So... I recently had my evo replaced. As a result i found that i can no longer use Unrevoked to root, nand unlock and S-off my new phone. The current guides all point to using htcdev.com/bootloader however it seems rather unreliable because i attempted to access it, and the site kept reporting it had an incorrect .php file or some stuff. Google Searches proved that this site goes down frequently.
So with some google searching i have pieced together an Offline way to root an Evo4g. From the sounds of it, i think this method will root, Nand Unlock, S-off, and push a recovery to any device. At least from what i am understanding. Also apparently this method WILL NOT void your HTC warranty because you do not need to use HTCDEV.COM/Bootloader
Soooooo... My disclaimer.. I am not a dev, i have no idea what the first thing a dev does. I give ALL credit to the people that put in the hard work to allow me to achieve root. I will also post credits and the origional thread i pulled this information from. Also, if you mess things up, i cant help you. I probably wont even be able to answer any of your questions.
This method uses a hack provided by SimonSimon34 on these forums for his HTC Wildfire, but it WILL work on our Evo's.
First things first.
1. Turn on your phone
2. Go To Settings->Apps->Development Enable Usb Debugging.
3. Visit Simonsimons34 Wildfire Unlock Thread
4. Download the V2 Universal Rar he has
5. The instructions for this zip are easy. once downloaded, i suggest moving it to the Desktop. Extract to a Folder on the desktop and name it root.
6. Once extracted open your folder you just named root. There will be a file in there called Simonsutility.bak double click on it.
7. You are presented with 4 options.
1. Bootloader Unlock and Root (Universal)
2. Custom Recovery (Unlocked or S-Off)
3. S-Off
4. Install Drivers
Connect your phone to the computer, Choose Charge only. Choose 1 and press enter
8. The phone then does alot of stuff. not exactly sure what any of it means, but if you watch the Simonsutility window it kind of explains as its going what it is doing. when its finished choose option 2 and press enter.
9. You should now be staring at your bootloader screen. Now you need to choose a recovery. I reccomend Amon_Ra's as i have yet to have any catastrophic issues using it. This can be downloaded Amon_ra Recovery Current version is v.2.3 just make sure you download it.
10. Once downloaded i suggest moving it to the folder we created earlier called Root and renaming it to recovery.img because its going to make things easier in the next step.
11. Now you have all you need to push the new recovery. Open up the root folder and shift+right click on fastboot and choose open command prompt here. If you do not have that option, click on your start menu, type CMD, and then navigate to your C:/users/*username/desktop/root folder (*username is obv your user profile name).
12. Once you are in the fastboot folder/directory type
Code:
Fastboot flash recovery recovery.img
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Once it is finished you can select reboot recovery and you will now be in the Amon_ra Recovery.
From here you can flash a Rom of which for first time rooters, i would reccomend Fresh Evo 4.3.3 just because of its stability.
Below are the paypal accounts and origional threads i ripped off all of this information from. If there is enough interest i will update everything with pics. As i know the resources for this information is very low.
Thanks To
-==-=-=-=-=-=-=-
SimonSimon34
Simons Paypal
Simons Wildfire Thread
Amon_ra
Amon_ra's Paypal
Amon_ra's Origional Thread
Captain Throwback
Captian Throwbacks Thread
Im Placing Captain Throwback up here because his thread was the origional thread i was following, however since the HTC site was down i wasnt able to do anything, but i stole his Picture of the Amon recovery push.
Anyways, if i missed something feel free to flame me incessantly.
ACTUALLY THIS THREAD IS IN THE WRONG SECTION.
It does appear to work without going to the Htcdev site.
Well, someone had to test this method besides Hamspiced (Thanks for the tip). To summarize the method and give a brief description of what was done: I first S-ON and unrooted the phone back to 4.67 with the bootloader LOCKED (OWW). Dowloaded the file from
http://goo.im/devs/simonsimons34/HTC_Universal/Htc_Utilityv2Windows.zip
and unzipped it to a folder called root. Then,
1. Went to Setting/Applications and turned off Fastboot, then Settings/Applications/Development and enabled USB debugging.
2. Went to the root folder and ran the Drivers.exe program (to install the MYHTC drivers).
3. Connected the phone to my computer.
4. Ran the simonsutility.bat file, and was given the set of options:
1. Bootloader Unlock and Root (Universal)
2. Custom Recovery (Unlocked or S-Off)
3. S-Off
4. Install Drivers
and chose option 1.
5. After following a series of instructions, the phone finally rebooted into the bootloader and then read UNLOCKED, to my surprise. Also I tried options 2-4, but none of them seem compatible with the EVO 4g. So, the phone is now unlocked, but S-ON, but as long as the bootloader is unlocked, I can still do anything to the phone that I want, including installing the custom Recovery and turning it back S-OFF (I've done this many times).
So based on the experiment, there does seem to be an alternative right now to going to the Htcdev site to unlock the bootloader. It should work on other phones with the same type of bootloader (LOCK OWW) as well. I see that this takes advantage of a known vulnerability which I am not going to detail here to flash to the bootloader. I'm sure HTC knows about it and will patch it on future phones.
Well awesome! Im glad that my only mess up was that i posted it in the wrong section.
I was tired of the HTCDev site consistantly not working properly. I always had issues accessing it.
It's actually quite simple to understand without using the program (well I read programs very well): Temp root, Copy misc partition to data directory, unlock it with the bool file, flash unlocked misc image back to misc partition...with no Htcdev site. I've done it manually several times. I don't see why no one discovered it sooner.
shortydoggg said:
It's actually quite simple to understand without using the program (well I read programs very well): Temp root, Copy misc partition to data directory, unlock it with the bool file, flash unlocked misc image back to misc partition...with no Htcdev site. I've done it manually several times. I don't see why no one discovered it sooner.
Click to expand...
Click to collapse
Isn't this the same thing TacoRoot does, essentially?
Captain_Throwback said:
Isn't this the same thing TacoRoot does, essentially?
Click to expand...
Click to collapse
It does use tacoroot, but instead of running a PC36IMG file or RUU to downgrade, it uses some file called bool to unlock the bootloader almost directly. The main syntax after Tacoroot (once the files are given the chmod 755 command from the /data/local directory):
dump_image misc /data/local/misc.img
bool /data/local/misc.img unlock
flash_image misc /data/local/misc.img
I'm typing the commands from the top of my head, so there may be a spelling error. Reboot the phone, and the bootloader goes from "LOCKED OOW" TO "UNLOCKED".
Will this method reformat your phone or no?
This response is a little late because l'm on another phone now, but for those that want to know;
It unlocks the bootloader without wiping your phone, unlike the HTCdev site.
Sent from my SAMSUNG-SGH-I747 using xda premium
shortydoggg said:
So, the phone is now unlocked, but S-ON, but as long as the bootloader is unlocked, I can still do anything to the phone that I want, including installing the custom Recovery and turning it back S-OFF (I've done this many times).
Click to expand...
Click to collapse
Hamspiced, thank you for this method, I was having the same problem (had to get a replacement evo with the new software, and htc dev crashes every time I loaded the token)
I have a question for shortydoggg, how were you able to achieve s-off using this method? And were you able to remove the watermark?
wjHarnish said:
Hamspiced, thank you for this method, I was having the same problem (had to get a replacement evo with the new software, and htc dev crashes every time I loaded the token)
I have a question for shortydoggg, how were you able to achieve s-off using this method? And were you able to remove the watermark?
Click to expand...
Click to collapse
The method is just an alternative to going to the HTCdev site (and wiping the phone) to unlock the bootloader. It only unlocks the bootloader so that you can flash a custom recovery and flash superuser to obtain root access without wiping data. The phone will still be S-ON. You would then need to follow Captain Throwback's guide to obtaining S-OFF to remove the watermark and obtain S-OFF afterwards.
Sent from my SAMSUNG-SGH-I747 using xda premium
You can also show it as locked boot loader and send back to HTC leaving your warranty intact. That's in my next update
Sent from my One V using Tapatalk 2
This looks cool.I am trying to root my brother-in-law's EVO. I tried HTCDev and had no luck what so ever. I'll report back as well once I get his phone charged up.
10:35 pm est
Looks like Goo.im is down or something.Unable to download any of the links for the Utility.
Does anyone have the file laying around?
shortydoggg said:
It's actually quite simple to understand without using the program (well I read programs very well): Temp root, Copy misc partition to data directory, unlock it with the bool file, flash unlocked misc image back to misc partition...with no Htcdev site. I've done it manually several times. I don't see why no one discovered it sooner.
Click to expand...
Click to collapse
It seems that when goo.im went down SimonSimon34's source code was lost with it.
If you would be so kind as to detail the manual version of this method it would be helpful to me, and I'm sure others, until SimonSimon34 finishes rewriting his utility, unfortunately, from the ground up.
Thank you much,
J.
jackfrost909 said:
It seems that when goo.im went down SimonSimon34's source code was lost with it.
If you would be so kind as to detail the manual version of this method it would be helpful to me, and I'm sure others, until SimonSimon34 finishes rewriting his utility, unfortunately, from the ground up.
Thank you much,
J.
Click to expand...
Click to collapse
I'm going to detail the method as much as possible here, since some want to see it. I have added links to the original SimonSimon34 source code, as well as a zip file with the necessary files for a manual method. I have walked through the manual mode step by step and have provided as much step by step proceedure as I have time for. Just remember 2 things here:
1. This method was originally made by SimonSimon34.
2. Any attempt at unlocking your bootloader and rooting your phone is at your own risk, so if you brick your phone, it's nobody's fault but your own.
Links:
SimonSimon34 original source code:
https://dl.dropbox.com/u/38127313/Htc_Utilityv2Windows.zip
Shortydoggg's breakdown and additions to SimonSimon's file for Manual Method.
https://dl.dropbox.com/u/38127313/Root 2.3.5.zip
(YOU NEED TO UNZIP THE FILES TO A FOLDER OF LIKING.)
NOW FOR A DESCRIPTION OF HOW THE ROOT METHOD WORKS (MANUALLY). YOU COULD ALSO JUST RUN THE Htc_Utilityv2Windows UTILITY (simonsutility.bat) SINCE IT IS PROBABLY EASIER, ALTHOUGH I FOUND SOME ERRORS AND MADE MY OWN CORRECTED VERSION WHICH I'M NOT GOING TO POST DUE TO MOST OF IT IS NOT MY OWN WORK. ALSO, THE WAY I ENTER MY COMMANDS IS SLIGHTLY DIFFERENT THAN THE WAY SIMONSIMON34 DOES HIS INSIDE HIS PROGRAM.
