?
@rolle3k: Assuming the we can get it to flash, would you be able to make the same mod to the newer HBOOT HBOOT-0.35.0017
Click to expand...
Click to collapse
Sure. I will edit it and try to flash it with verification off. If it works, I will let you guys know..
Great work here! Keep it up!
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
You won't be able to flash it unless you have an S-OFF nexus... otherwise HBOOT will refuse to flash anything that doesn't have a signature match...
That's why if you try flashing a Desire Radio to the N1, it won't work with a 'normal' nexus... you need to have the S-OFF in the bootloader as previously indicated...
So we would need to find a way (like they've done with the EVO, DINC, etc...) to get past the NAND lock (S-OFF)... I just don't think that people have tried to get that accomplished with the nexus since you can just do 'fastboot oem unlock' and it's done, unlike the other devices...
Very nice work though... I don't think I've seen anyone else get this far... maybe someone could try to get a hold of unrevoked and see if someone there could be of assistance since they haven't published their method of bypassing the NAND lock... but then even if we were able to bypass the NAND lock we would still potentially have the already unlocked bootloader there... if that makes sense...
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
how i can used this file
??????????????????????????????????//
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
Does it just need to be signed? Can you just uncheck signature verification from the Recovery program?
ezeldin said:
how i can used this file
??????????????????????????????????//
Click to expand...
Click to collapse
It's useless for now.
redstar3894 said:
You won't be able to flash it unless you have an S-OFF nexus... otherwise HBOOT will refuse to flash anything that doesn't have a signature match...
That's why if you try flashing a Desire Radio to the N1, it won't work with a 'normal' nexus... you need to have the S-OFF in the bootloader as previously indicated...
So we would need to find a way (like they've done with the EVO, DINC, etc...) to get past the NAND lock (S-OFF)... I just don't think that people have tried to get that accomplished with the nexus since you can just do 'fastboot oem unlock' and it's done, unlike the other devices...
Very nice work though... I don't think I've seen anyone else get this far... maybe someone could try to get a hold of unrevoked and see if someone there could be of assistance since they haven't published their method of bypassing the NAND lock... but then even if we were able to bypass the NAND lock we would still potentially have the already unlocked bootloader there... if that makes sense...
Click to expand...
Click to collapse
Thanks a lot for your post. Altho I was told that unrevoked's exploit does not seem to work with the nexus one bootloader, as it differs way too much from the desires bootloader.
MicroMod777 said:
Does it just need to be signed? Can you just uncheck signature verification from the Recovery program?
Click to expand...
Click to collapse
Unfortunately that does not the trick. The recovery just tells the HBoot to flash an radio/hboot - it can not do that itself, the HBoot still checks the signature.
/EDIT:
[10:28] <@IEF> Bumble-bee: the exploit currently does not work on N1.
[10:29] <@IEF> it's on of the few devices that's missing the interface to hboot.
[10:29] <@IEF> *one
The exploit used by AlphaRev doesn't work on the N1 unfortunately ;(
Well, I prepared a HBOOT image which has the security check patched, that means security will be off as long as it is flashed. I could even add some code which would set the security flag directly, but that will stay open for the future until someone comes up with a solution to flash an unsigned HBOOT.
rolle3k said:
Well, I prepared a HBOOT image which has the security check patched, that means security will be off as long as it is flashed. I could even add some code which would set the security flag directly, but that will stay open for the future until someone comes up with a solution to flash an unsigned HBOOT.
Click to expand...
Click to collapse
Thanks for your efforts thus far.
ezeldin said:
how i can used this file
??????????????????????????????????//
Click to expand...
Click to collapse
If you have to ask, then it's of no use to you. It's for development only at this stage, not for users.
I uploaded my IDA Database of the newst HBOOT: http://ul.to/yiynox
Security check function has been identified. I will upload my patched HBOOT tomorrow as I need to get some sleep now.
Can't we just dd the HBOOT like we do it on eMMC based devices?
Related
BlackRose
This is Nexus One custom bootloader(Based on HBOOT 0.35.2017)
FEATURE
Security OFF
None padlock mark even unlocked
Password protection
Engineering command
BlackRose custom command
Change boot logo
Resize Partition
Select menu by pressing trackball
Switch vibration at boot
CRC32 check function
Prevent overwrite HBOOT by RUU
Click to expand...
Click to collapse
REQUIRE
Windows PC or Linux PC
USB Debugging(ADB) ON(Setting-Application-Development-USB Debugging)
Connect USB before execute BlackRose installer
ADB and Fastboot USB Driver - Windows
http://www.mediafire.com/?bhxmn903d6cz9eg
Click to expand...
Click to collapse
GO
Windows PC: BlackRose.exe
Linux PC: BlackRose
Possible argument
skip: go to blackrose menu immediatly(not recommand because hboot version check step is skipped)
editor: go to blackrose editor(standalone)
Guide
Install
http://www.youtube.com/watch?v=cC7nyRxVvk4
Uninstall
http://www.youtube.com/watch?v=mGrnDsSrS5s
Update(from 120215)
http://www.youtube.com/watch?v=TK5kepkO9oI
Resize partition
http://www.youtube.com/watch?v=ScIMetgk7Zw
Execute BREditor(standalone)
http://www.youtube.com/watch?v=FSbSL4kUloQ
*.Those who using older version custom BlackRose(eg.111231), Since older version can't communicate with BlackRose installer so you need to follow my direction.
Once you follow my direction, you no need to do this later
1.customize same as previous partition layout using BlackRose editor(view "execute BREditor")
2.fastboot flash hboot hboot_brcust.nb0
3.fastboot reboot
*.If you are using MAC OSX and failed to install by using installer,
Download blackrose_manual_120421.zip and follow instruction in zip file
Click to expand...
Click to collapse
Change Log
120421
Disable password protection (temporary)
*.As you know, there is no way to recover password.
That's why I designed 2nd password.
I received many message about forget password.
So I decided to disable password protection until I design new solution.
Fix stock BlackRose partition layout label.
