Warning: This will erase all data on your device. Back up any important information. We are not responsible for any damage, loss of data, or explosions that result.

Update: You can use this method to unlock the bootloader on version 1.85 if you root using the new exploit found by jcase.

After HTC basically pointed the finger at AT&T for the bootloader situation on the American version of the One X (which is technically the One XL), many an enthusiast voiced their disapproval. Now, a very clever XDA member (grankin01) has discovered how to unlock the bootloader of the beast using a simple but ingenious method - trick it into thinking it's from Canada. The Rogers One XL has an unlockable bootloader, and is the same piece of hardware as the AT&T One X.

Much like slapping a Canadian flag on your backpack while going abroad, it looks like the simple hex value switchup involved here will trick HTC's bootloader unlock system into believing you're from the land of maple leaves, hockey, and good manners.

The process is a little detailed, but overall, there's nothing fancy going on here aside from a little hex editing (you'll need a hex editor utility like HxD). Just boot up ADB, copy and paste the appropriate commands, and follow the instructions to the letter. You'll also need to be rooted (which means you can't do this if you're on the new OTA leak yet - sorry) for this to work.

Alright, once again, you do this at your own risk!
You need ADB and an understanding of how to use it and have a rooted device (although I didn't test this). You will also need a hex editor like HxD.


1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.

2. Type "su" and hit enter. You now have root privileges.

3. Next type "dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4" and hit enter. This will dump the partition to your sdcard.

4. Next type "exit", hit enter, type "exit", and hit enter again. This should take you back to a command prompt for your computer.

5. type "adb pull /sdcard/mmcblk0p4" and hit enter.

6. Open the file (mmcblk0p4) with your hex editor.

7. Look for offset 00000210 and you should see CWS_001 with your IMEI number attached to it.

8. Change CWS_001 to ROGER001 and save the file as mmcblk0p4MOD.

9. Now go back to your command prompt and type "adb push mmcblk0p4MOD /sdcard/mmcblk0p4MOD" and hit enter.

10. Type "adb shell" and hit enter then type "su" and hit enter again. This will put you back into the android shell and give you root privileges.

11. Type "dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4" and hit enter. To test if it worked restart the phone into fastboot (type "adb reboot bootloader" and hit enter) and once the bootloader screen comes up type "fastboot oem readcid" and hit enter. It should read "ROGER001".

12. Next type "fastboot oem get_identifier_token" and hit enter. Leave that up on your screen and go to HTCdev.com. Follow the instructions from there.


David Ruddock
David's phone is whatever is currently sitting on his desk. He is an avid writer, and enjoys playing devil's advocate in editorials, and reviewing the latest phones and gadgets. He also doesn't usually write such boring sentences.

  • aNYthing6

    Hope this kickstarts the development for the device. 

  • Guest

    My unrooted device can run more than 400,000 apps.
    My rooted device can run about 401,000 apps.

    It's just no longer worth all the time and trouble to root any more.

    • http://twitter.com/crazifyngers crazifyngers

      It may be if those 1000 apps are the ones you use.

    • Tyler Chappell

      Yes because being able to use apps like Titanium Backup to uninstall carrier bloatware is totally not worth it.

      • CeluGeek

        Right. It isn't worth it. You don't get any of that wasted storage space back and you might have problems later with updates. Uninstalling with Titanium Backup does little more over disabling the offending apps, which you can already do in ICS out of the box.

        • Sobr0801

          I honestly have felt no need to root my Rezound. I have been reflashing the leaked ICS builds with no problem. I may root and rom it down the road if I ever feel the need to install sense 4.0, but for the time being I am content. (I have been content since febuary 29th since I bought it)

        • Tyler Chappell

          Yeah because I really would love the 11 or so bloat apps that came on my Thunderbolt to always be there in my app drawer even though I'll never use them. And if you root, you don't care about carrier-pushed updates because guess what!? You'll have the leaked and rooted versions before lazyass big red pushes them out! And maybe not everyone wants to wait to get ICS on their device to disable or remove the apps?
          And what about the people with devices that won't receive an ICS update to use the disable feature? Hmm?
          So yes simpleton, for people smart enough to root their device in the first place, it is most definitely worth it. Derp.

        • Dewind

          Honestly, it's not about the number of rooted apps, it's about the additional features those few apps provide.. think about Titanium, Droidwall, Permissions Denied etc.
          Not to mention flashing different ROMs customized for your needs etc. In short, rooting is worthwhile IF you know what to do with it. For the casual user, it's probably just a waste of time though.

    • Rui Araújo

      From a developers point of view, rooting still brings a lot of advantages such as downloading your db's for debug and other things...

    • Bonjixby

      There is a huge difference between having an unlocked bootloader and root not sure why anyone is even arguing with this troll...

  • TheFirstUniverseKing

    Wow, that's crazy. I didn't think it'd be unlocked that easily (and quickly). Good news for One X owners, I'm sure.

  • ProductFRED

    It's sad that we have to go through something like this because of these a-hole carriers.

  • http://twitter.com/strifejester Justin Ellenbecker

    Does the unlock achieve S-Off though?

    • ModXMV

      Does not look like it.

    • wlmeng11

      It took until April this year for S-OFF on most of 2011 devices, so it might be a while for the One X.

  • http://www.facebook.com/people/Michael-Hartridge/1208835704 Michael Hartridge


    XDA: 1
    AT&T/HTC: muthafuckin -4830840194381-4109

  • moelsen8

    that's crazy.  what a big oversight.  wonder what at&t's next move is.. pretend it never happened and keep trying to lock out root with OTAs?  let HTC unlock them all?

  • Simon Belmont

    This is pretty cool. DD command for the win!

    I wonder how long before HTC plugs this hole! OTA update in 3...2...1.

  • shift

    Too bad HTC's Unlock is still not true S-OFF.

  • blunden

    Perhaps you should update the instructions to reflect the ones on XDA. Predictably HTCdev accepts Super CID phones too so changing it to that as they now suggest should give you the added benifit of being able to flash RUUs from other regions (providing it's for the same hardware of course).

  • onexamateur

    please help me! when i tape su (in the 2 ) it say "system/bin/sh : su not found