Database Users

4g stuck on scanning

So last night I installed the latest radio version and everything was running fine, that is until I did a cache and dalvik wipe this evening. Now my 4g stays in scanning even though I connected to it earlier. I tried reflashing the wimax radio but that didn't help any, suggestions?
My thoughts are I either fubared my wimax or it's down in my area, as I'm just in a test area. I'm really hoping it's not the former.

This is happening a lot and often. Happens to users who root and users who do not root - its an HTC bug. Try downgrading then upgrading again.

Should I downgrade just my radio, or my pri and nv too?

werxen said:
This is happening a lot and often. Happens to users who root and users who do not root - its an HTC bug. Try downgrading then upgrading again.
Click to expand...
Click to collapse
uhm no. the only reason it happens to root users is they corrupt their hwid or manage to delete their rsa keys.
@OP
Run:
adb shell
$ su
# grep RSA /dev/mtd/mtd0
If you see
----RSA PRIVATE KEY BEGIN------
----RSA PRIVATE KEY END -----
at the end than your rsa keys are intact, if you don't then you'll never see 4g on that phone again, unless you get it refurbished by htc themselves.

Thanks last chance, just curious could a simple cache and dalvik wipe delete my rsa keys?

so i did the adb command and got grep RSA /dev/mtd/mtd0
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA
ReRSA
RSA requests
RSA replies
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
so my RSA keys are ok and my 4g should still work then?

yes it should. unless you messed with your hwid, in which case you can apparantly delete the xml file if its the wrong hwid and it will reset it to the right one, getting your 4g back.
here is a thread you can look at for the info:
http://forum.xda-developers.com/showthread.php?t=773547

Its also maybe the 4g signal in your area probably its weak. That happens to me when im at home it says i have 4g available but getting scanning sometimes connecting then disconnecting but I tried at my work and i get full bar, then I updated the latest radio/wimax/pri and ota 3.29, now gives me 1 bar or sometimes if i move somewhere 3 bars the most at my house no more scanning. Also my battery life improves 4hrs running still in 80% didn't install advance task kill or disable the background..
Sent from my PC36100 using XDA App

Wow... Not in front of a computer, but ran those command on Terminal Emulator and did not see the RSA start and end thing so my 4g is dead..
Strange thing was that it was working one day and it just went out while I was using the phone normally :/

th3b055 said:
Wow... Not in front of a computer, but ran those command on Terminal Emulator and did not see the RSA start and end thing so my 4g is dead..
Strange thing was that it was working one day and it just went out while I was using the phone normally :/
Click to expand...
Click to collapse
Yeah i had the same thing happen. I had rooted w/ unrevoked, installed fresh 3.0 and i forget which kernel but it had worked for 2 weeks, then suddenly stopped. Not sure if i deleted the keys when i tried 50 rom and radio reflashes, but I ended up having to exchange the phone yesterday. I'm a little hesitant to reroot for now.

scooter185 said:
So last night I installed the latest radio version and everything was running fine, that is until I did a cache and dalvik wipe this evening. Now my 4g stays in scanning even though I connected to it earlier. I tried reflashing the wimax radio but that didn't help any, suggestions?
My thoughts are I either fubared my wimax or it's down in my area, as I'm just in a test area. I'm really hoping it's not the former.
Click to expand...
Click to collapse
What method did you use and what files did you use to up date your radio
Sent from my PC36100 using XDA App

From my experience, either flashing radio/wimax updates **** up the 4g, or flashing cm6. Not sure which one it is, but my keys got deleted when doing one of those.