1. THE PHONE SHOULD BE IN CHARGE ONLY MODE WITH IT PLUGGED INTO YOUR COMPUTER'S USB.
2. RUN THE DRIVERS.exe file
3. TURN OFF FASTBOOT UNDER SETTINGS/APPLICATIONS
4. ENABLE USB DEBUGGING UNDER SETTINGS/APPLICATIONS/DEVELOPMENT
5. NOW YOU WOULD OPEN A COMMAND PROMPT AT THE FOLDER WHERE YOU UNZIPPED THE FILES, THEN TYPE:
adb push tacoroot.sh /data/local <ENTER>
adb push flash_image /data/local <ENTER>
adb push dump_image /data/local <ENTER>
adb push bool /data/local <ENTER>
adb push Superuser.zip /sdcard/ <ENTER>
adb shell
cd /data/local
chmod 755 tacoroot.sh
chmod 755 flash_image
chmod 755 dump_image
chmod 755 bool
./tacoroot.sh --recovery
(HOLD VOLLUME UP +VOLUME DOWN + POWER BUTTONS WHEN THE RED TRIANGLE APPEARS, THEN HIT THE POWER BUTTON TO REBOOT THE PHONE.)
(ONCE IT REBOOTS, TYPE
adb shell
/data/local/tacoroot.sh --setup
(HOLD VOLLUME UP +VOLUME DOWN + POWER BUTTONS WHEN THE RED TRIANGLE APPEARS, THEN HIT THE POWER BUTTON TO REBOOT THE PHONE.)
(ONCE IT REBOOTS, TYPE
adb shell
/data/local/tacoroot.sh --root
(IF AT ANYTIME THE PROCESS IS MESSED AFTER THIS POINT, YOU MUST REBOOT THE PHONE THEN TYPE:
adb shell
/data/local/tacoroot.sh --undo
IN ORDER TO RESTORE YOUR PHONE BACK TO WORKING CONDITION)
adb shell
cd /data/local
./dump_image misc misc.img
./bool misc.img unlock
./flash_image misc misc.img
./tacoroot.sh --undo
(ONCE THE PHONE REBOOTS, THEN BOOT INTO THE BOOTLOADER BY TYPING
adb shell
reboot bootloader
fastboot flash recovery recovery.img
fastboot reboot-bootloader
(WHEN THE PHONE REBOOTS, HIT THE POWER BUTTON, USE THE VOLUME DOWN BUTTON THE THE POWER BUTTON TO GO INTO RECOVERY, THEN FLASH THE SUPERUSER.ZIP APP WHICH SHOULD BE ON THE ROOT OF THE SDCARD. REBOOT THE PHONE AND IT SHOULD NOW BE ROOTED.)
bool misc.img lock will lock it back how it was before, locked. Not relocked. But full blown locked
Sent from my One V using Tapatalk 2
If anyone has a copy of the Htc_Utilityv2Windows can you please post it, since it was lost from goo when they crashed.
Thanks
gadgetdaddy said:
If anyone has a copy of the Htc_Utilityv2Windows can you please post it, since it was lost from goo when they crashed.
Thanks
Click to expand...
Click to collapse
I already posted a link in this thread.
Sent from my SGH-I747M using xda premium
Mention github has utility 2 please
Sent from my One V using Tapatalk 2
simonsimons34 said:
bool misc.img lock will lock it back how it was before, locked. Not relocked. But full blown locked
Sent from my One V using Tapatalk 2
Click to expand...
Click to collapse
Not sure what you mean by "full blown locked" as opposed to "relocked"
Do you mean it will go back to s-on even if you went the full way to s-off, our are you referring to something else?
Sorry for the noobish question.
Thank you.
Sent from my PC36100 using Tapatalk 2
jackfrost909 said:
Not sure what you mean by "full blown locked" as opposed to "relocked"
Do you mean it will go back to s-on even if you went the full way to s-off, our are you referring to something else?
Sorry for the noobish question.
Thank you.
Sent from my PC36100 using Tapatalk 2
Click to expand...
Click to collapse
I mean like how the phone was when you bought it. If you need to send it in for warranty you would flash the stock hboot, send the son command, run bool lock command, and flash the ruu then your phone will be exactly like when you bought it was
Sent from my One V using Tapatalk 2
Related
First of all, unforgiven512 deserves most of the credit for coming up with the initial tutorial for perm root and s=off for the new HTC devices. Also, thanks to adwinp for the instructions on hexeditting the kernel module to make it work with the MT4G.
This was a collaborative #g2root effort, primarily involving scotty2, tmzt, IntuitiveNipple but also many others!
Ok, so the usual disclaimers go here:
I am not responsible for your bricked phone or the ignorance that may or may not have caused it based on the fact that you CHOSE to follow these steps. Read through the forums and LEARN before you attempt to flash any device. You have been warned.
This method only works for those devices who have already received their OTA update!!!
Now that that is out of the way here we go:
First make sure you have visionary installed!
Root.rar (all files plus a script to make things a little easier. )
http://www.mediafire.com/?flit79p2y069bb3
md5sum: 46361b0cc8652d88688c0ab66d44950b
1. Download the root.rar file and unzip it to /sdcard on your device.
2. Run VISIONary to gain temp root.
Now I am going to run two different sets of instructions (you'll understand why in a minute):
Terminal Emulator Method
3a. Start terminal emulator up on your device.(I prefer this method b/c you can see the output.)
a. type "su" + enter to gain root privileges.
b. Type "cd /sdcard/root" + enter.
c. Type "sh root.sh" + enter.
d. Follow the on screen prompts.
File Explorer Method
3b. Start up root explorer, sufbs, or some other type of file browser with root privileges.
a. Navigate to /sdcard/root on your device.
b. Click on root.sh and allow it to run. Some file browsers ask you if you want to or not.
c. Now wait about 18 to 20 seconds and restart your device into the bootloader to check if S=off is displayed.
4. Start the device back up.
5. Run visionary again and reboot again. This will make root stick.
You can now uninstall visionary and enjoy permaroot.
Alternative Root Process
First, uninstall visionary and superuser and restart your device to wipe out temp root.
Second, download MT4G Modperm.zip and unzip its contents to your sdk tools directory.
MT4G Modperm.zip: http://www.mediafire.com/?eaw0q0zjc7rrrwh
MD5Sum: 3ea4a7a6ddee711d12f7350ce60fae33
Then:
Windows Users:
1a. Using Explorer navigate to the root of your sdk. Hold shift and right mouse click on the tools folder. Select "Open command window here".
2a. Type "adbbat" + enter. Wait till the batch file finishes.
Linux Users:
1b. Using file browser of your choice (or terminal) navigate to the tools folder of your sdk and double click on adbbat.sh (type sh adbbat.sh if you are using terminal). Credit for adbbat.sh goes to slhpss.
2. Disconnect your phone from the PC.
3. Open terminal emulator on the phone and type "/data/local/rage" + enter. Wait for "Forked XXXXXXXX children" to appear and then close the terminal.
4. Start terminal back up. It should force close.
5. Start terminal back up, again. This time it should stay open and you should have a "#" prompt instead of a "$" prompt. Then type "/data/local/temp.sh.
6. When the script finishes run /data/local/rage again and sit tight. The phone should start acting weird and do a soft reboot. Then right after everything loads it should do a hard reboot. After the hard reboot reboot and check S.(If it doesn't do the two reboots just reboot into hboot yourself after rage finishes with the "forked xxxxxxxx children" message.
7. Enjoy root!
If you still have problems getting su to work after this uninstall visionary, shutdown, pull battery, and restart. Should work after that. Props to PolishDude for figuring that one out.
If you have tried EVERYTHING and still cannot get it to work for through the process and wait 30 minutes to an hour. The driver might have a cache delay write and you may need to give it some time to allow the sync command to work. This has worked for one other person (mfouco). BTW, this was figured out by coachmai. Props man!
If su doesn't stick, flash again! You can't overroot it!
Process for turning S back on
Download this file and unzip it to /sdcard on your device.
unroot.rar
http://www.mediafire.com/?12oi5elu7v2y8og
md5sum: aad4e64126cf8d92d7e8b5abb48fdadd
Terminal Emulator Method
1. Open up terminal editor on your device.(I prefer this method b/c you can see the output.)
a. Type "su" + enter to gain root privileges.
b. Type "cd /sdcard/unroot" + enter.
c. Type "sh unroot.sh" + enter.
d. Follow the onscreen prompts.
File Explorer Method
2. Open root explorer, sufbs, or some other file browser with root access.
a. Navigate to /sdcard/unroot.
b. Click on unroot.sh and allow it to run. Some file browsers ask permission before they execute scripts.
c. Wait 18 to 20 seconds and reboot your phone into the bootloader to check if S=on.
You now have S=ON again.
Since we opened up the nand to writes you should still retain persistent root privileges.
Hope this makes it all easier for you.
Cheers --grankin01
For everyone that is have trouble writing to the protected areas of the system after following the rooting procedures.
Reboot into Clockwork recovery and choose the mounts and storage option. From there choose mount system (or whichever protected directory you want access to) and click the trackpad. When unmount system shows you have rw access to the /system directory and all of its subs.
Great I just saw this on PaulObrians twitter so this is great news.
Mackster248 Macky Evangelista
@PaulOBrien will your visionary app tomorrow be able to root the mytouch 4g as well? Since it roots the desire hd.
Pual's answer:
PaulOBrien Paul O'Brien
@
@Mackster248 Possibly...
Question, Did you recompile the kernel for the MT4G yourself? A big thanks to everyone. We all need to dig in out pockets to these developers and not forget them.
No, I really didn't do much of anything but legwork on this, lol.
I had to hexedit the wpx.ko module to add our kernel version (instructions and hboot file in the desire hd permaroot thread thanks to adwinp). I then uploaded both and pasted the links here.
Good job man, can you post an image of the bootloader with s-off?
Testing now. I don't have my USB cable with me at the moment so I couldn't execute the ADB commands, however I moved the files to their relevant positions via Root Explorer app.
EDIT: I has a ROOT. Glacier PVT ENG S-OFF ftw!
EDIT2:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sorry for the bad quality, but there ya go!
EDIT3: For those who were wondering, I did everything I could through Terminal Emulator with Fast Boot off and not through ADB. Once the hboot_dhd.nb0 file had completed, I believe I sync'd, then I attempted to run VISIONary which said the phone was already rooted. Went ahead and hit "Restart," then ran VISIONary one more time when it was done and restarted again to get it to stick.
unremarked said:
Testing now. I don't have my USB cable with me at the moment so I couldn't execute the ADB commands, however I moved the files to their relevant positions via Root Explorer app.
Click to expand...
Click to collapse
Please Let us know how it goes. And also does this require the OTA update to 2.2.1?
grankin01 said:
No, I really didn't do much of anything but legwork on this, lol.
I had to hexedit the wpx.ko module to add our kernel version (instructions and hboot file in the desire hd permaroot thread thanks to adwinp). I then uploaded both and pasted the links here.
Click to expand...
Click to collapse
There were actually three files on the G2 thread. Two were slightly different versions - pre-OTA and post OTA update. Which is the one here - pre or post OTA?
