Root TUTORIAL: How To Customize/Modify/Hack HBoot.img

[ModdingMyMind]

This build is for
development purposes only
Do not distribute outside of HTC
without HTC's written permission.
Failure to comply may
lead to legal action.​

Ok friends, as we all know, it is very possible to modify the HBoot and this isn't the first time it has been done before. old.splatterhand has loaded and shared such HBoots for the K2_UL and K2_U variants. @russellvone has as well loaded and shared such HBoot for the K2_CL variant and currently has made one for Cricket users too.

What this tutorial will do for this community is explain how it is done so that we all as a family can learn and grow together. I am a hands on type of guy and one of my pep peeves is being left in the dark so I am taking the time to explain some things. So let's get started.

Requirements for this TUTORIAL:
- A good hex editor is needed so click and download HxD
- I also use IDA (but that is me and for other purposes mainly - so stick with HxD)
- HBoot.img - I won't be supplying this so, sorry everyone. You will need to grab it elswhere :good:

Please keep in mind that if you install a custom HBoot and your device receives an OTA you may be required to flash back the stock HBoot just like you would with your stock recovery.

STEPS
Go ahead and open up HxD. Drag & drop the HBoot image file into the HxD Window.
Note - no matter if its a raw, dd, dumped, piece, or an .img or an .nb0 file - the edit will take place all the same.

I will be using HBoot 2.21 from the original 4.2.2 OTA during this tutorial. Now go ahead and hit CTRL+F or go to the Search tab then click Find. Search for "This build is" - without quotations...

You will then see this in HxD:

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

0013C7F0  4F 2D 00 00 4F 70 65 6E 44 53 50 2D 00 00 00 00  O-..OpenDSP-....
0013C800  20 28 00 00 65 4D 4D 43 2D 62 6F 6F 74 00 00 00   (..eMMC-boot...
0013C810  25 73 20 25 64 4D 42 00 4F 63 74 20 32 38 20 32  %s %dMB.Oct 28 2
0013C820  30 31 33 2C 32 32 3A 30 39 3A 31 36 2E 25 64 00  013,22:09:16.%d.
0013C830  4F 63 74 20 32 38 20 32 30 31 33 2C 32 32 3A 30  Oct 28 2013,22:0
0013C840  39 3A 31 36 00 00 00 00 45 6E 74 65 72 69 6E 67  9:16....Entering
0013C850  20 52 65 63 6F 76 65 72 79 2E 2E 2E 00 00 00 00   Recovery.......
0013C860  45 6E 74 65 72 69 6E 67 20 4D 46 47 20 4B 65 72  Entering MFG Ker
0013C870  6E 65 6C 2E 2E 2E 00 00 45 6E 74 65 72 69 6E 67  nel.....Entering
0013C880  20 4D 44 4D 20 52 61 6D 64 75 6D 70 20 6D 6F 64   MDM Ramdump mod
0013C890  65 2E 2E 2E 00 00 00 00 [COLOR="red"]54 68 69 73 20 62 75 69[/COLOR]  e.......[COLOR="red"]This bui
0013C8A0  6C 64 20 69 73 20 66 6F 72 [COLOR="black"]00 00 00[/COLOR] 64 65 76 65  ld is for[COLOR="black"]...[/COLOR]deve
0013C8B0  6C 6F 70 6D 65 6E 74 20 70 75 72 70 6F 73 65 73  lopment purposes
0013C8C0  20 6F 6E 6C 79 [COLOR="black"]00 00 00[/COLOR] 44 6F 20 6E 6F 74 20 64   only[COLOR="black"].[/COLOR][COLOR="black"]..[/COLOR]Do not d
0013C8D0  69 73 74 72 69 62 75 74 65 20 6F 75 74 73 69 64  istribute outsid
0013C8E0  65 20 6F 66 20 48 54 43 [COLOR="black"]00 00 00 00[/COLOR] 77 69 74 68  e of HTC[COLOR="black"]....[/COLOR]with
0013C8F0  6F 75 74 20 48 54 43 27 73 20 77 72 69 74 74 65  out HTC's writte
0013C900  6E 20 70 65 72 6D 69 73 73 69 6F 6E 2E [COLOR="black"]00 00 00[/COLOR]  n permission.[COLOR="black"]...[/COLOR]
0013C910  46 61 69 6C 75 72 65 20 74 6F 20 63 6F 6D 70 6C  Failure to compl
0013C920  79 20 6D 61 79 [COLOR="black"]00 00 00[/COLOR] 6C 65 61 64 20 74 6F 20  y may[COLOR="black"]...[/COLOR]lead to 
0013C930  6C 65 67 61 6C 20 61 63 74 69 6F 6E 2E [COLOR="black"]00 00 00[/COLOR]  legal action.[/COLOR]...
0013C940  5B 44 49 53 50 4C 41 59 5F 45 52 52 5D 20 61 6C  [DISPLAY_ERR] al
0013C950  6C 6F 63 61 74 65 20 68 65 61 70 20 66 6F 72 20  locate heap for 
0013C960  73 70 6C 61 73 68 20 69 6D 61 67 65 20 66 61 69  splash image fai

Please take note of what is written in red. This is that little pesky warning label that pops up when running a custom kernel and/or custom recovery.

I look forward to this part as I will be showing how to remove it - and any of you can too (manually of course).

