Related
I wrote this guide because i got frustrated at the seeming impossibility of downgrading a 2.21+ SPL ROM on my Wizard to CID unlock it, and the fact that lokiwiz did not work either.
After a day of research it became apparent that this was far from the truth, and that it was easily unlockable. All the tools were out there, just there wasn't a guide to help direct someone through all the steps.
Well this is that guide.
I've tried to make it newbie friendly, and although this has only been tested on my wizard, i see no reason why this wouldn't work on the Typhoon(infact most of the tools used are originally for the Typhoon) and Tornado seeing as they have almost identical boot loaders.
The guide comes with the usual warning:
“If you manage to brick your phone, it wasn't my fault ”
I cant stress this point enough though, get a few numbers wrong in some of the commands in the guide, and you could break your phone, tripple check everything you type in!!
Attached is the guide in a zipped version in html and .doc format (html for those of you that cant be arsed with MS Word files)
Enjoy
This guide works on G3 phones only, regardless of ROM version, but i see little point in going through all these steps when for 90% of you, lokiwiz should work fine. So i suggest you only use this guide if you are having trouble with lokiwiz, and/or you a 2.21+ SPL G3 Wizard.
**EDIT**Guide back up and updated
Looks good Craptree,
Unfortunately I don't own a G4 device to try it on.
Would love to hear some feedback from users that have a G4 CID Locked Wizard and used this how-to to succesfully CID unlock their G4 Wizard.
Regards,
Molski
Thankyou
keep up the good work Molski
Firstly good work, that was some reading and collating you did , I ive worked my way through but when i come to write the unlocked.nb file back using " pdocwrite -n 1 unlocked.nb" i get this error
CopyFileToTFFS(unlocked.nb:0, 0, 00010000)
ERROR: ITWriteDisk - A device attached to the system is not functioning.
can you shed some light.
Ok ive done some snooping around should the last command be something like
pdocwrite -n 1 0 0x10000 unlocked.nb ??
I have tried this method. And got cid.bin file from the device. How can I convert the cid.bin to cid.nf file? Will this command "perl typhooncidedit.pl cid.bin" will generate the cid.nf file? I don't get it. Please help me. Thanks!
Hi im by no means anywahere near an expert (as you can see from my posting above) but from my limited experience i can say no, perl typhooncidedit.pl cid.bin will read the current file , though note you need to reboot after installing Active Perl and there seems to be a spelling mistake in the commands in the howto its typhooncidedit_pl note the underscore not a full stop.
Its the command "perl typhooncidedit_pl cid.bin -c 11111111 -w unlocked.bin" that creates the file to be written back to the phone. However this is where it ends for me as i cant get the next stage to work just yet and am a little weary of playing around without mor einformed guidence in case i brick the device.
problem with soulcage
when I try to download the package with the crypt-des i got this message:
soulcage.net
This domain name expired on 10/09/2006 and is pending renewal or deletion.
is there any other place to get this package?!?
weird i did it last night and it worked, i even just reopened activeperl and it rececked with no errors, you are downloading the package through activeperl arent you ?
I'm also getting the ITWriteDisk errror and the problem with the Crypt-DES repository. Found Crypt-DES at http://theory.uwinnipeg.ca/ppms/ in the end.
wblqx - oops, looks like i got muddled up with my file name extensions. it doesnt matter if the files a .nb or .bin, theyre both identical. just reference the file you have. so if you have a cid.bin, the command would be
perl typhooncidedit.pl cid.bin -c 11111111 -w unlocked.nb
flipside101 - hmmm im not quiet sure why it wont let you write the file back...all i can sugest is to make sure that cert_spcs.cab and enablerapi.cab have been loaded onto your phone. have you tried copying the files onto your phone and running them manualy?
PS - ive chaged the orignal guides to avoid this confusion in the future wblqx
Ok, I got the crypt-des from here: http://theoryx5.uwinnipeg.ca/ppms/package.xml
and it's version 2.05 from Dave Parishere and this is what I have here:
I got the cid.bin file and this is what I read "inside" it:
D:\qtek\cid>perl typhooncidedit.pl cid.bin
0x0000 - version : 00000001
0xfff8 - checksum: keyix=48: f75b0704 - f2c82199ed8f7449
0x01a0 - keyindex: 000000e600000000 -> 230
0x1930 - cid key : 'MODULESN'
0x0160 - cid : 0008:'WIZQTK01' 0e0f101112131415161718191a1b1c1d1e1f20212223
0x1c80 - lockflag: 0000000000000000
0x0140 - imei : 3563840009225810
0x1d00 - lock 0 : 7bea42ec25ae4b6eac30b47d9691fdac
0x1d10 - lock 1 : 4a02f79b693fe782ad1cf1a9133fc981
0x1d20 - lock 2 : 5afd85493fd413c46b2a28d3ead12c0e
0x1d30 - lock 3 : c82b3203be8574b85f141684499d1d85
0x1d40 - lock 4 : ea60e2bc84f2f60fc730cea22b3147ab
0x4000 - mncmcc : f5a235190000000000000000875f796f5cd3ce3ed6b1a16fc7cef324eed501e8
(the locks codes appears to be crypted, is that correct?)
then I did the perl typhooncidedit.pl cid.bin -c 11111111 -w unlocked.nb and got it:
D:\qtek\cid>perl typhooncidedit.pl cid.bin -c 11111111 -w unlocked.nb
0x0000 - version : 00000001
0xfff8 - checksum: keyix=48: f75b0704 - f2c82199ed8f7449
0x01a0 - keyindex: 000000e600000000 -> 230
0x1930 - cid key : 'MODULESN'
0x0160 - cid : 0008:'WIZQTK01' 0e0f101112131415161718191a1b1c1d1e1f20212223
0x1c80 - lockflag: 0000000000000000
0x0140 - imei : 3563840009225810
0x1d00 - lock 0 : 7bea42ec25ae4b6eac30b47d9691fdac
0x1d10 - lock 1 : 4a02f79b693fe782ad1cf1a9133fc981
0x1d20 - lock 2 : 5afd85493fd413c46b2a28d3ead12c0e
0x1d30 - lock 3 : c82b3203be8574b85f141684499d1d85
0x1d40 - lock 4 : ea60e2bc84f2f60fc730cea22b3147ab
0x4000 - mncmcc : f5a235190000000000000000875f796f5cd3ce3ed6b1a16fc7cef324eed501e8
olddata: 6d18c04e8ed463a6460f100469464259621e8365aeb43277cf2858b925828379
newdata: 95ea23df0bf16432cf7be60912a5cbdedee342037c9d3bd3dee342037c9d3bd3
newsum=3c8b458b encsum=4e3630065084dd42
and at least the: pdocwrite -n 1 unlocked.nb gave me this:
D:\qtek\cid>pdocwrite -n 1 unlocked.nb
3 partitions, 2 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 96 10 01 04 13 1d 11 2c 15 03 06 c5
CopyFileToTFFS(unlocked.nb:0, 0, 00010000)
ERROR: ITWriteDisk - An internal error occurred.
captree, do you have any clue about what is wrong?
here is the unlocked.nb:
D:\qtek\cid>perl typhooncidedit.pl unlocked.nb
0x0000 - version : 00000001
0xfff8 - checksum: keyix=48: 3c8b458b - 4e3630065084dd42
0x01a0 - keyindex: 000000e600000000 -> 230
0x1930 - cid key : 'MODULESN'
0x0160 - cid : 0008:'11111111' 00000000000000000000000000000000000000000000
0x1c80 - lockflag: 0000000000000000
0x0140 - imei : 3563840009225810
0x1d00 - lock 0 : 7bea42ec25ae4b6eac30b47d9691fdac
0x1d10 - lock 1 : 4a02f79b693fe782ad1cf1a9133fc981
0x1d20 - lock 2 : 5afd85493fd413c46b2a28d3ead12c0e
0x1d30 - lock 3 : c82b3203be8574b85f141684499d1d85
0x1d40 - lock 4 : ea60e2bc84f2f60fc730cea22b3147ab
0x4000 - mncmcc : f5a235190000000000000000875f796f5cd3ce3ed6b1a16fc7cef324eed501e8
Hi Craptree, no i tried the manual running of rapi but i still get the same error
D:\XDA\CID>pdocwrite -n 1 unlocked.bin
CopyFileToTFFS(unlocked.bin:0, 0, 00010000)
ERROR: ITWriteDisk - A device attached to the system is not functioning.