I have the OTA update, and am hoping I don't have to roll back to do this.
In any case - great job for getting it up for the MT4G. Just want to be sure what i am working with.
Getting my MyTouch in a couple of hours. Can't wait for the new challenge.
-kmobs
Bump for great success! I'll try to post a picture of my S-OFF.
Mmarzex said:
Please Let us know how it goes. And also does this require the OTA update to 2.2.1?
Click to expand...
Click to collapse
I'm going to assume so since I was on 2.2.1 and it worked.
Double post, all the way! What does this meeeeaaan?
Guys might be a stupid question but how do you get into the hboot on mytouch 4g. I thought it was the power button and camera but that doesn't seem to work.
Mmarzex said:
Guys might be a stupid question but how do you get into the hboot on mytouch 4g. I thought it was the power button and camera but that doesn't seem to work.
Click to expand...
Click to collapse
Turn off "Fast Boot" under Applications then power on holding Power + Vol Down
unremarked said:
Bump for great success! I'll try to post a picture of my S-OFF.
Click to expand...
Click to collapse
This is for after the OTA. I figured everyone had already gotten it and didn't worry with the two versions. If that becomes a problem I will edit the file again and post a pre-OTA file on here.
I am also trying to post a pic. I wasn't ignoring everyone its just that my phone is my camera and I was trying to track an old phone or something down. LOL
persiansown said:
Getting my MyTouch in a couple of hours. Can't wait for the new challenge.
-kmobs
Click to expand...
Click to collapse
I'm loving it bro. Coming from n1 too
grankin01 said:
This is for after the OTA. I figured everyone had already gotten it and didn't worry with the two versions. If that becomes a problem I will edit the file again and post a pre-OTA file on here.
I am also trying to post a pic. I wasn't ignoring everyone its just that my phone is my camera and I was trying to track an old phone or something down. LOL
Click to expand...
Click to collapse
Likewise! LOL Trying to find a program to turn my netbook's camera on real quick.
wow guys that was fast!
OP has been updated with a pic of s=off.
Cheers guys.
Link Down
hboot_dhd.nb0 link not working
edit: i guess its back online
any word on clockwork now that we have perm root?
Dead Link
the link for hboot_dhd.nb0 is dead. anyone want to post a mirror? it would be appreciated.
Thanks in advance.
EDIT: Nevermind...guess it working. Megaupload was having a glitch.
Ok guys, first of all Scotty2 gets all the credit for the program R&D. I used my device as a test bed and have tried a couple different kernels (Gr8Gorilla's O/C Kernel and the stock kernel).
Now for the boring stuff ...
This is a very invasive way of rooting your device but the benefit is TRUE S=Off and root privileges throughout the system. As such, you do this at your own risk and if you brick your device neither Scotty2 nor myself are responsible, YOU ARE!!! Do this at your own risk!!!
This is not for the faint of heart and if you have any reservations about doing things like this do not do it.
This process will do three things for your device. I will explain them here:
1. It will set up Super CID on your device allowing you to flash any carriers rom (not just tmobile). Giving you more freedom with your choice of software. The software still needs to be device specific to the glacier for compatability reasons though. Like vodafone glacier roms etc.
2. It will subsidy unlock your device. In other words, it will SIMUNLOCK your phone allowing you to use an AT&T sim card and so on in your device without needing the unlock code from HTC.
3. Most important of all it will turn the RADIO S=Off. This is the ultimate S=Off because the radio is what controls the security flag in the first place. Once you turn it off here it is off everywhere and will allow you pure unadulterated access to your device.
This process will not change your bootloader (unless your on 0.86.0000 and you follow the optional steps).
Now, you may be asking "Why do this? I already have root from your other guide and it has given me r/w access to system and recovery. I thought this meant we had permanent S=Off." This is only partially true. We have had an engineering bootloader and "Label" s=off not radio s=off. When you turn the security off in radio it is off permanently no matter what hboot you have installed engineering or otherwise. However, it is optional but you can still copy the engineering hboot over and it will allow you to flash whatever you like without (as much) fear of bricking your device.
This guide assumes you know how to use ADB. If you do not there are guides all over XDA to show you how. There is even a really good one in this forum. Also here is a video on how to setup adb discovered by topgun303: http://www.youtube.com/watch?v=1UF5w1dKe2U
*NOTE*
For some reason this process can bork your recovery. If you notice after following the steps below that in order to reboot from recovery you have to uninstall/reinstall the battery and hit the power button, just install/reinstall clockwork recovery through Rom Manager in the android market and it will fix your problem.
CONFIRMED: Guide does work for pre-OTA devices!!! Thanks xanz!
Here we go:
If you are already permarooted per the other guide just follow the first 11 steps.
Make sure you have visionary installed on your device. (If you were already permarooted w/s=off ignore this step.)
Download this file:
http://www.mediafire.com/?s7afymwe2wb3x60 New version of gfree with more options! See below.
md5sum: b73c56ca0e21664c5756d4ad295063c5
1. Now unzip the file into your SDK tools directory.
2. Plug your device into your computer.
3. Now open explorer and hold down shift at same time you right mouse click on your SDK tools directory (platform-tools if you have the R8 version of the SDK). Select open command window here. If you are in linux (ubuntu) right mouse click on your SDK tools folder, choose actions, and choose open command window(or whatever it's called). Otherwise, open a command prompt and cd your way to your SDK tools directory.
4. Type "adb push gfree /data/local" and hit enter.
Optionally, you could dl the file to your phone use androzip or something like it to unzip the file and then use root explorer to move the file named gfree to /data/local. Not the gfree.h file. All the other files are source code inlcuded for the gnu license. This would skip the first 4 steps.
5. Now unplug your device from the computer.
6. Run visionary to gain temp root. (If you were already permarooted w/s=off ignore this step.)
7. Open terminal emulator on your device, type "su", and hit enter to gain root privileges.
8. Type "cd /data/local" and hit enter.
9. Now type "chmod 777 gfree" and hit enter to make the program executable.
10. Type "./gfree -f" and hit enter.
New features in gfree.
gfree usage:
gfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
-h | -? | --help: display this message
-v | --version: display program version
-s | --secu_flag on|off: turn secu_flag on or off
-c | --cid <CID>: set the CID to the 8-char long CID
-S | --sim_unlock: remove the SIMLOCK
With the new features you can turn off one thing at a time. You can also turn security back on and set the CID back to stock if you wish. To turn simlock back on you still have to follow the revert procedures on this page as the information that is patched to turn the lock off is encrypted and we can't write back to it other than restoring the entire image.
So, if you wanted to leave simlock on but turn security off and set super CID the command would be "./gfree --secu_flag off --cid 11111111" + enter. The -f switch after ./gfree that is now in the above step (./gfree -f) just tells gfree to patch everything.
11. Wait for the program to finish and then reboot into HBoot to see if S=Off. Also, check your bootloader version. If it says s=off and has bootloader version 0.86.0000 it worked.
If you already had hboot 0.85.2007 you can check it through the hboot menu. It gives you an option for "system info" in the hboot menu. Highlight it and hit power. It should say CID = 11111111 or something like that. If it does your golden.
Congratulations!
12. If this is the first time you have rooted your device you will need to run visionary again (temproot w/set system r/w after root checked and then attempt permroot) to make root privileges permanent and then reboot again. Now "su" should work properly for you.
Gfree writes a backup of the file that it patches named Part7backup-numbers.bin on your sdcard. I suggest putting this file in a safe place as it is the only way to revert if you need to.
[Optional] Steps to flash engineering bootloader.
1. Restart your phone and plug it back into your computer.
2. Download this file: http://www.megaupload.com/?d=NN5726Z8
md5sum: df4fd77f44993eb05a4732210d2eddc6
3. Copy the file to your SDK tools directory.
4. Open a command prompt again and cd into your SDK tools directoty (platform-tools if your on the new R8 SDK).
5. Type "adb push hboot_dhd.nb0 /data/local" and hit enter.
6. Now open terminal on your device and type "su" and enter to gain root priviliges.
7. Type "cd /data/local" and enter.
8. Now type "dd if=hboot_dhd.nb0 of=/dev/block/mmcblk0p18" and hit enter.
9. You should see something like: 2048 bytes in 2048 bytes out 1048576 bytes copied blah blah blah.
10. Now restart the device into hboot and check if your bootloader version is 0.85.2007. That is what you want to see.
Congratulations, you now have a TRUE root and engineering bootloader on your shiny MT4G!!!
Procedure to revert
1. Rename the part7backup file that you already have to something just so you know that it is the original backup.
2. Open up terminal emulator or adb shell and type "su" + enter to get root privileges.
3. Type "cd /data/local" and hit enter.
4. Now type "./gfree -f" + enter to run gfree again. It will disable wp on the emmc and remove the brq filter in the kernel. (as well as make another backup, which you can delete if you wish)
5. Now run the "dd if=/where/your/part7backup-numbers.bin of=/dev/block/mmcblk0p7" and it should show the output:
xxxx bytes in
xxxxbytes out
xxxxxxxxxx copied in blah blah blah
6. Run "sync" and then reboot. (I didn't do this and it worked fine but it won't hurt either. )
If you have the engineering hboot 0.85.2007 installed you will still be showing s=off when you do the above revert steps. Follow these steps to reflash the stock hboot and turn s=on:
Download this file and unzip it to /sdcard on your device.
unroot.rar
http://www.mediafire.com/?12oi5elu7v2y8og
md5sum: aad4e64126cf8d92d7e8b5abb48fdadd
Terminal Emulator Method
1. Open up terminal editor on your device.(I prefer this method b/c you can see the output.)
a. Type "su" + enter to gain root privileges.
b. Type "cd /sdcard/unroot" + enter.
c. Type "sh unroot.sh" + enter.
d. Follow the onscreen prompts.
File Explorer Method
2. Open root explorer, sufbs, or some other file browser with root access.
a. Navigate to /sdcard/unroot.
b. Click on unroot.sh and allow it to run. Some file browsers ask permission before they execute scripts.
c. Wait 18 to 20 seconds and reboot your phone into the bootloader to check if S=on.
You now have S=ON again.
Here is a pic of the stock HBoot 0.86.0000 with S=Off to prove it.
If already on ENG bootloader, S-OFF, and perm rooted via your other guide would we be able to just run gfree for the "radio/sim" unlock?
Genocaust said:
If already on ENG bootloader, S-OFF, and perm rooted via your other guide would we be able to just run gfree for the "radio/sim" unlock?
Click to expand...
Click to collapse
Yes, that's what I did. Good call btw! I wrote the guide in a hurry just before heading to work and knew I would miss something.
My MyGlacier 4G MINE!!!
u could use root explorer to place the gfree file in data local couldn't u?
Yes you could use root explorer. I am going to revise this as soon as I get time. I'm at work right now.
