Develop Bugs

[GUIDE] Installing stock kernel with ice glacier any

I recently came across a couple of threads in which it seems it was desirable (for some) to run the stock kernel, but with the ice glacier ROM. There were a couple of methods that I saw, neither of which seemed to work for me (one was an update kernel zip file package to be applied from recovery mode from the sdcard, and the other was more involved (see THISthread). The kernel provided in that thread is actually not the true STOCK kernel, as best as I can tell. It is likely equivalent, but uname -r still returns a Gr8gorilla lable.
So I decided to try the following method. First, if you have a nandroid/clockwork recovery backup of your device before installing ice, then you already have everything you need to revert to the stock kernel. Here is the procedure.
1) reboot phone into recovery
2) go into backup and restore
3) select advanced restore
4) select the very first backup set (the stock, probably first rooted one).
5) select restore boot partition
After this completes, you'll have ice but with stock kernel. However, your wireless will not work until you place the correct kernel module file corresponding to your kernel (bcm4329.ko) in the /system/lib/modules directory. In your nandroid backup set, there is a system.img file. Transfer this file to your computer, and use unyaffs to extract its contents and look for lib/modules/bcm4329.ko
6) while in recovery mode, make sure to mount /system
7) remove or rename the /system/lib/modules/bcm4329.ko file
8) adb push bcm4329.ko /system/lib/modules/bcm4329.ko
9) unmount /system from recovery, and reboot.
That's it. I tested this and ended up seeing:
Code:
Linux localhost 2.6.32.21-g899d047 #1 PREEMPT Tue Oct 26 16:10:01 CST 2010 armv7l GNU/Linux
and my wireless was working just fine. I have attached the wireless kernel module corresponding with stock kernel, and I have attached the boot.img from stock, in case you're reading this, and by some strange reason, you don't actually have an original backup.
I don't personally plan on running stock kernel, I just wanted to see if I _could_ if I wanted to.
Hope you find this useful.
Kambiz

One thing I noted btw, is that after doing this, when I did adb shell, it dropped me into a non-root shell by default, and I had to type "su" or "su - " to gain root. The other thing to note, is that the stock initrd, has the following default.prop entry:
ro.secure=1
whereas ice has:
ro.secure=0
What does this mean?! (besides double rainbow all the way across the sky)?

Setting ro.secure=0 allows adb root functions to work.
My MyGlacier 4G MINE!!!

grankin01 said:
Setting ro.secure=0 allows the "adb remount" command to work.
My MyGlacier 4G MINE!!!
Click to expand...
Click to collapse
Right. That's what I thought. But I have to say, it seemed to work anyway, because I did:
$ su -
# mount -o remount,rw /system
and then
# cd /system/lib/modules
# mv bcm4329.ko bcm4329.ko.ice
# cp /sdcard/stock-bcm4329.ko bcm4329.ko
# chmod 644 bcm4329.ko
# cd /
# mount -o remount,ro /system
Then I rebooted, and the "stock" driver file that I just put in place was persistent. So I'm not sure if clockworkmod is doing something to ensure ro.secure=0 ... I'm not sure.

No, it means that "adb root" and "adb remount" and any of the other adb root functions will have root access to your device through Android Debug Bridge (adb) by default. My adb shell always comes up with a $ prompt and I have to "su" for root. Setting this to 0 should let you type "adb root" or " adb remount" from your command shell on your desktop and allow you a root prompt device shell or rw access to system without having to "su" or "mount -o remount,rw /dev/block/mmcblk0p25 /system".
My MyGlacier 4G MINE!!!

so this is the true stock kernel?