In case its any help heres some info on the locked and unlocked files
LOCKED
D:\XDA\CID>perl typhooncidedit_pl cid.bin
0x0000 - version : 00000001
0xfff8 - checksum: keyix=55: 431ca7b6 - fa9d45e5b52e53c3
0x01a0 - keyindex: 0000004a00000000 -> 74
0x1450 - cid key : 32421a0edf4fa9d6
0x0160 - cid : 0008:'WIZO2B01' 0e0f101112131415161718191a1b1c1d1e1f20212223
0x1c80 - lockflag: 0000000000000000
0x0140 - imei : 3563830004598750
0x1d00 - lock 0 : a2a9faccbbfbc0d94497e96264896558
0x1d10 - lock 1 : 58ff98fb2af1350f7fca4f890f358808
0x1d20 - lock 2 : 7b53c3aa8c9d522e46e73b558d75f287
0x1d30 - lock 3 : 0e92d1ddbc64b8e5f8c9950a0bf33284
0x1d40 - lock 4 : 92895c989f8ac37c77b97eadef53e5dc
0x4000 - mncmcc : 095ce2420000000000000000c7c8aba45e2c4b0f8d5e300ab86152430094117c
UNLOCKED
D:\XDA\CID>perl typhooncidedit_pl unlocked.bin
0x0000 - version : 00000001
0xfff8 - checksum: keyix=55: 7d3a21f5 - fdee2cb45bfc5c18
0x01a0 - keyindex: 0000004a00000000 -> 74
0x1450 - cid key : 32421a0edf4fa9d6
0x0160 - cid : 0008:'11111111' 00000000000000000000000000000000000000000000
0x1c80 - lockflag: 0000000000000000
0x0140 - imei : 3563830004598750
0x1d00 - lock 0 : a2a9faccbbfbc0d94497e96264896558
0x1d10 - lock 1 : 58ff98fb2af1350f7fca4f890f358808
0x1d20 - lock 2 : 7b53c3aa8c9d522e46e73b558d75f287
0x1d30 - lock 3 : 0e92d1ddbc64b8e5f8c9950a0bf33284
0x1d40 - lock 4 : 92895c989f8ac37c77b97eadef53e5dc
0x4000 - mncmcc : 095ce2420000000000000000c7c8aba45e2c4b0f8d5e300ab86152430094117c
Hello,
First I have to say this initiative for a CID unlock guide is GREAT !
Unfortunately, I went to the same process and also got write error in the end.
Here's for me :
- Had to use Crypt-DES from http://theoryx5.uwinnipeg.ca/ppms/package.xml while Soulcage.net access is off (or so it seems)
- Installed Cert_SPCS.cab and EnableRapi.cab both using .bat and manual installation
- Was able to get the CID.bin & modify without problem
- Last operation results in following error:
"3 partitions, 2 binary partitions
customerid=00000000 uniqueid= 00 00 00 00 3a 20 01 02 23 2a 12 8d 01 09 05 40
CopyFileToTFFS(cid_unlocked.nb:0, 0, 00010000)
ERROR: ITWriteDisk - Internal error" (translated from French).
My CID binaries :
## perl typhooncidedit.pl cid_original.bin
0x0000 - version : 00000001
0xfff8 - checksum: keyix=40: 1cab1674 - 37f31b4a27fe4616
0x01a0 - keyindex: 000000d900000000 -> 217
0x18c8 - cid key : 'MODULESN'
0x0160 - cid : 0008:'WIZQTK24' 0e0f101112131415161718191a1b1c1d1e1f20212223
0x1c80 - lockflag: 0000000000000000
0x0140 - imei : 3563840001521300
0x1d00 - lock 0 : 76a905824418f065eefd32cbfb611d28
0x1d10 - lock 1 : 91450180424a15f000bdd1851e5fbb51
0x1d20 - lock 2 : c14cc13d337415f59b71512adfb0319d
0x1d30 - lock 3 : 8b62365380a7f3436e43a4299ce97c0d
0x1d40 - lock 4 : 867bbb89c9d3593a72621810278c89db
0x4000 - mncmcc : 762173b9000000000000000091bcf2bbcf1921a206e6fd057e61d6c08f467a95
## perl typhooncidedit.pl cid_unlocked.nb
0x0000 - version : 00000001
0xfff8 - checksum: keyix=40: 500ec10b - c44c8893515dcabf
0x01a0 - keyindex: 000000d900000000 -> 217
0x18c8 - cid key : 'MODULESN'
0x0160 - cid : 0008:'11111111' 00000000000000000000000000000000000000000000
0x1c80 - lockflag: 0000000000000000
0x0140 - imei : 3563840001521300
0x1d00 - lock 0 : 76a905824418f065eefd32cbfb611d28
0x1d10 - lock 1 : 91450180424a15f000bdd1851e5fbb51
0x1d20 - lock 2 : c14cc13d337415f59b71512adfb0319d
0x1d30 - lock 3 : 8b62365380a7f3436e43a4299ce97c0d
0x1d40 - lock 4 : 867bbb89c9d3593a72621810278c89db
0x4000 - mncmcc : 762173b9000000000000000091bcf2bbcf1921a206e6fd057e61d6c08f467a95
Could this be because we had to use a different Crypt-DES package ? Or shall we look some other reason ?
Thanks and good luck
Sylvain
This is weird, it looks like its worked no one except me
sorry...
my wizard was a G3, but it was locked into 2.26 spl, and refused to be
unlocked with lokiwiz (as G3's with 2.21+ roms seem to have the same problem with cid unlocking that G4's do), or any thing else, and this manual way was the
only thing that did the job for me...
I have two reasons, and i fear its the first one...
1)G3 2.21+ CID locked phones don't have the same problem with CID unlocking that G4's do. So this solution may only work on G3 2.21+ phones
2)I semi downgraded the phone with ftp://xda:[email protected]__RUU_Wizard_1050412_WWE_101_11210_WWE.exe first (it downgraded everything except the spl), then did all the steps layed out in the guide.
riz
jubanet - yea, it appears the lock code is encrypted. if someone with the crypted lock code cid.bin files could send me one, i can see if it appears unencrypted on my version of crypt-des
craptree said:
jubanet - yea, it appears the lock code is encrypted. if someone with the crypted lock code cid.bin files could send me one, i can see if it appears unencrypted on my version of crypt-des
Click to expand...
Click to collapse
here it is!
craptree said:
This is weird, it looks like its worked no one except me
sorry...
my wizard was a G3, but it was locked into 2.26 spl, and refused to be
unlocked with lokiwiz (as G3's with 2.21+ roms seem to have the same problem with cid unlocking that G4's do), or any thing else, and this manual way was the
only thing that did the job for me...
I have two reasons, and i fear its the first one...
1)G3 2.21+ CID locked phones don't have the same problem with CID unlocking that G4's do. So this solution may only work on G3 2.21+ phones
2)I semi downgraded the phone with ftp://xda:[email protected]__RUU_Wizard_1050412_WWE_101_11210_WWE.exe first (it downgraded everything except the spl), then did all the steps layed out in the guide.
riz
Click to expand...
Click to collapse
hummm...
everyboody says that's impossible to CID unlock the G4...
I'll try downgrading to that rom (without touching the ipl/spl)
@ craptree
Im on a g3 2.21.4.1 o2 wizard, so similar to yours, ill try the partial downgrade
Might be a stupid question but the subject says that it's a CID and SIM unlock. The doc only meantions SIM unlock.
LordPhong said:
Might be a stupid question but the subject says that it's a CID and SIM unlock. The doc only meantions SIM unlock.
Click to expand...
Click to collapse
The only bit in the doc thats about SIM unlocking is
"**The number at 0x1d00 is your sim unlock code. Write it down somewhere and use it to sim unlock your phone (i.e. when you insert a different providers sim card, it will ask you for a code)"
The rest is purely about the cid
Hello,
a friend gave me hier "bricked" fon. I could get it booting again, system is up and running - but with any sdcard. Not the external and neither the internal one.
That means I cant put a SAPIMG.nph or anything else to the sdcard.
