Database Users

[How to] Restore to Complete stock T-Mobile HTC One w/ Locked bootloader & S-on

This is gonna be a lengthy tutorial, I'll be very clear and specific in my details and requirements, you are entirely responsible for what you do to your device, I can confirm here works and the end result is a completely stock device which is updateable, etc, any mistakes, missed steps and any other user error is your fault, so read and follow instructions carefully, that is all. Links for files, requirements, etc will be provided at the end of this tutorial.
Let's begin:
Requirements:
1. Nandroid backup of T-Mobile stock 1.27 rom, since we have no ruu to work with, link provided. (credit to whomever uploaded it)
2. CWM recovery along with ROM manager from the playstore, I may or may not make a flashable zip of the nandroid, depends on when I get time to do so.
3. Root and s-off
4. revone s-off tool (bin file to be specific)
5. a pc or some other way of unzipping the nandroid backup, do not use your device to unzip it, it may or may not unzip correctly, chances are you'll waste your time unzipping over and over pointlessly.
6. adb toolkit (mini kit at the end)
7. knowledge on how to use adb, etc is a plus.
8. KNOW HOW TO READ
9. An HTC one that's at least rooted.
10. Patience
Steps:
1. Gather all your required files, take the all in one toolkit I link which contains revone, adb, stock recovery and cwm. You can placed the downloaded nandroid wherever you want to.
2. Unzip the nandroid backup and place it on the internal memory of the device in the "sdcard/clockworkmod/backup/" folder, do not rename the unzipped file.
3. Run the cwm flash script to replace your recovery with cwm touch recovery, device needs to be in android, not fastboot, device will reboot to android upon successfully flashing cwm recovery.
4. Open rom manager and select "Manage and Restore Backups", it should detect the nandroid, select it and choose to restore, let the device reboot and restore the nandroid.
5. Once complete, do a factory reset(optional) and reboot
6. Next step would be to flash the stock recovery by using the script provided followed by the stock hboot, if hboot flashing fails look at the bottom for the step to fix this.
7. now that's we're on stock recovery and stock rom, our next step would be to lock the bootloader and put the device to s-on, this is where it get's technical:
Lock bootloader using revone:
1. open a command prompt then cd to the folder of your mini sdk, example: cd C:/Users/Random Name/Downloads/mini-sdk
2. In the command prompt window push the revone bin file via "adb push revone /data/local/tmp"
3. Open adb shell: adb shell
4. then: cd /data/local/tmp
5. followed by: chmod 755 revone
6. then: ./revone -P
7. once it reports success it should say whether it requires reboot or not: ./revone -s 0 -l (this changes the bootloader status to **Locked**, -t to remove tamper, -u to **Unlocked** and S-Off, -r for **Relocked**, use as required)
8. Bootloader is now back to locked status, type: reboot bootloader
S-On
Device will be in fastboot mode where you should see **Locked** follow below it by S-Off
1. To change it to s-on, in the command prompt type: fastboot oem writesecureflag 3
2. then fastboot reboot
3. Device will boot into android, you will be prompted by a software update, which you can do at your own leisure whether you'd like to or not, your call.
Voila, you're back on Official stock, completely untouched device.
Optional steps, if needed.
Back to Stock CID:
While in fastboot use the command: fastboot oem writecid T-MOB010 (this needs to be done before you s-off) (script provided)
Flashing stock firmware package
Now flashing this package may fail, it is to be done while you're s-off.
You may flash the firmware.zip package via command line by the following commands:
1. fastboot oem rebootRUU
2. fastboot flash zip firmware.zip (this is named tmo.zip in the package)
3. fastboot reboot-bootloader
(was it a success?, if yes, proceed to locking the bootloader and s-on)
IF flashing the firmware package fails, flash the hboot manually via the command below (hboot provided in a separate zip in case of this):
1. fastboot oem rebootRUU
2. fastboot flash zip boot.zip
3. fastboot reboot-bootloader
should this fail as well, run the super cid script, re-do the above steps, then run the stock tmo cid script.
Then proceed with s-on/lock bootloader. There are a few kinks to be worked out, sadly I have not the time to do this at the moment.
Nandroid backup: https://mega.co.nz/#!gpIFGR7L!c5o74Ex6k3wkVlWKWgSrJBrguShtjHXeB6YQPmoqAmM (credit to uploader, I'll look for the correct screen name as soon as I can)
In case of no signal: which shouldn't be flash a radio: http://forum.xda-developers.com/showthread.php?t=2245615
Mini sdk with scripts: http://d-h.st/z8c
Revone: http://forum.xda-developers.com/showthread.php?t=2314582
NOTE: Video coming soon, credits whomever until I give it accordingly, this was put together in a rush, so didn't get the chance to look see at all the screenies, screenshots and video to come.

dark nightmare said:
this is gonna be a lengthy tutorial, i'll be very clear and specific in my details and requirements, you are entirely responsible for what you do to your device, i can confirm here works and the end result is a completely stock device which is updateable, etc, any mistakes, missed steps and any other user error is your fault, so read and follow instructions carefully, that is all. Links for files, requirements, etc will be provided at the end of this tutorial.
Let's begin:
Requirements:
1. Nandroid backup of t-mobile stock 1.27 rom, since we have no ruu to work with, link provided. (credit to whomever uploaded it)
2. Cwm recovery along with rom manager from the playstore, i may or may not make a flashable zip of the nandroid, depends on when i get time to do so.
3. Root and s-off
4. Revone s-off tool (bin file to be specific)
5. A pc or some other way of unzipping the nandroid backup, do not use your device to unzip it, it may or may not unzip correctly, chances are you'll waste your time unzipping over and over pointlessly.
6. Adb toolkit (mini kit at the end)
7. Knowledge on how to use adb, etc is a plus.
8. Know how to read
9. An htc one that's at least rooted.
10. Patience
steps:
1. Gather all your required files, take the all in one toolkit i link which contains revone, adb, stock recovery and cwm. You can placed the downloaded nandroid wherever you want to.
2. Unzip the nandroid backup and place it on the internal memory of the device in the "sdcard/clockworkmod/backup/" folder, do not rename the unzipped file.
3. Run the cwm flash script to replace your recovery with cwm touch recovery, device needs to be in android, not fastboot, device will reboot to android upon successfully flashing cwm recovery.
4. Open rom manager and select "manage and restore backups", it should detect the nandroid, select it and choose to restore, let the device reboot and restore the nandroid.
5. Once complete, do a factory reset(optional) and reboot
6. Next step would be to flash the stock recovery by using the script provided followed by the stock hboot, if hboot flashing fails look at the bottom for the step to fix this.
7. Now that's we're on stock recovery and stock rom, our next step would be to lock the bootloader and put the device to s-on, this is where it get's technical:
Lock bootloader using revone:
1. Open a command prompt then cd to the folder of your mini sdk, example: Cd c:/users/random name/downloads/mini-sdk
2. In the command prompt window push the revone bin file via "adb push revone /data/local/tmp"
3. Open adb shell: Adb shell
4. Then: Cd /data/local/tmp
5. Followed by: Chmod 755 revone
6. Then: ./revone -p
7. Once it reports success it should say whether it requires reboot or not: ./revone -s 0 -l (this changes the bootloader status to **locked**, -t to remove tamper, -u to **unlocked** and s-off, -r for **relocked**, use as required)
8. Bootloader is now back to locked status, type: Reboot bootloader
s-on
device will be in fastboot mode where you should see **locked** follow below it by s-off
1. To change it to s-on, in the command prompt type: Fastboot oem writesecureflag 3
2. Then fastboot reboot
3. Device will boot into android, you will be prompted by a software update, which you can do at your own leisure whether you'd like to or not, your call.
Voila, you're back on official stock, completely untouched device.
Optional steps, if needed.
Back to stock cid:
While in fastboot use the command: Fastboot oem writecid t-mob010 (this needs to be done before you s-off) (script provided)
flashing stock firmware package
now flashing this package may fail, it is to be done while you're s-off.
You may flash the firmware.zip package via command line by the following commands:
1. Fastboot oem rebootruu
2. Fastboot flash zip firmware.zip (this is named tmo.zip in the package)
3. Fastboot reboot-bootloader
(was it a success?, if yes, proceed to locking the bootloader and s-on)
if flashing the firmware package fails, flash the hboot manually via the command below (hboot provided in a separate zip in case of this):
1. Fastboot oem rebootruu
2. Fastboot flash zip boot.zip
3. Fastboot reboot-bootloader
should this fail as well, run the super cid script, re-do the above steps, then run the stock tmo cid script.
Then proceed with s-on/lock bootloader. There are a few kinks to be worked out, sadly i have not the time to do this at the moment.
Nandroid backup: https://mega.co.nz/#!gpifgr7l!c5o74ex6k3wkvlwkwgsrjbrgushtjhxeb6yqpmoqamm (credit to uploader, i'll look for the correct screen name as soon as i can)
in case of no signal: Which shouldn't be flash a radio: http://forum.xda-developers.com/showthread.php?t=2245615
mini sdk with scripts: http://d-h.st/z8c
revone: http://forum.xda-developers.com/showthread.php?t=2314582
note: Video coming soon, credits whomever until i give it accordingly, this was put together in a rush, so didn't get the chance to look see at all the screenies, screenshots and video to come.
Click to expand...
Click to collapse
you the best! Thanks