tiger013 said:
so this is the true stock kernel?
Click to expand...
Click to collapse
Yes. I made a clockworkmod backup (nandroid backup) after rooting my phone with visionary+, but didn't alter anything else. So once I overwrote everything with Ice Glacier, I still have stock (post OTA update to 2.2.1) kernel and wireless drivers. (attached to OP).
I don't know how to convert them to a flashable update.zip, but I was able to load them using the procedure above.
EDIT:
Notice that the output of "uname -a" when run from adb shell is:
Linux localhost 2.6.32.21-g899d047 #1 PREEMPT Tue Oct 26 16:10:01 CST 2010 armv7l GNU/Linux
The Gorilla kernels have EXTRAVERSION strings added (the kernel version follows after "Linux localhost" in that string)

thank you! I added it to my thread

thanks for this peeps

[Q] Unrooting for warranty return

I rooted my phone using the gfree method outlined in the wiki, but made a Nandroid backup of stock before I started anything. I restored the backup; is there anything else I need to do before sending it back?
I noticed that still have the Superuser app in my app drawer, and I wasn't able to follow the instructions for S-OFF here (http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Turning_S-On) as it said "Permission denied" when I type cd /data/local (I also noticed that I don't have the /data/local folder anymore on my sd card).

Gfree gives you an option to turn S-off or S-on, go back to the wiki and re-read it, the code below is copied from the Wiki and I highlighted the options in red for you, just run gfree again with the -s option
Code:
gfree usage:
gfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
-h | -? | --help: display this message
-v | --version: display program version
-s | --secu_flag[COLOR="red"] on|off[/COLOR]: turn secu_flag [COLOR="Red"]on[/COLOR] or [COLOR="red"]off[/COLOR]
-c | --cid <CID>: set the CID to the 8-char long CID
-S | --sim_unlock: remove the SIMLOCK
-f | --free_all: same as --secu_flag off --sim_unlock --cid 11111111
As far as superusers app, just go into the app manager and remove it.

Sorry, I should've clarified that I don't have gfree anymore. I tried again and this is the prompt I get:
$ su
su
# cd data/local
cd data/local
# chmod 777 gfree
chmod 777 gfree
Unable to chmod gfree: No such file or directory
# ./gfree
./gfree
./gfree: not found
#

Push the gfree file back to data/local and rerun the commands except with -s option read the wiki again and use the right commands.
Sent from my HTC Vision using XDA App

All right, got my phone back to stock unrooted and with S-ON. Here's what I did (note that my circumstances my be different than yours so try this at your own risk):
I rooted and S-OFFed using the rage (v 0.03-this will come into play later) method on the wiki (http://forum.xda-developers.com/wik...sion#Rooting_the_Vision_.28G2.2FDZ.29_and_DHD). I did this right when I got the phone, so no OTA update (I had 1.19). Downloaded ROM Manager and did a Nandroid backup at this point (in my above post I said I made a backup right at the beginning which I was mistaken on). Then I went ahead and flashed CyanMod.
Phone earpiece broke, so I had to get the phone back to stock. First I restored my backup ROM (so back to 1.19 again). Used the unroot guide (http://forum.xda-developers.com/showthread.php?t=835971), and during step one, I got the following error:
E:Board does not support mtd utils.E:Failure at line 344:
write_raw_image PACKAGE:boot.img BOOT:
Installation aborted.
Failure at line 6:
install_zip SDCARD:/stock_root.zip​Some others seemed to get this error as well and it looked benign. Continued and rebooted the phone. Figured this would be a failure, so I followed the HexEditor steps. Turns out the misc.img file was already the right version, but I renamed it and ran dd if=/sdcard/miscnew.img of=/dev/block/mmcblk0p17 just in case.
Step 2 ran without any problems, so now I had a stock phone with S-OFF. To turn it back on, I temp rooted the phone (just follow the TEMP Root steps in the wiki). I then tried to follow the S-ON directions on the wiki (http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Turning_S-On), but the phone would automatically reboot after the dd line while not changing S-OFF.
Then I realized that I could use ./gfree -s on to turn S-ON since I was using 0.03, which worked perfectly. Rebooted to remove the temp root, and did a factory restore for good measure, and I believe I have a fairly pristine G2 ready for replacement.
Thanks to all the wikis and threads for their help!

I have a question about restoring to factory settings. Cant you just use the RUU from HTC (if you have a Desire Z that is) and just run that? Wont that just put it back to factory settings?