I cant download an apk or modify anything.
adb shell is working, but certainly su not.
adb push hboot_2010_signed.img /sdcard
certainly doesnt work either, there is no sdcard!
ok, I tried now different fastboot operations.
to come closer:
./fastboot flash recovery recovery-RA-sapphire-v1.7.0G-cyan.img
sending 'recovery' (4528 KB)... FAILED (remote: not allow)
... etc... all the normal stuff.. nothing wortks, I usualy get "Not allowed on a production phone"
What to do now, I have no clue anymore!
here my data:
./fastboot oem boot
... INFOsetup_tag addr=0xA0000100 cmdline add=0x880705C0
INFOTAG:Ramdisk OK
INFOTAG:smi ok, size = 64
INFOTAG:hwid 0x1
INFOTAG:skuid 0x1E300
INFOTAG:hero panel = 0x0
INFOTAG:engineerid = 0x2
INFODevice CID is not super CID
INFOCID is VODAP102
INFOsetting.cid::VODAP102
INFOserial number: HT93YKF06262
INFOcommandline from head: no_console_suspend=1 console=null
INFOcommand line length =346
INFOactive commandline: board_sapphire.disable_uart3=1 board_sap
INFOphire.usb_h2w_sw=1 board_sapphire.disable_sdcard=1 smisize=6
INFO4 androidboot.baseband=2.22.19.26I androidboot.cid=VODAP102
INFO androidboot.carrier=VODA-Germany androidboot.keycaps=qwerty
INFO androidboot.mode=normal androidboot.serialno=HT93YKF06262 a
INFOndroidboot.bootloader=1.33.0007 no_console_suspend=1 console
INFO=null
INFOPARTITIOM_NUM_MAX =6 Valid partition num=6
Do you see? There is the kernel option board_sapphire.disable_sdcard=1 set !!! But I cant disable it with a fastboot -c option.
./fastboot getvar version-main
version-main: 1.89.162.1
./fastboot getvar cid
cid: VODAP102C??a
#########
Any help is appreciated, thanks!
Code:
fastboot oem enableqxdm 0
Regarding root... follow my guide found in my signature..
./fastboot oem enableqxdm 0
... INFO[ERR] Command error !!!
OKAY
./fastboot devices
HT93YKF06262 fastboot
[[email protected] HTC]# ./fastboot flash recovery recovery-RA-sapphire-v1.7.0G-cyan.img
sending 'recovery' (4528 KB)... OKAY
writing 'recovery'... INFOsignature checking...
FAILED (remote: 12 signature verify fail)
this seemed to get me a little further:
./fastboot oem rebootRUU
... OKAY
[[email protected] HTC]# ./fastboot -c "board_sapphire.disable_sdcard=0 board_sapphire.disable_uart3=0" reboot
rebooting...
YEAH!"
but then..... still no sdcard when the OS was up :-(
any ideas?
Type
Code:
fastboot oem h
and post here the result.
Root and recovery = follow my guide found in my signature...
Just replace all "/sdcard" paths with "/data/local/tmp"
During an upgrade where I tried to S-OFF an HTC Magic I got to a point where I was installing from the SAPPIMG.nbh for 32a devices when it hung on the radio update (last of the main changes).
Long and short of it, is that the phone now has no recovery, boot loop and S-ON.
I can use fastboot only for booting to RUU mode and erasing the cache.
Code:
SAPPHIRE PVT 32A SHIP S-ON H
HBOOT-1.33.0010 (SAPP10000)
CPLD-12
RADIO-6.35.08.19
Jun 2 2009, 17:28:28
I have tried following the examples of mumilover and also jeBach from this thread (http://forum.xda-developers.com/showthread.php?t=1231297&page=2).
On jeBach's suggestion I have tried flashing rom and rom1.zip but both times I get Checking Main Version... Update Fail! Errors.
Code:
fastboot getvar version-main
6.35.16.19
Which seems to be wrong/much higher - akin to a radio number?
Code:
\tools>fastboot oem boot
... INFOsetup_tag addr=0xA1200100 cmdline add=0x98072208
INFOTAG:Ramdisk OK
INFOTAG:smi ok, size = 32
INFOTAG:hwid 0x1
INFOTAG:skuid 0x21401
INFOTAG:hero panel = 0x0
INFOTAG:engineerid = 0x2
INFODevice CID is not super CID
INFOCID is HTC__506
INFOsetting.cid::HTC__506
INFOserial number: HT96VKF02168
INFOcommandline from head: no_console_suspend=1 console=null
INFOcommand line length =339
INFOactive commandline: board_sapphire.disable_uart3=1 board_sap
INFOphire.usb_h2w_sw=1 board_sapphire.disable_sdcard=0 smisize=3
INFO2 androidboot.baseband=6.35.08.29 androidboot.cid=HTC__506
INFOandroidboot.carrier=COMMON androidboot.keycaps=qwerty androi
INFOdboot.mode=normal androidboot.serialno=HT96VKF02168 androidb
INFOoot.bootloader=1.33.0010 no_console_suspend=1 console=null
INFOPARTITIOM_NUM_MAX =6 Valid partition num=6
FAILED (status read failed (Too many links))
I have tried mumilover's suggestion of special_sappimg.zip. It looks the most promising
Code:
\tools>fastboot flash zip "special_sappimg.zip"
sending 'zip' (11094 KB)... OKAY
writing 'zip'... INFOadopting the signature contained in this image...
INFOsignature checking...
INFOzip header checking...
INFOzip info parsing...
INFOchecking model ID...
INFOchecking custom ID...
INFOchecking main version...
FAILED (remote: 43 main version check fail)
Which makes sense as the number is much higher. I have tried this with and without two different GoldCards.
When I create a zip myself with the files contained but modify android-info.txt with the higher version it is no longer signed and I get the following error.
Code:
sending 'zip' (11094 KB)... OKAY
writing 'zip'... INFOsignature checking...
FAILED (remote: 12 signature verify fail)
I've looked at using nbhextract but it doesn't work on the nbh file.
I think the main issue is that HBOOT is looking for a signature and when it doesn't find it, stops the process. I have no way of installing a recovery/hboot/spl that I know of after looking through a large number of pages here.
Is there any way to modify the sappimg.zip file with the special bootloader etc to have a higher version check whilst maintaining signature/or bypassing it such that the bootloader can be recovered. I need to fix the SPL/Radio before unlocking the bootloader from what I can tell but if it helps I did create an unlock_token before getting into this bricked state.
I have seen and read about the XTC clip. Would that work in unlocking to S-OFF and allowing for recovery/rest of the process to continue.
Failing that are there any people in the South East of England (Hertfordshire), who can recover through JTAG or other means for a price lower than the XTC clip?
Thank you in advance - any questions about other details - please post them and I can reply with answers, subject to the above limitations.
Just sent you a PM...
mumilover said:
Just sent you a PM...
Click to expand...
Click to collapse
Thanks very much to mumilover who spent a long time with me trying to help with this problem. :good:
Unfortunately the error was the version-main value is reported as being much higher than a standard RUU.
As such none of the standard RUU, rom methods will work.
I'm leaving this problem as unresolved, just so that the other posts which have more useful information are looked at first but from my side this is resolved; thanks very much once again mumilover.:highfive:
No problem... this one got away :0)
[FIX][GUIDE][INFO][01-JUN-2014]M7 "Active Cmdline Overflow" error and bootloop
This is a collaboration of @cschmitt and myself. Many thanks to @cschmitt for his hard work and help :good::good:
Symptoms
1) Bootloader shows "active cmdline overflow (xxxx bytes)"
2) Unable to enter recovery (neither custom nor stock)
3) (possibly) everything you try reboots to bootloader
Cause
Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.
The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.
Problems (and why even an RUU won't restore your phone)
Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.
So what does a normal [misc] partition look like:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.
OK, now get to the point, how do we fix this
Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
and @cschmitt has modified TWRP to disregard the BCB http://forum.xda-developers.com/showpost.php?p=52262603&postcount=13
Download from AndroidFileHost: twrp-recovery-2.7-m7-nobcb.img only applicable for M7_U or M7_UL models.
Step 1: Install the noBCB recovery
Code:
C:\ADB3>[B][COLOR=Blue]fastboot devices[/COLOR][/B]
HT34xxxxxxxx fastboot [I]<- we're in bootloader[/I]
C:\ADB3>[B][COLOR=Blue]fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img[/COLOR][/B]
target reported max download size of 1514139648 bytes
sending 'recovery' (11278 KB)...
OKAY [ 1.500s]
writing 'recovery'...
OKAY [ 1.240s]
finished. total time: 2.740s
C:\ADB3>[B][COLOR=Blue]fastboot erase cache[/COLOR][/B]
******** Did you mean to fastboot format this partition?
erasing 'cache'...