I assume if i replace the at&t nandroid with a bell nandroid one i can restore to bell following the rest of the steps?

redzone321 said:
I assume if i replace the at&t nandroid with a bell nandroid one i can restore to bell following the rest of the steps?
Click to expand...
Click to collapse
Yup, you just need to know what the bell cid is, in case you changed to super cid.

I'm getting an MD5 mismatch in CWM...should I just try downloading again

mcdsmaster8824 said:
I'm getting an MD5 mismatch in CWM...should I just try downloading again
Click to expand...
Click to collapse
You can try unzipping via computer and not your phone, if you absolutely have to use your phone, you can try zarchiver, otherwise, may be a bad download.

Hi,
Great that we have this thread.
Should flashing back to stock t-mobile firmware be a step in case someone flashed another firmware package during their many travels of flashing their device? I'm thinking some people may have tried out latest firmware packages like 2.17 or 2.24 and I'm thinking flashing a 1.27.531.x nandroid may not work on a higher firmware package?
http://forum.xda-developers.com/showthread.php?t=2355814
TMOUS Custom Firmware Package - 1.27.531.8
Sent from my HTC One using Tapatalk 2

gustav30 said:
Hi,
Great that we have this thread.
Should flashing back to stock t-mobile firmware be a step in case someone flashed another firmware package during their many travels of flashing their device? I'm thinking some people may have tried out latest firmware packages like 2.17 or 2.24 and I'm thinking flashing a 1.27.531.x nandroid may not work on a higher firmware package?
http://forum.xda-developers.com/showthread.php?t=2355814
TMOUS Custom Firmware Package - 1.27.531.8
Sent from my HTC One using Tapatalk 2
Click to expand...
Click to collapse
I already thought of that, hence the firmware package in the bottom notes.

My bad for not reading all the way through! Glad we have this.
Sent from my HTC One using Tapatalk 4 Beta

Thanks for this great guide!
Would it be possible to add a section for restoring to the stock bootloader for anyone like me who flashed to Google Edition RUU (which replaces boot/recovery/ROM)?

dozybolox13 said:
Thanks for this great guide!
Would it be possible to add a section for restoring to the stock bootloader for anyone like me who flashed to Google Edition RUU (which replaces boot/recovery/ROM)?
Click to expand...
Click to collapse
Bootloader/recovery/stock rom are all a part of this guide buddy, the hboot section is your bootloader, there's the recovery section right there as well (last step before s-on/locked status) and the nandroid that you'll be restoring is the stock rom, once I get time tonight, I'll work on making the nandroid a flashable rom instead to make things easier.

Worked perfectly, thanks!

thank you!

Nandroid backup is "temporary unavailable" on mega - can you post a mirror?
Thanks
Edit: Was able to finally download with megadownloader and restore my device - your guide worked brilliantly, thanks!

I have a problem
Dark Nightmare said:
This is gonna be a lengthy tutorial, I'll be very clear and specific in my details and requirements, you are entirely responsible for what you do to your device, I can confirm here works and the end result is a completely stock device which is updateable, etc, any mistakes, missed steps and any other user error is your fault, so read and follow instructions carefully, that is all. Links for files, requirements, etc will be provided at the end of this tutorial.
Let's begin:
Requirements:
1. Nandroid backup of T-Mobile stock 1.27 rom, since we have no ruu to work with, link provided. (credit to whomever uploaded it)
2. CWM recovery along with ROM manager from the playstore, I may or may not make a flashable zip of the nandroid, depends on when I get time to do so.
3. Root and s-off
4. revone s-off tool (bin file to be specific)
5. a pc or some other way of unzipping the nandroid backup, do not use your device to unzip it, it may or may not unzip correctly, chances are you'll waste your time unzipping over and over pointlessly.
6. adb toolkit (mini kit at the end)
7. knowledge on how to use adb, etc is a plus.
8. KNOW HOW TO READ
9. An HTC one that's at least rooted.
10. Patience
Steps:
1. Gather all your required files, take the all in one toolkit I link which contains revone, adb, stock recovery and cwm. You can placed the downloaded nandroid wherever you want to.
2. Unzip the nandroid backup and place it on the internal memory of the device in the "sdcard/clockworkmod/backup/" folder, do not rename the unzipped file.
3. Run the cwm flash script to replace your recovery with cwm touch recovery, device needs to be in android, not fastboot, device will reboot to android upon successfully flashing cwm recovery.
4. Open rom manager and select "Manage and Restore Backups", it should detect the nandroid, select it and choose to restore, let the device reboot and restore the nandroid.
5. Once complete, do a factory reset(optional) and reboot
6. Next step would be to flash the stock recovery by using the script provided followed by the stock hboot, if hboot flashing fails look at the bottom for the step to fix this.
7. now that's we're on stock recovery and stock rom, our next step would be to lock the bootloader and put the device to s-on, this is where it get's technical:
Lock bootloader using revone:
1. open a command prompt then cd to the folder of your mini sdk, example: cd C:/Users/Random Name/Downloads/mini-sdk
2. In the command prompt window push the revone bin file via "adb push revone /data/local/tmp"
3. Open adb shell: adb shell
4. then: cd /data/local/tmp
5. followed by: chmod 755 revone
6. then: ./revone -P
7. once it reports success it should say whether it requires reboot or not: ./revone -s 0 -l (this changes the bootloader status to **Locked**, -t to remove tamper, -u to **Unlocked** and S-Off, -r for **Relocked**, use as required)
8. Bootloader is now back to locked status, type: reboot bootloader
S-On
Device will be in fastboot mode where you should see **Locked** follow below it by S-Off
1. To change it to s-on, in the command prompt type: fastboot oem writesecureflag 3
2. then fastboot reboot
3. Device will boot into android, you will be prompted by a software update, which you can do at your own leisure whether you'd like to or not, your call.
Voila, you're back on Official stock, completely untouched device.
Optional steps, if needed.
Back to Stock CID:
While in fastboot use the command: fastboot oem writecid T-MOB010 (this needs to be done before you s-off) (script provided)
Flashing stock firmware package
Now flashing this package may fail, it is to be done while you're s-off.
You may flash the firmware.zip package via command line by the following commands:
1. fastboot oem rebootRUU
2. fastboot flash zip firmware.zip (this is named tmo.zip in the package)
3. fastboot reboot-bootloader
(was it a success?, if yes, proceed to locking the bootloader and s-on)
IF flashing the firmware package fails, flash the hboot manually via the command below (hboot provided in a separate zip in case of this):
1. fastboot oem rebootRUU
2. fastboot flash zip boot.zip
3. fastboot reboot-bootloader
should this fail as well, run the super cid script, re-do the above steps, then run the stock tmo cid script.
Then proceed with s-on/lock bootloader. There are a few kinks to be worked out, sadly I have not the time to do this at the moment.
Nandroid backup: https://mega.co.nz/#!gpIFGR7L!c5o74Ex6k3wkVlWKWgSrJBrguShtjHXeB6YQPmoqAmM (credit to uploader, I'll look for the correct screen name as soon as I can)
In case of no signal: which shouldn't be flash a radio: http://forum.xda-developers.com/showthread.php?t=2245615
Mini sdk with scripts: http://d-h.st/z8c
Revone: http://forum.xda-developers.com/showthread.php?t=2314582
NOTE: Video coming soon, credits whomever until I give it accordingly, this was put together in a rush, so didn't get the chance to look see at all the screenies, screenshots and video to come.
Click to expand...
Click to collapse
I tried this on my Htc one and it didn't work. i accidentally formatted my data and when i try to reboot it says no os installed. I tried side loading it, and tried flash zip, but i still could load into any rom. Please help.

ro34po43 said:
I tried this on my Htc one and it didn't work. i accidentally formatted my data and when i try to reboot it says no os installed. I tried side loading it, and tried flash zip, but i still could load into any rom. Please help.
Click to expand...
Click to collapse
What recovery are you using and what rom are you trying to sideload with? If you're gonna safely sideload, use twrp and a stock rom.

Thank you so much for this!
Just out of curiosity, have you had time to upload any screenshots or a video of the process yet?

idonthavetimeforthis said:
Thank you so much for this!
Just out of curiosity, have you had time to upload any screenshots or a video of the process yet?
Click to expand...
Click to collapse
Like your name he doesn't have time for it

thank you
thank you very much for writing this organized tutorial - there could be a little more detail about how to flash the recovery's for those that don't use windows (easy enough to open the bat scripts), but very good and very convenient to have all the files in one place
thanks again

I didn't bother reading the entire thread, so if there's a link I apologize, but I'm another sad soul who took the T-Mobile 1.27.531.11 update. Whomp whomp. Well anywho. In my many attempts to S-Off, I've become well versed in restoring back to stock. So if you're stuck and don't know what to do, PM me and I shall help thee! I will provide links to stock/custom recoveries, the .11 RUU, and walk ya through it
Sent from my HTC One using xda app-developers app

[GUIDE] How to Return to 100% Stock

This Guide will help you reset your HTC One back to 100% stock form with no trace of modifications. S-Off Required!
In order for you to be able to reset your device to complete stock it will require that you have S-Off.
For those that still have S-On and cannot gain S-Off due to having one of the updated firmwares there is not much you can do other than restore a stock rom and stock recovery. S-On users can find my 2.24.401.x stock rom with recovery included here:
http://www.htc1guru.com/2013/09/gurureset-aroma/
I am working on more versions now.
If you restore one of the stock Nandroid backups with a 1.2x version, you will probably have issues with the touch screen not working since the updated touchscreen drivers in the newer firmware updates, prevent the touch screen from working in the stock level 4.1.2 software. Keep checking the Download section for Guru Resets as I will be adding more stock rom versions.
If you have a working touch screen on the stock software, after restoring the stock kernel and stock recovery, your bootloader will show RELOCKED instead of LOCKED once you lock it.
I have easily unlocked bootloader, got S-off and super CID for many different HTC One devices from a few carriers, but that is because they came with hboot 1.44 so revone worked without issues to gain S-Off. If you buy a new phone now, regardless if what firmware version and/or software it come with, after you unlock the bootloader be sure the first thing you do is to make a Nandroid backup of your phone in its stock form. If it is a stock Nandroid on the newer 2.24.401.x base, please contact me as I would love to host it as many people could use that if not s-off.
If you are lucky enough to buy a new phone that comes with early hboot 1.44, I advise you get S-off right after you make that stock Nandroid backup. S-off really comes in handy for so many things. There is no danger of bricking your phone unless you start flashing things you don;t understand and other actions without fully understanding the repercussions. If you are unsure about something then just make a post and someone here should be able to provide you with the correct information.
If you don’t know what these terms mean do a search, they have been answered many, many times. Here are some quick links to some common items for modifications::
–Easily unlock bootloader, flash custom recovery, flash ROM, and ADB sideload (in case you forgot to copy your ROM to your phone) plus much more:
http://forum.xda-developers.com/showthread.php?t=2242635
–Easily get S-off by using revone (We will also use this tool reset Security back to S-On)
http://forum.xda-developers.com/showthread.php?t=2314582
***I advise you to get S-off before doing anything else and keep S-off unless you are going to return the device. The latest OTA/firmware contains an hboot that revone will not currently unlock, but if you have s-off you can downgrade your hboot if needed***
–Easily get Super CID
http://forum.xda-developers.com/showthread.php?t=2317536
Now you can do some of these things easily:
*Remove red warning from boot screen + custom hboot:
http://forum.xda-developers.com/showthread.php?t=2316726
http://forum.xda-developers.com/showthread.php?t=2156368
*Flash custom splash screens:
http://forum.xda-developers.com/showthread.php?t=2324746
*Flash new firmware:
Concise and easy for noobs: http://forum.xda-developers.com/showpost.php?p=43551752&postcount=5082
Also http://forum.xda-developers.com/showpost.php?p=43328416&postcount=33758
Post #2 has the download for the custom firmware to flash without screwing anything else up:
http://forum.xda-developers.com/showthread.php?t=2182823
______________________________________________________________________________________
Resetting your device to stock
—————————————————————————
So now for the good stuff. You totally modded the hell out of your One and something happens where you need to return the device to your carrier/vendor. First thing, always go to your carrier/vendor for hardware exchanges NOT direct to HTC. For the most part US carriers don’t care much about modded software on the devices in regards to warranty but HTC does. However just because the person in the device exchange center doesn’t check for root, doesn’t mean someone won’t flag your phone when repairing it. So why take the chance, it only takes a few minutes to return to 100% stock.
Secondly unless your device is totally unusable, I advise you to call the ATT(or your carrier) warranty number and they will send you a replacement and a return shipping label, and then you have 12 days to return it. This way you can access data and settings on your first device if needed and make sure that everything is cool with your replacement before you reset your first device to stock and send it back.
As it is required for most of the modifications mentioned above these steps require that you have your devices drivers installed on your PC and also ADB. If you need help setting up ADB: http://forum.xda-developers.com/showthread.php?t=1427008
---Instructions for returning to 100% stock from S-off:
Before we begin please note that these instructions are for a device with S-off and the stock CID. Your CID should be stock unless you changed it in order to get a specific country/region OTA or as a lot do for flashing ease and just use Super CID.
In order to run the RUU to reset everything to stock, the CID will have to match the device for which the RUU was intended.
So you can’t really mess anything up because if your CID is not correct the RUU will not run and not flash anything.
**-Technically if you have S-off you can run any RUU and it should run fine but your phones image won’t be stock from your carrier if not the correct RUU. I like to set the stock CID back now so we don’t forget. However if using another variant/RUU, since you are s-off, you can do this step after running the RUU.**
If you have stock CID or the CID matches the RUU you can proceed to step 1.
If you have any other CID you need to change it before beginning. In this example I am talking about the US ATT variant for which he stock CID is CWS__001
Code:
adb reboot-bootloader
Phone should boot to the bootloader. Now run:
Code:
fastboot oem writecid CWS__001
Now verify that the stock CID shows on the bootloader screen by running:
Code:
fastboot reboot-bootloader
Reboot device if CID on bootloader screen shows the stock CID. If not retry
*****The next step will wipe the entire contents of the device which includes all of your data. Be sure to back it up to a PC so you can transfer it onto the new device if needed.*****
These instructions are assuming you are running a Windows OS. If you are not then these exe RUU’s won’t be of much use. You will have to use the RUU.zip files which can accomplish the same results as a RUU from flashing in fastboot. You can replace step 1 below with these steps:
Restoring using a RUU.zip
Download the RUU.zip file and place in your ADB/fastboot folder. I would recommend renaming the zip file to something simple like ruu.zip.
Boot your phone into the bootloader by holding the power and vol up/down buttons at the same time until you see the bootloader screen or if you have your phone booted you can use the ADB command:
Code:
adb reboot-bootloader
Now use these fastboot commands:
Code:
fastboot oem rebootRUU
Should see the Silver HTC logo. Now issue this command to flash your phone using the ruu.zip file:
Code:
fastboot flash zip ruu.zip
Now the first time you issue a command to flash firmware/ruu in fastboot it only prepares the flash. You have to issue the exact command again:
Code:
fastboot flash zip ruu.zip
The green status bar usually does not reach the 100% mark. When the output in the command window is complete, you can reboot:
Code:
fastboot reboot
or
Code:
fastboot reboot-bootloader
**Notes about the RUU.zip method. You still need to have the proper CID for the RUU. You can run the RUU.zip with super CID, but you will have to lock your bootloader first. If you are running the RUU.zip as base to downgrade all your firmware because you are going to then going to restore a stock Nandroid so the RUU might not be made for your MID, so you may need to edit the android-info.txt inside the ruu.zip to include your MID or CID.
Restoring using a RUU.exe
1. - Now we need to download the RUU (ROM Update Utility) that flash our device back to mostly stock. It can be downloaded HERE for US AT&T users. Other carriers should be able to find their appropriate RUU in this thread:
http://forum.xda-developers.com/showthread.php?t=2428276 or here: http://www.htc1guru.com/downloads/
If there is not a RUU for your phone, but there is a Stock Nandroid backup, you should still complete the step above. Just make note of your original CID and change yours to CWS__001 so the RUU will run. This will reset all your firmware and other modifications (like modified hboot and splash screens) back to the default stock level regardless of region.
Once downloaded run the RUU_M7_UL_JB_50_Cingular_US_1.26.502.12_Radio_4A.14.3250.13_10.33.1150.01_release_318450_signed_2.exe and it will guide you through resetting the device. After it finishes your device will be almost back to stock. It will have the stock images for recovery, boot, ROM, radio, firmware hboot, etc.
Stock Nandroid restores will require these additional steps before proceeding to step 2:
When you ran the RUU (Either EXE or ZIP) all data was wiped and your custom recovery was reset back to stock, It is recommended to keep this stock recovery in place and use a command that only works on the hboot 1.44 (which you know have form the RUU)
Download the latest version of the recovery that matches the stock Nandroid backup (Either CWM or TWRP) and place it in your ADB/fastboot folder.
Now use this command to boot that custom recovery without installing it:
Code:
fastboot boot TWRP.img or fastboot boot CWM.img
It should load the custom recovery. Now make a test backup and allow it to complete.
Now boot your phone (Do not take OTA updates if prompted) and look to see where exactly the recovery placed the backup. You can install a simple file manager from the play store for this. Take note of the location and folder structure that the recovery has used for the backup.
Now copy the downloaded stock backup files from your PC to that location in the last step. Be sure the folders are in the correct place.
Now reboot into the bootloader and then boot the custom recovery again using that same command as before:
Code:
fastboot boot TWRP.img or fastboot boot CWM.img
Restore the backup and reboot when finished. Important – Do not accept any OTA updates until the complete phone reset process is finished.
Now delete all your backup files and installed applications by doing a factory reset from Settings – Backup and Reset – Erase All Data From Phone. Software and firmware on your phone should be back to stock and you can continue with the next step in the guide.
**Before continuing with the guide make sure you have changed your CID back to stock if you changed it to a non stock one in order to run a RUU to downgrade firmware.**
******If you continue with the next 2 steps to lock the bootloader and you do not have a stock hboot, you will instantly BRICK your device. Shouldn't be an issue if the RUU ran correctly, however you may want to boot into the bootloader and verify that it shows version 1.44.0000 for the hboot. Also your custom recovery should be gone and back to stock (If you boot into the stock recovery it will just look like a red warning triangle with no options). If you are still able to boot into your custom recovery, it is a sign that not all partitions have been flashed back to stock and you should find out why before proceeding]******
Now that we have lots of users who have S-Off from other methods than revone, mainly the new rumrunner method here are the generic instructions for any S-Off device and not just for user with revone:
Before you can proceed with the 2 following threads for removing Tampered and then Locking you need to have Superuser installed. There are links to how to do this in each thread. You can also use this toolkit. Just remember to delete the SuperUser and busybox apk if installed before you return the phone.
2. - First remove the Tampered Flag. Instructions are in this thread
http://forum.xda-developers.com/showthread.php?t=2477792
3. - Second Lock the bootloader. Instructions are in this thread
http://forum.xda-developers.com/showthread.php?t=2475914
The older REVONE commands/instructions for Tampered and Locking:
I recommended using revone to gain S-off, so that is how we will undo it. If you don't still have it we will need the revone file again. It can be downloaded here: http://revolutionary.io/revone (From thread: http://forum.xda-developers.com/showthread.php?t=2314582and http://forum.xda-developers.com/showthread.php?t=2315467)
Push revone to your device:
Put the downloaded revone file in your adb/fastboot folder and push it using this command:
Code:
adb push revone /data/local/tmp/
open a adb shell by typing:
Code:
adb shell
Now change to that directory:
Code:
cd /data/local/tmp
Now set permissions
Code:
chmod 755 revone
Now re-lock the bootloader:
Code:
./revone -l
Remove Tampered flag:
Code:
./revone -t
The newer revisions of revone don't do the actual locking any longer but it should output the command you need to run to fully re-lock:
Type exit to exit the adb shell session and issue the command to re-lock the device:
Code:
fastboot oem writesecureflag 3
Now verify that it worked by booting into the bootloader:
Code:
adb reboot bootloader
You should see it say LOCKED at the top and S-On, just like it was out of the box!
I doubt anyone at the warranty repair center is going to snoop around a device that says Locked and S-On, but I like to cleanup and remove the revone file.
Just reboot the phone and skip over the setup wizard
Now start another adb shell session:
Code:
adb shell
Now change back to the folder where we put revone
Code:
cd /data/local/tmp
Now run this command to delete the revone file
Code:
rm revone
Now since you had to install SuperUser to perform the previous 2 steps make sure you unroot by deleting the Superuser.apk and busybox.apk (If installed) from the /system/app folder and also the su binary from /system/xbin on your phone.
If you ran a RUU your systems firmware and software is all reset back to stock. If you restored via Stock ROM reset or Nandroid you should be running the stock software but it could be on non stock (version mismatch) firmware.
In either case your bootloader should display Locked and no Tampered just like out of the box. Now all that’s left is to S-On. To do that issue this fastboot command:
Code:
fastboot oem writesecureflag 3
Done - device should be just like it was out of the box with no indication of any modding.
*******I am not responsible for any problems you encounter. I am simply informing you of what is needed to complete a restoration to Stock. Read all steps and commands carefully and perform them in the correct order.********
Credits/Thanks
Thanks to all those with threads I mentioned that contain great info and support. Especially scotty1223 for his Tampered removal and Locking threads.
This Guide is always available at my site: http://www.htc1guru.com/guides/return-stock-guide/
[EDIT]9-10-13 Post overhaul with how to combine Nandroid and RUU process to reset.
[EDIT]10-19-13 Post was changed to reflect new S-off, so changed the Tampered and Locking steps from revone

Great guide, this should be a sticky!

Kindly excuse me and no offense to the OP. But if you have S-OFF, all you have to do is change your CID back to your original and then run the RUU and you are nearly done Next thing is you have to lock the bootloader and have S-ON and that is it. You are now back to stock.

Very helpful guide. But it can't be said enough times YOU WILL BRICK YOUR DEVICE going S-ON with a non-stock HBOOT
The guide does mention this in the relevant section, but it should probably be noted somewhere near the top of the OP. In big red letters.
Sent from my HTC One using xda app-developers app

NxNW said:
Very helpful guide. But it can't be said enough times YOU WILL BRICK YOUR DEVICE going S-ON with a non-stock HBOOT
The guide does mention this in the relevant section, but it should probably be noted somewhere near the top of the OP. In big red letters.
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
That's why I think it's safer to just run the RUU because that will flash the stock HBOOT and then you can have S-ON back without the worry of bricking the device.

Nice work. But this block is incorrect and may lead to problems:
crushalot said:
2. - You will need the stock splash screen so we need to do the same procedure as above with the stock splash screen. Download the stock splash screen here: http://d-h.st/F7H (From thread:http://forum.xda-developers.com/showthread.php?t=2324746)
Rename the file so it has no spaces like stock_splash.zip and put it in your ADB/fastboot folder.
Reboot into bootloader:
Code:
adb reboot bootloader
Now run this command:
Code:
fastboot oem rebootRUU
You should see the screen turn to a silver HTC logo. Now run this command:
Code:
fastboot flash zip stock_splash.zip
If you get an output in the console that says "(bootloader) ...... Successful" proceed to next step. If any errors use this thread for troubleshooting: http://forum.xda-developers.com/showthread.php?t=2324746
Click to expand...
Click to collapse
Those splashes in my thread are designed to be flashed in recovery. They will not work in RUU mode because the zip file is constructed incorrectly for it. Best approach would be to just flash the stock splash in recovery in step one.
Alternatively, keep the instructions as is and use the stock splash from this post: http://forum.xda-developers.com/showpost.php?p=42374127&postcount=1

iElvis said:
Nice work. But this block is incorrect and may lead to problems:
Those splashes in my thread are designed to be flashed in recovery. They will not work in RUU mode because the zip file is constructed incorrectly for it. Best approach would be to just flash the stock splash in recovery in step one.
Alternatively, keep the instructions as is and use the stock splash from this post: http://forum.xda-developers.com/showpost.php?p=42374127&postcount=1
Click to expand...
Click to collapse
Yes, you are right sorry. So many threads I messed up the link. Kinda the reason I wanted to put all this in one place. I will update the OP and revise the first few steps to make it easier since the RUU should include the stock hboot and splash.
Thanks for all the feedback.

I thought you needed SU permission to run revone? Am I mistaken?
Do you need root access to push revone to the /data/local/tmp directory?
After running the RUU.exe file, wouldn't you lose root?
I just want to double check.

Dan37tz said:
I thought you needed SU permission to run revone? Am I mistaken?
Do you need root access to push revone to the /data/local/tmp directory?
After running the RUU.exe file, wouldn't you lose root?
I just want to double check.
Click to expand...
Click to collapse
No you don't need root to use it as it has a root hack in the binary itself. That's why in ieftm's post on the usage of revone to S-off has optional wording on step 3
"3. (optional) If your device is unlocked and rooted please switch to root using su."
However I can confirm that it has worked better for me when I didn't run it as SU.
No you do not need root to push files using adb, well at least not to /data. You probably would to push to /system
Correct, after running the RUU you lose root. That is why I manually flashed the hboot and splash back myself while still on my rooted rom with utilities and most importantly a recovery in which I could use to get back running and try again if something failed.

Rex2369 said:
Kindly excuse me and no offense to the OP. But if you have S-OFF, all you have to do is change your CID back to your original and then run the RUU and you are nearly done Next thing is you have to lock the bootloader and have S-ON and that is it. You are now back to stock.
Click to expand...
Click to collapse
Thanks updated post to simplify.
NxNW said:
Very helpful guide. But it can't be said enough times YOU WILL BRICK YOUR DEVICE going S-ON with a non-stock HBOOT
The guide does mention this in the relevant section, but it should probably be noted somewhere near the top of the OP. In big red letters.
Sent from my HTC One using xda app-developers app
Click to expand...
Click to collapse
Thanks but the updated post now avoids the possibility as we just let RUU flash all stock parts
Rex2369 said:
That's why I think it's safer to just run the RUU because that will flash the stock HBOOT and then you can have S-ON back without the worry of bricking the device.
Click to expand...
Click to collapse
Thanks. Reflected in updated OP

Very nice!!! Concise and to the point!!! THANK YOU !!!
It worked like a charm, I have AT&T Version, had S-ON, SuperCID, 1.29.401.12 firmware (not AT&T), and custom ROM. This brought me back right to Stock.
Now back to AT&T, my camera lens on the inside for some reason got hazy with a hue to it after having the phone for about a month.

To the OP you have done well. Hope to see more tutorials from you.
Sent from my HTC One

great guide!

TIP for Mac Users: I couldn't get the RUU to run in Windows 7 or Windows 8 VMware environments, but Windows XP did the trick.
Use VMWare with Windows XP Pro SP3.

what ruu i need for HTC_001?
what ruu i need for HTC_001?

So running RUU does not remove S-OFF? Also does updating from stock 4.1.2 to 4.2.2 with the official OTA remove S-OFF? I want to try the OTA but I'm a bit paranoid about losing the lovely S-OFF .

No running the RUU does not remove S-off. It just resets everything else except bootloader and Security (S-off) back to stock form.
The 4.2.2 OTA does not remove remove S-off, however if you have s-off I would recommend running a custom ROM as they are already way better than the stock 4.2.2 rom.
If you want a pure stock like rom that is 4.2.2 based and better than the HTC version I would recommend ARHD or RGUI. If you like to be able to customize things a little but stay close to stock then TrickDroid is they way to go. If you really like to tinker and customize than Viper will blow your mind.

tomer861 said:
what ruu i need for HTC_001?
Click to expand...
Click to collapse
from the CID, I assume your in Europe somewhere. What is your location and carrier?
Others that I saw with that CID said there is no RUU for that CID yet. I am not sure is that has changed or not. You will have to read through this thread:
http://forum.xda-developers.com/showthread.php?p=39588860
They at least have a nandroid backup of a HTC__001 so you could restore that and as long as your hboot, splash screen and firmware are stock, you could proceed with relocking.

isnt it possible to get completly back to the way it was by putting back a nandroid backup by clockwork? (by starting clockwork, not with the flashed version)

borgqueenx said:
isnt it possible to get completly back to the way it was by putting back a nandroid backup by clockwork? (by starting clockwork, not with the flashed version)
Click to expand...
Click to collapse
Not impossible. I just went back to stock on my first HTC One using TWRP. After restoring I flashed the stock recovery, used revone to lock the bootloader and put S-ON.

[guide] root for stock lolipop roms without downgrading to kitkat

This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
ui_print - Disabling OTA survival
ui_print - Removing old files
ui_print - Placing files
ui_print - Post-installation script
ui_print - Unmounting /system and /data
ui_print - Done !
Click to expand...
Click to collapse
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides

Root is working but the problem is TWRP because is not working its giving error so no flashing other custom rom or mods for now.

Yes root is working fine. I didnt tried twrp or cwm. With this guide, you can use stock odexed and unmodified lolipop rom.

hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772

jojobans said:
hi guys
New Root Method for LG Devices lollipop
http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772
Click to expand...
Click to collapse
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi

agritux said:
Same method
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi
Click to expand...
Click to collapse
evet arkadash

Muhahahah
LG-D855 cihazımdan Tapatalk kullanılarak gönderildi

agritux said:
This guide worked for me. I am using v20i stock rom without any modification. I saw this on web and i want to share it. If you use this guide, it is on your own risk (such as mine)
We will have a rooted lolipop rom without downgrading to any kitkat rom. We dont need to flash bumped twrp for this.
This guide describes for windows users but same method can work with linux. Linux users know how
1- Download this file.
2- Copy zip file to your C:\ hard drive and extract there. It should be like this: C:\g3-root
3- Enter your phone's settings and activate the developer settings (with clicking build number 5-6 times)
4- Enter developer settings and activate usb debbuging
5- Enter the file g3-root and press and hold the shift button on your keyboard and right click with mouse. Select "open command window" or something like this (i am not using english windows)...
6- Connect the phone to your pc with usb cable.
7- Dont let the screen off. If your phone asks you about usb debbuging (trusting the computer), select "remember this" and click "yes"
8- now test the connection... write this into the command window
Code:
adb devices
if you can see your device's serial number, you can start now. If not, check the adb and windows drivers and try it again.
9- push the files which are needed for root with this commands
Code:
adb push g2_root.sh /data/local/tmp/
and
Code:
adb push busybox /data/local/tmp/
and
Code:
adb push UPDATE-SuperSU-v2.46.zip /data/local/tmp/
10- Now we will enter download mode of our phone. For this, discoonnect the usb cable, shut down the phone, press and hold the volume up button and connect the phone.
You will see "downloading" on your screen.
11- Now return the command window. Look your computer and verify which port of windows that the phone is connected . Mine is COM6 and i will go on with this way. You must change this with yours(COM1 COM2 COM3 COM4.... etc) . Enter this command (for COM6)
Code:
Send_Command.exe \\.\COM6
12- Next send this command:
Code:
ls
if you see the folders, everything is fine and you can continue.
13- finally we send last command and gonna be rooted
Code:
sh /data/local/tmp/g2_root.sh dummy 1 /data/local/tmp/UPDATE-SuperSU-v2.46.zip /data/local/tmp/busybox
You can see these lines if rooting is successfull
if not, read and try again.
Now reboot your phone and you can see the supersu app in your application drawer
Good Luck!
I am not responsible of any damage to your phone.
I saw this guide in: http://forum.donanimhaber.com/m_103553600/tm.htm
But the main guide is : blog.lvu.kr/g2-lollipop-%EC%88%9C%EC%A0%95-%EB%A3%A8%ED%8C%85/
credits: these guides
Click to expand...
Click to collapse
Finally YES!!! thank you so mu ch. Will try later.

Root plus Custom Recovery, or Root Only?
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, one user of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).

topet2k12001 said:
Hi,
This is interesting and looks a lot easier than the guide I just put up over the weekend: http://forum.xda-developers.com/lg-g3/general/guide-update-to-lollipop-root-bumpd-twrp-t3048845.
But I wanted to confirm first, this is purely for rooting only, correct? In other words, if I follow only the steps in this guide I will have root...but I will not be able to install a custom recovery (like TWRP) (same as this thread: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772)?
EDIT: nevermind, the OP of the other thread confirmed my question already: http://forum.xda-developers.com/showpost.php?p=59325441&postcount=55. So indeed, this method is for root only, because this method starts with a fully-flashed Lollipop firmware (inclusive of Lollipop version boot stack - aboot.img, sbl1.img, rpm.img, tz.img, etc.).
Click to expand...
Click to collapse
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?

Just to make sure, this works for v20i only or does it work for, say, my v20h too?

6ril1 said:
This is a way for rooting from lollipop, and access to fastboot too.
For custom recovery, it needd bump ! , and bump works only with KK bootloader. So for having a custom recovery, we need to downgrade BL first, and inject Bumped recovery + bumped kernel after.
And if we downgrade BL, maybe we need downgrade complete bootstack too (sbl,rpm,tz,dbi,laf) ?
Click to expand...
Click to collapse
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.

topet2k12001 said:
Yup yup, I got it. Thanks. Just wanted to confirm.
Yes, I'm aware also of fastboot ability. Basically, dd if=/dev/zero means "writing zeroes" to whatever partition (in the case of the guide, it's the "laf" partition where "Download Mode" is stored). So, zeroing out the "laf" partition will make the device fall back to standard fastboot - except for the Verizon variant. I think you can do that regardless if you are in Kitkat or Lollipop, since the process is mere deletion of a partition's contents to "force" the device to fall back to fastboot.
Yes, you need to downgrade the entire boot stack. Basically, all partitions will need to stay at "Kitkat" version, and then manually flash ONLY system.img, boot.img, and modem.img (just like the one in my guide). And then, "bump" the boot.img so that you can install a custom recovery. I wrote that in my how-to guide as well.
In my case, I feel uncomfortable not having a custom recovery. I tinker around with my device a lot and have "bricked" it a lot of times but was saved because I have a backup via custom recovery.
I would suggest making it clear that this is for root only (meaning, does not include custom recovery). Very important, because I have seen threads from other users where they got bricked and can no longer restore at all - too bad because they did not have a custom recovery backup.
Click to expand...
Click to collapse
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his flashables 20x original fw flzshable zip (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144

6ril1 said:
@robalm writes in his OP, he uses LP rpm and tz (and cust) in his rom (i've not verified it was the case)
http://forum.xda-developers.com/showthread.php?p=57223144
Click to expand...
Click to collapse
Yes, however that is a repackaged firmware (extract everything, root it, and then "bump" the necessary components, and then put it back together as a single flashable zip). That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. This guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.

topet2k12001 said:
Yes, however that is a repackaged firmware. That is why it will have root plus "bump" (bump'd boot.img and recovery.img a.k.a. custom recovery). Therefore, those who will download it will no longer have to root it manually. Your guide (and mine) are different from repackaged firmwares, in the sense that we are not "pre-rooting" (or "pre-bumping") the firmware. We are rooting (or "bumping") the firmware after installation.
Click to expand...
Click to collapse
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.

6ril1 said:
Yes, it seems it's a little different than @autoprime and you propose and i was asking myself if these three partitions were realy needed in this case (flashable zip from kdz exracted) or not.
I should prefer to let them in the bootstack version but maybe i'm xrong.
Click to expand...
Click to collapse
Ah, sorry I misunderstood what you were saying.
I do not know what rpm.img and tz.zip are for. I did read somewhere in XDA that tz.img is for the "radio" (or transmitter?). But I would suggest to keep those files (tz.img, rpm.img, aboot.img, sbl1.img) at "Kitkat version" because there will be a signature mismatch resulting to "certificate verify" or "security error" - if people want to have a custom recovery.
If people will NOT install a custom recovery (they just want root) then they can use this guide. The device will boot fine without the error messages, since recovery.img is Lollipop non-"bump'd" version (so the signatures match).

It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.

6ril1 said:
It should be possible to make a script that flash kk bootstack, bumped recovery and bumped kernel in a one click process, for a LP rooted.
Click to expand...
Click to collapse
Yes, that's another way of approaching it. Or maybe create a flashable zip from it. But we will still need to instruct users to extract their Kitkat Image files (I don't think all Image partitions are the same for all variants), that's why I find the manual method (like @autoprime) to be a good approach because I personally find it to be more "universal".
One example: the D858HK does not have cust.img.
So for us to create an all-in-one script, zip, or approach, it would be difficult because of the many variants of the LG G3. Maybe if there were not that many variants, I'm sure skilled people like you can have a universal and convenient solution. For now, I still think that manual flashing is more universal.

topet2k12001 said:
Yes, that's another way of approaching it.
Click to expand...
Click to collapse
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410

6ril1 said:
; -)
Tz trustzone,rpm ressource power managment, sbl secondary bootloader
https://wiki.linaro.org/Boards/IFC6410
Click to expand...
Click to collapse
So that explains why even if the Lollipop versions are included/flashed, they won't cause an issue of signature mismatch. The Image file that causes a signature mismatch when you flash a "bump'd" file is aboot.img (the Android Bootloader). Which explains also in my experiment (prior to discovering it all and creating a thread) why I was initially able to "fix" my issue, following @autoprime's tutorial, when I flashed aboot.img - however, in exchange I lost "bump" status.
So basically, people will need to flash their Kitkat version of aboot.img and "bump" will still work (and will have custom recovery). That is our hypothesis at this point.
This reminds me: in my how-to guide, there was a user complaining about fast battery drain. Maybe if I advise him to flash the Lollipop version of rpm.img, that would help alleviate the issue. I will do an experiment and if this will succeed, I will update my how-to guide. In your case, for this thread's purpose, you may also do an experiment and create scripts.
Nice teamwork.
I don't know what "trustzone" is though. Will it affect signature mismatches? sbl1.img and rpm.img seem to be self-explanatory.
EDIT:
As mentioned previously, it is very dangerous to flash any of the restricted boot partitions such as sbl1, sbl2, sbl3, aboot or rpm. However it is safe to flash any other partition in order to install custom Linux builds and run them.
Click to expand...
Click to collapse
...do we really want people to touch this?