SOLUTION: S-ON HTC Wildfire S Downgrade Error "Main Version is Older. Update fail."

SOLUTION: S-ON HTC Wildfire S Downgrade Error "Main Version is Older. Update fail."
Like a few people I have been trying to debrand my S-ON Wildfire S by flashing an official HTC ROM. Since my phone shipped with a later version number (1.34.110.3), the bootloader would refuse to flash the latest Official HTC ROM (1.33.401.2) even with a gold card!
Luckily I've now managed to bypass this error by hex editing and reflashing the misc partition. The following method should allow you to downgrade to any signed HTC ROM no matter what version you currently have installed, even if your phone is S-ON.
Warning: You could probably brick your phone if you flash an invalid misc partition. So follow these steps carefully (or not at all)! Also, if you flash a very recent ROM, you may not be able to use these steps to downgrade again!
Ensure you have the HTC Sync USB drivers installed then download the zip at mediafire.com/?wxf6y4yq6d6nc8d containing the tools you need, and an official HTC ROM executable. I used the ROM at filefactory.com/file/cbd7165.
Connect your phone via USB and select the HTC sync option when prompted. Also ensure that USB debugging is enabled (this is the default).
Extract the zip and open a windows command prompt and browse to the directory where you extracted the files.
Execute the following commands in the command prompt:
Code:
adb push flash_image /sdcard/flash_image
adb push GingerBreak /data/local/tmp/GingerBreak
adb shell chmod 777 /data/local/tmp/GingerBreak
Now enter the interactive shell mode with the following command:
Code:
adb shell
Gain temporary root access by executing the following command within the interactive shell:
Code:
./data/local/tmp/GingerBreak
Ensure that it has worked successfully (the shell prompt should change from $ to #).
As root now execute the following commands:
Code:
cat /dev/mtd/mtd0 > /sdcard/misc.img
cat /sdcard/flash_image > /data/flash_image
chmod 777 /data/flash_image
Now exit from root permissions. The shell prompt should change back to a $.
Code:
exit
Clean up a few files and exit from adb.
Code:
rm /data/local/tmp/sh
rm /data/local/tmp/boomsh
exit
Copy the image file from your SD card using the command:
Code:
adb pull /sdcard/misc.img misc.img
Run HxD.exe, select "OK" at the prompt then File -> Open and locate misc.img (which is in the current directory). On the 11th line you should see the version number of your current ROM, change this to a lower number. I set my version number to 1.30.401.0 since this was the version number of the previous official HTC ROM. The changes made will be highlighted in red. File -> Save As and name it misc2.img.
Copy misc2.img to your SD card using the following command:
Code:
adb push misc2.img /sdcard/misc2.img
Reboot your phone so that you can use GingerBreak again to attain temporary root privileges. (This may not be strictly necessary, but I think it's worthwhile just in case.)
Once it's back and you've connected via USB using the HTC Sync option again, issue the following commands in your command prompt:
Code:
adb shell
./data/local/tmp/GingerBreak
/data/flash_image misc /sdcard/misc2.img
Now run the official ROM installer executable as normal. Note that the installer may state your current version number but this is ignored and you should be able to downgrade successfully!
Let me know if you have any problems.
Confirmed Working on:
TMobile UK 1.34.110.3 + HBOOT 0.90.0.0
TMobile Polska 1.30.401.2 + HBOOT 0.90.0.0

You also have/had the 1.03.0000 hboot?
I get:
./data/local/tmp/GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 0000 GOT start: 0x00014360 GOT end: 0x000143a0
And it stays there...