120216
Bootloader(HBOOT)
Add new function(I will not reveal, It doesn't matter for normal user)
120215
Bootloader(HBOOT)
Change message when protected by password (not allowed -> protected)
Add bootloader commandline in order to communicate BlackRose installer
Installer
Now surpport below HBOOT version
0.33.0012
0.33.2012
0.35.0017
0.35.2017
7.35.5017(BlackRose)
Recreate program (not rebuild but recreate )
1.BREditor has merged
2.Install process has revemped
3.Communicate with HBOOT
4.Convenient,Optimized
5.ETC
* Since i'm not god, please feel free to report bug)
111231
Happy New Year!
HBOOT(Bootloader)
Update release date(because it's the last day of 2011)
Installer and Editor
Common: Execute file is not packed (fix ploblem executable-file deleted by Virus Scanner)
Installer: Improve install process
Update exploit
Installer: Fix install bug(perfectly, 111231_2)
Installer: Improve installer(111231_3)
Editor: Bug fix(111231_3)
111217
HBOOT(Bootloader)
New CRC32 function
(this function is used for make custom bootloader)
Installer and Editor
Installer: Can flash ANY bootloader
Editor: Show warning message when set password
Editor: bug fix(partition and "understand" bug,111217_2)
111208
HBOOT(Bootloader)
Password protection
rebase blackrose custom command
remove unlock, lock command
remove simlock menu(replaced powerdown)
remove clearstorage menu(replaced reboot)
display off, on message when switch vibration at boot
add extension label(no more identify 5017 or 5117)
bug fix(getvar version)
cleanup
Installer and Editor
improve blackrose installer
new blackrose editor(you must use this)
breditor: make it clear(password -> protection)(111208_2)
breditor: password bug fix(111208_3)
111128
fix BlackRose custom command ploblem(brcmd 5)
improve BlackRose installer
111126
select menu by using trackball instead of power key(default)
*.I analysed key dispatch routine perfectly and revamped routine.
I recommand update BlackRose 111126 because that is better than 111125
fix key label
111125
switch trackball selection (permanent!!!, view advenced section)
etc
111118
HBOOT(Bootloader)
can't flash image without signature when S-ON
(can't flash by unsigned RUU, while can flash by flash command? that's not fair.)
change command (oem brset -> oem brcmd)
new command (brcmd 2, brcmd 5)
Installer
can apply custom partition blackrose (view Advenced section, more easily)
can update blackrose from custom partition blackrose. (view update section)
can install blackrose even you dosen't achieve adb root permission(111118_2)
fix BlackRose windows installer error(111118_3)
rebase BlackRose installer(111118_4)
fix BlackRose installer error(111118_5)
111111
change title color
can flash some image(boot,recovery,system,userdata,radio,zimage) even S-ON and locked bootloader
rework writemainver(reason:when you uninstall blackrose, stored mainversion will be cleared.)
add custom command(fastboot oem brset)
can switch vibration during at boot
can select by pressing trackball (View Advenced section in BlackRose Installer)
optimization and cleanup
can install BlackRose on linux (111111_2)
fix BlackRose linux installer error (111111_3)
111009
When you update ROM(by PASSIMG, RUU), BlackRose doesn't write new mainver
111006
New based on 0.35.2017(Engineering HBOOT) - Thanks to PhaseBurn
Original Image(0.35.2017): http://forum.xda-developers.com/showpost.php?p=18141273&postcount=116
None padlock mark(even you unlocked bootloader)
Prevent overwrite HBOOT by OTA or RUU
Disable fastboot command(oem unlock), because no need to unlock bootloader
Can receive Google OTA
Click to expand...
Click to collapse
FAQ
1.Phone is brick, dosen't turn on screen
You have flashed unsigned RADIO
If you want unbrick your phone, The answer is JTAG or HTC Service Center(The engineer can refuse to repair your phone)
2.Can I lock bootloader again?
To relock the bootloader, You have to achieve radio S-OFF(secu_flag=0), otherwise you would see the error [Lock Failed]
3.How to achieve radio S-OFF?
[email protected]=7,0 or [email protected]=8,0
I disassembled radio(AMSS)
it need HTC Special SIM-CARD or SIM-EMULATOR(XTC-CLIP)
but...
If we can disable SMI-MPU and modify only one byte to AMSS routine on SDRAM
We can achive Radio S-OFF without HTC-Special-CARD.
4.I can't update radio by using recovery.
If cache partition size less than radio image, you couldn't update radio by using recovery.
so I suggest a way to update radio
fastboot flash radio [RADIO IMAGE(e.g radio.img)]
5.I can't see my device when execute BlackRose installer
If you are using sense rom, adb device isn't worked.
You must install htc sync.
Click to expand...
Click to collapse
-Thanks for your favor-
Donation
rugmankc
efrant
madj42
fzr-r4
texasice
gdarren
WOW, I cannot appreciate it enough
Click to expand...
Click to collapse
Lecahel
Supplement
BlackRose custom command
fastboot oem brcmd [command]
svib : Enable/Disable vibration during at boot (Output string is none. but setting will be changed.)
brec : Go to recovery mode
pass [password]: Create encrypted password/Authentication
Click to expand...
Click to collapse
Change boot logo
1.Prepare 480*800 bmp file to change
2.nbimg.exe -F [BMP FILE] -n
3.rename *.nb file to splash1.img
4.fastboot flash splash1 [SPLASH1 IMG]
Click to expand...
Click to collapse
Password Protection
1.fastboot oem brcmd pass [ORIGINAL PASSWORD]
2.Note your encrypted value
3.Input encrypted value in BREditor
4.Apply custom BlackRose
NEVER input original password in BREditor
If you would like to unlock protection
fastboot oem brcmd pass [ORIGINAL PASSWORD]
TIP
If lock state, oem pass command work as unlock method
Otherwise, work as create encrypted password
If you type wrong password third in a row, device is turned off
Click to expand...
Click to collapse
Apply custom BlackRose
*.If you use BlackRose installer method, no need to read
Apply
1.fastboot flash hboot [CUSTOM BLACKROSE BINARY]
2.fastboot reboot-bootloader
If you will change partition layout
1.fastboot flash hboot [CUSTOM BLACKROSE BINARY]
2.fastboot reboot-bootloader
3.fastboot erase cache
4.fastboot oem brcmd brec
5.full wipe
6.update rom
7.reboot
Click to expand...
Click to collapse
maybe its too early in the morning,.... but huh?