Now, in this particular HBoot (2.21) you find that the text begins at Offset 0013C890

0013C890  65 2E 2E 2E 00 00 00 00 [COLOR="red"]54 68 69 73 20 62 75 69[/COLOR]  e.......[COLOR="red"]This bui[/COLOR]

The beginning of the warning from HTC starts with the letter T from the word This. Remember how I said to take notice of the highlighted red? If you look at number 54 you notice it is the beginning of this warning. Don't worry, HxD will show you where it begins. Just use the mouse to click where that letter or symbol is and it will show a dotted line box around that number as being the reference point from there forward (or backwards lol).

To edit and remove this warning label is very simple. You will be hex editing this image file needless to say - if you haven't realized it yet. YOU WILL NOT BE MAKING ANY CHANGES ON THE RIGHT OF HxD!!!!

We will be replacing ALL of the letters with text by spacing it. To do so we must first find out what number represents a 'space'. This is simple, as you only need to hover your mouse over a space in between two letters in which it will highlight its number with a dotted line box. In this case a space would be the number 20. So what we are going to do is remove every text of that warning label with a space by implementing the number 20 in the proper places to each of the given text letter.

PLEASE NOTE!! ---- It is HIGHLY recommended that you DO NOT replace each text letter in the left panel with the number 00.
- The reason for this is because 00 stands for blank which in the Hex world is not consider a 'text'. Where as a space is considered a text and since we are replacing text it would be best to do so with other text so the HBoot will still see text even though the warning label will no longer show up anymore. It just would seem to be of best interests and just overall safer.

This is what you will see after you replace all the text letters with the number 20:

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

0013C7F0  4F 2D 00 00 4F 70 65 6E 44 53 50 2D 00 00 00 00  O-..OpenDSP-....
0013C800  20 28 00 00 65 4D 4D 43 2D 62 6F 6F 74 00 00 00   (..eMMC-boot...
0013C810  25 73 20 25 64 4D 42 00 4F 63 74 20 32 38 20 32  %s %dMB.Oct 28 2
0013C820  30 31 33 2C 32 32 3A 30 39 3A 31 36 2E 25 64 00  013,22:09:16.%d.
0013C830  4F 63 74 20 32 38 20 32 30 31 33 2C 32 32 3A 30  Oct 28 2013,22:0
0013C840  39 3A 31 36 00 00 00 00 45 6E 74 65 72 69 6E 67  9:16....Entering
0013C850  20 52 65 63 6F 76 65 72 79 2E 2E 2E 00 00 00 00   Recovery.......
0013C860  45 6E 74 65 72 69 6E 67 20 4D 46 47 20 4B 65 72  Entering MFG Ker
0013C870  6E 65 6C 2E 2E 2E 00 00 45 6E 74 65 72 69 6E 67  nel.....Entering
0013C880  20 4D 44 4D 20 52 61 6D 64 75 6D 70 20 6D 6F 64   MDM Ramdump mod
[COLOR="red"]0013C890  [COLOR="black"]65 2E 2E 2E 00 00 00 00[/COLOR] 20 20 20 20 20 20 20 20  [COLOR="black"]e.......[/COLOR]        
0013C8A0  20 20 20 20 20 20 20 20 20 [COLOR="black"]00 00 00[/COLOR] 20 20 20 20           [COLOR="black"]...[/COLOR]    
0013C8B0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C8C0  20 20 20 20 20 [COLOR="black"]00 00 00[/COLOR] 20 20 20 20 20 20 20 20       [COLOR="black"]...[/COLOR]        
0013C8D0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C8E0  20 20 20 20 20 20 20 20 [COLOR="black"]00 00 00 00[/COLOR] 20 20 20 20          [COLOR="black"]....[/COLOR]    
0013C8F0  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C900  20 20 20 20 20 20 20 20 20 20 20 20 20 [COLOR="black"]00 00 00[/COLOR]               [COLOR="black"]...[/COLOR]
0013C910  20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20                  
0013C920  20 20 20 20 20 [COLOR="black"]00 00 00[/COLOR] 20 20 20 20 20 20 20 20       [COLOR="black"]...[/COLOR]        
0013C930  20 20 20 20 20 20 20 20 20 20 20 20 20 [COLOR="black"]00 00 00[/COLOR]               [COLOR="black"]...[/COLOR][/COLOR]
0013C940  5B 44 49 53 50 4C 41 59 5F 45 52 52 5D 20 61 6C  [DISPLAY_ERR] al
0013C950  6C 6F 63 61 74 65 20 68 65 61 70 20 66 6F 72 20  locate heap for 
0013C960  73 70 6C 61 73 68 20 69 6D 61 67 65 20 66 61 69  splash image fai

Once you have completed the task of overwriting the bytes then go ahead and save your work. Now comes the MOST IMPORTANT PART EVER!!!

- Compare both the original and modified HBoot.img file and MAKE SURE that the modified image is reading the exact same bytes in size as the original!
- If the modified file is just ONE byte to large or to small when compared to the original file then you better delete that file and try the whole process over again!! DO NOT FLASH THAT MODIFIED FILE IF THE BYTES SIZE IS NOT THE SAME AS THE ORIGINAL FILE OR YOU WILL BRICK YOUR DEVICE!.
- If both files are the exact same sizes then you are clear to flash the new modified HBoot image which will remove that pesky red text. There is much more that can be done with the HBoot, but for starters this tutorial will suffice for now.

If this tutorial was helpful to you then please click on thanks :good:

---- Happy Hunting!!.

 

[Sim-X]

This is an excellent tutorial!