The hboot version I have is 0.90.0000, but I don't see why this wouldn't work for any version.
How long are you waiting for it to complete? Like it says, it can sometimes take a while for the exploit to take effect. Sometimes it took up to a minute for me.
Every time you use GingerBreak you should make sure that you remove sh, boomsh and crashlog if they exist, reboot your phone then push and chmod GingerBreak again.
Code:
adb shell
rm /data/local/tmp/sh
rm /data/local/tmp/boomsh
rm /data/local/tmp/crashlog
exit
** restart phone **
adb push GingerBreak /data/local/tmp/GingerBreak
adb shell chmod 777 /data/local/tmp/GingerBreak
adb shell
./data/local/tmp/GingerBreak

11 row
In my misc.img 11th row look like this:
should I change 9.0.0.0 to 1.30.401.0 ?? My current rom is TMobile PL 1.30.401.2.

m3ritum said:
should I change 9.0.0.0 to 1.30.401.0 ?? My current rom is TMobile PL 1.30.401.2.
Click to expand...
Click to collapse
It seems unusual that your ROM has a 9.0.0.0 version number
But, yes, as long as 1.30.401.0 is lower than the version number of the RUU you are intending to flash, it should be fine. If it doesn't work you can use flash_image to reflash misc.img to get back the old version number.

I tried it again after remove commands and rebooting but no luck... Waited +5mins and nothing happened.
I guess the new HBOOT is the problem.

sammyke007 said:
I tried it again after remove commands and rebooting but no luck... Waited +5mins and nothing happened.
I guess the new HBOOT is the problem.
Click to expand...
Click to collapse
Maybe the GingerBreak exploit is patched on your ROM...

Beer for U mphi it works great !!!

If this has worked for you, please can you post your previous ROM version number and your HBOOT version? I'll keep a list of working version numbers updated in the first post. Thanks!

Sure, ROM was branded TMobile Polska 1.30.401.2 and Hboot is 0.90.0.0.
Now I have unbranded 1.30.401.2.

m3ritum said:
Sure, ROM was branded TMobile Polska 1.30.401.2 and Hboot is 0.90.0.0.
Now I have unbranded 1.30.401.2.
Click to expand...
Click to collapse
Hey there, I flashed my phone with
RUU_Marvel_Sasktel_Canada_WWE_1.58.669.2_Radio_47.10c.35.3030_7.47.36.19M_release_199460_signed
hoping it would be unlocked, but now it means I cannot use your method which I previously used. I think I'm stuck on this until a new ROM comes out.. D:
Just giving people a heads up so they don't hit a wall like I did, and hope you can create a work around THANKS!!
//Edit
The only way to fix this is to get S-OFF right? *Looks like I'm forking out the cash lol*

snowie72 said:
Hey there, I flashed my phone with
RUU_Marvel_Sasktel_Canada_WWE_1.58.669.2_Radio_47.10c.35.3030_7.47.36.19M_release_199460_signed
hoping it would be unlocked, but now it means I cannot use your method which I previously used. I think I'm stuck on this until a new ROM comes out.. D:
Just giving people a heads up so they don't hit a wall like I did, and hope you can create a work around THANKS!!
//Edit
The only way to fix this is to get S-OFF right? *Looks like I'm forking out the cash lol*
Click to expand...
Click to collapse
Ahh, the GingerBread exploit must have been patched in that ROM then. It's a double-edged sword really; if you were running a ROM that is unpatched a malicious app could take full control of your phone...
Having said that, it still might be possible to enter recovery mode and reflash without S-OFF, but I really haven't done much research and wouldn't know where to start

Its just a shame there is not much going on in this section compared to other phones, lol.
I'm just going to take it into to town and get it unlocked for cash on the weekend, then save for a Galaxy S2.

Does not work for me with Wildfire S HBoot 0.90 and European T-Com ROM 1.34.11.5

Hi!
I had the same 11th line as on picture - 9.0.0.0.
I put the tutorial values and a solutions works 4 me as well.
I don't remember ROM version but was branded for tmobile polska, and I'm sure that was never than 1.30.401.2. - something like 1.33.xxxx or even 1.35.xxxx
After all I tried a goldcard method - now works fine.
Many thanks for a solution!!