[Guide] Safe bootloader unlock, restore DRM, custom recovery, root, bootloader relock

** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **​
The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.​
I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the Customized NL ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.​2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, follow this guide through to section 5 place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133 (The rootkernel tool has a bug in its built-in SuperSU integration. See: http://forum.xda-developers.com/showpost.php?p=67485478&postcount=838)
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)​This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to root
5.1- Place SuperSU 2.71 zip (or higher) on the phone's sdcard. The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
5.2- Reboot to recovery and flash the zip file.
6- How to relock bootloader and return it to original factory state
6.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
6.1- Repeat step 1.1
6.2- Repeat steps 1.3, 1.4, and 1.5
6.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
6.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.

Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
najoor said:
** DISCLAIMER: I AM NOT A DEV AND THIS IS MY HOBBY. I ASSUME NO RESPONSIBILITY IF THIS BREAKS YOUR DEVICE **​The following is tested on model E6553. This may work for the dual sim model too but I have not verified it. Do not flash the ftf and kernel files intended for one model onto another.​I am not taking credit for any of the tools and kernels here. They are all developed by others. I am only telling you how to use them.
Credits: @zxz0O0, @tobias.waldvogel
0- Prerequisites
You need to have a functioning installation of adb and fastboot tools. You need to have proper Sony drivers installed on your PC to detect your phone when it is connected to the PC. You should be able to flash an ftf file using flashtool. If any of these sound unfamiliar to you, stop reading, go learn about them, and then come back.
1- How to unlock your bootloader without losing the DRM keys
Sony has designed this phone such that if you unlock your bootloader you lose your TA partition PERMANENTLY which includes some of the Xperia features and licenses that have to do with image processing etc. forever. You will also no longer receive OTAs. So in theory, without a copy of this TA partition (which is unique to each device and cannot be copied over from another) unlocking the bootloader results in an irreversible loss of some of your phone's features. Relocking the bootloader will not bring them back.
A hack exists that allows you to backup the TA partition before you unlock the bootloader. This backup will make the process completely reversible so if you ever need to send the tablet to Sony for repair or just want to return it to its original state you have a way. Follow these instructions carefully:
1.0- Before you begin keep in mind that this procedure, especially the unlocking step, completely erases your tablet. Disable myXperia and remove your google account before proceeding. The following will likely not work well with encryption.
1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
1.2- Enter service Mode by dialing *#*#7378423#*#* -> Service info -> configuration, and make sure the device is unlockable.
Also check -> Service Tests -> Security and you will see a bunch of "active" and "OK" attributes. You can take screenshots for your reference.
1.3- Turn on usb debugging mode on your phone.
1.4- Download iovyroot zip v0.4 or higher from here.
1.5- Unzip this zip file into a folder of your choice and open a command terminal there.
1.6- Connect the phone which is now in USB debugging mode to your PC and answer yes when the phone asks to authorize the PC to access it in USB debugging mode. You can check that the PC indeed sees the phone by running this command
Code:
adb devices
1.7- Run the following command:
Code:
tabackup
1.8- VERY IMPORTANT: Make sure the command completes with no errors. If all goes well you will have a file with a name like TA-05052016.img (the name may be different for you) with a size of 2MB in your folder.
1.9- Save this file in a very safe place. Save it on your hard disk, AND email it to yourself, AND put it on your google drive. If you lose this file you can never reverse the bootloader unlocking process.
1.10- Reboot the device.
1.11- Now you can unlock the bootloader. Follow the instructions at Sony's official website at http://developer.sonymobile.com/unlockbootloader Also save your unlock code that you obtain in this step somewhere. You may need it some day.
1.12- Reboot the device and it will briefly enter recovery and then start the phone initial setup.
1.13- (Optional) you can easily verify that your bootloader is unlocked by entering the fastboot mode, obtaining any boot image, and running the following command to boot your tablet with that image:
Code:
fastboot boot boot.img
1.14- (Optional) you can see that the DRM keys are erased from your tablet by repeating step 1.2 but this time you will see a bunch of errors under Service Tests -> Security.
1.15- As a side effect of unlocking the bootloader you lose the ability to receive OTA updates. Clean flash a Marshmallow ftf to continue. For this tutorial I used Marshmallow 6.0 E6553_Customized HK_1294-9654_32.1.A.1.185_R7C (the latest firmware at the time of this writing.)
2- How to emulate DRM keys and/or root and/or add recovery after unlocking the bootloader.
A hack exists that can emulate the DRM keys:
2.1- Extract the boot image from the 32.1.A.1.185 marshmallow ftf that you installed in step 1.15. Here are the steps to take:
Open the ftf file with 7-zip or any zip program that you have at your disposal
Look for a file called kernel.sin and extract it.
Start flashtool and from Tools menu choose Sin Editor.
Select the kernel.sin that you extracted in the previous step and hit Extract data.
Flashtool will create a file called kernel.elf which you will use in the next step.​2.2- Download rootkernel_v4.42_Windows_Linux.zip (or a higher version) from http://forum.xda-developers.com/xperia-z5/development/root-automatic-repack-stock-kernel-dm-t3301605 and unzip it in a folder of your choice.
2.3- Copy the kernel.elf that you got in step 2.1 to this folder. If you want root, place SuperSU 2.71 (or higher) in this folder as well. Make sure the name of the SuperSU zip starts with letters "SuperSU". The latest SuperSU can be obtained from: http://forum.xda-developers.com/apps/supersu/2014-09-02-supersu-v2-05-t2868133
2.4- Open a command terminal in this folder and run the rootkernel script. Your command should look similar to this:
Code:
rootkernel.cmd kernel.elf boot-patched.img
When prompted, answer as follows:
- Sony RIC is enabled. Disable? [Y/n] Y (if you want root plus write access)
- Install TWRP recovery? [Y/n] Y (if you want to have recovery)
- Install busybox? [Y/n] Y (if you want busybox. It is very useful)
- Found SuperSU-v2.71-20160331103524.zip. Install? [Y/n] Y (if you want root)
- Install DRM fix? [Y/n] Y (if you want DRM emulation)​This will create a new kernel image called boot-patched.img which you will now flash on your phone.
2.5- Boot the phone in the fastboot mode and flash your patched image using the following fastboot command:
Code:
fastboot flash boot boot-patched.img
2.6- (Optional) You can reboot the phone and see that the DRM keys are indeed retrieved by repeating step 1.2. You can also open settings -> display, and look under Image Enhancement. If the DRM emulation is successful you will see this.
3- How to flash a custom or stock kernel
3.0- If you have already flashed the patched kernel in part 2 you will skip this part.
3.1- Whether you want to use a custom kernel or stock, and whether you have done the DRM patch described above or not, to flash a boot image (i.e. kernel) on your phone you need to restart the tablet in fastboot mode.
3.2- To flash the kernel use this command:
Code:
fastboot flash boot [I]name_of_your_kernel[/I]
You will replace name_of_your_kernel with whatever your kernel is called (e.g. boot.img, kernel.elf, etc.)
4- How to add and use recovery
4.1- Recovery is added to your kernel in step 2.4.
4.2- To enter recovery reboot the phone and touch the volume up key when the LED turns yellow during the boot splash screen.
5- How to relock bootloader and return it to original factory state
5.0- To relock the bootloader along with restoring the DRM keys the phone must have unmodified stock firmware.
5.1- Repeat step 1.1
5.2- Repeat steps 1.3, 1.4, and 1.5
5.3- Copy the TA backup image that you had obtained in section 1 in the iovyroot folder and use the tarestore command to flash the TA partition back onto the phone. The command will look similar to this:
Code:
tarestore TA-05052016.img
Make sure the command completes with no error. If it fails the first time try again. Reboot the phone. Your bootloader is now locked and your DRM keys restored.
5.4- (Optional) You can verify that you are back to the original locked state by repeating step 1.2.
Click to expand...
Click to collapse
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.