It means - a hack that allows flashing anything anywhere as long as the hack is present. So, theoretically, if anyone would modify the bootloader code (done earlier in this thread, AFAIK) to allow bypassing security, this hack will allow flashing it. Also, possibly, this hack will allow flashing engineering bootloader.
Impressive! A really interesting approach. Even though Radio S-OFF would be preferred a modified hboot that unlocks more commands than the current stock-unlocked hboot does, right?
blunden said:
Impressive! A really interesting approach. Even though Radio S-OFF would be preferred a modified hboot that unlocks more commands than the current stock-unlocked hboot does, right?
Click to expand...
Click to collapse
Yes, we can do anything(except radio)
I found hidden functions during disassemble hboot
saveprt2sd, savemem2sd, mw etc...
i temporary changed oem lock function to saveprt2sd and it worked.
I found 0.33.2012 hboot(ENG) image
but since I use SLCD Nexus One, I couldn't flashing
Blackrose has potential
Sent from my Nexus One using XDA App
Post Changed.
doesn't work, still fails the signature verification.
It doesnt work. It shows a 'failed' result, saying that the file couldnt be verified or something. I tried out three different hboots, including the one you've provided, but it shows the same error every time. :-/
EDIT: Works perfectly. Got an S-off.
rjmohit said:
It doesnt work. It shows a 'failed' result, saying that the file couldnt be verified or something. I tried out three different hboots, including the one you've provided, but it shows the same error every time. :-/
Click to expand...
Click to collapse
didn't see anything to bypass the signature verification during the process.. i thought the only way to let the bootloader accept the image is that the file itself has a valid signature? how can you flash the image directly then..? o_o
mistake
maddie said:
didn't see anything to bypass the signature verification during the process.. i thought the only way to let the bootloader accept the image is that the file itself has a valid signature? how can you flash the image directly then..? o_o
Click to expand...
Click to collapse
OOPS, I made mistake.
I uploaded again.
Maybe this worked well...
Please report to me.
dla5244 said:
OOPS, I made mistake.
I uploaded again.
Maybe this work well...
Please report to me.
Click to expand...
Click to collapse
OK, it works now. Bootloader now S-OFF!
Great work! ;-)
BTW my Nexus One is unlocked.
maddie said:
OK, it works now. Bootloader now S-OFF!
Great work! ;-)
BTW my Nexus One is unlocked.
Click to expand...
Click to collapse
Congratulations!
also you can flash hboot, splash1, etc via fastboot flash command.
dla5244 said:
Congratulations!
also you can flash hboot, splash1, etc via fastboot flash command.
Click to expand...
Click to collapse
Yes, I'm aware of that. It's good enough for me to just get rid of the annoying lock icon on the boot screen. ;-)
And what is the gate.img exactly? I noticed that it was flashed as "boot" in fastboot, so I flashed my original kernel afterwards without booting into system. Will it in any way affect the original system?
maddie said:
Yes, I'm aware of that. It's good enough for me to just get rid of the annoying lock icon on the boot screen. ;-)
And what is the gate.img exactly? I noticed that it was flashed as "boot" in fastboot, so I flashed my original kernel afterwards without booting into system. Will it in any way affect the original system?
Click to expand...
Click to collapse
sorry my english.
No, 'fastboot boot' command not affect original system.
boot command means what copy kernel image to RAM and execute.
gate.img is exploit image(not kernel).
As soon as gate.img executed, it change bootloader codes on RAM
that's why you can flashed custom-hboot on stock hboot.
dla5244 said:
sorry my english.
No, 'fastboot boot' command not affect original system.
boot command means what copy kernel image to RAM and execute.
gate.img is exploit image(not kernel).
As soon as gate.img executed, it change bootloader codes on RAM
that's why you can flashed custom-hboot on stock hboot.
Click to expand...
Click to collapse
Your English is good enough to understand!
I see, I thought it was "flash" instead of "boot".
Thanks for your great work!
Thanks for this! I now have S-OFF on my N1. I wonder if the MTD partitions could be resized now like in the Desire? Hmmm...
intersectRaven said:
Thanks for this! I now have S-OFF on my N1. I wonder if the MTD partitions could be resized now like in the Desire? Hmmm...
Click to expand...
Click to collapse
When I first saw this progress, that is what I was hoping would come of this...
intersectRaven said:
Thanks for this! I now have S-OFF on my N1. I wonder if the MTD partitions could be resized now like in the Desire? Hmmm...
Click to expand...
Click to collapse
Uh oh! IR has some ideas brewing...
S-off success
Sent from my Nexus One using Tapatalk
Just for New Hboot and you must go htcdev.com to unlock your Hboot
enjoy!
thanks for sharing. I did it on my view , really great
Does this specifically unlock the updated HTC View on Honeycomb?
Thanks
I just did this process on my View. I had not previously rooted and took the Honeycomb OTA update, after I was done unlocking the bootloader it reset my whole system to stock(with HC) I wasn't expecting it to do that, but I guess I am now unlocked and ready to root.
Sort of, you have to remember that you won't able to flash radios at all or flash kernels from recovery this way. You'll have to flash kernels over fastboot or from a booted android system.
Also unless the OP can come back with complete details of this recovery I recommened not flashing it, but extracting the one in the mini-ruu in the S-OFF thread. I see a couple of options in there which either won't work or could be incredibly destructive and I don't know if this recovery will support off-mode charging. I don't want people to get stuck in "battery brick" status, that is not fun.
Anyone get this when trying to unlock?? It doesn't give me an error code so I don't know exactly what went wrong.
We're sorry, but it appears your attempt to unlock the bootloader on this device has failed. This could be caused by several factors including simple errors in the entry of the unlock token, problems with your device, or a lack of manufacturer support for the unlocking process. Please see the specific error code listed below, and try again if necessary.
Error Code: .
Error Reason: .
nearly every time I've seen someone get that it's because they pasted the wrong information into the webpage,either too much or too little text,it has to be exactly what the instructions say to copy and paste.
sinner1168 said:
Anyone get this when trying to unlock?? It doesn't give me an error code so I don't know exactly what went wrong.