OKAY [ 0.090s]
finished. total time: 0.090s
C:\ADB3>[B][COLOR=Blue]fastboot reboot-bootloader[/COLOR][/B]
rebooting into bootloader...
OKAY [ 0.040s]
finished. total time: 0.040s
--> enter RECOVERY
If you are still unable to boot into recovery:
Users with S-OFF
Downgrade hboot to 1.44
Download 1.29.401.12_hboot_1.44.zip, check MD5, and flash it in ruu mode:
Code:
C:\ADB3>[B][COLOR=Blue]fastboot oem rebootRUU[/COLOR][/B]
...
(bootloader) Start Verify: 0
OKAY [ 0.047s]
finished. total time: 0.047s
C:\ADB3>[B][COLOR=Blue]fastboot flash zip 1.29.401.12_hboot_1.44.zip[/COLOR][/B]
sending 'zip' (501 KB)...
OKAY [ 0.250s]
writing 'zip'...
(bootloader) zip header checking...
(bootloader) zip info parsing...
(bootloader) checking model ID...
(bootloader) checking custom ID...
(bootloader) start image[hboot] unzipping & flushing...
(bootloader) [RUU]UZ,hboot,0
(bootloader) [RUU]UZ,hboot,50
(bootloader) [RUU]UZ,hboot,100
(bootloader) [RUU]WP,hboot,0
(bootloader) [RUU]WP,hboot,99
(bootloader) [RUU]WP,hboot,100
(bootloader) ...... Successful
OKAY [ 2.153s]
finished. total time: 2.402s
C:\ADB3>[B][COLOR=Blue]fastboot reboot-bootloader[/COLOR][/B]
rebooting into bootloader...
OKAY [ 0.031s]
finished. total time: 0.031s
and enter RECOVERY
Users with S-ON
Try one of the following recoveries instead:
CWM_6.0.2.8_M7.img
cwm-recovery-m7-6.0.4.9-nobcb.img
Step 2: Backup your current mmcblk0p19 (it's always good to backup things before changing them)
Code:
C:\ADB3>[B][COLOR=Blue]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx recovery [I]<- you need to be in custom recovery to
ensure [B]root[/B] privileges[/I]
C:\ADB3>[B][COLOR=Blue]adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
C:\ADB3>[B][COLOR=Blue]adb pull /tmp/mmcblk0p19_bak.img[/COLOR][/B]
2272 KB/s (1047040 bytes in 0.450s)
C:\ADB3>[B][COLOR=Blue]dir[/COLOR][/B]
Volume in drive C has no label.
Volume Serial Number is 0622-9D4A
Directory of C:\ADB3
02/05/2014 18:40 <DIR> .
02/05/2014 18:40 <DIR> ..
02/05/2014 18:40 1,047,040 mmcblk0p19_bak.img
[B][I]^^ there it is[/I][/B]
Step 3: Download generic m7_u / ul mmcblk0p19
Download the M7_U / UL generic misc partition by @cschmitt:
http://forum.xda-developers.com/attachment.php?attachmentid=2774855&stc=1&d=1401633317
extract it and put it in your adb/fastboot folder.
Step 4: Restore the generic mmcblk0p19
Code:
C:\ADB3>[B][COLOR=Blue]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx recovery [I]<- you need to be in custom recovery to
ensure [B]root[/B] privileges[/I]
C:\ADB3>[B][COLOR=Blue]adb push mmcblk0p19_generic.img /tmp/[/COLOR][/B]
2130 KB/s (1047040 bytes in 0.479s)
C:\ADB3>[B][COLOR=Blue]adb shell dd if=/tmp/mmcblk0p19_generic.img of=/dev/block/mmcblk0p19[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
C:\ADB3>[B][COLOR=Blue]adb reboot bootloader[/COLOR][/B]
You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.
:victory:
-------------------------------------------------------------------------------------------------------------------------------------------
Revision history
2nd May 2014:Initial preview release.1st June 2014:Generic misc partition now confirmed working for S-On and S-Off devices, no longer need to "repair" the misc partition.2nd August 2014:Added links for other recoveries for S-On users, and hboot downgrade instructions for S-Off users.
-------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer:
We are not responsible for anything going wrong with your phone!
credits:
@cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://forum.xda-developers.com/showthread.php?t=2708134
-------------------------------------------------------------------------------------------------------------------------------------------
If you found this thread useful or educational, please press the THANKS button for both of us .
-------------------------------------------------------------------------------------------------------------------------------------------
The attached mmcblk0p19 should work for any m7_u or m7_ul device.
Unzip and install mmcblk0p19.generic.bin per the instructions in step 4 of OP:
Code:
adb push mmcblk0p19.generic.bin /tmp/
adb shell dd if=/tmp/mmcblk0p19.generic.bin of=/dev/block/mmcblk0p19
As this is a "Work In Progress", you may have your doubts, and I cannot blame you in the slightest, for being VERY careful!!
So the main question is: has this ever been accomplished successfully?
The answer is yes http://forum.xda-developers.com/showpost.php?p=52345379&postcount=48 (or sort of because he used a rooted ROM instead of recovery, you'll need to read the entire thread mentioned)... the thread is here http://forum.xda-developers.com/showthread.php?t=2732757 , and though we haven't heard back from the OP, at least @donkeykong1 got it fixed!!
update, May 25, 2014: confirmed to have worked for 4 users
update, June 1, 2014: generic misc partition, confirmed working for S-On and S-Off users
Retired content, you can disregard this post
[WIP][POSSIBLE FIX][GUIDE][INFO][02-May-2014]HTC One M7 - "Active Cmdline Overflow" error and bootloader bootloop
This is a work in progress and a collaboration of @cschmitt and myself.
And it is still a rough draft!! so excuse any bad formatting (lack of colours, bold, italic, etc.)
Symptoms
1) Bootloader shows "active cmdline overflow (xxxx bytes)"
2) Unable to enter recovery (neither custom nor stock)
3) (possibly) everything you try reboots to bootloader
Cause
Basically it's because of a corrupt mmcblk0p19 [misc] partition, the [misc] partition includes the bootloader command block (BCB); @schmitt can elaborate on that more than I.
The most often times we've seen this, is when flashing HTC Droid DNA (device=dlx) ROM or kernel (kernel is included in the ROM) on a HTC One M7. The DLX kernel is in mmcblk0p19, and during installation this part of the installer script - run_program("/sbin/dd", "if=/tmp/boot.img", "of=/dev/block/mmcblk0p19") - will overwrite and therefore corrupt your [misc] partition.
Problems (and why even an RUU won't restore your phone)
Some partitions, in particular mmcblk0p19 [misc] and mmcblk0p6 [mfg], are not contained in any RUU, as they are specific to each individual phone.
So what does a normal [misc] partition look like:
the ones that vary from device to device are the ones in bold green at offsets 0x304 and 0x31C, and what impact or influence they have I don't know.
OK, now get to the point, how do we fix this
Well you need adb commands, root and busybox... which are only available in a custom recovery or a rooted ROM (with USB debugging enabled)
and @cschmitt has modified TWRP to disregard the BCB http://forum.xda-developers.com/showpost.php?p=52262603&postcount=13
Download from AndroidFileHost: http://www.androidfilehost.com/?fid=23329332407590873 only applicable for M7_U or M7_UL models.
Step 1: Install the noBCB recovery
Code:
C:\ADB3>[B][COLOR="Blue"]fastboot devices[/COLOR][/B]
HT34xxxxxxxx fastboot [I]<- we're in bootloader[/I]
C:\ADB3>[B][COLOR="Blue"]fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img[/COLOR][/B]
target reported max download size of 1514139648 bytes
sending 'recovery' (11278 KB)...
OKAY [ 1.500s]
writing 'recovery'...
OKAY [ 1.240s]
finished. total time: 2.740s
C:\ADB3>[B][COLOR="Blue"]fastboot erase cache[/COLOR][/B]
******** Did you mean to fastboot format this partition?
erasing 'cache'...
OKAY [ 0.090s]
finished. total time: 0.090s
C:\ADB3>[B][COLOR="Blue"]fastboot reboot-bootloader[/COLOR][/B]
rebooting into bootloader...
