this thread is for m9 it will NOT work on m7,m8,or any older devices(or anything other than HTC)
again,dont do this on anything other than m9. any posts stating "i bricked my whatever" will be directed back here,to this first bit of information.
this thread is to help you restore your software status: modified back to software status: original without having to run an RUU. those who have had m7,and m8 are familiar the the tampered flag wich is set when s-on by unlocking the bootloader and installing a custom recovery,kernel,or rom. this thread is the same. it is not a false or hex edited aboot,it is changing the flag that aboot checks to see if your device has been "tampered" with.
unfortunately,HTC has snuck in some evil write protections even on s off devices. as such,it is no longer possible to issue a simple adb command to re-write the flag.
at this time,this thread is for more advanced users. i will try and refine it to be more user friendly,but for now want to get the info out here.
credits
-beaups for schooling me on echo comand protocol,and pointing out that we can still fastboot flash partitions to make permanent changes.
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
- [MENTION=1335001]Mutasek24[/MENTION] for fearlessly testing all commands
the usual disclaimers:
-i have tested this on my device,but use this info at your own risk. if it melts your phone into an aluminum gooey mess,crashes your pc,or causes any other issues,its not my fault.
then the most important disclaimer:
*be very careful when editing. accidentally adding or deleting something could change all offests,and leave your device unrecoverably bricked. do NOT use someone elses modified file. p8 is device specific
in other words,if this scares you,and an RUU is available for your device,run the RUU instead.
prerequisites:
-you must be S-OFF
-you must have superuser installed
-you must have adb and fastboot,and working drivers(if required) installed on your machine
this will require the use of a hex editor. for windows,i use HxD
1)copy p8
-open a command window and change to your adb/fastboot directory
-enter the following:
adb shell
su (if needed to get a # prompt)
dd if=/dev/block/mmcblk0p8 of=/sdcard/mmcblk0p8
exit
exit (if needed to get back to a regular prompt)
adb pull /sdcard/mmcblk0p8
youll now find a copy of p8 in your adb/fastboot folder. transfer it to a safe location (alternately,you could open your internal storage on the pc and drag the file to a different folder)
2)modify p8
-fire up your hex editor and open the mmcblk0p8 file
-scroll down to 00408400. what youll see if this:
the numbers 68 25 32 C6 are a constant.dont mess with them! the fifth digit(location 00408404) is your tampered flag. on m9,its commonly a 10,but ive also seen 08 and it really could be anything. we need to change it to a 00.
carefully click in front of then 10,and type a 0. this should overwrite the 1 and change to 00(if you have a "0-other number" youll need to enter 0 twice)
again, be very careful not to add or delete any digits!!!
what you should now see is this:
once your confident its right,save the file as mmcblk0p8mod.img ( adding the file extension is important) to your adb/fastboot directory
3)install your untampered file
in the cmd window,enter:
adb reboot bootloader (this should take you to the white bootloader screen NOT download mode)
fastboot flash pg2fs mmcblk0p8mod.img
fastboot reboot-bootloader
you should now see software status: original
your cmd window should look like this:
other useful threads:
lock/unlock bootloader: http://androidforums.com/threads/ho...tloader-without-htcdev-s-off-required.916138/
change mid: fastbooot oem writemid xxxxxxxxx
again,dont do this on anything other than m9. any posts stating "i bricked my whatever" will be directed back here,to this first bit of information.
this thread is to help you restore your software status: modified back to software status: original without having to run an RUU. those who have had m7,and m8 are familiar the the tampered flag wich is set when s-on by unlocking the bootloader and installing a custom recovery,kernel,or rom. this thread is the same. it is not a false or hex edited aboot,it is changing the flag that aboot checks to see if your device has been "tampered" with.
unfortunately,HTC has snuck in some evil write protections even on s off devices. as such,it is no longer possible to issue a simple adb command to re-write the flag.
at this time,this thread is for more advanced users. i will try and refine it to be more user friendly,but for now want to get the info out here.
credits
-beaups for schooling me on echo comand protocol,and pointing out that we can still fastboot flash partitions to make permanent changes.
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
- [MENTION=1335001]Mutasek24[/MENTION] for fearlessly testing all commands
the usual disclaimers:
-i have tested this on my device,but use this info at your own risk. if it melts your phone into an aluminum gooey mess,crashes your pc,or causes any other issues,its not my fault.
then the most important disclaimer:
*be very careful when editing. accidentally adding or deleting something could change all offests,and leave your device unrecoverably bricked. do NOT use someone elses modified file. p8 is device specific
in other words,if this scares you,and an RUU is available for your device,run the RUU instead.
prerequisites:
-you must be S-OFF
-you must have superuser installed
-you must have adb and fastboot,and working drivers(if required) installed on your machine
this will require the use of a hex editor. for windows,i use HxD
1)copy p8
-open a command window and change to your adb/fastboot directory
-enter the following:
adb shell
su (if needed to get a # prompt)
dd if=/dev/block/mmcblk0p8 of=/sdcard/mmcblk0p8
exit
exit (if needed to get back to a regular prompt)
adb pull /sdcard/mmcblk0p8
youll now find a copy of p8 in your adb/fastboot folder. transfer it to a safe location (alternately,you could open your internal storage on the pc and drag the file to a different folder)
2)modify p8
-fire up your hex editor and open the mmcblk0p8 file
-scroll down to 00408400. what youll see if this:
the numbers 68 25 32 C6 are a constant.dont mess with them! the fifth digit(location 00408404) is your tampered flag. on m9,its commonly a 10,but ive also seen 08 and it really could be anything. we need to change it to a 00.
carefully click in front of then 10,and type a 0. this should overwrite the 1 and change to 00(if you have a "0-other number" youll need to enter 0 twice)
again, be very careful not to add or delete any digits!!!
what you should now see is this:
once your confident its right,save the file as mmcblk0p8mod.img ( adding the file extension is important) to your adb/fastboot directory
3)install your untampered file
in the cmd window,enter:
adb reboot bootloader (this should take you to the white bootloader screen NOT download mode)
fastboot flash pg2fs mmcblk0p8mod.img
fastboot reboot-bootloader
you should now see software status: original
your cmd window should look like this:
other useful threads:
lock/unlock bootloader: http://androidforums.com/threads/ho...tloader-without-htcdev-s-off-required.916138/
change mid: fastbooot oem writemid xxxxxxxxx
Last edited:
