********************DISCLAIMER********************
XDA-Developers & Myself are in no way responsible for any loss of information or damages to your device that may result from from the use (or misuse) of this process, though the process itself should not cause any such problems I feel it necessary to reinforce this fact.
********************DISCLAIMER********************
-----Special Thanks-----
jcase
-For the methodology and providing the flash_boot and recovery image links in his eng bootloader thread-
Stick from IRC
-For his sacrifice and bringing this issue to our attention (R.I.P. sticks Eris)-
Suno and Mezy (also IRC)
-For being unwitting guinea pigs and verifying the process-
--------------------
Overview:
It has recently come to our attention that a version of clockwork recovery included in rom manager can and has (sorry stick) caused problems for Eris. Clockwork (or more specifically this clockwork) does not play nice with the Eris and in at least one case has resulted in a corrupted userdata partition resulting in a brick. This is not necessarily going to happen in all cases but the possibility is there and as such it is better to be safe than sorry. If you are using clockwork without issue but wish to switch back to Amon Ra this thread can also help you meet that end.
NOTE: Users who cannot use Amon RA recovery due to trackball issues should attempt the usb wiggle method. there is some sort of connection between the usb housing and the trackball down sensor that makes the trackball register a down movement when the usb gets rocked in a downward motion (extra note. be gentle)
What You Need:
Android SDK for adb - (alternatively this can be done PC-less but I will cover that later)
flash_image - www.multiupload.com/KS2JCAMGBH
recovery.img - www.multiupload.com/DXQVBXB93G
su - for root permissions
Astro or Root Explorer - (For PC-Less Only)
Terminal Emulator - (For PC-Less Only)
________________________________________________
This process is relatively straightforward and I'm going to cover both the adb method and the PC-Less method in case you for some reason can't get your device recognized by your system (or don't have access to one). I have also made this very detailed for inexperienced users.
The Process:
ADB Version-
1) Download both the flash_image & recovery.img files from the links above and place them in your android-sdk tools directory
2) Open a Command Prompt (or terminal) and navigate to the tools directory.
3) Connect your device (USB Debugging Must Be Enabled) and verify the PC can see the device - type:
Code:
adb devices
4) Push both flash_image & recovery.img to /data/local on your device:
Code:
adb push flash_image /data/local
adb push recovery.img /data/local
5) Change the permissions of flash_image:
Code:
adb shell chmod 777 /data/local/flash_image
6) Flash the recovery image to recovery:
Code:
adb shell
su /*this is for those who do not get dropped into a root shell automatically remember $ = user # = root */
/data/local/flash_image recovery /data/local/recovery.img
7) Give it a few seconds to run (just give it 10 or so seconds to be safe)
8) Issue the following to reboot the device into recovery mode to verify the flash took:
Code:
adb reboot recovery
PC-Less Version-
1) Download both files to your sdcard.
2) Use Astro or Root Explorer to move both of the files to /data/local (if you run into a read only error use this command in terminal emulator and try again)
NOTE: Root Explorer users can hit the rw/ro toggle button.
Code:
su
mount -o remount,rw /
If for what ever reason you either can't get Root Explorer and ASTRO is blocking you from navigating outside your SD go to terminal emulator and issue the commands:
Code:
su
mv /sdcard/download/flash_image /data/local
3) Open terminal emulator and issue this command to set permissions:
Code:
su
chmod 777 /data/local/flash_image
4) Still in terminal emulator flash the recovery image to recovery:
Code:
/data/local/flash_image recovery /data/local/recovery.img
5) When the prompt returns issue the command:
Code:
reboot recovery
Verification:
If you completed either method you should be greeted by a green text recovery menu. If so congrats Amon RA has blessed you with it's presence. go ahead and reboot system or flash a rom if you like.
If This was Helpful I only ask that you become an active member and contribute to the community in any way possible. The OpenSource community is what it is because of people like you giving freely of themselves for the benefit of the whole.
good stuff!
i've never used clockwork... and from my observations... GOOD!
in any case... this should help many users (i personally only recommend Amon).
What was the version the caused the issue? can't you also flash amons from clockwork in rom mgr then delete rom mgr? or would that not work? thank you.
midnight assassin said:
What was the version the caused the issue? can't you also flash amons for clockwork in rom mgr then delete rom mgr? or would that not work? thank you.
Click to expand...