OKAY [ 0.040s]
finished. total time: 0.040s
--> enter RECOVERY
Step 2: Backup your current mmcblk0p19
Code:
C:\ADB3>[B][COLOR="Blue"]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx recovery [I]<- you need to be in custom recovery to
ensure [B]root[/B] privileges[/I]
C:\ADB3>[B][COLOR="Blue"]adb shell dd if=/dev/block/mmcblk0p19 of=/tmp/mmcblk0p19_bak.img[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
C:\ADB3>[B][COLOR="Blue"]adb pull /tmp/mmcblk0p19_bak.img[/COLOR][/B]
2272 KB/s (1047040 bytes in 0.450s)
C:\ADB3>[B][COLOR="Blue"]dir[/COLOR][/B]
Volume in drive C has no label.
Volume Serial Number is 0622-9D4A
Directory of C:\ADB3
02/05/2014 18:40 <DIR> .
02/05/2014 18:40 <DIR> ..
02/05/2014 18:40 1,047,040 mmcblk0p19_bak.img
[B][I]^^ there it is[/I][/B]
Step 3: Repair mmcblk0p19
As I mentioned this is a work in progress, so for the time being, if you were able to backup your current mmcblk0p19, please compress and upload it, along with a "fastboot getvar all" (excluding IMEI and s/n).
And we'll have a look when we can, and send a "repaired" one back to you.
Step 4: Restore your repaired mmcblk0p19
Code:
C:\ADB3>[B][COLOR="Blue"]adb devices[/COLOR][/B]
List of devices attached
HT34xxxxxxxx recovery [I]<- you need to be in custom recovery to
ensure [B]root[/B] privileges[/I]
C:\ADB3>[B][COLOR="Blue"]adb push mmcblk0p19_repaired.img /tmp/[/COLOR][/B]
2130 KB/s (1047040 bytes in 0.479s)
C:\ADB3>[B][COLOR="Blue"]adb shell dd if=/tmp/mmcblk0p19_repaired.img of=/dev/block/mmcblk0p19[/COLOR][/B]
2045+0 records in
2045+0 records out
1047040 bytes (1022.5KB) copied, 0.048894 seconds, 20.4MB/s
C:\ADB3>[B][COLOR="Blue"]adb reboot bootloader[/COLOR][/B]
You should now be back in bootloader with NO active cmdline overflow, be able to flash, enter the recovery of your choice, and install things appropriate for your phone.
:victory:
-------------------------------------------------------------------------------------------------------------------------------------------
Revision history
2nd May 2014: Initial preview release.
-------------------------------------------------------------------------------------------------------------------------------------------
Disclaimer:
We are not responsible for anything going wrong with your phone!
credits:
@cschmitt for his work on the noBCB recovery, as well as his continued work on TWRP: http://forum.xda-developers.com/showthread.php?t=2708134
-------------------------------------------------------------------------------------------------------------------------------------------
If you found this thread useful or educational, please press the THANKS button for both of us .
-------------------------------------------------------------------------------------------------------------------------------------------
Some Background
It appears the 'active cmdline overflow' issue began with hboot 1.56. The error means that the command line passed from hboot to start the kernel (or recovery kernel) has exceeded the limit of the kernel command (1024 bytes.) Apparently, previous hboots ignored this error, but 1.56 halts the boot.
The kernel command line is constructed from (1) the command line contained within the kernel itself, (2) any arguments passed in to the kernel (i.e. with fastboot -c blah,blash boot boot.img), (3) the hboot itself, and (4) the bootloader command block (BCB) located in the misc partition (mmclbk0p19 on m7u, m7ul.)
A typical kernel command is around 700 to 800 bytes. You can check the kernel command by pulling the last_kmsg from the device
Code:
adb shell
su
cat /proc/last_kmsg > /sdcard/last_kmsg
exit
exit
adb pull /sdcard/last_kmsg
and searching for 'Kernel command line'. It will look something like this:
Code:
Kernel command line: poweron_status=1 reset_status=0 board_m7_ul.disable_uart3=0 diag.enabled=0 board_m7_ul.debug_uart=0 userdata_sel=0 androidboot.emmc=true androidboot.pagesize=2048 skuid=0 ddt=20 ats=0 dap=6 androidboot.lb=0 uif=?000 td.sf=0 td.td=0 td.ofs=328 td.prd=1 td.dly=0 td.tmo=300 hlog.ofs=628 un.ofs=696 imc_online_log=0 androidboot.efuse_info=4FSL androidboot.baseband=4T.24.3218.09 androidboot.cid=11111111 androidboot.devicerev=3 androidboot.batt_poweron=good_battery androidboot.carrier=ALL androidboot.mid=PN0712000 androidboot.keycaps=qwerty androidboot.dq=PASS androidboot.mode=recovery androidboot.serialno=HT34KWxxxxxx androidboot.bootloader=1.54.0000 lscd=0x1 wificd=0x1 androidboot.nledhw=0 androidboot.ddrmid=(0x6) acpu.footprint=FFFFFFFF abnrst=0 zygote_oneshot=on kmemleak=off rpm_debug.enable=0 console=ttyHSL0,115200,n8 androidboot.hardware=qcom user_debug=31
The BCB is 1088 bytes located at offset 0x800 in the misc partition (32 byte command, 32 byte status, 1024 byte recovery command.) Usually it zeroed out or contains a short command like 'recovery --wipe_data', but if it becomes corrupted (sometimes by flashing a rom for a different device which writes a kernel to p19) then this 'junk' data may be interpreted as kernel commands by the hboot and cause the command line to overflow, halting the boot.
Modified 'nobcb' TWRP Recovery
The modified TWRP recovery used in this solution is fairly simple. It has a modified get_args() method in recovery.cpp that skips reading the recovery command line arguments from the BCB, so that any junk data contained there is ignored and the recovery will boot successfully.
Additional Notes
I believe this solution requires S-OFF, as I don't think we can write to p19 with S-ON. We'll need to verify that, probably when someone with an S-ON device encounters 'active cmdline overflow'.
If that turns out to be the case I should be able to build a version of CM11 with a kernel that will ignore the BCB (similar to the no-bcb TWRP build) so that the device can boot an OS, use firewater to S-OFF, and then repair/restore p19.
Help me please
i do the first step but i still cant enter to recovery mode
bootloop on htc one logo
please help me
AjdinKuduzovic said:
i do the first step but i still cant enter to recovery mode
bootloop on htc one logo
please help me
Click to expand...
Click to collapse
after root and flash wrong rom i cant get in recovery mode any more i get (Entering Recovery mode) and its freeze on htc one logo
i flashed rom from this post http://forum.xda-developers.com/showthread.php?t=2626050
Deodexed version
please help me
Click to expand...
Click to collapse
Note: Target device: HTC Droid DNA (PL8320000)
you have just corrupted your misc partition, and are probably getting "active cmdline overflow" in the bootloader screen, and even an ruu won't fix that.
please post a "fastboot getvar all" (excluding IMEI and s/n) and a screenshot of bootloader.
nkk71 said:
please post a "fastboot getvar all" (excluding IMEI and s/n) and a screenshot of bootloader.
Click to expand...
Click to collapse
C:\adb>fastboot getvar all
< waiting for device >
(bootloader) version: 0.5
(bootloader) version-bootloader: 1.55.0000
(bootloader) version-baseband: 4A.21.3263.04
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main:
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) serialno: FA34CW904354
(bootloader) imei: xxxxxxxxxxxxxxxxxxx
(bootloader) meid: 00000000000000
(bootloader) product: m7_ul
(bootloader) platform: HBOOT-8064
(bootloader) modelid: PN0710000
(bootloader) cidnum: ORANG001
(bootloader) battery-status: good
(bootloader) battery-voltage: 4261mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-b0a25cb2
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
all: Done!
finished. total time: 0.142s
AjdinKuduzovic said:
C:\adb>fastboot getvar all
(bootloader) version-bootloader: 1.55.0000
(bootloader) version-main:
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) product: m7_ul
(bootloader) modelid: PN0710000
(bootloader) cidnum: ORANG001
finished. total time: 0.142s
Click to expand...
Click to collapse
hmm, S-On
1- is your bootloader unlocked
2- did you check MD5 on the download to make sure it's not corrupt
3- can you copy/paste the output of your command prompt when you're flashing the noBCB recovery
nkk71 said:
hmm, S-On
1- is your bootloader unlocked
2- did you check MD5 on the download to make sure it's not corrupt
3- can you copy/paste the output of your command prompt when you're flashing the noBCB recovery
Click to expand...
Click to collapse
C:\adb>fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img
sending 'recovery' (11278 KB)...
OKAY [ 1.364s]
writing 'recovery'...
OKAY [ 0.777s]
finished. total time: 2.151s
i tried to set s off i get error to
no luck for me
AjdinKuduzovic said:
C:\adb>fastboot flash recovery twrp-recovery-2.7-m7-nobcb.img
sending 'recovery' (11278 KB)...
OKAY [ 1.364s]
writing 'recovery'...
OKAY [ 0.777s]
finished. total time: 2.151s
i tried to set s off i get error to
no luck for me
Click to expand...
Click to collapse
3 questions, half an answer
after checking MD5, and flashing are you erasing cache.
If you can't get to recovery, there's nothing I can do.
nkk71 said:
3 questions, half an answer
after checking MD5, and flashing are you erasing cache.
If you can't get to recovery, there's nothing I can do.
Click to expand...
Click to collapse
yes i erase cache every time but still no luck
why i cant enter recovery mode i dont understand
AjdinKuduzovic said:
yes i erase cache every time but still no luck
why i cant enter recovery mode i dont understand
Click to expand...
Click to collapse
without a working recovery, there's not much that can be done.
can you extract the updater-script from the ROM you tried to flash, compress, and upload it. it's the following file inside the ROM.ZIP:
/META-INF/com/google/android/updater-script
nkk71 said:
without a working recovery, there's not much that can be done.
can you extract the updater-script from the ROM you tried to flash, compress, and upload it. it's the following file inside the ROM.ZIP:
/META-INF/com/google/android/updater-script
Click to expand...
Click to collapse
can you help me to S off for my htc one m7
AjdinKuduzovic said:
can you help me to S off for my htc one m7
Click to expand...
Click to collapse
you can't, to be able to S-Off you need a functioning ROM.
nkk71 said:
you can't, to be able to S-Off you need a functioning ROM.
Click to expand...
Click to collapse
what i can do ((((
@cschmitt, any idea why twrp_noBCB doesn't boot for this guy? do you have any time to build a CWM_noBCB, since sometimes (on regular recoveries, twrp bootloops, but cwm doesn't)... what do you think.
nkk71 said:
@cschmitt, any idea why twrp_noBCB doesn't boot for this guy? do you have any time to build a CWM_noBCB, since sometimes (on regular recoveries, twrp bootloops, but cwm doesn't)... what do you think.
Click to expand...
Click to collapse
i did the same problem and after search a lots of foruns i see one and solve the problem... just downgrade hboot and your htc one back to inicial
but if i upgrade hboot a got the same problem
Watashi_PT said:
i did the same problem and after search a lots of foruns i see one and solve the problem... just downgrade hboot and your htc one back to inicial
but if i upgrade hboot a got the same problem
Click to expand...
Click to collapse
yes, that's similar to the case that was fixed, we used hboot 1.44 + the noBCB recovery to get the misc partition, he sent it to us, we fixed it, and he flashed it back, and then was able to upgrade both hboot and use a normal recovery again without problems.
gazment said:
So I have a new getvar all after the ota install of latest sense 6.0 developers edition w/ self flash of hboot 1.44 afterwards:
Code:
C:\android\sdk\platform-tools>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 1.44.0000
(bootloader) version-main: 1.29.401.12
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) product: m7_ul
(bootloader) modelid: PN0713000
(bootloader) cidnum: 11111111
So weird!
i attached the blk019 .img file
Click to expand...
Click to collapse
Yep it's corrupt; another DLX kernel in there:
Code:
console=ttyHSL0,115200,n8 androidboot.hardware=[B][COLOR="Red"]dlx[/COLOR][/B] user_debug=31
I'll fix it and upload in a while....
EDIT: are you using custom recovery, or rooted rom to "dd" the partition?
gazment said:
thanks nkk71!
At the time I I made blk019 backup I didn't have root I believe just twrp no bcb recovery.
Click to expand...
Click to collapse
Attached is the fixed partition, extract it and put it in your adb/fastboot folder. then just boot back into the noBCB recovery and follow step 4.
and please be careful with the dd command, be sure to type it correctly (or copy/paste), you don't want to overwrite the wrong partition!!!
Let me know how it goes.
Hi guys, so a friend of mine got a Desire 820 dual sim few days back. Device came in a very messy condition in terms for software. It was already Super CID'd & S-OFFed, no option to update software & around 200 languages. So i tried different threads to fix the issue & upgrade the phone to Lollipop.
I was able to get it back to stock Indian KK RUU 1.22.720.1 assuming that it was an Indian variant based on its id A51_DTUL but it was not the case.. After downloading the 1.22.720.10 update, it was giving me error like Modified System or Wrong Variant
Cut short i managed to identify / fix the problem & successfully upgraded the phone to Android L
Story line is that most of the guides available for 820 dual sim Lollipop upgrade are for the Indian variant with MID 0PFJ10000. Problem occurring is with its Chinesse sibbling with MID 0PFJ11000 & this is where the phone wont allow you to do software updates.
RUU is just checking the CID while in the OTA updater-script they have plenty of checks before flashing it.
So in the below KK updater-script, you can see that first it is checking for the current firmware, then CID & then MID
PHP:
mount("ext4", "EMMC", "system", "/system");
assert(file_getprop("/system/build.prop", "ro.build.fingerprint") == "htc/htc_asia_india/htc_a51dtul:4.4.4/KTU84P/429556.1:user/release-keys" ||
file_getprop("/system/build.prop", "ro.build.fingerprint") == "htc/htc_asia_india/htc_a51dtul:4.4.4/KTU84P/429556.10:user/release-keys");
assert(file_getprop("/system/build.prop", "ro.aa.taskid") == "402794" ||
file_getprop("/system/build.prop", "ro.aa.taskid") == "447333");
ifelse( is_ship_bootloader(getprop("ro.bootloader")) == "t" ,
assert(check_cid(getprop("ro.cid"), "00000000" , "11111111" ,
"22222222" , "33333333" , "44444444" , "55555555" , "66666666" ,
"77777777" , "88888888" , "99999999" , "HTC__038") == "t");
);
ifelse( is_ship_bootloader(getprop("ro.bootloader")) == "t" ,
assert(check_mid("full", "0PFJ10000") == "t");,
assert(check_mid("simple", "0PFJ10000") == "t");
This is point where we get Wrong Variant or Modified System error on device other than 0PFJ10000 MID.
So inorder to get rid of this error & getting all the updates automatically while keeping your ROM in stock status. These are the requirements / guidelines.
Required:
S-OFF
Root
Super CID
I assume you already know about fastboot commands stuff
So before proceeding, verify that you phone is A51_DTUL & the processor type is hTCBmsm8939 with 2GB of RAM. You can do this by booting into bootloader & run command fastboot getvar all
1st step, change MID of your device -> from 0PFJ11000 to 0PFJ10000. Run the following ADB commands:
PHP:
adb shell
su
echo -ne '\x30\x00\x50\x00\x46\x00\x4a\x00\x31\x00\x30\x00\x30\x00\x30\x00\x30' | dd of=/dev/block/mmcblk0p5 bs=1 seek=16384
exit
exit
adb reboot bootloader
Now once the commands are successful, to verify the MID in fastboot again verify it with command fastboot getvar MID. It should now be 0PFJ10000
So we killed the BUG :laugh:
2nd step:
2a. download Indian KK RUU from this thread -> Thanks to sshivampp & robinsahlot
2b. Rename the downloaded ZIP to “0PFJIMG.zip” or to 0PFJIMG.txt incase you are unable to copy it
2c. Copy the 0PFJIMG.txt / zip file to the External SD card & do change the extension back to .zip incase you had to change it to .txt
2d. Reboot into bootloader & dont forget to disable Fastboot option under power settings
2e. Press Vol up for update once prompted
You will lot of checks & update prompts on the screen
Once successful, reboot the phone & check for software updates. You should now be able to install all the OTAs without any errors
Special thanks to h1dd3n_sn1p3r for his initial guide on upgrading to Android L.
And our dexter, Mr. scotty1223 for his amazing guides & work. Through which i was able to figure out MID change part
Lovely! Thanks for credit towards me!
Excellent find bro ?
Any one knows MID of HK variant?
help
Hey, thanks for this post, i have tried every solution posted in this site, but anyone of them worked, this one seems the most effective one, but i cant change the MID! I copy the code, hit enter, the window closes, but when i reboot the phone and check de getvar mid, it doesnt change! what can i do? i have the phone in S-OFF, rooted and super CID... the phone was unlocked, tried this way, but now is relocked, tried this one also but its the same MID ..thaks for the help u can give me
ok i try some of the code, just to avoid the window from closing and it says this :
adb shell
adb server is out of date. killing...
