1. Check out our companion app, Forums for Android! Download from Google Play

Root [CDMA] [How To] Change your lock status flag

Discussion in 'Android Devices' started by scotty85, Dec 14, 2012.

  1. scotty85

    scotty85 Well-Known Member
    Thread Starter

    Jul 25, 2010
    with the rezound,some folks unknowingly re-unlocked after s off to regain use of fastbooot commands,after running ruus that replaced the patched jpbear hboot. i thot i would bring this here,in case there ever becomes a need.

    i happened across this thread inthe gsm evo 3d forum: http://forum.xda-developers.com/showthread.php?t=1970252 and found it to work on the rezound,inc 4g,sensation 4g,cdma evo 3d,and prolly several others.

    this does NOT mean you can unlock your bootloader without going thru htcdev. all this means,is that if you accidentally unlocked your bootloader after s-off,you can get rid of the relocked watermark and get back to 100% locked prior to s-on for warranty purposes,without having to s-on and re-s off.

    ive always been unlocked. for S&Gs,i dumped mmcblk0p3 and found the described "HTCU" at 0x8404. changed it to 0x00000000 and voila! back to locked :cool:

    afterward,relfashed my origianl mmcblk0p3,wich brought me back to unlocked with no getting or flashing tokens.

    this is NOT a patched or hex edited hboot.again,this is ONLY to get back your original ***locked*** status.

    *this is for s-off phones only

    2 ways to do it:

    1)old school
    this assumes you to have drivers,adb/fastboot,a hex editor,a fair understanding about what youre doing,and the ability to follow directions on the linked thread

    Code (Text):
    1. Microsoft Windows [Version 6.1.7601]
    2. Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    4. C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]
    6. c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
    7. * daemon not running. starting it now *
    8. * daemon started successfully *
    9. List of devices attached
    10. HTxxxxxxxxxx    device
    13. c:\mini-adb_vigor>[COLOR="Red"]adb shell[/COLOR]
    14. shell@android:/ $ [COLOR="red"]su[/COLOR]
    15. su
    16. shell@android:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
    17. dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
    18. 64734+0 records in
    19. 64734+0 records out
    20. 33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
    21. shell@android:/ # [COLOR="red"]exit[/COLOR]
    22. exit
    23. shell@android:/ $ [COLOR="red"]exit[/COLOR]
    24. exit
    26. c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
    27. 2292 KB/s (33143808 bytes in 14.116s)
    29. [COLOR="Blue"]*modify mmcblk0p3 with a hex editor[/COLOR]
    31. c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
    32. 2478 KB/s (33143808 bytes in 13.059s)
    34. c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
    35. shell@android:/ $ [COLOR="red"]su[/COLOR]
    36. su
    37. shell@android:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
    38. dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
    39. 64734+0 records in
    40. 64734+0 records out
    41. 33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
    42. shell@android:/ #[COLOR="red"] exit[/COLOR]
    43. exit
    44. shell@android:/ $ [COLOR="red"]exit[/COLOR]
    45. exit
    47. c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]
    49. c:\mini-adb_vigor>
    2)noob friendly
    -download the appropriate zips,place on sd card.
    -boot to recoverywipe cache/dalvik
    -flash in recovery. i recomend to run query first,to make sure its working. tested on my personal rezound,inc 4g,sensation,and gsm evo 3d.

    query_bootloader.zip f335f78f9f46469c823da0c671026de5

    unlock_bootloader.zip f335f78f9f46469c823da0c671026de5

    lock_bootloader.zip f335f78f9f46469c823da0c671026de5

    a little bit of explanation. yes,the md5s are all the same. its the same file,just named differently. the script behaves based on the name of the zip. i knew if i only included 1 download and instructed folks to change the name there would be confusion,so this is my attempt to keep it simple. feel free to download one file and just change the name to make the other zips.

    it also works to make your phone relocked if for some reason you want it that way(rename relock_bootloader.zip). i didnt include a zip for that because i figued there would be no demand.



    sure,i could have easily faked the above photos,but i dint. ;)

    more pics here: http://androidforums.com/cdma-evo-3...-experience-unlocked-hboot-2.html#post5441428

    again,all credit goes to s trace on the above thread,be sure to click the thanks button on his post. all i did was remove the device check per his instruction. DO NOT flash on other devices without checking for the proper location of the lock flag first.

    DISCLAIMER:this is not my work. i have tested it on my own device,but use it at your own risk. if it melts your phone into a lil pile of goo,its not my fault.

    enjoy :)

    special thanks
    -brian for unlocking his bootloader,then dumping mmcblock0p3 to make sure it would work for cdma phones too,and for bootloader pics :cool:
    -brian and donb for fearless testing of the zip files :D


  2. scotty85

    scotty85 Well-Known Member
    Thread Starter

    Jul 25, 2010
    mine. just in case ;)
  3. DonB

    DonB ♡ Spidey Sense !! ♡ ™

    Nov 30, 2009
    18th Hole Of the Golf Course
    Let me be the first to say this works perfect, great job Scotty. ;)

    I deleted the first response so you can have the second post as yours.

    Now you need to make a script that will change the name on the Hboot to locked or unlocked when of a custom Rom, instead of mine saying revolutionary ;)
    scotty85 likes this.
  4. Brian706


    Jul 25, 2012
    Looks like I'll be the second to to say it then! Seriously awesome job Scotty!!

    Oh Don, if you really need a LOCKED bootloader that bad, just change to a stock hboot before flashing :p Scotty can't do everything for us! :rolleyes:;)
    scotty85 likes this.
  5. DonB

    DonB ♡ Spidey Sense !! ♡ ™

    Nov 30, 2009
    18th Hole Of the Golf Course
    I don't :p but I got a few PM's from a few members that do ;) I want a script so I can change it to whatever name I want :D

    scotty85 likes this.
  6. scotty85

    scotty85 Well-Known Member
    Thread Starter

    Jul 25, 2010
    there is a tool on one of the forums that edits the name of the banner. i cant remember wich device forums it was in,and wether it was specific to those devices.

    it is actually pretty easy to hex edit hboot to display something else other than locked,unlocked or jpbear/revolutionary.

    i wont be providing any guides for that,or trying to port that particular tool becasue i feel hboots should not be messed with. i caught alot of grief on xda for criticizing the need to even do such a thing,as it can be used for the wrong reasons.

    i completely understand the desire to completely customize every aspect of ones device. i always change splash screens,and boot animations,and customize my roms.

    however,guys were changing their hboots to display "s on" and "locked" rather than s off. while its an admitedly clever way to decieve the folks at the vzw/sprint/wherever store if a person is that paranoid about it,it can be used to fradulently make ones phone look stock for warranty purposes. this could casue untold issues for future users if these devices make it back out into circulation.

    not to mention,that if the offsets are inadvertantly changed during the hex edit or tool edit,bootloader will cease to function,leaving you with a very expensive paperweight. :eek:

    one reason i am excited about the lock flag status being changeable now,is that folks no longer have to risk an hboot flash. all they need to do is flash the unlock zip if they need an unlock,and then flash the lock zip if they need to lock for warranty. the lock status doesnt change with ruus,etc.,so once youre unlocked,youll stay that way until you do not want to be. :)

    sorry if that sounds a lil preachy,its just that im a pretty firm believer the bootloader and radios are pieces that most users should only mess with when needed,and then very cautiously. :)
    logitech, Brian706 and DonB like this.

Share This Page