Click to collapse
Not sure of the exact version as I don't personally use rom manager (kinda a manual guy) but I think it has been fixed in the most recent release. As for using Rom Manager to reflash I can't say for sure either but this method is pretty simple and already resolved two cases. I believe stick may have tried it he was in IRC with us for hours and we were bouncing everything we could think of at him but he got sig verification failure in a flash using it not knowing the issue and corrupted his userdata partition.
If there are any more questions I will have to answer them when I wake up because I'm nearly sleeping in my chair right now
thanks for the answer and putting this together. I know there are a lot of noobs like myself around here lately who may benefit from this and the time you put into it. thanks for makin it simple.
Thanks for the great post.
I just have to say theres an easier/alternate way to do it
1)download rom manager.
2)at the bottom of rom manager click flash alternate recovery.
[PC WAY]
As pointed out by bftb0 the below method will only work for those on HBOOT 1.49.2000 S-OFF bootloader. (those who flashed the original root rom)
1) download amon's recovery from this thread http://forum.xda-developers.com/showthread.php?t=648025
2) (if you don't already have the android sdk, download it) If your in Windows fastboot is included in the android sdk, if your in mac or linux go here http://developer.htc.com/adp.html and scroll down a bit, click download and move fastboot to your /sdk/tools folder.
3) with your phone connected to your computer and off hold the power and send buttons at the same time until fastboot comes up on the screen.
4) open cmd/terminal and cd to your /sdk/tools folder, and type in "adb flash recovery <path to amon's recovery>"(if your in linux or mac type ./ in front of fastboot).
5)reboot your phone.
I personally use clockwork recovery and have had no problems, though I do not suggest it for anyone. (unless your trackball is as messed up as mine is, I can't even scroll down in amon's recovery)
A couple of comments.
Stick's phone
A corrupted "userdata" (/data mount point) alone might prevent the OS from booting, but that should not effect the ability to start the phone in HBOOT, FASTBOOT, or RUU (oem-78) mode. I didn't sit in on the IRC, so maybe I'm missing something, but there really are only three things which will completely brick the phone:
- screwing up a flash of the (512 kB) bootloader
- screwing up the NVRAM area
- (maybe) screwing up the misc partition
You can screw the pooch in /boot, /recovery, /system, and /data (aka "userdata") - even all four of them at the same time, if you please - and your phone should still not be bricked.
If the bootloader can not be started (in any mode), then that is absolutely a bricked device; OTOH, if you can start up the bootloader in HBOOT mode, the only thing that would prevent you from re-flashing the Leak-V3/"Official" PB00IMG.ZIP file is corruption of either the /misc partition or NVRAM. None of the dev ROMs touch those areas though. So, it is very strange that someone using any custom recovery would cause corruption of those partitions. Is Stick really bricked?
I once corrupted my /system partition which caused it to be unmountable (in Amon_RA) by doing something dumb (twice!) - but re-flashing the entire ROM (HBOOT+PB00IMG.ZIP) overcame that and gave me an earlier starting point from which to re-root and recover via Nand. There is evidence, from looking at the string data contained within the bootloader that it knows how to recreate the partition tables in flash memory - presumably this would be needed if HTC shipped a ROM which needed more space in the /system or /data partitions than existed in prior ROMs. Whether it does that for normal PB00IMG.ZIP-style ROM flashing, I can't say - but there are hints that the HTC bootloader knows how to deal with flash memory in which the entire partition table has been destroyed.
PC-based method
Step #6 in the first set of instructions will not work for rooted (dev) ROMs which do not start adbd as root (that is, "adb shell" from the PC does not launch a root shell). Most dev ROMs do that, so perhaps this is a nit-picking point. If "su" is available in the ROM, prefixing the command with "su" should work, though - just as in the PC-less example.
Use of fastboot
homewmt should probably edit his post to add the disclaimer that using fastboot for flashing of recovery will only work for folks who gained root by flashing the "Root-ROM" (or post-installing it after root was gained), which gave them the 1.49.2000 S-OFF bootloader. None of the other bootloaders will let fastboot do this. I think it is important to mention this because a lot of the new rooters are using either the "One-Click" or "Dummies" (AF) methods to install a custom recovery - and so they never touch their bootloaders.
bftb0
So as long as you can get the boot loader up (power + volume down) then you can still use the 2.1 RUU (for those with HBoot s-on) to get the phone back working?
I think people assume that since the moded recovery image is fried that means the phone is bricked since you can't get into recovery on the phone to restore a backup.