Chinese to european ROM
Hi
I'm trying to install the euro ROM (1.33...) using the goldcard metod in my Wildfire S but I get the downgrade error (now I'm running a 1.38... version and 0.90.0000 HBOOT).
Now I'm in China and I don't know why can't visit mediafire for download the zip with the files that I need for follow this tuto. Is there some alternative web for get this files?
Another question is if in the future will be a euro version newer than the chinese one that allow me to change the ROM without do the practice of this tuto.
I have not a lot of experience doing this, so it will be grat and easier for me
Thanks in advance!!

There's no way to tell if there will be a newer official HTC ROM > 1.38..., but if there is, you should be able to download without this tutorial.
I've re-uploaded the files to a few more filehosts, hopefully you can access at least one of them:
http://www.megaupload.com/?d=OKI8MVO1
http://depositfiles.com/en/files/fodci19ux
http://www.zshare.net/download/926497736bd36c1c/
http://uploading.com/files/9fa81218/tools.zip/
http://www.filesonic.com/file/1452304874/tools.zip
http://hotfile.com/dl/124169210/fc79b70/tools.zip.html

Thanks mphi!!
Yesterday was my first post. Im very lucky to enjoy this comunity

hi i get an error after part 11 i get access denied

Can't get root permissions
sammyke007 said:
I get:
./data/local/tmp/GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 0000 GOT start: 0x00014360 GOT end: 0x000143a0
And it stays there...
Click to expand...
Click to collapse
Same problem
I'm running HBOOT 0.90.0000 an my rom is 1.38.1400.5, official HTC chinese ROM

[Q] Desire Z with 2.42.405.2 Able to downgrade? ( i'm able to temproot )

Hi all
I have a European HTC Desire Z with this info:
Android 2.3.3
Sense 2.1
Build 2.42.495.2
Vision PVT Ship S-ON
Hboot-0.85.0013
MicroP-0425
Radio 26.10.04.03_M
eMMC-boot
Apr 11 2011,23:36:27
I am able to temproot this phone with the method provided here:
http://forum.xda-developers.com/showpost.php?p=15851661&postcount=1
using the code:
Code:
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
However the downgrading part fails on me.
After entering the bootloader menu is scans the SDCARD and finds the PC10IMG.zip
telling me: loading...[PC10IMG.zip], after that it's saying: Checking..[PC10IMG.zip].
After checking it just goes back to the Menu without asking me to update etc.
I did however changed the misc_version and followed the guide precisely.
I searched and found some Threads saying this version isn't rootable yet. though they were couple months old, and I am able to get temp root. it should be do-able right?
Can someone please confirm this and tell me how to, or what i'm doing wrong and let this baby free.

I followed the guide to the letter, without changing misc_version or anything, and I managed to downgrade and root without problems on first try. Same version as you, Desire Z bought in Poland.
Just be sure to grab the file for Desire Z and not for T-Mobile G2 and it should work

costipl said:
Just be sure to grab the file for Desire Z and not for T-Mobile G2 and it should work
Click to expand...
Click to collapse
What file are you referring to here?
Also, how is it possible to downgrade without changing the misc_version, i thought it was all about changing that in order to make it work haha.

Sorry, I think I misunderstood your post...
I did this to change misc_version:
Code:
$ adb push misc_version /data/local/tmp/misc_version
$ adb shell chmod 777 /data/local/tmp/misc_version
$ adb shell
# /data/local/tmp/misc_version -s 1.00.000.0
I assumed you changed the "1.00.000.0" to something else (while browsing the forum I found in some threads that people used a different value on DZ).
As for the file I was referring to, I meant the stock rom image - 1.34.405.5_PC10IMG.zip
Maybe you grabbed the file "PC10IMG_Vision_TMOUS_1.19.531.1_Radio_12.21.60.09 b_26.02.01.15_M2_release_149459_signed.zip", which is for G2?
Other than that, I'm not familiar enough with the bootloader to be of any help.