* daemon started successfully *
error: device not found...
gpcga said:
Hey, thanks for this post, i have tried every solution posted in this site, but anyone of them worked, this one seems the most effective one, but i cant change the MID! I copy the code, hit enter, the window closes, but when i reboot the phone and check de getvar mid, it doesnt change! what can i do? i have the phone in S-OFF, rooted and super CID... the phone was unlocked, tried this way, but now is relocked, tried this one also but its the same MID ..thaks for the help u can give me
ok i try some of the code, just to avoid the window from closing and it says this :
adb shell
adb server is out of date. killing...
* daemon started successfully *
error: device not found...
Click to expand...
Click to collapse
What is the current MID of your device? also is it Qualcomm processor? If you boot the phone nornally with ADB debugging. is it detected? as from the last line it seems device is not connected or not detected
I changed the recovery
Hello, the phone didn't connect because of the recovery, I flashed another one, and that was it. Thanks, I have the stock lollipop 5.0.2 now. This is the only solution that worked fast and effective.
fshami said:
What is the current MID of your device? also is it Qualcomm processor? If you boot the phone nornally with ADB debugging. is it detected? as from the last line it seems device is not connected or not detected
Click to expand...
Click to collapse
Would this method work on my Chinese Desire 820t?
sponmagnet said:
Would this method work on my Chinese Desire 820t?
Click to expand...
Click to collapse
This thread is for the non-indian variants with Qualcomm chipset.. all details in first post. So if u have the same mid OPFJ11xxx then go a head & try.. be sure ur hardware specs match as i mentioned in the guide
Can anybody post instructions of how to change MID to TW variant? (-> from 0PFJ10000 to 0PFJ12000)
Prowler_gr said:
Can anybody post instructions of how to change MID to TW variant? (-> from 0PFJ10000 to 0PFJ12000)
Click to expand...
Click to collapse
PHP:
adb shell
su
echo -ne '\x30\x00\x50\x00\x46\x00\x4a\x00\x31\x00\x32\x00\x30\x00\x30\x00\x30' | dd of=/dev/block/mmcblk0p5 bs=1 seek=16384
exit
exit
adb reboot bootloader
I am getting error
"adb shell
adb server is out of date. killing...
* daemon started successfully *
error: device not found..."
Device is connected !!!
I tried everything but nothing works...
I want my phone to run on lollipop
please help me
shubhamkanwaria said:
I am getting error
"adb shell
adb server is out of date. killing...
* daemon started successfully *
error: device not found..."
Device is connected !!!
I tried everything but nothing works...
I want my phone to run on lollipop
please help me
Click to expand...
Click to collapse
Check if USB debugging is enabled.. and after connecting the phone, all drivers are installed properly
fshami said:
Check if USB debugging is enabled.. and after connecting the phone, all drivers are installed properly
Click to expand...
Click to collapse
USB debugging is enabled and all drivers are properly installed but still same error.
shubhamkanwaria said:
USB debugging is enabled and all drivers are properly installed but still same error.
Click to expand...
Click to collapse
If your phone is booted, still adb devices command is not showing your device?
Sent from my HTC One E9PLUS dual sim using XDA-Developers mobile app
fshami said:
If your phone is booted, still adb devices command is not showing your device?
Sent from my HTC One E9PLUS dual sim using XDA-Developers mobile app
Click to expand...
Click to collapse
Thank you so much... i got it... Now my phone running on lollipop.....
shubhamkanwaria said:
Thank you so much... i got it... Now my phone running on lollipop.....
Click to expand...
Click to collapse
glad to help
fshami said:
Hi guys, so a friend of mine got a Desire 820 dual sim few days back. Device came in a very messy condition in terms for software. It was already Super CID'd & S-OFFed, no option to update software & around 200 languages. So i tried different threads to fix the issue & upgrade the phone to Lollipop.
I was able to get it back to stock Indian KK RUU 1.22.720.1 assuming that it was an Indian variant based on its id A51_DTUL but it was not the case.. After downloading the 1.22.720.10 update, it was giving me error like Modified System or Wrong Variant
Cut short i managed to identify / fix the problem & successfully upgraded the phone to Android L
Story line is that most of the guides available for 820 dual sim Lollipop upgrade are for the Indian variant with MID 0PFJ10000. Problem occurring is with its Chinesse sibbling with MID 0PFJ11000 & this is where the phone wont allow you to do software updates.
RUU is just checking the CID while in the OTA updater-script they have plenty of checks before flashing it.
So in the below KK updater-script, you can see that first it is checking for the current firmware, then CID & then MID
PHP:
mount("ext4", "EMMC", "system", "/system");
assert(file_getprop("/system/build.prop", "ro.build.fingerprint") == "htc/htc_asia_india/htc_a51dtul:4.4.4/KTU84P/429556.1:user/release-keys" ||
file_getprop("/system/build.prop", "ro.build.fingerprint") == "htc/htc_asia_india/htc_a51dtul:4.4.4/KTU84P/429556.10:user/release-keys");
assert(file_getprop("/system/build.prop", "ro.aa.taskid") == "402794" ||
file_getprop("/system/build.prop", "ro.aa.taskid") == "447333");
ifelse( is_ship_bootloader(getprop("ro.bootloader")) == "t" ,
assert(check_cid(getprop("ro.cid"), "00000000" , "11111111" ,
"22222222" , "33333333" , "44444444" , "55555555" , "66666666" ,
"77777777" , "88888888" , "99999999" , "HTC__038") == "t");
);
ifelse( is_ship_bootloader(getprop("ro.bootloader")) == "t" ,
assert(check_mid("full", "0PFJ10000") == "t");,
assert(check_mid("simple", "0PFJ10000") == "t");
This is point where we get Wrong Variant or Modified System error on device other than 0PFJ10000 MID.
So inorder to get rid of this error & getting all the updates automatically while keeping your ROM in stock status. These are the requirements / guidelines.
Required:
S-OFF
Root
Super CID
I assume you already know about fastboot commands stuff
So before proceeding, verify that you phone is A51_DTUL & the processor type is hTCBmsm8939 with 2GB of RAM. You can do this by booting into bootloader & run command fastboot getvar all
1st step, change MID of your device -> from 0PFJ11000 to 0PFJ10000. Run the following ADB commands:
PHP:
adb shell
su
echo -ne '\x30\x00\x50\x00\x46\x00\x4a\x00\x31\x00\x30\x00\x30\x00\x30\x00\x30' | dd of=/dev/block/mmcblk0p5 bs=1 seek=16384
exit
exit
adb reboot bootloader
Now once the commands are successful, to verify the MID in fastboot again verify it with command fastboot getvar MID. It should now be 0PFJ10000
So we killed the BUG :laugh:
2nd step:
2a. download Indian KK RUU from this thread -> Thanks to sshivampp & robinsahlot
2b. Rename the downloaded ZIP to “0PFJIMG.zip” or to 0PFJIMG.txt incase you are unable to copy it
2c. Copy the 0PFJIMG.txt / zip file to the External SD card & do change the extension back to .zip incase you had to change it to .txt
2d. Reboot into bootloader & dont forget to disable Fastboot option under power settings
2e. Press Vol up for update once prompted
You will lot of checks & update prompts on the screen
Once successful, reboot the phone & check for software updates. You should now be able to install all the OTAs without any errors
Special thanks to h1dd3n_sn1p3r for his initial guide on upgrading to Android L.
And our dexter, Mr. scotty1223 for his amazing guides & work. Through which i was able to figure out MID change part
Click to expand...
Click to collapse
sorry .. this is no more available .. please check the next replay #18
fshami said:
Hi guys, so a friend of mine got a Desire 820 dual sim few days back. Device came in a very messy condition in terms for software. It was already Super CID'd & S-OFFed, no option to update software & around 200 languages. So i tried different threads to fix the issue & upgrade the phone to Lollipop.
I was able to get it back to stock Indian KK RUU 1.22.720.1 assuming that it was an Indian variant based on its id A51_DTUL but it was not the case.. After downloading the 1.22.720.10 update, it was giving me error like Modified System or Wrong Variant
Cut short i managed to identify / fix the problem & successfully upgraded the phone to Android L
Story line is that most of the guides available for 820 dual sim Lollipop upgrade are for the Indian variant with MID 0PFJ10000. Problem occurring is with its Chinesse sibbling with MID 0PFJ11000 & this is where the phone wont allow you to do software updates.