Myself I've been using Clockwork Mod Recovery for 3 months without any problems and I've flashed a lot of ROMS and restored a lot of backups. Both using the recovery console and ROM Manager. I'll never go back to Amon's as I see no point and Koush is at least updating Clockwork on a regular basis.
bftb0 said:
A couple of comments.
Stick's phone
A corrupted "userdata" (/data mount point) alone might prevent the OS from booting, but that should not effect the ability to start the phone in HBOOT, FASTBOOT, or RUU (oem-78) mode. I didn't sit in on the IRC, so maybe I'm missing something, but there really are only three things which will completely brick the phone:
- screwing up a flash of the (512 kB) bootloader
- screwing up the NVRAM area
- (maybe) screwing up the misc partition
You can screw the pooch in /boot, /recovery, /system, and /data (aka "userdata") - even all four of them at the same time, if you please - and your phone should still not be bricked.
If the bootloader can not be started (in any mode), then that is absolutely a bricked device; OTOH, if you can start up the bootloader in HBOOT mode, the only thing that would prevent you from re-flashing the Leak-V3/"Official" PB00IMG.ZIP file is corruption of either the /misc partition or NVRAM. None of the dev ROMs touch those areas though. So, it is very strange that someone using any custom recovery would cause corruption of those partitions. Is Stick really bricked?
I once corrupted my /system partition which caused it to be unmountable (in Amon_RA) by doing something dumb (twice!) - but re-flashing the entire ROM (HBOOT+PB00IMG.ZIP) overcame that and gave me an earlier starting point from which to re-root and recover via Nand. There is evidence, from looking at the string data contained within the bootloader that it knows how to recreate the partition tables in flash memory - presumably this would be needed if HTC shipped a ROM which needed more space in the /system or /data partitions than existed in prior ROMs. Whether it does that for normal PB00IMG.ZIP-style ROM flashing, I can't say - but there are hints that the HTC bootloader knows how to deal with flash memory in which the entire partition table has been destroyed.
Click to expand...
Click to collapse
Yes stick is really bricked. He had access to the recovery but got a sig failure which terminally corrupted his userdata partition and the only option available to him was fastboot which would throw a sig failure at any attempt to flash over (even tried PB00IMG and RUU at the end)
NOTE: Good catch on #6 I edited the OP to drop into a shell then su in.
kzoodroid said:
So as long as you can get the boot loader up (power + volume down) then you can still use the 2.1 RUU (for those with HBoot s-on) to get the phone back working?
Click to expand...
Click to collapse
This is inadvisable as stick tried the RUU which is what killed off his ability to enter hboot
edge.thefly said:
Yes stick is really bricked. He had access to the recovery but got a sig failure which terminally corrupted his userdata partition and the only option available to him was fastboot which would throw a sig failure at any attempt to flash over (even tried PB00IMG and RUU at the end)
Click to expand...
Click to collapse
That is truly bizarre. I don't know what Clockwork does for checks, but Amon_RA performs (in the verification step) the equivalent of a "jarsigner --verify" operation: it computes the SHA1 hash of every last file in the .zip archive, and compares those sigs to the manifest. If even a single file is wrong, it won't proceed to the install, but just bombs out on a verification failure. The upshot of that is - in the Amon_RA (or stock recovery update.zip) case - it is literally impossible to install a corrupted ROM file.
In the case of HBOOT and PB00IMG.ZIP installs, a "whole-archive" signature is performed - the individual images are not inspected, but that doesn't matter: if you touch a single bit anywhere, even in the .zip file directory, that verification step will also fail.
So - in both of those examples, the only way to burn something wrong onto the phone is if the files get corrupted internally to the phone, after they have already passed signature checks - or if they are read off the SD card differently between the verification pass and the install pass!
Do you know if Stick has a S-OFF bootloader? (i have a tricky idea, if so) I suspect he doesn't, because if fastboot passes a privilege check, I don't think there are ever any sig checks performed by the phone when the bootloader is in FASTBOOT mode - all you have to do is have a S-OFF bootloader, and you can write total crap to the phone.
bftb0
I'm almost certain he had S-ON but hes not around right now so I can't verify.
I should also note that while he can still power on the device he only has fastboot access it wont even get into bootloader or recovery at this point.
thanks edge this work like a charm
edge.thefly said:
I'm almost certain he had S-ON but hes not around right now so I can't verify.
I should also note that while he can still power on the device he only has fastboot access it wont even get into bootloader or recovery at this point.
Click to expand...