th3b055 said:
Wow... Not in front of a computer, but ran those command on Terminal Emulator and did not see the RSA start and end thing so my 4g is dead..
Strange thing was that it was working one day and it just went out while I was using the phone normally :/
Click to expand...
Click to collapse
Maybe Last-Chance can clarify this, but maybe you should try running those commands from a computer. When I run it from an adb shell on my computer I get:
grep RSA /dev/mtd/mtd0
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA
ReRSA
RSA requests
RSA replies
-----BEGIN RSA PRIVATE KEY----
-----END RSA PRIVATE KEY-----
Which seems to suggest that my RSA keys are fine. But when I run the command from a terminal emulator on my phone I only get
<rsa>
</rsa>
Which output should I believe here? I have no idea

darkkterror said:
Maybe Last-Chance can clarify this, but maybe you should try running those commands from a computer. When I run it from an adb shell on my computer I get:
grep RSA /dev/mtd/mtd0
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA
ReRSA
RSA requests
RSA replies
-----BEGIN RSA PRIVATE KEY----
-----END RSA PRIVATE KEY-----
Which seems to suggest that my RSA keys are fine. But when I run the command from a terminal emulator on my phone I only get
<rsa>
</rsa>
Which output should I believe here? I have no idea
Click to expand...
Click to collapse
Yeah just check on my PC and I don't have the
-----BEGIN RSA PRIVATE KEY----
-----END RSA PRIVATE KEY-----
Oh well though, getting a new phone then.. One question though, if I re-root and nandroid backup with RA Recovery v1.8.0 will it backup those keys and restore them if something goes wrong in the future?

darkkterror said:
Maybe Last-Chance can clarify this, but maybe you should try running those commands from a computer. When I run it from an adb shell on my computer I get:
grep RSA /dev/mtd/mtd0
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA
ReRSA
RSA requests
RSA replies
-----BEGIN RSA PRIVATE KEY----
-----END RSA PRIVATE KEY-----
Which seems to suggest that my RSA keys are fine. But when I run the command from a terminal emulator on my phone I only get
<rsa>
</rsa>
Which output should I believe here? I have no idea
Click to expand...
Click to collapse
I'm not even sure if checking the RSA makes a difference or not. I had a similar issue two weeks ago and when I checked my RSA in terminal emulater, I had the same result <rsa> </rsa>. My phone would detect the 4g connection, but hang there while trying to connect to the network. Two days later my 4g started working again. I was also in a test area where the 4g isn't officially released yet. It might be worthwhile to call a Sprint CSR and find out if there is a trouble ticket for one of the towers in your area.

If you look in your nandroid folder on /sdcard....look in your backups and see if you have wimax.img. if you do....try to flash that....ANY WORKING BACKUP OF WIMAX.IMG WILL HAVE *YOUR* RSA KEYS IN IT.

thankfully it appears the tower in my area is down, my buddy at work just picked up an EVO yesterday, so it's totally stock and everything. When he cam in today i Had him check his 4G, and much like mine it was just scanning.

th3b055 said:
Yeah just check on my PC and I don't have the
-----BEGIN RSA PRIVATE KEY----
-----END RSA PRIVATE KEY-----
Oh well though, getting a new phone then.. One question though, if I re-root and nandroid backup with RA Recovery v1.8.0 will it backup those keys and restore them if something goes wrong in the future?
Click to expand...
Click to collapse
If you had a nandroid back up prior to the point of your rsa keys getting deleted, it *should* get them back. It might not, but it should.
As for terminal emulator, you can't run it there, cause you need to be in debug mode or something. Hence why you need adb.

Another thing to check is your MAC address. It should be same as the one printed on the label under your battery. As for saving your keys, get RA 1.8.0 recovery. If your keys are good save that wimax.img file someplace safe. For that matter save the whole nandroid of the ROM in a safe place. Lucky for me I got my replacement the evening that Froyo got root. So I saved the whole nandroid of my rooted stock ROM in several places.
About your 4G signals. Unless you are in a listed 4G market your signal is not guaranteed. In my area at least 4G was sporadic at best at first. Now that more towers are coming online (most cases it is just adding more equipment into an existing site) I am getting a better signal, or even signal at all. It is no easy feat getting a new tower in the air. I've done a couple, and they are lots of work especially a cell tower.