We're sorry, but it appears your attempt to unlock the bootloader on this device has failed. This could be caused by several factors including simple errors in the entry of the unlock token, problems with your device, or a lack of manufacturer support for the unlocking process. Please see the specific error code listed below, and try again if necessary.
Error Code: .
Error Reason: .
Click to expand...
Click to collapse
just do it again. if on windows, make sure on cmd you right click and select mark, highlight the section carefully including the line above and below the code and press ctrl+c, right-click and copy wasn't working for me, I would lose my highlight.
Sent from my PG41200 using xda premium
Ok I rebooted my laptop and tried it again with successful results this time. Thanks
How do I get this? my tablet is unlocked from HTC developers
Sent from my PG41200 using XDA App
globatron said:
Sort of, you have to remember that you won't able to flash radios at all or flash kernels from recovery this way. You'll have to flash kernels over fastboot or from a booted android system.
Also unless the OP can come back with complete details of this recovery I recommened not flashing it, but extracting the one in the mini-ruu in the S-OFF thread. I see a couple of options in there which either won't work or could be incredibly destructive and I don't know if this recovery will support off-mode charging. I don't want people to get stuck in "battery brick" status, that is not fun.
Click to expand...
Click to collapse
So you don't recommend flashing any roms using this recovery?
Sent from my PG41200 using XDA App
medkid said:
thanks for sharing. I did it on my view , really great
Click to expand...
Click to collapse
How did you apply this file to your View?
juanzr1 said:
How do I get this? my tablet is unlocked from HTC developers
Sent from my PG41200 using XDA App
Click to expand...
Click to collapse
Put the file in the root of your SD card
connect via usb
command > adb reboot bootloader
select fastboot
it will ask if you want to upgrade, select yes.
done.
I couldnt get the key combo to work to force the bootloader so I had to go via adb.
tonneychan said:
Just for New Hboot and you must go htcdev.com to unlock your Hboot
enjoy!
Click to expand...
Click to collapse
Thanks for the credit for using my recovery source . Its all open source and free to use for anyone but a little credit for the work myself and Amon Ra put into it would have been nice.
Been a lurker for a while, now I need some input if possible. I have a Thunderbolt whose touchscreen is not fully working, there is a strip about 1/4" wide top to bottom that does not respond to input. I rooted it using trter's Thunderbolt Tool and have been running Santod's ICS. When I decided to return to stock I did not read anything and merely ran trtr's tool and used the unroot option. This has me stuck now with a weird state.
Boot screen:
*** UNLOCKED ***
MECHA XD SHIP S-ON
HBOOT-1.05.0000
MICROP-/
RADIO-1.48.00.0930w_3
eMMC-boot
Jul 19 2011, 14:51:08
4ext recovery is still installed for some reason.
Here are things I have tried:
1. Unroot using trtr's tool - leaves me in a non-booting state with a Security warning and Main Version failure.
2. Used HTCDev unlock and pushed PG05IMG.zip of 2.11.605. This allows me to boot to a seemingly stock ROM.
3. OTA's get pushed, device reboots but OTA's fail to install.
4. Tried recovering Nandroid backups with 4ext, no matter which one I try to restore I get stuck in a boot loop (BAMF SoaB, ICS Santod, Liquid ICS, Multi-source ICS, ICS stock deodex).
5. Tried using 4ext to install the above ROMS directly, along with full wipes and partition formats before each attempt. They seem to install but get stuck in a boot loop on each.
6. Other various combinations of HTCdev, Thunderbolt Tool, FastBoot boot.img pushes, etc. Trtr's tool connecting in booted and fastboot modes fails to unroot or root or change S-ON state.
7. Did step 2 again to get me a working phone (except touch screen problem) until I can figure out WTH is going on.
Current state - the above Boot Screen details, 2.11.605.19 deodexed-signed image, and lucky I have not totally bricked it yet.
Help please? I've googled for the last 3 days and read countless posts and am not sure what to do from here. All I need is to get it back to stock so I can send it back to HTC and get a replacement. I have a working ADB set up and am willing to follow steps exactly or read whatever page you believe I have missed, or call me a dumb n00b, berate me for not reading something, anything... at this point I have no interest in retaining data on the phone or SD card or my dignity, just a stock phone that I can send back.
Thanks all!
Me too
google thunderboltforums How to Fix Security Warning - this is what trtr10 himself recommended to me . It didn't let me post, when I tried direct link.
Your #2 & #6 is similar, but maybe not exactly the same. It didn't work for me, though. And I had to add an adb manual lock step, because you need to be locked before trying trtr10s tool to unroot (or at least locked before it runs the final flash update, which fails for me with Main Version is older. Update Fail!
Also, technically the adb fastboot oem lock yields error #1:
(bootloader) Lock successfully...
FAILED (status read failed (Too many links))
finished. total time: 0.459s
That's major coincidence I have exact same problem, down to dead touch screen strip. I've been trying to get unrooted for a week and was supposed to mail the thing back last Friday . .
Here's hoping a solution gets posted. I don't want to pay cuz the insurance refurb was fail, when my warranty service is supposed to be free replacement and it is stupid hardware failure.
All I can say is trter supposedly updated his tool to work with the latest ota, but its been about a week and he hasn't released it yet.
He did say something about having a problem with his host though.
washuai said:
google thunderboltforums How to Fix Security Warning - this is what trtr10 himself recommended to me . It didn't let me post, when I tried direct link.
Click to expand...
Click to collapse
This is how I fixed the security warning when I first got it, using HTCDev unlock. I also used adb fastboot relock to lock back before trying the tool.
washuai said:
Your #2 & #6 is similar, but maybe not exactly the same. It didn't work for me, though. And I had to add an adb manual lock step, because you need to be locked before trying trtr10s tool to unroot (or at least locked before it runs the final flash update, which fails for me with Main Version is older. Update Fail!
Also, technically the adb fastboot oem lock yields error #1:
(bootloader) Lock successfully...
FAILED (status read failed (Too many links))
finished. total time: 0.459s
Click to expand...
Click to collapse
Yep - got that too...
Weird. Guess I'll wait for the new tool and see what it does...