As for the optional steps, you wouldn't need to do them if you already followed the other permroot guides successfully b/c you should alread have hboot 0.85.2007 installed.
My MyGlacier 4G MINE!!!
so is the 0.85.2007 is the one we want to be on?
mrpanic7 said:
my bootloader is 0.85.2007 is this the sweet one i want or the stock one?
Click to expand...
Click to collapse
Good to go. You have the engineering hboot.
Should work from either one as long as you have some kind of root access.
But ... Keep that one.
My MyGlacier 4G MINE!!!
sweet thanks, and the whole talk about subsidy unlock and flashing other device roms, is that part of the hboot im running, or the gfree file ?
Hey grankin01 this is what i have on my screen. Bec i just got this phone from warranty claim.
GLACIER PVT ENG S -OFF
HBOOT-0.85.2007 (PD1510000)
MICROP-0429
RADIO-26.03.02.26_M
eMMC-boot
oct 11 2010, 12:44:14
@mrpanic7, no its part of the gfree patch.
@topgun303, what kernel version are you running? Stock?
My MyGlacier 4G MINE!!!
sweet thanks will test tonight and comment when everything is done! how do we know if hte gfile goes thru successfully? since im already permarooted
grankin01 said:
@mrpanic7, no its part of the gfree patch.
@topgun303, what kernel version are you running? Stock?
My MyGlacier 4G MINE!!!
Click to expand...
Click to collapse
Kernal version: I have not flashed anything other kernal yet. This is what came with my phone.
2.6.32.21-g899d047
[email protected] #1
tue oct 26 16:10:01 CST 2010
Hey grankin01 I dont have adb steup, can you provide workaround for that. Meaning without adb.
Awesome man. Great job. Just to be clear. After unzipping the file, all of them need to go in the data/local folder yes?
So we can use root explorer to oaste the file, then the termunal steps?
Sent from my rooted w/s=off HTC Glacier on Iced Glacier Dark Froyo Themed 1.1.1 using XDA App
You should be able to use root explorer and yes put all files in /data/local including the hboot_dhd.nb0 file if you are going to do the optional steps.
Edit: Added mention of root explorer method between steps 4 and 5.
My MyGlacier 4G MINE!!!
hey grankin01 my phone is on engineer bootloader right now. what are the advantages of engineer bootloader vs bootloader version 0.86.0000?
Also if i flash bootloader version 0.86.0000, can i go back to engineer bootloader.
u r the maaan
after trying everything i got s=off thanx to you...but 1 lil isue the root did not stick for me after checking hboot to see if i got s=off
topgun303 said:
hey grankin01 my phone is on engineer bootloader right now. what are the advantages of engineer bootloader vs bootloader version 0.86.0000?
Also if i flash bootloader version 0.86.0000, can i go back to engineer bootloader.
Click to expand...
Click to collapse
Eng hboot will let you flash anything you want. Stock hboot will still limit your choices.
Yes you can just do the optional steps from the OP to go back to eng hboot. Actually having stock hboot will let you see if it worked without having to do anything special.
My MyGlacier 4G MINE!!!
wadie said:
after trying everything i got s=off thanx to you...but 1 lil isue the root did not stick for me after checking hboot to see if i got s=off
Click to expand...
Click to collapse
So this did work w/stock device and kernel?
Try running visionary r14 and doing permroot option. Being a stock rom you may still have to fiddle with it a little. Not quite an exact science.
My MyGlacier 4G MINE!!!
So the bootloader version 0.86.0000 provides simunlock correct? If i read correct from the first page of op. For now i think i will stay on engineer hbootloader.
Also one more thing op, I found a great video on how to setup adb. I have already got my adb setup using this. If u like you can post it in the op section. http://www.youtube.com/watch?v=1UF5w1dKe2U
This guide is now obsolete. Please use this guide instead.
For Gingerbread Phones, Please use this guide.
Hey guys, this is probably the easiest guide to follow for rooting a branded desire Z. The reason why this can sometimes be hard is cause it uses a unique identifier (INFOCID) and the companies that brand the phones ONLY want roms from their company on them. This stops us from using a WWE rom like every else to downgrade and then root.
But ultimately, the reason I'm making this is because every other guide I've read constantly links you to other guides or other pages and it sorta annoyed me. So after I figured it all out I posted one concise guide that doesn't redirect you 50 times.
Now I’m gonna run you through EVERYTHING so you won’t get stuck anywhere.
This guide will work with:
Device: Desire Z or G2
Firmware Version: Any Firmware version will be fine (All you need to do is downgrade using step 1)
Android Version: Froyo or any previous variation of Android (Absolutely no gingerbread device will root with this method)
Btw, I take no responsibility for any damage taken by using these procedures. Sorry =P
Also if you don't have ADB and Fastboot set up then go ahead and follow the guides on the first two posts here. -Thanks nephron
g4b4g3 said:
If your INFOCID is NOT one of these you need to make a goldcard to downgrade!
HTC__001
HTC__032
HTC__E11
HTC__203
HTC__Y13
HTC__102
HTC__405
HTC__304
HTC__A07
HTC__N34
HTC__J15
Which can be checked by typing the following two commands:
adb reboot bootloader
fastboot oem boot
Click to expand...
Click to collapse
If your CID matches one of the CID's above then you can skip Step 1.
1. Creating a Goldcard:
Prerequisites:
ADB Set up and running fine (to check if it is working just connect your phone and have USB debugging enabled. Then type adb devices in your CMD Prompt)
HxD Hex Editor (see attachments of post 1)
USB Debugging enabled on your phone
1.Firstly we need to mount the memory card on a windows PC.
2. Format the memory card as FAT32 using all the default options.
3. Mount the memory card on your Phone. Then give it a couple of seconds.
4. Remount the memory card on your PC.
5. Find your CID by using the follow command in your cmd prompt (YOU NEED ADB)
Code:
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid
6. Use the excel sheet provided to reverse the CID (see Attachments)
7. Goto this website and send yourself a goldcard.img
http://psas.revskills.de/?q=goldcard
8. Run HxD hex editor AS AN ADMINISTRATOR! (I can’t stress how important having admin rights is)
9. Go to Extras > Open Disk Image. Then select your goldcard.img
10. Go to Extras > Open Disk. IMPORTANT: Select your memory card UNDER the Physical Drives category. DO NOT open the logical drive.
11. Switch to your goldcard.img tab. Go to Edit > Select All. Then Edit > Copy.
12. Go to the physical drive tab and select the lines 00000000 until you get to the one with 00000170.
13. Go To Edit > Paste Write.
14. You should have a huge block of red characters now. This is good btw.
15. Mount your SD card on your Phone and let it detect it. If it comes up with a corrupt SD card error you have done it wrong and you may have to start over.
16. You are done with the goldcard.
2. Downgrading and Debranding
Before you start this please do the following:
1a. Download the RUU I’ve linked (it should be a ~300mb exe file) -Thanks g4rb4g3
ii. If you are a BELL User. Please download this RUU instead.
1b. Run the setup until you get to the screen with the tick boxes (Some Users may have to run this as an Administrator)
1c. Leave the setup running and go to C:\Users\<your account name>\AppData\local\temp ( Or Try %AppData%\Local\Temp\ ). Then right click and Sort By Date Modified. Look for the most recently created folder which should look like {xxxxxxx-xxxxxx-xxxxxxxx}. Then navigate into it and its then into its one folder. Look for rom.zip and copy that to your goldcard/memory card.
1d. Rename the rom.zip on your memory card to PC10IMG.zip (Make sure it is exactly the same as the way I've typed it there)
1e. Mount your sd card back onto your phone.
2. Download the attachments (misc_version & psneuters) and extract them in a folder like C:\RootVision\
Now you are ready to begin:
1. Open a CMD prompt window
2. Navigate your way to the folder with psneuter & misc_version IN CMD PROMPT. (So the cmd prompt window should be something like this C:\RootVision> )
3. Now we will use the following 5 commands one after the other
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
4. After the last command you should have a # and a flashing line for you to enter text. This is good. (If you get a $ you have done it wrong and should try typing the commands out again)
5. Now you have the # type the following command in: (This will spoof the radio version)
Code:
/data/local/tmp/misc_version –s 1.33.405.5
Then go ahead and type:
Code:
exit
6. Type this command into your cmd prompt (btw you should be back with the normal C:\RootVision>)
Code:
adb reboot bootloader
7. Once on your white screen with colourful text you can go ahead and press the power button ONCE
8. Now just wait for the rom to install and verify. If you get INCORRECT CID your gold card doesn’t work or your CID doesn't match and you'll need a goldcard. (Go to Step 1. and make a goldcard for your phone)
9. Go ahead and install the rom when it asks you.
10. You are done downgrading and can now begin the Rooting process.
See Post 2 For Rooting
Assuming all as gone well and you now have a rom without superuser but you have a baseband version that is 1.34xxxx.
Alright, let’s begin.
Prerequisites:
Download psneuter
Download gfree 0.5
Download root_psn
Download flash_image
Download the Desire Z hboot
Download Clockwork Recovery
ALL of these are in the attachments section
They all should be extracted into the same folder. Use something simple like C:\RootVision\Root
3. Root your Desire Z!
Before you start:
Enable USB Debugging and Allow Unknown Market Installations again.
Also delete the PC10IMG.zip on your phone if you downgraded.
Okay lets go:
1. Now Assuming you succeeded at the last part you should have a stock-ish rom without superuser. What we want to do is start by pushing all the files across with the following adb commands (use in cmd prompt the same way you pushed files in 2.)
Code:
adb push psneuter /data/local/tmp/
adb push gfree /data/local/tmp/
adb push busybox /data/local/tmp/
adb push root_psn /data/local/tmp/
adb push flash_image /data/local/tmp/
adb push su /sdcard/
adb push hboot-eng.img /data/local/tmp/
adb push Superuser.apk /sdcard/
adb shell chmod 755 /data/local/tmp/*
2. Alright now we have all the files we need to root the phone. Input the following command. This is just putting our clockwork recovery in a convenient place with an easy name.
Code:
adb push recovery-clockwork-3.0.2.4-vision.img /data/local/tmp/recovery.img
3. Now we’re gonna temp root again by typing in the following:
Code:
adb shell /data/local/tmp/psneuter
adb shell
4. This should leave us with another #. Now enter the following commands:
Code:
cd /data/local/tmp
./gfree -f -b hboot-eng.img
./flash_image recovery recovery.img
./root_psn
sync
5. Type in: (thanks for the correction john_d1974)
Code:
reboot
6. You should have a rooted phone with superuser after the reboot. Also it will have clockworkmod, SuperCID, secu-flag off & an Unlocked HBOOT-ENG.