Might *fix* your Wimax "scanning" problem
scooter185 said:
So last night I installed the latest radio version and everything was running fine, that is until I did a cache and dalvik wipe this evening. Now my 4g stays in scanning even though I connected to it earlier. I tried reflashing the wimax radio but that didn't help any, suggestions?
My thoughts are I either fubared my wimax or it's down in my area, as I'm just in a test area. I'm really hoping it's not the former.
Click to expand...
Click to collapse
I've had this happen to me a couple of times, although a lot less so in the last month.
All I've had to do was:
1) turn off Wimax
2) delete /data/misc/wimax/[WIMAX-MAC-ADDRESS].tree.xml
Or, if it makes you feel better, rename the file.
3) turn on Wimax
This forces the wimax subsystem to re-generate the xml file, and in the process fixes my wimax "persistent scanning" problem pretty much every single time.
I got this tip somewhere else on xda a while ago.

[Q] RSA (WiMAX) Key location?

Anyone know the default path for the WiMAX RAS keys?
Tried this method:
http://forum.xda-developers.com/showthread.php?t=887900
But with no success... Wanted to make a backup just in case.

wimax partition including the RSA key is located at :
/dev/block/mmcblk0p25
just updated my app from the EVO to support the Shift
WiMAX Key Checker

joeykrim said:
wimax partition including the RSA key is located at :
/dev/block/mmcblk0p25
just updated my app from the EVO to support the Shift
WiMAX Key Checker
Click to expand...
Click to collapse
Awesome!
Sent from my PG06100 using XDA App

thanks for this. i was tearing it apart looking for it.

Recovery error information thread (E:Cant mount /cache/recovery/command)

Hi Everyone,
I thought I'd create a thread for this issue as it seems to be happening at an alarming frequency as of late. Here are some other threads for reference:
http://forum.xda-developers.com/showthread.php?t=1038768&highlight=recovery+mount+open
http://forum.xda-developers.com/showthread.php?t=1035464&highlight=recovery+mount+open
http://forum.xda-developers.com/showthread.php?t=1034261&highlight=recovery+mount+open
http://forum.xda-developers.com/showthread.php?t=1029474&highlight=recovery+mount+open
http://forum.xda-developers.com/showthread.php?t=991206&highlight=recovery+mount+open
http://forum.cyanogenmod.com/topic/...overy++mount++open__fromsearch__1#entry172534
If you're currently experiencing this issue, I'd like to get some information about your device to look for any trends or similarities:
1) Do you have a G2 or a DZ?
2) Which ROM was last running on your device?
3) Do you have the ENG HBOOT installed?
4) Aside from using ROM Manager to flash the recovery image, did you use ROM Manager for anything else (e.g. flashing ROMS)?

To me it seems people are running into this issue alot, and its happing around when the new recovery fix charge came out as well cm7 final came this could be a factor

ilostchild said:
To me it seems people are running into this issue alot, and its happing around when the new recovery fix charge came out as well cm7 final came this could be a factor
Click to expand...
Click to collapse
Which version of cwm are you referring to?

The newest recovery that fixes the off charge issue

maybe related:
http://forum.xda-developers.com/showthread.php?t=1044042

ilostchild said:
To me it seems people are running into this issue alot, and its happing around when the new recovery fix charge came out as well cm7 final came this could be a factor
Click to expand...
Click to collapse
Doubt it. Highly.

1)G2
2)CM 7 RC4
3)No eng hboot
4) I may have used rom manager to download roms a couple times as well as flashing roms

DON_58 said:
1)G2
2)CM 7 RC4
3)No eng hboot
4) I may have used rom manager to download roms a couple times as well as flashing roms
Click to expand...
Click to collapse
which cwm?