As far as the identical touchscreen issue, this phone is also a refurb, my second with a touchscreen problem. The really weird part is that it works sometimes, particularly after all this work flashing and re-flashing, but I don't think it has anything to do with the ROMS or software, rather the fact that during all this work I am constantly doing battery pulls and SD card swaps and maybe it's because of a flaky ribbon connection or something - if it was not under warranty I would open it up and just try reseating anything I could find inside.
Have you tried to RUU back? It is a way manufacturers refurb or make the software new again without having to figure out what state it is in.
As long as you can get in fastboot it will work... Also could you possibly fastboot an ENG HBOOT? It doesn't show if it's unlocked nor does
it have any of those pink banners up at top.... Those I believe allow you to flash anything you couldn't normally do before... Try that.. Also I
ALWAYS manually push and flash my stuff through ADB and fastboot. It is faster (if you know what you are doing) AND it has better control
over what I am doing. I made a tut on how to flash boot screens (the very first image that comes up when you turn it on) and it is just about
same commands to flash normally stuff.
I run a Linux Box and always use root terminal so I am not certain at what point you would need superuser if any but as follows
#fastboot devices
#fastboot flash zip "name of zip" (no it doesn't have to be called anything specific, it could be called file1.zip)
#fastboot erase [option] /cache /data /system
to force it into the special RUU mode to use HTC's RUU, this is the command
#fastboot oem rebootRUU
Linux too Yes, I can flash via fastboot, I'm concerned about which one to flash though, I don't want to brick...
jnorth said:
Linux too Yes, I can flash via fastboot, I'm concerned about which one to flash though, I don't want to brick...
Click to expand...
Click to collapse
If you can give me today and I'll send you either the link to download the RUU or the exe itself.
You have the new radios installed and need to downgrade them by going s-off again. Need to do this to avoid main version errors.
The ota's don't install because of the custom recovery.
Backups don't work because your s-on and the kernel can be installed.
You may be able to install santod's ota rom in recovery and install the boot.IMG from the rom (kernel) in fasboot = ./fastboot flash boot boot.img
Relock the boot loader and send it in looking like stock.
There is also a way to spoof your main version and downgrade from ICS to GB Ruu stock. That is posted on another site.
Sent from my ConD3m3dPaC-man ADR6425LVW using xda app-developers app
tburns said:
You have the new radios installed and need to downgrade them by going s-off again. Need to do this to avoid main version errors.
Click to expand...
Click to collapse
Working on this now, as soon as I figure out how to get s-off again. Thanks!
http://androidfiles.org/ruu/?developer=Mecha
The RUU's to take you back to stock
Thanks to hints from you both, I am back to stock... probably more steps than were needed but it worked for me LOL.
1. Used part of the Revolutionary tool to get S-Off again and let it install CWM over 4ext
2. Re-rooted
3. Installed 2.11.605.9 radio and GB OTA rom
4. Used fastboot to put stock hboot back
Appears to be normal stock now and OTA in progress.
Thank you both again!
jnorth said:
Thanks to hints from you both, I am back to stock... probably more steps than were needed but it worked for me LOL.
1. Used part of the Revolutionary tool to get S-Off again and let it install CWM over 4ext
2. Re-rooted
3. Installed 2.11.605.9 radio and GB OTA rom
4. Used fastboot to put stock hboot back
Appears to be normal stock now and OTA in progress.
Thank you both again!
Click to expand...
Click to collapse
that is what the community is all about , right?
Exactly!
One last question - bootloader says ***RELOCKED*** instead of ***LOCKED*** - presumably because I used the HTCdev unlocker at one point... is that fixable or permanent?
jnorth said:
Exactly!
One last question - bootloader says ***RELOCKED*** instead of ***LOCKED*** - presumably because I used the HTCdev unlocker at one point... is that fixable or permanent?
Click to expand...
Click to collapse
you could ALWAYS use an ENG and nobody would be non-the-wiser if you rooted or not! It would look like a developer phone instead..
when it says ***RELOCKED*** it tells anybody and everybody you have been rooted at one point or another (no bueno for warranty)
jnorth said:
Exactly!
One last question - bootloader says ***RELOCKED*** instead of ***LOCKED*** - presumably because I used the HTCdev unlocker at one point... is that fixable or permanent?
Click to expand...
Click to collapse
this -SHOULD- take care of the pink banner up at top BE CAREFUL WITH THIS!!!
there again... I run constant root terminal so I do not know if it requires root or not soooo.....
#fastboot oem mw 8d08ac54 1 31302E30
#fastboot flash hboot whateverhbootfile.nb0
General Information
This Has Been Made To Help Those How Have No Clue What There Doing When Upgrading There Firmware Note And Want A One Click That Mimiks HTC RUU
New From Prism Pirate Chest of goodies here it is FUU For The HTC Evo 3D
FUU Definition
Firmware Update Utility
There are a few Firmware flashing threads and lots of zips and good and bad instructions. However, i noticed that many users asked about what they get when they flash what they download and also about how to flash it with S-OFF on various threads. This confusion has occasionally lead to people losing their custom kernels and custom recoveries and/or their SDcard partitions being unintentionally wiped.
I am writing this because i believe in "responsible" sharing. Since the full RUU's aren’t shared but only components (modified as well as unmodified) with often insufficient documentation, which in turn leads to a lot of confusion among the lesser informed users, i will try to catch some of that. I believe that sharing full RUU's would be a lot safer, as only those who actually know enough about it can disassemble them. RUU’s do always reassure users that there is a guaranteed and safe way to go back.
FUU How To
[*]Download the firmware you want
[*]then run the installer
[*]install it to folder you want to any folder will do
[*]then run the tool and upgrade or downgrade your firmware
Prerequisites:All you need is a Windows System with current drivers and maybe HTC Sync Manager installed, it is better to have HTC Sync uninstalled and only the drivers left. Just try if the FUU runs without HTC Sync. On my system, i am always greeted with an “Error 170" if i try to run the FUU on a booted Android - it doesn’t recognize the phone with ADB. This is a typical driver and/or ADB error. Solution here: make sure you have the latest driver suite. FailSafe way to get them is to install HTC Sync Manager (remove it if you don’t like it afterwards but leave the drivers in the sytem!).