RUU is just checking the CID while in the OTA updater-script they have plenty of checks before flashing it.
So in the below KK updater-script, you can see that first it is checking for the current firmware, then CID & then MID
PHP:
mount("ext4", "EMMC", "system", "/system");
assert(file_getprop("/system/build.prop", "ro.build.fingerprint") == "htc/htc_asia_india/htc_a51dtul:4.4.4/KTU84P/429556.1:user/release-keys" ||
file_getprop("/system/build.prop", "ro.build.fingerprint") == "htc/htc_asia_india/htc_a51dtul:4.4.4/KTU84P/429556.10:user/release-keys");
assert(file_getprop("/system/build.prop", "ro.aa.taskid") == "402794" ||
file_getprop("/system/build.prop", "ro.aa.taskid") == "447333");
ifelse( is_ship_bootloader(getprop("ro.bootloader")) == "t" ,
assert(check_cid(getprop("ro.cid"), "00000000" , "11111111" ,
"22222222" , "33333333" , "44444444" , "55555555" , "66666666" ,
"77777777" , "88888888" , "99999999" , "HTC__038") == "t");
);
ifelse( is_ship_bootloader(getprop("ro.bootloader")) == "t" ,
assert(check_mid("full", "0PFJ10000") == "t");,
assert(check_mid("simple", "0PFJ10000") == "t");
This is point where we get Wrong Variant or Modified System error on device other than 0PFJ10000 MID.
So inorder to get rid of this error & getting all the updates automatically while keeping your ROM in stock status. These are the requirements / guidelines.
Required:
S-OFF
Root
Super CID
I assume you already know about fastboot commands stuff
So before proceeding, verify that you phone is A51_DTUL & the processor type is hTCBmsm8939 with 2GB of RAM. You can do this by booting into bootloader & run command fastboot getvar all
1st step, change MID of your device -> from 0PFJ11000 to 0PFJ10000. Run the following ADB commands:
PHP:
adb shell
su
echo -ne '\x30\x00\x50\x00\x46\x00\x4a\x00\x31\x00\x30\x00\x30\x00\x30\x00\x30' | dd of=/dev/block/mmcblk0p5 bs=1 seek=16384
exit
exit
adb reboot bootloader
Now once the commands are successful, to verify the MID in fastboot again verify it with command fastboot getvar MID. It should now be 0PFJ10000
So we killed the BUG :laugh:
2nd step:
2a. download Indian KK RUU from this thread -> Thanks to sshivampp & robinsahlot
2b. Rename the downloaded ZIP to “0PFJIMG.zip” or to 0PFJIMG.txt incase you are unable to copy it
2c. Copy the 0PFJIMG.txt / zip file to the External SD card & do change the extension back to .zip incase you had to change it to .txt
2d. Reboot into bootloader & dont forget to disable Fastboot option under power settings
2e. Press Vol up for update once prompted
You will lot of checks & update prompts on the screen
Once successful, reboot the phone & check for software updates. You should now be able to install all the OTAs without any errors
Special thanks to h1dd3n_sn1p3r for his initial guide on upgrading to Android L.
And our dexter, Mr. scotty1223 for his amazing guides & work. Through which i was able to figure out MID change part
Click to expand...
Click to collapse
my data before :
D:\HTC\fastboot>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 3.19.0.0000
(bootloader) version-baseband: 01.01.010_U1030481_08.01.41119
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 1.22.720.1
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) serialno: HC4ANYC01045
(bootloader) imei: 355386060878133
(bootloader) imei2: 355386060878141
(bootloader) meid: 00000000000000
(bootloader) product: a51_dtul
(bootloader) platform: hTCBmsm8939
(bootloader) modelid: 0PFJ11000
(bootloader) cidnum: 11111111
(bootloader) battery-status: good
(bootloader) battery-voltage: 0mV
(bootloader) partition-layout: Generic
(bootloader) security: off
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: ed7d3c37
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
(bootloader) mfg-name:
all: Done!
finished. total time: 0.022s
D:\HTC\fastboot>
and do :
D:\HTC\fastboot>adb shell
[email protected]_a51dtul:/ $ su
[email protected]_a51dtul:/ # echo -ne '\x30\x00\x50\x00\x46\x00\x4a\x00\x31\x00\x30\x0>
17+0 records in
17+0 records out
17 bytes transferred in 0.005 secs (3400 bytes/sec)
[email protected]_a51dtul:/ # exit
[email protected]_a51dtul:/ $ exit
so the data after :
D:\HTC\fastboot>fastboot getvar mid
mid: 0PFJ10000
finished. total time: 0.002s
D:\HTC\fastboot>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 3.19.0.0000
(bootloader) version-baseband: 01.01.010_U1030481_08.01.41119
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 1.22.720.1
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) serialno: HC4ANYC01045
(bootloader) imei: 355386060878133
(bootloader) imei2: 355386060878141
(bootloader) meid: 00000000000000
(bootloader) product: a51_dtul
(bootloader) platform: hTCBmsm8939
(bootloader) modelid: 0PFJ10000
(bootloader) cidnum: 11111111
(bootloader) battery-status: good
(bootloader) battery-voltage: 0mV
(bootloader) partition-layout: Generic
(bootloader) security: off
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: ed7d3c37
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
(bootloader) mfg-name:
all: Done!
finished. total time: 0.034s
D:\HTC\fastboot>
checked update .. 70.01MB .. downloaded .. but still got the msg (your system modified contact htc)
#Note : i was downloaded the ruu that you mention .. just changed mid then checked update
any help ??
nabilovetch said:
my data before :
D:\HTC\fastboot>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 3.19.0.0000
(bootloader) version-baseband: 01.01.010_U1030481_08.01.41119
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 1.22.720.1
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) serialno: HC4ANYC01045
(bootloader) imei: 355386060878133
(bootloader) imei2: 355386060878141
(bootloader) meid: 00000000000000
(bootloader) product: a51_dtul
(bootloader) platform: hTCBmsm8939
(bootloader) modelid: 0PFJ11000
(bootloader) cidnum: 11111111
(bootloader) battery-status: good
(bootloader) battery-voltage: 0mV
(bootloader) partition-layout: Generic
(bootloader) security: off
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: ed7d3c37
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
(bootloader) mfg-name:
all: Done!
finished. total time: 0.022s
D:\HTC\fastboot>
and do :
D:\HTC\fastboot>adb shell
[email protected]_a51dtul:/ $ su
[email protected]_a51dtul:/ # echo -ne '\x30\x00\x50\x00\x46\x00\x4a\x00\x31\x00\x30\x0>
17+0 records in
17+0 records out
17 bytes transferred in 0.005 secs (3400 bytes/sec)
[email protected]_a51dtul:/ # exit
[email protected]_a51dtul:/ $ exit
so the data after :
D:\HTC\fastboot>fastboot getvar mid
mid: 0PFJ10000
finished. total time: 0.002s
D:\HTC\fastboot>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 3.19.0.0000
(bootloader) version-baseband: 01.01.010_U1030481_08.01.41119
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 1.22.720.1
(bootloader) version-misc: PVT SHIP S-OFF
(bootloader) serialno: HC4ANYC01045
(bootloader) imei: 355386060878133
(bootloader) imei2: 355386060878141
(bootloader) meid: 00000000000000
(bootloader) product: a51_dtul
(bootloader) platform: hTCBmsm8939
(bootloader) modelid: 0PFJ10000
(bootloader) cidnum: 11111111
(bootloader) battery-status: good
(bootloader) battery-voltage: 0mV
(bootloader) partition-layout: Generic
(bootloader) security: off
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: ed7d3c37
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
(bootloader) mfg-name:
all: Done!
finished. total time: 0.034s
D:\HTC\fastboot>
checked update .. 70.01MB .. downloaded .. but still got the msg (your system modified contact htc)
#Note : i was downloaded the ruu that you mention .. just changed mid then checked update
any help ??
Click to expand...
Click to collapse
Good you've changed CID & MID. Now download & flash the RUU i mentioned. Once flashed then your device will do updates
Sent from my HTC One E9PLUS dual sim using XDA-Developers mobile app
fshami said:
Good you've changed CID & MID. Now download & flash the RUU i mentioned. Once flashed then your device will do updates
Sent from my HTC One E9PLUS dual sim using XDA- mobile app
Click to expand...
Click to collapse
i do factory reset and reflash ruu using sd card ..
still got the msg (your software is modified, contact htc)