Im running 3.0.0.5

We have been looking into this issue on IRC for the past week or so. ANYONE WHO IS HAVING THIS ISSUE NEEDS TO STOP BY THE IRC CHANNEL.
We need to get some more info, right now we only have 2 cases to go on.
irc.freenode.net
#G2ROOT

The internal partitions of the emmc on the incredible are actually visible when connecting to your computer, so a lot of really smart folks formatted these partitions in an attempt to "fix" something that wasn't broken.
this resulted in recovery being unable to mount the partition.
i remember a long time ago helping someone troubleshoot through the process, it involved loading recovery, and using parted to partition and format the different blocks. (this thread here: http://forum.cyanogenmod.com/topic/6433-solved-messed-up-partitions-on-internal-storage/ i'm -Stevo-, although the problem was slightly different the same thing stands, no ability to mount cache.
Now, it's kind of annoying, i've found EVERY person i've ever dealt with that had this issue either disappears a half hour after you begin helping them, or are not advanced enough to use ADB (IT's gonna be required in this case if the above still stands)
There's a couple courses of action that can be taken here, you can manually try and format the partition using parted, or it could be as easy as opening adb shell and
mke2fs -t -ext3 /dev/block/mmcblk0p27
mount /dev/block/mmcblk0p27 /cache
i dunno, no one ever sticks around enough to try anything.
i couldnt even get someone to give me the output of
ls /dev/block

okay so i decided to live dangerously and recreate this error on my device. I made sure the cache partition was nice and corrupted and got greeted with this wonderful message:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Now this not the same situation that ALL people are in, but in this situation i opened adb shell and typed
mke2fs /dev/block/mmcblk0p27
reboot recovery
everything back to normal.
Now this is ONLY if your cache partition alone is corrupted, not if the actual paritions are just gone. in that case you'd want to check /dev/block and see the partitions listed, if they are all there as they should be (mmcblk0p25 mmcblk0p26 and mmcblk0p27) you can try and do the same.
hope this helps anyone.
Some things to remember though:
/cache/recovery/command is usually only invoked if your device is not properly rooted (check the numerous droid, evo, desire threads on this, they all had to restore an official RUU and root again to fix)
if there's nothing to mount in /dev/block have a feeling this is related to the emmc not initializing, in which case...

amazinglarry311 said:
okay so i decided to live dangerously and recreate this error on my device. I made sure the cache partition was nice and corrupted and got greeted with this wonderful message:
Now this not the same situation that ALL people are in, but in this situation i opened adb shell and typed
mke2fs /dev/block/mmcblk0p27
reboot recovery
everything back to normal.
Now this is ONLY if your cache partition alone is corrupted, not if the actual paritions are just gone. in that case you'd want to check /dev/block and see the partitions listed, if they are all there as they should be (mmcblk0p25 mmcblk0p26 and mmcblk0p27) you can try and do the same.
hope this helps anyone.
Some things to remember though:
/cache/recovery/command is usually only invoked if your device is not properly rooted (check the numerous droid, evo, desire threads on this, they all had to restore an official RUU and root again to fix)
I have a feeling this is related to the emmc not initializing, in which case...
Click to expand...
Click to collapse
You should make your own thread. I think this will help many people. Great job bro.
Sent from my HTC Desire Z/G2 using XDA Premium App

Hi !
We have to be carefull not to mix two issues here that might look similar to the user.
In both cases the recovery will give an error that it can't mount recovery.
One is that some partitions are corrupted and this can be fixed by recreating the partition as described by amazinglarry above or by reflshing the stock rom.
The second issue is that the emmc chip fails to initialize and in this case nothing can read or write the emmc. You can check if you have this case by booting into recovery and using adb to get a shell. In the shell do a "cat /proc/kmsg | grep mmc0" (i will reformat this tomorrow).
If you see messages that indicate that the emmc did not initialize, then you are in this boat.
There is currently no cure for this, but we try to find what causes this.
have fun - Guhl
Sent from my HTC Vision using XDA App

I'm glad that this issue is being worked on -- no one should have their phone suddenly brick.
Anyways, check out these IRC logs for more context: http://irclog.netripper.com/G2ROOT/2011/4/26/ (start from the middle)

The MyTouch 4G is also having the same problem, I'll be around here looking for solutions as well as maintaining a thread on the myTouch general side.