costipl said:
Sorry, I think I misunderstood your post...
I did this to change misc_version:
Code:
$ adb push misc_version /data/local/tmp/misc_version
$ adb shell chmod 777 /data/local/tmp/misc_version
$ adb shell
# /data/local/tmp/misc_version -s 1.00.000.0
I assumed you changed the "1.00.000.0" to something else (while browsing the forum I found in some threads that people used a different value on DZ).
As for the file I was referring to, I meant the stock rom image - 1.34.405.5_PC10IMG.zip
Maybe you grabbed the file "PC10IMG_Vision_TMOUS_1.19.531.1_Radio_12.21.60.09 b_26.02.01.15_M2_release_149459_signed.zip", which is for G2?
Other than that, I'm not familiar enough with the bootloader to be of any help.
Click to expand...
Click to collapse
I redownloaded the zip file and you just made my day i had a other zip from another thread. but with the exact same name.. maybe corrupted ? THANKS!

Radio's get flashed AFTER you flash your ROM, not before ;P
Remember to rename your PC10IMG.zip to something else after you're done rooting/installing a new ROM, cos if anything happens and your phone crashes and you need to enter recovery, having PC10IMG.zip on the root of your SD will ensure that you never get into recovery
Power + Vol Down boots into bootloader, and it automatically scans for updates, PC10IMG.zip being one of them. Only when there are no update files on SD root will it give you a choice of booting into Recovery to well, recover your phone

[GUIDE] How to Unroot Bell Desire Z

Hello,
I've had a few requests for help unrooting the Bell Desire Z for warranty purposes.
If you've noticed, there isn't a specific guide for us Bell users, while T-Mobile customers have like a dozen guides scattered around. I figured this out and I should share it.
The really tricky part was figuring out how to get rid of superuser.apk and also get s-on and Bell's CID in the right order, but it turns out it's simple haha. Unfortunately there was not guide for me, so I had to figure this out trial and error and piecing it together from other random posts. I'm not a dev/hacker (well, maybe now I am a novice hacker), so it was a big deal for me (lol) and I can relate to the frustration that comes from not having a good resource.
The exact build my phone shipped with was 1.34.666.5 and other phones may have shipped with other builds, but I've determined that the way Bell operates is that they send their phones to a 3rd party repair facility, and they don't check this (or don't care). However, they may still check whether or not the phone is rooted. So let's unroot it.
DISCLAIMER: Do your own research. I am not responsible for anything bad that happens to your phone after this point (but I will take credit for your success!! ). I used this method successfully and everything worked great. But proceed with caution. If you are unsure, do some looking around. CHECK YOUR MD5 SUMS! Easy MD5 is in the market, and is great.
0. If you have flashed a new radio, flash the old radio back. This one:
http://www.mediafire.com/?9cb8a7jwxob8o6r
NOTE: I'm leaving specific details out of this because if you don't know how to do this, that means you haven't done it before, and you don't need to do this step, and should probably avoid flashing new radios anyway.
1. Download this file:
https://rcpt.yousendit.com/1317004046/ea1de40db3968b867573327c903231bf
-unzip it, and place the folders in /sdcard/clockworkmod/backup/
(recovery will check the md5 sums for you)
2. Reboot into recovery (assuming you have the clockworkmod recovery).
-Do a factory reset (yes, you will lose all your apps etc if you didn't back up)
-Choose Backup/Restore, Advanced Restore, Stock DZ System, System.img
-Choose Backup/Restore, Advanced Restore, Stock DZ Boot, Boot.img
-Reboot
3. Download
http://dl.dropbox.com/u/15272013/Flash Recovery Files.zip
Unzip those files to the root of your sdcard.
PLEASE CHECK THE MD5 of recovery.img AFTER you have unzipped it and placed it on your sdcard!! Sometimes if you check an md5 on your pc and then copy it over, you could still have an error, and then you'll be in a bit of trouble!
md5 of recovery.img: id5d280af717f9afd7ce1c3285c129bc
4. Download the following file:
http://cmw.22aaf3.com/common/gfree_07.zip
md5 (of entire folder): 6916cf05b0805aeac9effdc1725aaa12
unzip and place the file gfree on the root of your sdcard
3. Install Terminal Emulator from the Market. This all needs to be done in the same Terminal Session. Type
$su
#mount -o remount, rw /system
#cp /sdcard/flash_image /system/bin/
#chmod 777 /system/bin/flash_image
#/system/bin/flash_image recovery /sdcard/recovery.img
#cp /sdcard/gfree /data/local/tmp/
#chmod 777 /data/local/tmp/gfree
#rm /system/app/superuser.apk
#/data/local/tmp/gfree -s on -c BM___001
Now when you reboot your phone, you will have an unrooted phone, stock. For clarity, you have:
-Stock, Unrooted Bell ROM 1.34.666.5
-Stock, Matching Radio
-S-Off HBoot
-Proper Bell CID
-Superuser.apk nowhere to be found
The only loose ends are that flash_image will still be in your /system/bin and if you flashed the eng hboot, your hboot number may not match. I'm 99.9% certain nobody at the repair facility will look or care about it. Also, I'd prefer you avoid flashing your hboot, since that is singly the most risky thing you can do with your phone.
If anybody knows whether the flash_image binary works in /data/local/tmp, let me know and I'll edit the post.
Note: when you get your phone back, it will have the latest GB RUU on it. This will give you a bit of trouble re-rooting it. There is no way around having them flash the latest firmware on it, since it's the very first thing they do before they diagnose your phone.
Thanks to Football for information on shipped builds and mxpxboi for his rooted 1.34.666.5 nandroid files.
Cheers!
JT