If gfree 0.5 doesnt work for you then this section is for you:
Prerequisites:
Download psneuter
Download gfree 0.2
Download root_psn
Download flash_image
Download the Desire Z hboot
Download Clockwork Recovery
ALL of these are in the attachments section
They all should be extracted into the same folder. Use something simple like C:\RootVision\Root
1. Now Assuming you succeeded at the last part you should have a stock-ish rom without superuser. What we want to do is start by pushing all the files across with the following adb commands (use in cmd prompt the same way you pushed files in 2.)
Code:
adb push psneuter /data/local/tmp/
adb push gfree /data/local/tmp/
adb push busybox /data/local/tmp/
adb push root_psn /data/local/tmp/
adb push flash_image /data/local/tmp/
adb push su /sdcard/
adb push hboot-eng.img /data/local/tmp/
adb push Superuser.apk /sdcard/
adb shell chmod 755 /data/local/tmp/*
2. Alright now we have all the files we need to root the phone. Input the following command. This is just putting our clockwork recovery in a convenient place with an easy name.
Code:
adb push recovery-clockwork-3.0.2.4-vision.img /data/local/tmp/recovery.img
3. Now we’re gonna temp root again by typing in the following:
Code:
adb shell /data/local/tmp/psneuter
adb shell
4. This should leave us with another #. Now enter the following commands:
Code:
cd /data/local/tmp
./gfree -f
./flash_image recovery recovery.img
./root_psn
sync
5. Type in: (thanks for the correction john_d1974)
Code:
reboot
6. You should have a rooted phone with superuser after the reboot. Also it will have clockworkmod, SuperCID and secu-flag off.
4. Installing your own custom ROM
This section is just in case you don't know how to install a custom ROM.
Note: Always make sure the ROM you are installing is FOR YOUR PHONE! If you install a ROM meant for another phone you could potentially damage it or brick the phone itself.
1. Download the ROM you want and copy it to your SD Card. (Try to keep it in a folder that is easy to get to)
2. Turn off your phone.
3. Hold down the volume down button and then press the Power Button. This should take you to a white screen with lots of colourful text. One of which says FASTBOOT or FASTBOOT_USB.
4. Press the power button ONCE when BOOTLOADER is selected(BLUE)
5. Navigate using the volume buttons until you get to RECOVERY and then press the Power Button again.
6. The HTC Logo will come up then you will get a black screen with text.
7. From here you should Always do a NANDROID Backup so you can restore a working ROM if something fails.
NANDROID Backup
7a. Navigate to 'backup and restore' and then select it by pressing the trackpad button.
7b. Select 'Backup' and then let it finish. Once done you have a backup of your android.
8. Now you want to do these before you start installing:
a. 'wipe data/factory reset
b. 'wipe cache partition'
c. Go into 'advanced' and select 'Wipe Dalvik Cache'
9. Now you can install the ROM itself. This is done by selecting 'install zip from sdcard' in the main menu. Now you can select 'choose zip from sdcard' and just go ahead and select the ROM you copid to your sd card earlier.
9a. If the phone says verification failed then just toggle the signature verification option.
FAQ - For Anyone with any issues.
1. My version is 1.7xxxx or higher. Can I use this method?
Yes you can. This method will downgrade your phone to 1.34 so your radio is no longer locked thereby allowing you remove the secu-flag, add superCID and allow you to install a custom recovery (like ClockWorkMod)
2. My CID is XXXXXXXX and isn't on that list, will this method still work?
Yes it will. The reason why it will work is because a goldcard is essentially a manufacturers way of bypassing the CID checks used by ROMs. Therefore, by creating our own unique goldcards we can also bypass the CID check.
3. My CID is on the list that you mentioned. Do I need this goldcard?
No, you can skip the 1st step because when the ROM checks your phones CID it will match up perfectly and the phone will install the older radio without issue.
4. What Benefits does rooting a phone grant you?
Simply, it allows you to install any ROM of your choosing onto the phone as well as use custom kernels and certain applications that access locked functions on the phone. This can ultimately lead to; a longer battery life; more stable roms and more frequently updated roms; and finally an overall faster Android experience.
5. What is root access?
Root access essentially gives you access anything locked by the manufacturer on the phone. This most importantly means that you can read and write to any system partitions on the phone that would normally be locked.
6. Whats psneuter?
psneuter is an application used to grant temporary root access. This is done through an exploit in the android system and will give us a window to further exploit the system and ultimately grant us Permanent Root Access.
7. How do I find my CID?
To find your CID you run two commands. Firstly, in your CMD prompt you type 'adb reboot bootloader' when your phone is connected and USB debugging is active. This will restart your phone into its bootloader. Then once you see the words FASTBOOT_USB you type 'fastboot oem boot'. Then look for the words CID and then just read the 8 character CID.
Also there is a post with a screenshot here.
8. My phone will not find PC10IMG.zip
You will need to double check that the PC10IMG.zip is the correct ZIP file from the RUU that has been linked. It should be roughly 250mb in size and should be placed in the root folder of your SD Card. Also your SD Card must be compatible with your device (able to be read/written to). If you cannot access your SD Card from your Desire Z or G2 then there is probably something wrong with your SD Card. It should probably be reformatted.
9. Can I use this on the Desire Z/G2 running Gingerbread?
So far no one has been able to root the gingerbread version of android on the Desire Z/G2. Unfortunately, this guide still cannot root gingerbread desire Zs or G2s.
If there are any more, feel free to post them and I'll add them
10.I'm Missing my AdbWinApi.dll? What now?
espentan[U said:
][/U]
I don't know if you've figured this one out yet, but here's the solution to a potential cause.
You need to add the directory containing the "AdbWinApi.dll" to Windows' path under Environment Variables, so Windows know where to look for the necessary files when you enter commands in the shell.
For this exercise I'm going to assume that you have installed the Android SDK in the directory called "android-sdk-windows" on your C: hard drive. If you have it installed somewhere else, change the path I'm mentioning below accordingly.
Go to the Windows "Control Panel".
Click on "System and Security".
Click on "System".
Click on "Advanced system settings" in the left column of the window you're in.
Find the button called "Environment Variables" in the window that opens (it's at the bottom on the first tab).
Scroll down in the "System variables" box until you find "Path".
Select "Path" and click the "Edit" button.
At the very beginning of the input field called "Variable value" enter the following:
"C:\android-sdk-windows\platform-tools;" (without the quotes).
Do not remove any of the other paths, and make sure you have a semi colon at the end of the new path you're adding.
Reboot.
Now the windows command shell knows where to find the necessary DLL's and whatnot.
Click to expand...
Click to collapse
will this work if i have 1.84.666.2?
anyone? thought?
Should work fine as long as you've got a Desire Z or G2 lol.
hi, manageage to root the DZ sucessfully, however on step 5 you say
"5. Type in:
Code:
Reboot"
i got an Reboot: error not found
i retried with with "reboot" and was sucessful
Hi, im sure this has been covered before in other posts, but, could someone tell me, if i were to use the above method to downgrade and root etc, would this prevent me from doing an official upgrade, to, say gingerbread in the near future? Also is there any real benefits to going to gingerbread? I ask as im sure ive read somewhere its only possible to flash to cooked roms, not official ones (once downgraded and rooted etc).. this would concern me as ive moved over from win mo to android, and in my experiance, EVERY cooked unoficial rom i ever flashed (xperia x1) was simply rubbish, and i tried alot of them. (Even though people would say the roms would be fine, bugs smoothed out etc), i went back to stock in the end after constant dissapointment.
Sorry for the rant, just need to know where i stand.. thanks people..
jmpcrx said:
Hi, im sure this has been covered before in other posts, but, could someone tell me, if i were to use the above method to downgrade and root etc, would this prevent me from doing an official upgrade, to, say gingerbread in the near future? Also is there any real benefits to going to gingerbread? I ask as im sure ive read somewhere its only possible to flash to cooked roms, not official ones (once downgraded and rooted etc).. this would concern me as ive moved over from win mo to android, and in my experiance, EVERY cooked unoficial rom i ever flashed (xperia x1) was simply rubbish, and i tried alot of them. (Even though people would say the roms would be fine, bugs smoothed out etc), i went back to stock in the end after constant dissapointment.
Sorry for the rant, just need to know where i stand.. thanks people..
Click to expand...
Click to collapse
It is pretty difficult to go back to stock updates from your carrier for example Vodafone. This is because of the unique CIDs used and the fact that it is extremely hard to find a stock ROM since no one can give you a NANDROID backup.
Anyways, there are numerous benefits to rooting your phone included with most ROMs. These benefits include longer battery life, faster ROMs & various other things depending on each chef.
Ok, thanks, but are the roms buggy at all, will some of the hardware not work properly, or will i have freezing probs etc, as i found this always to be the case with win mo roms?.. have you personally found a rom that works perfectly that includes htc sense? As i do like the UI..
My goal is to have all security off, full perm root, with a perfecly working sense rom that i can then overclock to a speed that works well with my particular phone, and to underclock when idle etc..
Thanks..
I need to verify that my Tmobile G2's INFOCID is compatible.
I typed in the two commands:
adb reboot bootloader
fastboot oem boot
The first one worked. The second command is not recognized once I'm in the bootloader. Can someone suggest a solution?
Newbie question,
how to unroot if i rooting the phone using this metode?
and how to go back to original rom?
Vader™ said:
Newbie question,
how to unroot if i rooting the phone using this metode?
and how to go back to original rom?
Click to expand...
Click to collapse
Firstly, to root the phone just follow the steps and once you've finished them all you will be done.
Second, it should technically be possible once you've rooted the phone to simply do a NANDROID backup via ClockWorkMod Recovery before you start flashing new ROMs. If you have backed it up and later decide you want to unroot then all you would need to do from there is restore your nandroid backup and unroot the phone through this method.
forceOnature said:
I need to verify that my Tmobile G2's INFOCID is compatible.
I typed in the two commands:
adb reboot bootloader
fastboot oem boot
The first one worked. The second command is not recognized once I'm in the bootloader. Can someone suggest a solution?
Click to expand...
Click to collapse
Using this method you don't have to worry about your CID. If you make a goldcard it will completely bypass the need for one of the CID's listed in the first post. So to put it simply, you don't need to worry about your unique CID if you create and use a goldcard to downgrade.
Aegishua said:
It should technically be possible once you've rooted the phone to simply do a NANDROID backup via ClockWorkMod Recovery before you start flashing new ROMs. If you have backed it up and later decide you want to unroot then all you would need to do from there is restore your nandroid backup and unroot the phone through this method.
Click to expand...
Click to collapse
okay, but we need to root the device first right? before ClockWorkMod Recovery can run, the problem is, if I root the device first, the device must be downgrade to build 1.34.405.5, and now my Desire Z using build 1.82.xxx.x
is it if we backup via ClockWorkMod, the ROM that we backup is 1.34.405.5? not my current build?
please help bro, really confused here
Hi forceonature, im no expert, but when i was having a look myself, i found out it was simply my enviroment variables wernt set up for the directory fastboot was located.. an easy way round this was just to enter the directory fastboot was in (program files, 'some directory'.. do a quick search) within your command prompt, and type the second command from there.. hope that helps..