This happened to a friend's phone. I tired everything to get it fixed (I made a thread but I don't have the link) and ended up returning it to gat another one. What I'm curious about is how do you enter the partition commands? Is recovery (it was cwm 3.0.0.5 btw) able to provide adb access? If so, I was never able to get that and yes, I know how to use adb and have the drivers.
Sent from my HTC Vision using XDA App

I had the same problem. I started a few threads about it as well and posted everything I did (search my username so I dont fill up the thread) and I never got it fixed. Ended up just getting a new phone instead because it seemed like no one really knew much about the error and how to fix it.

SAAADD!
mke2fs /dev/block/mmcblk0p27
reboot recovery
I have this problem (for the second time actually...I was able to fix it the first time by flashing a 2.x.x.x CWM in EBL and formating the cache in that but no such luck the second time I got this error)
Anyhow I tried the above command for all (25/26/27) and it did not fix my issue...I also tried
cat /proc/kmsg | grep mmc0
to test if I have that fail to intialize issue. But it says that isn't a valid command in adb.
Any help? Also I read flashing PMG15.IMG in EBL fixes this but when I tried that I get the Failed PU error!! I think Im screwed huh?

Had same issue. one difference is that I flashed the rom on top of it and my phone bricked completely.
No hboot,no adb , nothingg
Sent from my HTC Desire Z using Tapatalk

craigslist atrix

I got this an atrix from someone off of craigslist but I cannot get through the "sim card has been changed or removed please log into your motoblur account to unlock" what can I do to get through this and setup my own account?

the following keys exactly in this order..
-?123
-ALT
-ABC
-e
-?123
-ALT
-ABC
-e
-b
-l
-u
-r
-o
-f
-f

breathtakingevil said:
the following keys exactly in this order..
-?123
-ALT
-ABC
-e
-?123
-ALT
-ABC
-e
-b
-l
-u
-r
-o
-f
-f
Click to expand...
Click to collapse
Quote for later use.
Sent from my MB860 using XDA App

bykr_dude15 said:
I got this an atrix from someone off of craigslist but I cannot get through the "sim card has been changed or removed please log into your motoblur account to unlock" what can I do to get through this and setup my own account?
Click to expand...
Click to collapse
I just bought one from craigslist 2 hours ago. here is how got past the motoblur account (I have my own motoblur acct but it kept asking me for the previous user's PW, and i could not get it to simply log in with my motoblur info.)
Without a factory reset, it will still be bound to the prior owner's motoblur acct. So far, i found that a factory reset is the easier way to go since i dont care about any personal stuff the person before me had on this phone.
Shut off phone, pull the SIM and micro SD card, put battery back in, Power on the phone. When it finishes booting it should no longer prompt you for a motoblur account, this is when you goto settings >> privacy >> factory reset. {{It will tell you the email address of the previous user's moto acct, this is why it would not let my logon work}}
After the reset, the phone will reboot itself. Once it is done booting, shut it down again, put your SIM / SD card(s) back in and boot it up, and you can now create a new basic motoblur acct or use your existing one.
This phone was stock 2.3.4 Gingerbread (4.5.91)
Untested on stock 2.2.
The other replies will also work if you just wish to bypass it, but I believe you will need to use these key sequences to bypass it *each time you reboot the phone*.
my 2c

There has been a slew of Atrixes hit the local Craigslist since they've been made free at best buy.

Factory reset or flash the phone with a stock ROM.