jontornblom said:
3. Install Terminal Emulator from the Market. This all needs to be done in the same Terminal Session. Type
$su
#mount -o remount, rw /system
#cp /sdcard/flash_image /system/bin/
#chmod 777 /system/bin/flash_image
#/system/bin/flash_image recovery /sdcard/recovery.img
#cp /sdcard/gfree /data/local/tmp/
#chmod777 /system/bin/gfree
#rm /system/app/superuser.apk
#/data/local/tmp/gfree -s on -c BM___001
Click to expand...
Click to collapse
Thanks for the help jontornblom. Quick question:
I am receiving the error message saying /system/bin/gfree no such directory.
Any Tips?

Merzennary said:
Thanks for the help jontornblom. Quick question:
I am receiving the error message saying /system/bin/gfree no such directory.
Any Tips?
Click to expand...
Click to collapse
Did you accidentally type a "/" after gfree?
Sent from my Nexus 6 like tears in rain.

good job - thx for this guide

jontornblom said:
$su
#mount -o remount, rw /system
#cp /sdcard/flash_image /system/bin/
#chmod 777 /system/bin/flash_image
#/system/bin/flash_image recovery /sdcard/recovery.img
#cp /sdcard/gfree /data/local/tmp/
#chmod777 /system/bin/gfree
#rm /system/app/superuser.apk
#/data/local/tmp/gfree -s on -c BM___001
Click to expand...
Click to collapse
There are a couple of small typos in this code. In the second chmod there should be a space between "chmod" and "777". More importantly though, that second chmod should be on "/data/local/tmp/gfree" since that's where it's been copied
Sent from my Desire Z running CM7.

steviewevie said:
There are a couple of small typos in this code. In the second chmod there should be a space between "chmod" and "777". More importantly though, that second chmod should be on "/data/local/tmp/gfree" since that's where it's been copied
Sent from my Desire Z running CM7.
Click to expand...
Click to collapse
Thanks! Sorry about that =( I will edit the OP
Edit: okay, typos fixed. My apologies to anyone who ran into trouble because of this.
Sent from my Nexus 6 like tears in rain.

jontornblom said:
Hello,
1. Download this file:
...yousendit.com/1317004046/....3968b867573327c903231bf
-unzip it, and place the folders in /sdcard/clockworkmod/backup/
(recovery will check the md5 sums for you)
Click to expand...
Click to collapse
Could someone re-upload file from step 1?

Hi,
I too could use the file from Step 1. And there is a little urgency as I need to get my DZ back to stock as soon as possible.
Your help is appreciated...greatly!
Thanks.