1. Check out our companion app, Forums for Android! Download from Google Play

Root [International] [how to] reset your lock status flag

Discussion in 'Android Devices' started by scotty85, Jun 20, 2013.

  1. scotty85

    scotty85 Well-Known Member
    Thread Starter

    Jul 25, 2010
    first and formost special thanks CastleBravo,without whos testing and help in this thread,for DNA. he asked all the right questions,and gave others all the right answers while i was at work and couldnt respond. also to treadwayj,who dumped mmcblk0p3 from his still locked phone for comparison,providing valuable confirmation.

    with m7,this is just one way to skin the cat. you can also use the revone tool to change back to *locked*

    use clockwork recovery it did not work for me using twrp. agaion, if you want to flash these zips,do now use twrp.

    i happened across this thread inthe gsm evo 3d forum: http://forum.xda-developers.com/showthread.php?t=1970252 and found it to work on the rezound,inc 4g,sensation 4g,cdma evo 3d,MT4GS,Amaze 4g,one s,droid DNA,m7,and prolly several others.

    this does NOT mean you can unlock your bootloader without going thru htcdev. all this means,is that if your bootloader is unlocked after s-off,you can get rid of the relocked watermark and get back to 100% locked prior to s-on for legitimate warranty purposes.

    ive always been unlocked. for S&Gs,i dumped mmcblk0p3 and found the described "HTCU" at 0x8404. changed it to 0x00000000 and voila! back to locked :cool:

    afterward,relfashed my origianl mmcblk0p3,wich brought me back to unlocked with no getting or flashing tokens.

    this is NOT a patched or hex edited hboot.again,this is ONLY to get back your original ***locked*** status.

    *this is for s-off phones only

    2 ways to do it:

    1)old school
    this assumes you to have drivers,adb/fastboot,a hex editor,a fair understanding about what youre doing,and the ability to follow directions on the linked thread

    Code (Text):
    1. Microsoft Windows [Version 6.1.7601]
    2. Copyright (c) 2009 Microsoft Corporation.  All rights reserved.
    4. C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]
    6. c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
    7. * daemon not running. starting it now *
    8. * daemon started successfully *
    9. List of devices attached
    10. HTxxxxxxxxxx    device
    13. c:\mini-adb_vigor>[COLOR="Red"]adb shell[/COLOR]
    14. shell@android:/ $ [COLOR="red"]su[/COLOR]
    15. su
    16. shell@android:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
    17. dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
    18. 64734+0 records in
    19. 64734+0 records out
    20. 33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
    21. shell@android:/ # [COLOR="red"]exit[/COLOR]
    22. exit
    23. shell@android:/ $ [COLOR="red"]exit[/COLOR]
    24. exit
    26. c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
    27. 2292 KB/s (33143808 bytes in 14.116s)
    29. [COLOR="Blue"]*modify mmcblk0p3 with a hex editor[/COLOR]
    31. c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
    32. 2478 KB/s (33143808 bytes in 13.059s)
    34. c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
    35. shell@android:/ $ [COLOR="red"]su[/COLOR]
    36. su
    37. shell@android:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
    38. dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
    39. 64734+0 records in
    40. 64734+0 records out
    41. 33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
    42. shell@android:/ #[COLOR="red"] exit[/COLOR]
    43. exit
    44. shell@android:/ $ [COLOR="red"]exit[/COLOR]
    45. exit
    47. c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]
    49. c:\mini-adb_vigor>
    2)noob friendly
    -download the appropriate zips,place on sd card.
    -boot to recoverywipe cache/dalvik
    -flash in recovery. i recomend to run query first,to make sure its working. tested on my personal m7_u,and m7_ul, one s,amaze,jetstream,rezound,inc) 4g,sensation,MT4GS,and gsm evo 3d. tested by castlebravo on DNA.

    query_bootloader.zip f335f78f9f46469c823da0c671026de5

    unlock_bootloader.zip f335f78f9f46469c823da0c671026de5

    lock_bootloader.zip f335f78f9f46469c823da0c671026de5

    a little bit of explanation. yes,the md5s are all the same. its the same file,just named differently. the script behaves based on the name of the zip. i knew if i only included 1 download and instructed folks to change the name there would be confusion,so this is my attempt to keep it simple. feel free to download one file and just change the name to make the other zips.

    it also works to make your phone relocked if for some reason you want it that way(rename relock_bootloader.zip). i didnt include a zip for that because i figued there would be no demand.



    sure,i could have easily faked the above photos,but i dint. ;)

    again,all credit goes to s trace on the above thread,be sure to click the thanks button on his post. all i did was remove the device check per his instruction. DO NOT flash on other devices without checking for the proper location of the lock flag first.

    DISCLAIMER:this is not my work. i have tested it on my own device,but use it at your own risk. if it melts your phone into a lil pile of goo,its not my fault.

    enjoy :)

    special thanks
    -BC for originally dumping mmcblk0p3 for me to know this was worth exploring for dna
    -CastleBravo for testing and suport on the original test thread,as well as the pics you see there
    -treadwayj for dumping mmcblk0p3 from his still locked phone.
    -brian for unlocking his bootloader,then dumping mmcblock0p3 to make sure it would work for cdma evo3d phones too :cool:
    -brian and donb for fearless testing of the zip files on evo3d cdma :D


    Rush, WA_Bob and El Presidente like this.
  2. AngelArs

    AngelArs Well-Known Member

    Apr 24, 2011
    vB code analysis, Android / iOS Developer, CEO My
    This is probably the best news that I've read in quite a while. THANK YOU for posting! Being able to set the flag back to locked means that there is really no reason to buy the Developers Edition anymore. Life is good :D
    scotty85 likes this.
  3. scotty85

    scotty85 Well-Known Member
    Thread Starter

    Jul 25, 2010
    awsome sauce! :smokingsomb: glad it was helpful :)
  4. explorer2612

    explorer2612 New Member

    Dec 30, 2013
    Can anyone please advise how to make this method work on htc one x+ ?
    I tried it, it says, successful, but nothing happened. After booting to bootloader, still it says "relocked".
    Any ideas how to do it?
    Thank you in advance.
  5. scotty85

    scotty85 Well-Known Member
    Thread Starter

    Jul 25, 2010
    It will not work. Even if you are lucky enuff to have an s-off one x+,tegra 3 partition layouts are completly different. Who knows what damage you have done to your file system by running this command.

    the tegra 3 x and x+ are not similar at all to the qualcomm powered one xl. DO NOT ATTEMT ANY ONE XL MODS ON YOUR TEGRA 3 X OR X+!
    Brian706 likes this.

Share This Page