[how to] restore software status: original

this thread is outdated!
please use this instead:
http://forum.xda-developers.com/one-m9/general/how-to-disable-remaining-write-t3171735
---------------------------------------------------------------------------------------------------------------------------------------------------------------------
this thread is for m9 it will NOT work on m7,m8,or any older devices(or anything other than HTC)
again,dont do this on anything other than m9. any posts stating "i bricked my whatever" will be directed back here,to this first bit of information.
this thread is to help you restore your software status: modified back to software status: original without having to run an RUU. those who have had m7,and m8 are familiar the the tampered flag wich is set when s-on by unlocking the bootloader and installing a custom recovery,kernel,or rom. this thread is the same. it is not a false or hex edited aboot,it is changing the flag that aboot checks to see if your device has been "tampered" with.
unfortunately,HTC has snuck in some evil write protections even on s off devices. as such,it is no longer possible to issue a simple adb command to re-write the flag.
at this time,this thread is for more advanced users. i will try and refine it to be more user friendly,but for now want to get the info out here.
credits
-beaups for schooling me on echo comand protocol,and pointing out that we can still fastboot flash partitions to make permanent changes.
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
- @Mutasek24 for fearlessly testing all commands
- @w3by for finding and testing 00408405 flag location
the usual disclaimers:
-i have tested this on my device,but use this info at your own risk. if it melts your phone into an aluminum gooey mess,crashes your pc,or causes any other issues,its not my fault.
then the most important disclaimer:
*be very careful when editing. accidentally adding or deleting something could change all offests,and leave your device unrecoverably bricked. do NOT use someone elses modified file. p8 is device specific
in other words,if this scares you,and an RUU is available for your device,run the RUU instead.
prerequisites:
-you must be S-OFF
-you must have superuser installed
-you must have adb and fastboot,and working drivers(if required) installed on your machine
this will require the use of a hex editor. for windows,i use HxD
1)copy p8
-open a command window and change to your adb/fastboot directory
-enter the following:
adb shell
su (if needed to get a # prompt)
dd if=/dev/block/mmcblk0p8 of=/sdcard/mmcblk0p8
exit
exit (if needed to get back to a regular prompt)
adb pull /sdcard/mmcblk0p8
youll now find a copy of p8 in your adb/fastboot folder. transfer it to a safe location (alternately,you could open your internal storage on the pc and drag the file to a different folder)
2)modify p8
-fire up your hex editor and open the mmcblk0p8 file
-scroll down to 00408400. what youll see if this:
the numbers 68 25 32 C6 are a constant.dont mess with them! the fifth digit(location 00408404) is your tampered flag. in some cases,you could find your tampered flag one spot over,at 00408405(more info).
on m9,its commonly a 10,but ive also seen 08 and it really could be anything. we need to change it to a 00.
carefully click in front of then 10,and type a 0. this should overwrite the 1 and change to 00(if you have a "0-other number" youll need to enter 0 twice)
again, be very careful not to add or delete any digits!!!
what you should now see is this:
once your confident its right,save the file as mmcblk0p8mod.img ( adding the file extension is important) to your adb/fastboot directory
3)install your untampered file
in the cmd window,enter:
adb reboot bootloader (this should take you to the white bootloader screen NOT download mode)
fastboot flash pg2fs mmcblk0p8mod.img
fastboot reboot-bootloader
you should now see software status: original
your cmd window should look like this:
Code:
E:\mini_adb\miniadb_m9>[COLOR="Red"]adb shell[/COLOR]
[email protected]_himaul:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]_himaul:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p8 of=/sdcard/mmcblk0p8[/COLOR]
dd if=/dev/block/mmcblk0p8 of=/sdcard/mmcblk0p8
48510+0 records in
48510+0 records out
24837120 bytes transferred in 5.605 secs (4431243 bytes/sec)
[email protected]_himaul:/ #[COLOR="red"] exit[/COLOR]
exit
[email protected]_himaul:/ $[COLOR="red"] exit[/COLOR]
exit
E:\mini_adb\miniadb_m9>[COLOR="red"]adb pull /sdcard/mmcblk0p8[/COLOR]
2986 KB/s (24837120 bytes in 8.122s)
E:\mini_adb\miniadb_m9>[COLOR="Red"]adb reboot bootloader[/COLOR]
E:\mini_adb\miniadb_m9>[COLOR="Red"]fastboot flash pg2fs mmcblk0p8mod.img[/COLOR]
target reported max download size of 536870912 bytes
sending 'pg2fs' (24255 KB)...
OKAY [ 0.609s]
writing 'pg2fs'...
OKAY [ 0.213s]
finished. total time: 0.826s
E:\mini_adb\miniadb_m9>[COLOR="red"]fastboot reboot-bootloader[/COLOR]
rebooting into bootloader...
OKAY [ 0.009s]
finished. total time: 0.010s
other useful threads:
lock/unlock bootloader: http://forum.xda-developers.com/one-m9/general/how-to-lock-unlock-bootloader-htcdevs-t3092036
change mid: fastbooot oem writemid xxxxxxxxx
change cid: fastboot oem writecid xxxxxxxx