ZIP Flash HowTo
Step-By-Step:1. If device is booted into Android, reboot into bootloader by running:
Code:
adb reboot bootloader
1.a Or else, if your device is in a different state or you just prefer the button method:
Press Power for 15 seconds and hold Vol Down at the same time, when the screen and charging LED go dark immediately release Power but keep holding Vol Down until you see the bootloader screen. Notice: If the device refuses to reboot, you might need to hold it to a bright light with its light sensor. This is a very specific bug in the HTC ONE. The light trick always works.
2. Now place the Firmware_named_something.zip into your adb/fastboot folder
3. Now run:
Code:
fastboot oem rebootRUU
4. Followed by:
Code:
fastboot flash zip Firmware_named_something.zip
(replace "Firmware_named_something.zip" with the name of your zip)
5. Now check the console output. It should approximately look like this:
“flush" certainly means “Flash" so press the arrow up key on your keyboard and enter to run the flash command again without reboot...
Important: the flash process halts at around 75% to 90% on phone screen! This is normal and a safety precaution! The last few percent is the reboot, which is NOT happening automatically, so you get a chance to check the console output before reboot to make sure it is safe to reboot! The bar will only fill up to 100% once you type the following command:
6.
Code:
fastboot reboot-bootloader
Error handling strategies:IF IT SAYS "FAILED" do not immediately reboot the device If you reboot with a FAIL it could not boot up anymore! It could brick! If no flash is being accepted you have to find out what is causing the malfunction before rebooting your phone. Keep it alive while trying to figure out the error. It might be your cable, your USB ports (dont use hubs! Always straight-to-mainboard connections), it might be USB 3.0 which is not good yet, it might be bad configuration of your ADB and Fastboot... there are many possible sources for flash fails.
The least dangerous FAILED messages are listed below and are safe to reboot:
Safe to reboot / Flash didn't happen Errors (if you encounter one of them, you can just reboot. Nothing changed):
- 12 signature fail (unknown yet but safe to reboot)
- 23 parsing image fail (means something wrong with the image in the zip)
- 32 header error (means the zip couldn’t be read and unzipped properly)
- 41 Wrong Model ID (means its not the right device)
- 42 Wrong Customer ID (wrong CID means you gotta swap cid first as explained below)
- 90 hboot pre-update (means it only flashed hboot and you have to run the process again immediately to flash all other partitions WITHOUT a reboot inbetween).
- 99 UNKOWN (is not yet clear but safe to reboot, might indicate a defunct S-OFF or S-ON)
- 155 you did not lock your bootloader (Needs a relock for S-ON phones that want to update the firmware.)
In fact, if it aborts before the "(bootloader) start image[hboot] unzipping & flushing..." line it actually didn't write anything and you can probably just reboot. If you see it flashing stuff though (the stages after that line) and then it stops with a FAILED, chances are a little higher that something is now broken. In that case do NOT reboot but do as i said above.
For Error 12 “signature fail" do:
- might indicate that a signed firmware package is required. This would only happen with S-ON phones though.
For Error 23 "parsing image fail" do:
- change image names in the zip to stock image names like “hboot.img" or “radio.img" or whatever failed there....
For Error 32 "header error" do:
- Sorry i haven’t found the exact cause yet and don’t know a definite solution.
- Make sure there is only one . (dot) in the filename, before the extension. fastboot reads anything after the first dot it sees as the extension. If that is not zip, it fails.
- If that doesn’t help, you can also try: make the zip new with recommended settings, re-run the command, check your connections...
For Error 42 "Wrong Customer ID" and: 41 "Wrong Model ID" do:
Code:
fastboot getvar all
Read that output, take note of your CID and MID and then edit the "android-info.txt" in your firmware.zip accordingly (For Wrong MID change the MID in the text, for wrong CID add your CID to the text).
For “Error 90 hboot pre-update..." do:
- Run the same flash command again which you just ran (press arrow up on your keyboard to get to the previous command in console)
- Don’t reboot in-between! (It wouldn’t brick you but it would just make you run the flash command twice again)
- This might be caused by the newer encrypted RUU's, they need their hboot to be flashed first so it can then decrypt the rest of the ROM.zip. Look at an encrypted ROM.zip from a RUU, you will notice that you can mostly extract the hboot without decrypting the ROM.zip, but you can't extract much else.)
For “Error 99 UNKNOWN" do:
- Check with other zip’s if they work!
- Check if your S-OFF is correct
- Tell me if you find out what’s causing an unknown error here!
For “Error 155 relock bootloader" do:
- run the fastboot command “fastboot oem lock" - only applies to S-ON phones that want to update the firmware. There a relocked bootloader is required. This error won’t show on S-OFF phones.
- Error 155 can also mean that you need SuperCID. On a few occasions this was shown when the RUU/FUU refused to run because of wrong region lock.
For “Error 170 Check USB" do:
- Sometimes shown when running a RUU or FUU. Indicates issues with drivers or ADB/Fastboot binaries. One way to solve is to run the exe with the phone already in Fastboot mode. Else you will have to dig into your windows driver system and try to fix there. Best option: re-install HTC Sync manager. Also, avoid USB 3 ports (the blue ones) - they have a complete new driver stack and that doesn’t work with ADB and Fastboot.
I always test all of these zips on my own device. But as always, flash at own risk. You're writing to critical parts of your phone. If anything goes wrong along the way, you might be bricked.
FUU Downloads (Windows only)
Update: added Hboot 1.58 FUU
Download
MD5: 995a8b883a5e39af471a93a84b4ff52d
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.57
Download
MD5: 87acbac59f169b32900e58f34e3390e1
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.50
Download
MD5: 233943ae4117d2fe64726afed8231b18
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.40
Download
MD5: 054e40f479b2075a20f12d5426d44bc3
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.30
Download
MD5: 04b13923379267a82d93cf913de62040
This FUU is A Stock Hboot. Contents: Firmware from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
Update: added Hboot 1.04 ENG
Download
MD5: 476a819ce37ff8fae2960de9dc2969a2
This FUU is A Stock Hboot. Contents: Hboot from ramjet73 So You should be good to Go. This package does wipes SDcard So Remove It Be For you Run it.