Everything goes fine until
mmap() failed. Operation not permitted
when I put in
adb shell /data/local/tmp/psneuter
Any help?
Also I can only put su and Superuser.apk on my sdcard if I manually transfer them.
Hi forceonature, im no expert, but when i was having a look myself, i found out it was simply my enviroment variables wernt set up for the directory fastboot was located.. an easy way round this was just to enter the directory fastboot was in (program files, 'some directory'.. do a quick search) within your command prompt, and type the second command from there.. hope that helps..
Click to expand...
Click to collapse
I need to verify that my Tmobile G2's INFOCID is compatible.
I typed in the two commands:
adb reboot bootloader
fastboot oem boot
The first one worked. The second command is not recognized once I'm in the bootloader. Can someone suggest a solution?
Click to expand...
Click to collapse
I tried the same thing to get my DZ phones CID and the first one worked and the second didn't. If I don't have to make a gold card all the better. How can I find out for sure if my CID is on the list or not? Also if I have to make a gold card do I need to have a micro SD card to make the gold card?
Thanks,
Chevy
chevy2410 said:
I tried the same thing to get my DZ phones CID and the first one worked and the second didn't. If I don't have to make a gold card all the better. How can I find out for sure if my CID is on the list or not? Also if I have to make a gold card do I need to have a micro SD card to make the gold card?
Thanks,
Chevy
Click to expand...
Click to collapse
You should get a line that says INFOt.cid=XXXXXXXX or any of the lines that say your 8 Digit CID. However, as you can see there are multiple lines that say it and they should all be the same.
If your CID does match one on that list then you will not need a goldcard.
I've attached a screenshot to make things easier.
forceOnature said:
okay, but we need to root the device first right? before ClockWorkMod Recovery can run, the problem is, if I root the device first, the device must be downgrade to build 1.34.405.5, and now my Desire Z using build 1.82.xxx.x
is it if we backup via ClockWorkMod, the ROM that we backup is 1.34.405.5? not my current build?
please help bro, really confused here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Click to expand...
Click to collapse
Yeah, you can only have a NANDroid backup of 1.34.xxx because there is no way to get clockwork onto a 1.72+ rom.
Hi, I'm new to rooting the G2. Iv'e been trying to follow this tutorial, but I'm having some trouble. After renaming Rom.zip to PC10IMG.zip I booted into the bootloader and it says 'no image found' or something like that. What am I doing wrong? Am I not supposed to put the zip file on the root of the SD card? Is it possible to just use the RUU to downgrade?
And regarding the downgrade, the build number on my G2 shows 1.22 . Isn't that lower than 1.34?
Any help is appreciated!
I followed the instructions twice and both times I get to
"/data/local/tmp/misc_version –s 1.33.405.5"
I get
/
Patching and backing up partition 17
Error opening backup file.
#
The first time around I iqnored it and went through hboot, the rom PC10IMG.zip was checked and verified and finally failed prompting "the main version is older"
what am I missing?
EDIT: checked SD card, unmount and remounted phone/sdcard no avail.
Will try 1.33 Bell rom next.
EDIT2: Patching and backing up sucessful, problem was I couldn't get my phone to stay in debugged mode without being in DISK DRIVE, had to start HTC Sync to mount the phone in that way to relieve the sd card, allowing adb to patch the file. Now running through PC10IMG.zip with fingers crossed.
EDIT3: Everything went smooth after that! Thanks. Now I will attempt to update to 2.3 and Sense 3.0
EDIT4: Now running on 2.3.3 and Sense 3.0 Virtuous port. Testing...probably going back to more stable gingerbread and sense 2.1
Please do not PM me with questions about this guide! I don't have time to help everyone through it, create a thread in Q&A if you don't have 10 posts or post here, there are other people who have done this and can help you, and I will get to it if I can. PMs asking questions about this guide will be ignored. Thank you.
Fully stable root methods for all firmware versions (no bootloops on 6.01.605.05 firmware!)
Table of Contents
To quickly find a section, hit CTRL+F and type the letters in parentheses, then click "Next"
(IRO) Intro: Read first!
(HDV) HTCDEV Unlock
(TCR) Tacoroot
(DWG) Downgrade tool
(RVL) Revolutionary
(HSO) S-OFF with HTCDev unlock (second post)
(ASO) After S-OFF (second post)
INTRO(IRO)DISCLAIMER: I am not responsible for anything that happens to your device while following these instructions. I will try to help you through problems as much as I can, but I can't guarantee success, especially if you do not carefully read the instructions.
This is a comprehensive guide of all known and fully stable root/s-off methods, at this time, it covers just about all firmware versions out there. Most of these methods will require the Android SDK, so download that (Google it. A link for this really isn't necessary, and I'm sure many people could use practice googling things. ) and set it up (again, just google "android sdk," the download page even has tutorials). The downgrade methods no longer require the sdk, but it is still reccomended that you download it as it is a very useful tool. Don't forget to download the device drivers here (only neccessary on Windows) and set the PATH variable.
So, which downgrade method should you use? Most likely you will either have firmware version 5.x or 6.x, you can find out under Settings>About phone. If you are using 5.x, go to the Downgrade Tool section; if you have 6.x, go to the Tacoroot section. Both methods eventually lead to the Revolutionary section, HTCDev unlock is not reccomended and, honestly, completely pointless (read more below).
HTCDEV UNLOCK(HDV)Versions: All
HTCDev is HTC's "official" unlock, it will unlock the bootloader but leave S-ON. Don't do it. Seriously. It's a guaranteed voided warranty and pretty much a huge PITA (you can't flash radios and need to extract and separately flash ROM kernels), and s-off methods are completely stable and even relockable. That said, if for whatever reason you do wish to do this, just go to http://htcdev.com/bootloader/. If you want to obtain S-OFF at any time after using HTCDev unlock, see the second post.
Note: to flash ROMs when HTCDev unlocked, flash the ROM normally, then extract the boot.img from the rom.zip and boot into fastboot, then use the command "fastboot flash boot boot.img."
TACOROOT(TCR)Versions: 6.01.605.05 firmware
Tacoroot is a temp root method discovered by Justin Case that will allow those on the newer firmware to flash an older version and root with Revolutionary. Before you begin, download this zip containing all the files you'll need:
EDIT: Looking for the files? See this post.
Extract this zip to C:/Android. You can extract it somewhere else, just replace C:/Android with the path to the wherever you extracted it wherever it comes up. Now, connect your device to your computer with a USB cable, turn on USB Debugging under Settings>Apps>Development, and disable fastboot under Settings>Power. Make sure your phone is fully charged. Open a command prompt by opening the start menu, typing "cmd" and hitting enter. Type in everything that is in black text. Notes and extra instructions will be written in blue. It is reccomended that you copy/paste the code to avoid typos, to do this, copy by highlighting the line and hitting Ctrl+C as usual; to paste, go to your command prompt and click the small black icon in the upper left corner. A menu will pop up, go to Edit>Paste. Make sure you have not highlighted any spaces before or after the line or any of the blue text. Now, begin copying the code:
cd C:/Android
md5sums RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip Remove the space in the middle of the word radio before hitting enter, I don't know why it won't let me remove it. Result should be cea499f51b40055ffd118960e1e73255, if it isn't, redownload the miniadb zip.
md5sums 1.09.01.0312_vivow_Radio_PG32IMG.zip Result should be ea6b98be48210d7797e62362f49ff751
md5sums tacoroot.sh Result should be 6ec06d776feb212d8b2a55817eddf76d
md5sums misc_version Result should be 050f55d34ddbcc860efa5982491437de
adb devices Result should be your phone's serial number. If it isn't make sure drivers are properly installed and USB Debugging is enabled.
adb push tacoroot.sh /data/local/
adb shell chmod 755 /data/local/tacoroot.sh
adb shell /data/local/tacoroot.sh --setup This will reboot your phone. When you get to a screen with a red exclamation mark, press VolUp+Power until you get to a menu, then press VolUp+VolDown+Power until the phone turns off. Once it is rebooted, continue.
adb shell /data/local/tacoroot.sh --root
adb wait-for-device Running the step before this will reboot your phone again, this time it will be bootlooping, meaning it will not boot fully and get stuck on the boot animation. Once your prompt comes back after this step, you're good to continue even though the phone isn't fully booted.
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 2.18.605.3
adb shell /data/local/tacoroot.sh --undo This will reboot your phone one more time, this time fully stable and will boot completely. Continue once fully booted.
adb reboot bootloader This will reboot your phone to a white screen with a few options. Once you are at this screen, continue with the instructions.
fastboot devices Result should be your phone's serial number, again.
fastboot getvar mainver The result should be 2.18.605.3. If it is not, something was not done correctly, you'll need to restart from the beginning.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a bit of time without giving any indication as to when it will be done, be patient and do not interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip 1.09.01.0312_vivow_Radio_PG32IMG.zip Same as the above, do not interrupt under any circumstances (unless you really wanted a phone-shaped paperweight )
fastboot reboot
That's the end of the codes, you should be fully booted into the now downgraded version. Re-enable USB debugging, then continue to the Revolutionary section and follow instructions there.
DOWNGRADE TOOL
Versions: HBOOT .98, firmware below 6.01.605.05
This will not work with firmware version 6.01.605.05! Use the tacoroot method!
This tool will downgrade you to 2.3.3, which will allow you to use Revolutionary to gain S-OFF.
Download the tool here, and extract it to a folder where you can easily get to it in a command prompt/terminal.
Now, connect your device to your computer with a USB cable, and turn on USB Debugging in settings. To ensure you are connected, open a command prompt/terminal and type "adb devices". If you see a bunch of letters and numbers followed by "device," you're good to go.
Navigate to the files you extracted in a command prompt/terminal ("cd /path/to/folder," replacing /path/to/folder with the actual filepath), type "hack-vivow.cmd" and let it run. It may take a while and seem to get stuck on some commands, just leave it alone. After it's done, continue to the Revolutionary section. Yep, it really is that easy.
REVOLUTIONARY
Versions: GB 2.3.3, any others after downgrade methods
This is the final step that will actually get you S-OFF.
Go to the revolutionary website, click on the download link for your OS, you'll get a download right away. While it's downloading, fill out the form that pops up (if you don't know your serial number and have the sdk installed, open up a command prompt/terminal and type "adb devices," the letters/numbers before "device" is your serial. Extract the files and run either revolutionary or revolutionary.exe depending on your OS, enter your beta key and say yes when it asks to install CWM recovery. Let it run, and you'll be S-OFF and ready to go!
If you have any questions/comments or found something that isn't right, go ahead and post, I would greatly appreciate any positive or negative feedback, as long as it's constructive.