mine

Nice, glad you got it working. I would have rather done this then flash my rom.zip 3 times

an0ther said:
Nice, glad you got it working. I would have rather done this then flash my rom.zip 3 times
Click to expand...
Click to collapse
Lol,I did tell you it was coming
I wanted to come up with some way to avoid the need for hex editing, but couldn't really come up with anything. So I guess it is what it is for now

Do you know if this will need to be done every time something is flashed? Or once s off and we do it once, it sticks with official...?
Edit: worked well
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sent From My HTC One (M9)

Eazy Peazy!

@scotty1223
german translation: http://www.android-hilfe.de/root-cu...-software-status-official-s-off-new-post.html

Rydah805 said:
Do you know if this will need to be done every time something is flashed? Or once s off and we do it once, it sticks with official...?
Edit: worked well
Sent From My HTC One (M9)
Click to expand...
Click to collapse
Just once. Once you're s off the flag is not set

It worked, thanks
If anyone should use another editor like Hex Workshop the position can be displayed as 004083FE (see attached files).

Scotty, first of: all my respect to your work, man. I have been following what you do ever since you started it, I think, but never had any reason to ask you stuff.
Now: I have one question: P8 is pg2fs_ship_signkey.img in the RUU. Can you explain to me why P8 is device specific if its also delivered in a RUU? Is the RUU image maybe just a partial P8?
Oh I should just pull it and chase it through Beyond Compare but its Sunday night, after a long workday and I am lazy.
And oh yea, I wanted to hook up and say hello and thanks and ask if you wouldn't want to discuss the one or other thing occasionally. Not sure you ever visited my firmware threads but if you did, you might have seen that my main goal is to learn and share what I learned and have people educate themselves on everything HTC Firmware. I'd be totally happy to see you linked there. Profit for everyone.

scotty1223 said:
to get a # prompt)
dd if=/dev/block/mmcblk0p8 of=/sdcard/mmcblk0p8
Click to expand...
Click to collapse
I don't have an m9 yet, but is it safe to copy and paste this command like the old devices to get the p8 from the specific one we would have now? Thanks in advance and for your great work. Wish I could give back something like this. :thumbup:

If you install RUU and puts Officer, thanks!
Enviado desde mi HTC One M9

Many THANKS Sir! Worked like a charm!