CreditsThank You Sneakyghost For The Tool And The Op
ramjet73 My mentor for HBOOT Modding
ramjet73 For The Hboots Witch I Modify Of off
DisclaimerYou are aware that writing to the security protected partitions increases your risk to lose the device exponentially. You understand and agree that i cannot be held responsible for such or any other damages. The flash process is theoretically safe and tested on various phones at time of posting, however you are the brains behind the wheel and you are solely responsible for the execution of the process. I will not accept any responsibility. The method itself is developed by Google and HTC, i only provide access and information to it and you execute it.
You understand that you should not do it if you are not willing to accept this risk.
Five star guide flashalot much appreciated
Sent from my PG86100 using XDA Premium 4 mobile app
Nice job!! Thank you!
busventinc said:
Five star guide flashalot much appreciated
Sent from my PG86100 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Cant take credit for the guide thank @Sneakyghost
I just made the proper edits for the evo and my one s
newdad23 said:
Nice job!! Thank you!
Click to expand...
Click to collapse
No problem
Thanks so much for this Flashalot!
Question on these, apologize in advance if its off base or nonsense.
Currently have a friend who is running 1.58 hboot S-ON, unlocked bootloader (htcdev) with MIUI 3.2.22 ROM. Would it be possible to use these to downgrade his hboot version and run revolutionary S-OFF and/or install JB ROM? Or would it be best to relock, revert fully to stock and use JuopunutBear method?
Thanks in advance
snackle said:
Thanks so much for this Flashalot!
Question on these, apologize in advance if its off base or nonsense.
Currently have a friend who is running 1.58 hboot S-ON, unlocked bootloader (htcdev) with MIUI 3.2.22 ROM. Would it be possible to use these to downgrade his hboot version and run revolutionary S-OFF and/or install JB ROM? Or would it be best to relock, revert fully to stock and use JuopunutBear method?
Thanks in advance
Click to expand...
Click to collapse
This is for s-off only sorry this is what you need
http://forum.xda-developers.com/showthread.php?p=31617712 it has it instructions on how to s-off
Sent from my PC36100 using Tapatalk 2
Flashalot said:
This is for s-off only sorry this is what you need
http://forum.xda-developers.com/showthread.php?p=31617712 it has it instructions on how to s-off
Sent from my PC36100 using Tapatalk 2
Click to expand...
Click to collapse
Thanks for the quick reply Flashalot
Exactly what I was expecting but figured I should ask just in case. Thanks again for your time.
snackle said:
Thanks for the quick reply Flashalot
Exactly what I was expecting but figured I should ask just in case. Thanks again for your time.
Click to expand...
Click to collapse
FYI, depending on the current firmware level of the phone you may not be able to run an ruu after the 2.89 base (they don't exist) without being s-off. If jbear doesn't work for you see..
See my reference post in Unknownforce's Ultimate Unbricking and hboot Downgrade Tool thread. It is known to work by bricking it twice.
Sent from my TouchPad using Tapatalk
mpgrimm2 said:
FYI, depending on the current firmware level of the phone you may not be able to run an ruu after the 2.89 base (they don't exist) without being s-off. If jbear doesn't work for you see..
See my reference post in Unknownforce's Ultimate Unbricking and hboot Downgrade Tool thread. It is known to work by bricking it twice.
Sent from my TouchPad using Tapatalk
Click to expand...
Click to collapse
Thanks for the heads up mpgrimm2. I believe he has a nandroid backup from just after he completed the htc unlock, still running stock rom. If it does turn out to be 2.95.651.6, would he able to restore this nandroid and continue with jbear method?
I know jbear will need to be mostly stock if not full stock. That nand backup may work depending on if jbear requires a relock and stock recovery or not but I don't recall. Things got a little vague when they moved support off of xda to their own site and stopped supporting windows based installers.
I'm sure Ramjet73 had some FAQ's in his thread for the old windows version that would answer it though.
Either way I know Unknownforce's Tool will work for s-off.
Sent from my "Up All Night Sleep All Day" Nexus 5!
I was previously on the original HBOOT (first one) and S-Off.
I did NOT have the "TAMPERED" flag on my phone.
After upgrading to latest release I am on the latest HBOOT but now it's also flagged as "TAMPERED".
My understanding is being S-off a way to remove this should exists.
I've never done the HTC unlock as have always been S-Off.
Is it possible to get this removed on latest release without being 100% stock?
I know on some phones like the One you can modify a flag in one of the partitions.
I am on a stock rom just rooted so beyond seeing that flag it's not obvious I am rooted.
Thx
See this post
http://forum.xda-developers.com/showthread.php?p=50112366
Captain has included this mod l
Sent from my EVO using xda app-developers app
JManekia said:
See this post
http://forum.xda-developers.com/showthread.php?p=50112366
Captain has included this mod l
Sent from my EVO using xda app-developers app
Click to expand...
Click to collapse
Nope, he says:
Q8: My bootloader says "TAMPERED" after flashing the firmware. How to fix?
A: Just ignore it. It's no big deal.
Someone did a mod to remove the developer text but that's it. My understanding is the flag doesn't reside in the HBOOT directly but in some other area of the phone?
Run a RUU. It will remove the *TAMPERED* status. Your phone will remain unlocked, and it be displayed as such.
If you don't have easy access to a PC, one of the easiest solutions is to download the VipeRUU zip to your phone, extract the rom.zip to your ext SD, rename it to PJ75IMG.zip, and flash it through the bootloader. The next time that you reboot into the bootloader after the process is completed, then TAMPERED should be gone.
I'm just speculating, but maybe you removed the tampered status before by using the Regaw Bootloader Customizer, which only edits the bootloader info, and doesn't actually change anything for the phone itself. It's only a cosmetic change.
aarsyl said:
Run a RUU. It will remove the *TAMPERED* status. Your phone will remain unlocked, and it be displayed as such.
If you don't have easy access to a PC, one of the easiest solutions is to download the VipeRUU zip to your phone, extract the rom.zip to your ext SD, rename it to PJ75IMG.zip, and flash it through the bootloader. The next time that you reboot into the bootloader after the process is completed, then TAMPERED should be gone.
I'm just speculating, but maybe you removed the tampered status before by using the Regaw Bootloader Customizer, which only edits the bootloader info, and doesn't actually change anything for the phone itself. It's only a cosmetic change.
Click to expand...