Credits:
attn1 for Downgrade tool
Revolutionary team
Guhl for misc_version
jcase for Tacoroot
PalmerCurling for Tacoroot downgrade guide
MIVLives for bootloop fix
scotty85 for better Tacoroot downgrade and HTCDev S-OFF method
If you find anything I didn't give credits for and should have, let me know and I'll add it.
Get S-OFF after using HTCDev Unlock
(HSO)If you used HTCDev unlock and want to get S-OFF, follow this guide. What you get from going from HTCDev unlocked to full S-OFF is a full unlock instead of HTC's restricted unlock. This way, you can flash custom radios and flash ROMs without needing to extract and separately flash the boot.img. (Note: If you already installed a custom recovery and a custom ROM, flash this ROM and start at "adb push misc_version /data/local/tmp/misc_version" in the code.) To do this, first download this zip and extract it to C:/Android. You can extract it somewhere else, just replace C:/Android with the path to where you extracted it wherever it comes up. Next, download this zip and extract it to C:/Android. Download this zip as well and put it in your C:/Android folder, but do not extract it. Now, connect your device to your computer with a USB cable, turn on USB Debugging under Settings>Apps>Development, and disable fastboot under Settings>Power. Make sure your phone is fully charged. Open a command prompt by opening the start menu, typing "cmd" and hitting enter. Type in everything that is in black text. Notes and extra instructions will be written in blue. It is recommended that you copy/paste the code to avoid typos, to do this, copy by highlighting the line and hitting Ctrl+C as usual; to paste, go to your command prompt and click the small black icon in the upper left corner. A menu will pop up, go to Edit>Paste. Make sure you have not highlighted any spaces before or after the line or any of the blue text. Now, begin copying the code:
cd C:/Android
md5sums RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip Result should be cea499f51b40055ffd118960e1e73255, if it isn't, redownload the miniadb zip.
md5sums 1.09.01.0312_vivow_Radio_PG32IMG.zip Result should be ea6b98be48210d7797e62362f49ff751
md5sums misc_version Result should be 050f55d34ddbcc860efa5982491437de
adb devicesResult should be your phone's serial number.
adb push CWM-SuperSU-v0.94.zip /sdcard This might take a minute or so. If it gives an error, try "adb push CWM-SuperSU-v0.94.zip /mnt/sdcard"
adb reboot bootloader This should reboot your phone to a white menu, once it is there, continue.
fastboot devices This should return your phone's serial number.
fastboot flash recovery recovery.img This might take a while, be patient and do not interrupt it. Once it is done, use the volume buttons on your phone to navigate through the menu until RECOVERY is highlighted, then press Power to select it. Your phone will reboot into another menu, once it shows up, select "install from sdcard" then "choose zip from sdcard," then scroll down and select CWM-SuperSU-v0.94.zip, and accept it. Once it is finished, press power then select reboot. Once you are fully booted, continue with the instructions.
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 2.18.605.3
adb reboot bootloader This will reboot you to the white menu again.
fastboot devices Result should be your phone's serial number.
fastboot getvar mainver Result should be 2.18.605.3. If it isn't, make sure you didn't get any errors in the above code and everything was copied correctly.
fastboot oem lock
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a while, be patient and do not under any circumstances interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip 1.09.01.0312_vivow_Radio_PG32IMG.zip This will also take a bit, again, do not interrupt it.
fastboot reboot
That's the end of the code, you should be downgraded and can now get S-OFF by following the Revolutionary guide in the first post.
After S-OFF(ASO)So, now you have S-OFF. Congratulations! The next step would be to flash a custom recovery, then either an su zip or a custom, rooted ROM. For recoveries, the choices are ClockworkMod, 4EXT or TWRP. I personally prefer 4EXT, but TWRP is also great and has many great features. ClockworkMod is a little slower, but still stable. All ROMs and recoveries for the Dinc2 can be found in the development forums (where you found this guide), and there are many different ROMs to choose from, so check them out! If you want something rock solid and completely stable, try out CondemnedSoul's CM7 or one of the Gingerbread Sense ROMs, or if you want something newer, a bit faster, but maybe has a few minor bugs, check out one of the many ICS ROMs. If you want the latest and greatest, with a few slight bugs, go Jelly Bean with aeroevan's CM10. If you were looking to just root, download and flash the zip found here: http://forum.xda-developers.com/showthread.php?t=1538053, however, I would recommend that you try one of the Gingerbread Sense ROMs such as Skyraider Zeus if you wanted something a bit different with extra features, or andybonestock for a faster, debloated ROM that looks and feels exactly like what you're used to, but rooted.
Nice guide. I have to use the tacoroot method for a buddy of mine.
Awesome post!
This should be stickied...
sk842018 said:
This should be stickied...
Click to expand...
Click to collapse
+1 ^^
Sent from my Kang Banged Dinc2
Consider it done, excellent resource :good:
Also added to roll-up.
Bad links for Tacoroot.sh and .0312 radio. Great wright up though and cant wait to get my replacement unlocked.
Edit: Ok so I am almost there but have run into some issues. I cant get the 2.3.3 RUU to flash. It will get so far and stop saying bad signature verification. The one thing I noticed is that at the end of the file name it has si and not signed. I tried to change it but kinda knew that would not work and it didn't. Hope this can be fixed soon.
Edit of the edit. Ok so I followed dets34's wright up as I could not get the commands posted here to work. I put the files in the proper SDK folders and went through the commands and when I got to the RUU I hit tab after starting the name to make sure the end was si.zip. Flashed went into boot loop, boot recovery, flash newest radio, and bam no more loop with S off. Thanks to everyone who keeps us sorted out and flashing strong.
zackspeed said:
Bad links for Tacoroot.sh and .0312 radio. Great wright up though and cant wait to get my replacement unlocked.
Edit: Ok so I am almost there but have run into some issues. I cant get the 2.3.3 RUU to flash. It will get so far and stop saying bad signature verification. The one thing I noticed is that at the end of the file name it has si and not signed. I tried to change it but kinda knew that would not work and it didn't. Hope this can be fixed soon.
Edit of the edit. Ok so I followed dets34's wright up as I could not get the commands posted here to work. I put the files in the proper SDK folders and went through the commands and when I got to the RUU I hit tab after starting the name to make sure the end was si.zip. Flashed went into boot loop, boot recovery, flash newest radio, and bam no more loop with S off. Thanks to everyone who keeps us sorted out and flashing strong.
Click to expand...
Click to collapse
Links work fine for me. What did you do differently with dets34's tutorial?
The only thing that was different was I put misc and taco files in AndroidSDK\platforms. Then I put the RUU in the tools folder. Ran the commands and it went through first try. For the first part I cd c:\ to my platforms folder and ran the first part then cd c:\ to my tools folder and installed the RUU. Once it booted as soon as I messed with it boot loop. So flashed the radio and all seems to be fine.
zackspeed said:
The only thing that was different was I put misc and taco files in AndroidSDK\platforms. Then I put the RUU in the tools folder. Ran the commands and it went through first try. For the first part I cd c:\ to my platforms folder and ran the first part then cd c:\ to my tools folder and installed the RUU. Once it booted as soon as I messed with it boot loop. So flashed the radio and all seems to be fine.
Click to expand...
Click to collapse
Shouldn't make a difference if you added those folders to your PATH variable, that way you can use adb/fastboot commands without having to cd in.
Yea that's kinda what I thought but some how I messed it up or something because it never would flash the RUU. I am no expert at this by any means. Either way you helped out and its nice to see we don't have to worry about loops any more. :good:
Great guide, thanks! My couple of things I had to add in to make everything work:
Code:
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip
I had to add the path to this file for it to work and then afterward do a
Code:
adb reboot
to get ready for the Revolutionary process. At first Revolutionary wouldn't recognize the device when it booted. I quickly realized I needed to re-enable USB Debug.
Then I used adb to do the rebooting necessary to flash the .0312 radio.
Thanks again! Great stuff.
techspecs said:
Great guide, thanks! My couple of things I had to add in to make everything work:
Code:
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip
I had to add the path to this file for it to work and then afterward do a
Code:
adb reboot
to get ready for the Revolutionary process. At first Revolutionary wouldn't recognize the device when it booted. I quickly realized I needed to re-enable USB Debug.
Then I used adb to do the rebooting necessary to flash the .0312 radio.
Thanks again! Great stuff.
Click to expand...
Click to collapse
Updated, thanks.
Thanks for your guide. Will this guide work with the newest firmware 5.10.605.9? Just use TACOROOT?
leshan said:
Thanks for your guide. Will this guide work with the newest firmware 5.10.605.9? Just use TACOROOT?
Click to expand...
Click to collapse
Use the downgrade tool.
Sent from my vivow using Tapatalk 2 Beta-5
leshan said:
Thanks for your guide. Will this guide work with the newest firmware 5.10.605.9? Just use TACOROOT?
Click to expand...
Click to collapse
The latest firmware is 6.01.605.05. You don't have to use tacoroot.
Thanks. worked perfectly.
prototype7 said:
Use the downgrade tool.
Sent from my vivow using Tapatalk 2 Beta-5
Click to expand...
Click to collapse
unroot to re-root correctly
Does anyone know a method to go back to stock on one of refurbed phones in order to re root correctly and not get the Sense bootloop? I found a few methods but they are all four hboot .97 and I have a feeling won't fix the problem.
mccarrel said:
Does anyone know a method to go back to stock on one of refurbed phones in order to re root correctly and not get the Sense bootloop? I found a few methods but they are all four hboot .97 and I have a feeling won't fix the problem.
Click to expand...
Click to collapse
Flash the latest firmware, or just flash whatever RUU then the .0312 radio, then follow the guide to go back to s-on.
Sent from my Incredible 2 using Tapatalk 2 Beta-5
this thread will let you unlock your bootloader without htcdev,or let you change your hboot watermark from relocked or locked back to stock.
originally,we used a zip file flashable in recovery. i have found it to work on gsm devices with 1.44 hboot and CW recovery. it did not work with twrp. if the following is too scary,feel free to test the zip files. that thread,info,and downloads can be found here. since not all recoverys are working,these values can be changed with simple adb commands.
advantages
-no hassle with htcdev,tokens,or unlock codes
-no submitting your phones personal info to htc
-the ability to get back to 100% stock without any visual traces or records of having been s off or unlocking your bootloader.
you do NOT need to downgrade your hboot. this simple adb command works without any scary hboot downgrades.
*you must be s off.
*you must have superuser installed(see this thread if you need help installing superuser. use the keep bootloader locked directions)
read this:
this will not work if your s on. its not a way to magically unlock
the usual disclaimers:
use this info at your own risk. if it melts your phone into a little pile of aluminum goo,its not my fault.
credits
-beaups for giving me the echo comand,so yall didnt need to dump,edit with a hex editor,and copy back
-strace for originally discovering the location of the lock status flag(check out this thread for more info)
-kdj67f for fearlessly testing and putting up some screenshots in post 5. thanks!