Sneakyghost said:
Scotty, first of: all my respect to your work, man. I have been following what you do ever since you started it, I think, but never had any reason to ask you stuff.
Now: I have one question: P8 is pg2fs_ship_signkey.img in the RUU. Can you explain to me why P8 is device specific if its also delivered in a RUU? Is the RUU image maybe just a partial P8?
Oh I should just pull it and chase it through Beyond Compare but its Sunday night, after a long workday and I am lazy.
And oh yea, I wanted to hook up and say hello and thanks and ask if you wouldn't want to discuss the one or other thing occasionally. Not sure you ever visited my firmware threads but if you did, you might have seen that my main goal is to learn and share what I learned and have people educate themselves on everything HTC Firmware. I'd be totally happy to see you linked there. Profit for everyone.
Click to expand...
Click to collapse
hey sneeky,unfortunately i cant explain exactly why p8 shouldnt be shared. my first desire was to simply provide an image,have users download and flash. however,all the ones ive compared have some subtle differences,so i asked beaups his thots on it,and the answer was a clear "no,thats a bad idea. p8 is device specific so users will need to mod their own",so i took his word for it. i know in the past folks have done some shady stuff like that with m7 and m8,and while it may not casue a devestating failure while s off,the prollem may arrise later when they(for whatever stupid reason) turn s on. ive seen hard bricks,soft bricks,and in many cases the reappearance of the tampered flag after a couple of reboots and factory resets. not sure what the actual consequences coulod be in this particular situation.
as for the ruu,i cant really answer that either. ive noticed it also,and my best guess is that the ruu is only having a partial image,or doing a check to mod the image present and not actualy flashing a new one. wish i had a better answer for you than that,lol.
i have been to your firmware threads,and they are a wealth of valuable information. definately hit me up if you ever want to have discussions :highfive:
darkenedpath said:
I don't have an m9 yet, but is it safe to copy and paste this command like the old devices to get the p8 from the specific one we would have now? Thanks in advance and for your great work. Wish I could give back something like this. :thumbup:
Click to expand...
Click to collapse
im not sure what youre asking. if you dont have an m9 yet,what are you wanting to run the command on?

scotty1223 said:
im not sure what youre asking. if you dont have an m9 yet,what are you wanting to run the command on?
Click to expand...
Click to collapse
Sorry. I don't have one yet, but do plan on getting an m9 soon. I'm just trying to keep up and get as much information as I can on this new thing. I re-read the OP feel like a dummy and should have deleted my post. Again, sorry and thanks.

darkenedpath said:
Sorry. I don't have one yet, but do plan on getting an m9 soon. I'm just trying to keep up and get as much information as I can on this new thing. I re-read the OP feel like a dummy and should have deleted my post. Again, sorry and thanks.
Click to expand...
Click to collapse
No prollem. It's definitely good to read and research as much as possible,even prior to acquiring a new device. ?
Sent from my HTC One max

yes it works on my both M9
thx a lot

scotty1223 said:
hey sneeky,unfortunately i cant explain exactly why p8 shouldnt be shared. my first desire was to simply provide an image,have users download and flash. however,all the ones ive compared have some subtle differences,so i asked beaups his thots on it,and the answer was a clear "no,thats a bad idea. p8 is device specific so users will need to mod their own",so i took his word for it. i know in the past folks have done some shady stuff like that with m7 and m8,and while it may not casue a devestating failure while s off,the prollem may arrise later when they(for whatever stupid reason) turn s on. ive seen hard bricks,soft bricks,and in many cases the reappearance of the tampered flag after a couple of reboots and factory resets. not sure what the actual consequences coulod be in this particular situation.
as for the ruu,i cant really answer that either. ive noticed it also,and my best guess is that the ruu is only having a partial image,or doing a check to mod the image present and not actualy flashing a new one. wish i had a better answer for you than that,lol.
i have been to your firmware threads,and they are a wealth of valuable information. definately hit me up if you ever want to have discussions :highfive:
Click to expand...
Click to collapse
I ran a pulled P8 and the pg2fs_ship_signkey.img throug Beyond Compare today and its pretty clear the image from the RUU is only partial. Its a small piece of encrypted stuff that goes into roughly the first third of the large P8, a small set of unencrypted strings that go right at the start and thats it. The rest of the partition is mostly zeroes (empty) and some very few offsets with just some tiny bits of info there, mostly encrypted. One is the tampered flag. It even says "tamper" in plain text before it. If it is that bit, it looks different to what you posted. But that plain text was some sort of clue lol.
The entire section after that encrypted block from ship_signkey is not found in the RUU image.

Worked like a charm thank you

Will tbis lock the device? I want to reset to official but unlocked with s-off. Does that make sense? I read in the re-lock bootloader thread that once re locked you can't set system to RW..
Sent from my 0PJA2 using Tapatalk