Click to collapse
That's what I did - noticed after the 4.3 RUU that it went from "Unlocked/Tampered" to just "Unlocked." I kinda want to also modify the "Unlocked" text as I did before with Regaw's tool, I'll have to look into whether it will work.
SilverZero said:
That's what I did - noticed after the 4.3 RUU that it went from "Unlocked/Tampered" to just "Unlocked." I kinda want to also modify the "Unlocked" text as I did before with Regaw's tool, I'll have to look into whether it will work.
Click to expand...
Click to collapse
There's a reason why I didn't suggest using that tool. You kinda need to MAKE SURE that you know your bootloader status. If you activate S-On twice in a row, that baby's definitely gonna brick. I rather know what my bootloader is supposed to say, because I'm really the only person looking at it. What difference will it really make?
aarsyl said:
There's a reason why I didn't suggest using that tool. You kinda need to MAKE SURE that you know your bootloader status. If you activate S-On twice in a row, that baby's definitely gonna brick. I rather know what my bootloader is supposed to say, because I'm really the only person looking at it. What difference will it really make?
Click to expand...
Click to collapse
Well that's why I said I'd have to look into it. I assumed it wouldn't work with the new HBOOT, and I guess I don't care one way or the other. But for anybody else reading this, don't try it.
On the other hand, I climb mountains because they're there. If I want it to say "Hacked" instead of "Unlocked" and I can do it without screwing things up, I might do it just to screw with the guy who buys it from me down the road.
bryanu said:
I was previously on the original HBOOT (first one) and S-Off.
I did NOT have the "TAMPERED" flag on my phone.
After upgrading to latest release I am on the latest HBOOT but now it's also flagged as "TAMPERED".
My understanding is being S-off a way to remove this should exists.
I've never done the HTC unlock as have always been S-Off.
Is it possible to get this removed on latest release without being 100% stock?
I know on some phones like the One you can modify a flag in one of the partitions.
I am on a stock rom just rooted so beyond seeing that flag it's not obvious I am rooted.
Thx
Click to expand...
Click to collapse
comment withdrawn after further investigation.
redm1st said:
Originally for Hboot 2.09 but should work for Hboot 2.10. (don't quote me on that though)
Click to expand...
Click to collapse
Please don't anyone on the 2.10 HBOOT flash this! Please remove this attachment.
EDIT: This post is what I mean. You have to understand what the Bootloader Customizer actually does (which is explained in the thread) and know that flashing this would bork all the things. This is literally a 2.09 HBOOT. The 2.10 HBOOT is what accommodates the new partition layout, so flashing this will break that and prevent the device from booting up. The issue is the signed boot.img. That's why you see the tampered flag. I assume you're not using my stock rooted? You updated directly from RUU, and then rooted it manually? The signed boot.img sees unsigned recovery img and throws up that tampered flag. It's not going to affect the working of the device, so why worry about it? You can flash the boot image from my stock rooted if you want it to go away.
Captain_Throwback said:
Please don't anyone on the 2.10 HBOOT flash this! Please remove this attachment.
EDIT: This post is what I mean. You have to understand what the Bootloader Customizer actually does (which is explained in the thread) and know that flashing this would bork all the things. This is literally a 2.09 HBOOT. The 2.10 HBOOT is what accommodates the new partition layout, so flashing this will break that and prevent the device from booting up. The issue is the signed boot.img. That's why you see the tampered flag. I assume you're not using my stock rooted? You updated directly from RUU, and then rooted it manually? The signed boot.img sees unsigned recovery img and throws up that tampered flag. It's not going to affect the working of the device, so why worry about it? You can flash the boot image from my stock rooted if you want it to go away.
Click to expand...
Click to collapse
I flashed everything from your post.
I just want the word Tampered gone, don't care if it's done officially or just visually through some other mod.
I currently am S-Off, Locked and says Tampered.
bryanu said:
I flashed everything from your post.
I just want the word Tampered gone, don't care if it's done officially or just visually through some other mod.
I currently am S-Off, Locked and says Tampered.
Click to expand...
Click to collapse
Do a nandroid and then unlock your bootloader.
Captain_Throwback said:
Do a nandroid and then unlock your bootloader.
Click to expand...
Click to collapse
So I have "Tampered" because I am not unlocked?
Take this from a guy who has had 6 replacement phones and 4 of them hard bricked. QualcomDownload Mode. Lol.
Anyways I wanted to get rid of the tampered flag so I did what shouldnt be done and used the One's tool with aroma and only chose to remove rltampered flag.
It worked.
Note that that was my other phone before I hard bricked it but that was because I messed up my EFS folder.
Im not saying that anyone should use it. Do at your own risk I sure did and I just used it on my replacement evo after doing soff.
Sent from my EVO using Tapatalk
chemjb said:
Take this from a guy who has had 6 replacement phones and 4 of them hard bricked. QualcomDownload Mode. Lol.
Anyways I wanted to get rid of the tampered flag so I did what shouldnt be done and used the One's tool with aroma and only chose to remove rltampered flag.
It worked.
Note that that was my other phone before I hard bricked it but that was because I messed up my EFS folder.
Im not saying that anyone should use it. Do at your own risk I sure did and I just used it on my replacement evo after doing soff.
Sent from my EVO using Tapatalk
Click to expand...
Click to collapse
I had already given up and just installed terminal emulator on my phone and ran the following as su:
echo -ne '\x00' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988
that got rid of it properly without requiring any flashing, fake boot loader modifications etc.
@bryanu: just for my own education, what does that actually do when you type that in terminal. Meaning, I know you said it removes the "tamper" word, but how does it do it. If it is to lengthy to answer, no problem. Just wondering... Thanks!
Sent from my EVO using Tapatalk 2
puhiniho said:
@bryanu: just for my own education, what does that actually do when you type that in terminal. Meaning, I know you said it removes the "tamper" word, but how does it do it. If it is to lengthy to answer, no problem. Just wondering... Thanks!
Sent from my EVO using Tapatalk 2
Click to expand...
Click to collapse
It resets the flag that controls that showing or not essentially.
bryanu said:
I had already given up and just installed terminal emulator on my phone and ran the following as su:
echo -ne '\x00' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988
that got rid of it properly without requiring any flashing, fake boot loader modifications etc.
Click to expand...
Click to collapse
Worked like a charm ,
Thanks