arokososoo said:
Whoa Great
---------- Post added at 01:32 AM ---------- Previous post was at 12:50 AM ----------
Very usefull step by step guide.. But is there is any method to root phone without unlocking Bl? Quite curious to know from you.
Click to expand...
Click to collapse
Not yet, atleast for my Dual SIM Version.

njaya95 said:
Not yet, atleast for my Dual SIM Version.
Click to expand...
Click to collapse
So you mean there is a way to root single sim version without unlocking BL?

Thanks ú so much! this is well writen, i will try this when i get the time to do a fresh install. Cheers mate

@arokososoo
Please, in the future never quote long OP and any other long posts. This is very annoying for mobile and desktop users to scroll to the next post. Thanks.
Sent from my Sony E6553 using XDA Labs

I wonder if E6533 can use this guide

Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer

Stoneybridge said:
Got as far as going to the sony website, there's no mention of phones that can be unlocked there and for some reason Ive got bootloader unlock allowed no, even with a sim free phone and my xperia turned off.....bummer
Click to expand...
Click to collapse
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.

How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler

Trilliard said:
How long did that take on your devices? 1.1- Start by clean flashing any 28.0.A.8.266 firmware, For this tutorial I used the UK Generic ftf that you can get from here.
I am waiting for half an hour now...
Spoiler
Click to expand...
Click to collapse
I can't see your picture, but I assume you have that stucking at modem/system ?
If so, downgrade Flashtool to 0.9.19

Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.

Trilliard said:
Well i got a soft brick, but was able to restore it trough Sony Companion. Here is the picture on another hoster http://fs5.directupload.net/images/160529/gr5fpf8t.png dont know on what point it stuck.
Funfact that two germans writting in english
Edit, big thanks version 0.9.19 worked perfect. Cant understand why the newest one doesnt work
Edit 2: System boots up, but when the setup start the process com.android.phone stops instant and if i hit ok the message comes instantly again after about ten times the phone reboot, i cant do anything else... next repair through sony companion and back to stock german 6.0. I´ll stop try it for today.
Click to expand...
Click to collapse
Did you forget to wipe?

In a thread i opened in Q&A a user said that even though service info reported bl unlock allowed NO, he managed to unlock it anyways using standard procedure, what do you think?

it seems like Sony RIC is not fully disabled with this patch.

Finally ! Works like a charm in my E6533 (Dual sim) !!! Thanks a lot !!!

Hi thiefxhunter,
How you do this? could you explain us step by step. I like to root my dual sim model.
Thanks.

Hi.. I am stuck in 2.5
My device is unlocked, It is connected in fastboot mode (blue led).
error msg
'Fastboot is not recognised as an internal or external command, operable program or batch file'
Please help me in this.
Solved..
Thanks for this post..

Thanks for this guide, it worked like a charm on my E6553 with 32.2.A.0.224

CorzCorry said:
I also unlocked my Z3+, although it wasn't supported. I just picked Z4 Tablet since it is the "nearest" one. Worked Got MM rooted now.
Click to expand...
Click to collapse
Can you please explain how did you do that? Thanks

can't get any android 6 update to work :(

Any help?
Tried downloading every single ROM I found but none of them allow me to update from my current firmware.
I think I mgiht need to first stablish a european stock android 5 so I can go ahead and use the ROMS that are actually around the web, but cdont know how to do that!
THANKS!!

I have the same problem, althought mine ends in B140. Does anyone know how to update it?

same problem but i have b210.

thanosnic said:
same problem but i have b210.
Click to expand...
Click to collapse
heroe7121 said:
I have the same problem, althought mine ends in B140. Does anyone know how to update it?
Click to expand...
Click to collapse
groggycl said:
Any help?
Tried downloading every single ROM I found but none of them allow me to update from my current firmware.
I think I mgiht need to first stablish a european stock android 5 so I can go ahead and use the ROMS that are actually around the web, but cdont know how to do that!
THANKS!!
Click to expand...
Click to collapse
yes it is possbile... but a long way..
Things you need:
Root
Unlocked bootloader
TWRP recovery
Stock Recovery
First thing first, unlock your bootloader (see chapter 2 of this MEGA thread). Then you need TWRP recovery. Download this : (it contains root file and twrp).
TWRP and ROOT
Now, tap your build number 7-10 times, this will get you Developers Option on Settings. Go to Developers Option and enable it, also you must enable "Enable USB Debugging.. then connect it to your computer. Now extract the downloaded folder, you'll see a folder named data. go inside that and hold Shift and Right Click and Click on Open Commands Windows Here.. run following commands inside quotations:
"adb devices" -> lists your device, if it doesn't then you have some problems while enabling USB debugging... do it again..
"adb reboot bootloader" -> it will reboot the device to white screen with android logo and it must display "Unlocked" on green colours. if it doesn't, it means you havent unlocked your bootloader and you must not proceed any further..
"fastboot flash recovery recovery.img" -> doing this will flash TWRP recovery
"fastboot reboot"->reboots the device..
For rooting, copy 1.zip and 2.zip to your phone/sd card. Then you must go to recovery mode. Connect your mobile to computer via USB cable, and open commands window on data folder (same as you did for TWRP).
"adb reboot recovery" -> will go to TWRP recovery. Click on Install and select 1.zip first to flash... after flashing it will reboot your device. Open the SuperSu app once and close and uninstall it. Go to recovery mode again and then flash 2.zip.. it will reboot again.. now, download Es File explorer or other root browsers. go to /data/app and cut eu.chainfire.supersu and paste it in /system/app with the following permissions rwx r-x r-x and reboot. Congrats, you are rooted now.. Off to next steps.
Now, as you're rooted. Download this file ... After downloading this file you need to copy and paste to this path: /dev/block/platform/hi_mci.0/by-name (for this, you need to be rooted).. It will change your region from c185 to c432.. Restart and you must have c432.
Now, unroot your device and flash stock recovery(for the time being). It is necessary to have stock recovery and be unrooted while upgrading android.
Upgrading process
Download this http://huaweidevices.ru/huaweiservic...urope_Dual.rar B132 version, there must be 2 folders "dload"(it should contain UPDATE.APP with file size approx. 1.3 GB) and "custom" (custom folder must also have UPDATE.APP file inside it, but very small in size) , copy the dload folder to internal memory of your phone (the folder must have updata.app inside it) and do local update... after that copy the custom folder to your device and rename it to dload and do local update again.
Note: it is necessary to flash larger UPDATE file and then smaller UPDATE file to remove Balong issues.
Then download this: http://huaweidevices.ru/huaweiservic...170_Europe.zip B170 version and repeat the above process of upgrading.
after this you should be able to see OTA update of B550/B560 marshmallow update... if it doesn't show yet, then download it from here: http://download-c.huawei.com/downloa...20&siteCode=es B550 version.