IF you are an advanced user with adb/fastboot set up and some basic knowlede of the cmd window,you can skip to #2
1)set up adb
-download this file
-install drivers: if you have htc sync installed,you should allready have drivers. if not,you can install htc sync,or install these modified htc drivers from revolutionary (driver mirror)
-unzip your miniadb_v1031.zip file. this is native funtionality in windows 7. you otherwise may need a utility such as "7-zip" to extract,or unzip it. place the unzipped folder onto the root of your C drive on your PC. root means the top level,not inside any folders. so just copy and paste,or drag and drop the folder onto C with everything else that is there. you may want to rename it to "miniadb_m7" since youll be putting some device specific files in here.
-open a command window. on windows 7,click the start bubble in the lower left and type "command" in the search box. xp i believe is similar or the same. doing this should open a small black command window.
-change to your miniadb_m7 directory. type the following at the prompt in your cmd window:
cd c:\miniadb_m7
your command promt should change to "c:miniadb_m7>" provided you: 1)unzipped the miniadb_v1031 zip file,and 2)put the folder on your c drive,and 3)entered the name of the folder correctly ("miniadb_m7" in this case)
-now make sure usb debugging is checked in developer options(you will need to turn it on first),and plug your phone into your PC with a usb cable
-make sure your phone is being recognized- type:
adb devices
if your drivers are installed correctly,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.
if you get your serial number back,then enter this command:
adb reboot bootloader
this should take your phone to the "fastboot" screen,wich is white with colored letters. this is one mode of your bootloaders interactive modes. at the top youll see fastboot devices as confirmation youre in fastboot.
now enter:
fastboot devices
again,this should return your phones serial number. you should hear the "found device" noises when you plug your phone in. if it starts installing drivers,wait for it to finish before typing the adb devices command.
if you get your serial number back,you can enter the following to boot back to the phones OS:
fastboot reboot
and now,youve installed adb/fastboot and tested youre phones drivers. if at either spot,you have trouble and dont get your serial number back,there is some sort of connection issue. use these steps to troubleshoot:
troubleshooting connectivity issues:
-try a reboot of the PC
-try different usb cables and ports
-dont use a usb hub
-dont use usb 3.0
-make sure nothing capable of comunicating with the phone is enabled and running. htc sync,pdanet,easy tether,and even itunes have all been known to cause issues.
-windows 8 has been known to have issues. try a windows 7 or older machine
failing the above,
-i use these drivers for fastboot and adb(donwload and run as admin): http://downloads.unrevoked.com/HTCDriver3.0.0.007.exe (mirror)
failing that,try manually updating the drivers in the following manner:
-put the phone in fastboot mode(select fastboot from the hboot menu)
-open device manager on the PC
-plug in phone,watch for it to pop up in device manager.
-update drivers with device manager,pointing the wizard to the extracted
driver download folder from above
note that you can check the connectivity of the phone,and make sure drivers are working by in the following manner:
-open cmd window. change to directory containing adb/fastboot utilities
-adb with the phone in the booted OS,usb debug enabled,enter:
adb devices in a cmd window
-fastboot with phone in fastboot,enter:
fastboot devices in cmd window
in either case,a properly connected phone with working drivers installed should report back the phones serial number.
Click to expand...
Click to collapse
this process,in your cmd window,should look something like this:
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="red"]cd c:\miniadb_m7[/COLOR]
c:\miniadb_m7>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
FAxxxxxxxxxx device
c:\miniadb_m7>[COLOR="red"]adb reboot bootloader[/COLOR]
c:\miniadb_m7>[COLOR="red"]fastboot devices[/COLOR]
FAxxxxxxxxxx fastboot
c:\miniadb_m7>[COLOR="red"]fastboot reboot[/COLOR]
rebooting...
finished. total time: 0.037s
c:\miniadb_m7>
2)reset your "lock status flag"
to LOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now locked
_____________________________________________________________________________________________
to UNLOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now unlocked
*i have tested this on my gsm htc one. if someone wants to test on vzw,ill add you to the credits
mine!
So, this will work with hboot 1.54? And are you sure the memory blocks are correct for Verizon? I will test...
I'm s-off, stock Rom, cwm recovery and rooted.
Sent from my HTC6500LVW using XDA Premium 4 mobile app
kdj67f said:
So, this will work with hboot 1.54? And are you sure the memory blocks are correct for Verizon? I will test...
I'm s-off, stock Rom, cwm recovery and rooted.
Sent from my HTC6500LVW using XDA Premium 4 mobile app
Click to expand...
Click to collapse
99% sure we can certainly dump p3 and have a look-see first,if you'd like. We woukd need a dump from someone whose unlocked or relocked
Sent from my HTC One using Tapatalk 2
99% is good enough for me haha! Phone just hut 50% charged, give me a minute. Will post back with pictures.
Sent from my HTC6500LVW using XDA Premium 4 mobile app
---------- Post added at 08:56 PM ---------- Previous post was at 08:41 PM ----------
Confirmed, code working. Flags set/reset. Phone even reboots and works will upload pics/screenshots.
Thanks!
Starting out unlocked:
Locking:
Locked:
Unlocking:
Re-unlocked:
Very good work!
Awesome! Thanks for confirming
Sent from my HTC One using Tapatalk 2
That was super easy... great write up! This will save so much time getting an unlocktoken and running through HTCdev. Many thanks!
scotty1223 said:
99% sure we can certainly dump p3 and have a look-see first,if you'd like. We woukd need a dump from someone whose unlocked or relocked
Click to expand...
Click to collapse
Verizon HTC One here, S-Off with SuperSU but otherwise stock, locked bootloader, hboot 1.54. I just did
Code:
dd if=/dev/block/mmcblk0p3 of=orig bs=1 seek=33796 count=4
and looked at the resulting dump and it has "PGFS" not nulls at that offset. I'm wondering if we should write "PGFS" back on Verizon/hboot 1.54 and not nulls?
bjorheden said:
Verizon HTC One here, S-Off with SuperSU but otherwise stock, locked bootloader, hboot 1.54. I just did
Code:
dd if=/dev/block/mmcblk0p3 of=orig bs=1 seek=33796 count=4
and looked at the resulting dump and it has "PGFS" not nulls at that offset. I'm wondering if we should write "PGFS" back on Verizon/hboot 1.54 and not nulls?
Click to expand...
Click to collapse
sounds like youre looking at offsets 00 01 02 03. every device ive looked at so far has the PGFS at that location. i havent looked ata vzw p3,but t mobile follows that. youll find the HTCU,HTCL,or nulls at 8404 8505 8406 8407.
im not sure your command is showing you the correct location. id dump and look at the whole thing.
dd if=/dev/block/mmcblk0p3 of=/sdcard/mmcblk0p3
Hey Scotty,
I can't thank you enough for this info. I really didn't want to unlock via htcdev and it's been getting tiring making zips for everything I want to flash. This solved my problem and is reversible without record. You are the man and thanks for putting in the time.
isdnmatt said:
Hey Scotty,
I can't thank you enough for this info. I really didn't want to unlock via htcdev and it's been getting tiring making zips for everything I want to flash. This solved my problem and is reversible without record. You are the man and thanks for putting in the time.
Click to expand...
Click to collapse
glad to help
Can someone explain the benefits to me of being able to change between locked/unlocked? If not.... That's cool.
Sent from my HTC6500LVW using Tapatalk now Free
BaBnkr said:
Can someone explain the benefits to me of being able to change between locked/unlocked? If not.... That's cool.
Sent from my HTC6500LVW using Tapatalk now Free
Click to expand...
Click to collapse
For this thread and most people's needs, unlocking this way after s-off saves time. Re-locking just proved it was reversible in case someone did want to be locked again. Another way to get back to stock for warranty purposes, etc...
Most importantly, to prove it can be done!
Sent from my HTC6500LVW using XDA Premium 4 mobile app
Fantastic, can this work for HTC One S too?
maybe needs finding correct blocks?
what it is unclear to me is that:
your method to unlock bootloader needs S-OFF, but S-OFF needs Unlocked bootloader and SuperCID, so maybe for HTC One S it's different
thanks for clarification
icest0rm said:
Fantastic, can this work for HTC One S too?
maybe needs finding correct blocks?
what it is unclear to me is that:
your method to unlock bootloader needs S-OFF, but S-OFF needs Unlocked bootloader and SuperCID, so maybe for HTC One S it's different
thanks for clarification
Click to expand...
Click to collapse
blocks are the same for one s.
method does indeed need s off. most common way to achieve s off for devices on the unlock program is via intial unlock thru htcdev to install root and recovery. at this point the commands are useful to get back to locked,and if one needs unlock after being locked for some reason. vzw is a bit different in that they cannot use htcdev,so a hack is needed to temproot,then s off. this does give them the luxury of being able to unlock without htcdev alltogether.
its also possible to s off via a java card,or be lucky enuff to find a user trial device that came that way. in this situation htcdev can be left out of the picture entirely.
hope that clarifes it
scotty1223 said:
blocks are the same for one s.
Click to expand...
Click to collapse
ok!
scotty1223 said:
method does indeed need s off. most common way to achieve s off for devices on the unlock program is via intial unlock thru htcdev to install root and recovery. at this point the commands are useful to get back to locked,and if one needs unlock after being locked for some reason.
Click to expand...
Click to collapse
ok...clear
scotty1223 said:
vzw is a bit different in that they cannot use htcdev,so a hack is needed to temproot,then s off. this does give them the luxury of being able to unlock without htcdev alltogether.
Click to expand...
Click to collapse
ehm...sorry...what is vzw?
its also possible to s off via a java card,or be lucky enuff to find a user trial device that came that way. in this situation htcdev can be left out of the picture entirely.
hope that clarifes it
Click to expand...
Click to collapse
thanks :good:
vzw=Verizon wireless
Sent from my HTC One VX using Tapatalk
scotty1223 said:
vzw=Verizon wireless
Sent from my HTC One VX using Tapatalk
Click to expand...
Click to collapse
ah ok...
but since they need a temproot to get unlock without htcdev, wouldn't this be possible for all htc one (s)?
why is it limited to vzw?
icest0rm said:
ah ok...
but since they need a temproot to get unlock without htcdev, wouldn't this be possible for all htc one (s)?
why is it limited to vzw?
Click to expand...
Click to collapse
technically,yes. you could use a temp root and make a tool for any other carriers device so you would not have to unlock.
however, temp root exploits are typically patched quickly. htcdev is a reliable means of root to make other tools/exploits work. its much,much easier to simply unlock and install root and recovery than to keep looking for softwate temp root exploits.
with verizon you have no choice,since they do not allow official unlock.
Hello, can you please tell me why do i get this error ?