Click to collapse
Ugh. Vol-Down won't get him from FASTBOOT-USB mode to HBOOT?
Sux.
I was going to suggest - only if he had the S-OFF (1.49.0000) bootloader - that he could boot to a recovery image without ever flashing it to the device, e.g.
Code:
[B]C:\blech> [COLOR=green]fastboot boot recovery-RA-eris-v1.6.2.img[/COLOR][/B]
Even if he had S-OFF, and can get a recovery boot up on it's legs, it might still be a long uphill climb if e2fsck/mke2fs can't repair/rebuild /dev/block/mtdblock5 (for instance if the mtd device is so corrupted that the partition map got thrashed).
But that route is a no-go if he has a S-ON bootloader.
bftb0
What's the difference between Amon and Clockwork?
Good question. I personally dont use clockwork but...
the navigation interface is different (uses volume keys to select instead of trackball)
Amon_RA is far more tested and reliable on Eris
and of course the general consensus that clockwork should NOT be used on the eris.
NOTE: I am sure there are other internal differences someone like bftb0 or koush would be more apt to give a detailed explanation.
edge.thefly said:
Good question. I personally dont use clockwork but...
the navigation interface is different (uses volume keys to select instead of trackball)
Amon_RA is far more tested and reliable on Eris
and of course the general consensus that clockwork should NOT be used on the eris.
NOTE: I am sure there are other internal differences someone like bftb0 or koush would be more apt to give a detailed explanation.
Click to expand...
Click to collapse
I've been using clockwork for a while now... I haven't had issues yet. What kind of problems have people had with this, anyway? There is an option in rom manager to flash back to Amon ra...
Sent from my Buuf Froyo using XDA App
The usual, failed flashes failed nandroid backups i heard something about a random reboot issue but that could be unrelated and of course the one case of corrupted partition/inability to get into hboot or recovery resulting in a brick.
I will note some people are using clockwork without issue and for them great but it is not advisable on the Eris at this time though I do realize some people have trackball issues and have to in which case best of luck to those few brave souls.
NOTE: If you have trackball issues i advise you to attempt the usb wiggle method. there is some sort of connection between the usb housing and the trackball down sensor that makes the trackball register a down movement when the usb gets rocked in a downward motion (extra note. be gentle)
edge.thefly said:
The usual, failed flashes failed nandroid backups i heard something about a random reboot issue but that could be unrelated and of course the one case of corrupted partition/inability to get into hboot or recovery resulting in a brick.
I will note some people are using clockwork without issue and for them great but it is not advisable on the Eris at this time though I do realize some people have trackball issues and have to in which case best of luck to those few brave souls.
NOTE: If you have trackball issues i advise you to attempt the usb wiggle method. there is some sort of connection between the usb housing and the trackball down sensor that makes the trackball register a down movement when the usb gets rocked in a downward motion (extra note. be gentle)
Click to expand...
Click to collapse
maybe you should post this on OP the trackball issue that is
so...I'm not at my normal computer(and I can't get Root Explorer because my card always screws up when it converts from US to any other currency) and am trying the On-Phone method via Astro. The issue I'm having is I cannot get it to show me the /data/local folder. I can't find any tweak for it in settings or anything. There's no read only error or anything like that, so I don't think that mount command in the first post will help very much. I'm fairly new to Android hacking, so this could easily be something I just don't know yet. My gut says it's a permissions thing, and that since Astro is meant for normal users it just doesn't set itself to show the restricted stuff by default.
So I guess does anyone know how to make this folder appear in Astro?
(I've been meaning to change back to Amon_Ra for a while ever since I noticed that RomManager deleted the other recovery program. Just can't trust something that does that.)
[edit] tried the command to remount as a rewritable et all that jazz(mount -o remount, rw /) and no change.
Do you have Superuser installed? My astro sees those extra files and it isnt in my Superuser permissions list.
However if you cant get past this issue go ahead and use the terminal emulator to perform the move.
Code:
su
mv /sdcard/download/flash_image /data/local
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
This thread has the aim is to provide you with one single thread to find what you seek and where every user can participate by sharing files and/or links to.
Here's a list of all variants as thankfully provided by @Kisakuku:
htc_ocndtwl - China (Dual SIM)
htc_ocnuhl_jp - Japan (Single SIM)
htc_ocnuhl - Asia / EMEA (Single SIM for carriers and HTC direct sales)
htc_ocndugl - Asia / EMEA (Dual SIM for HTC direct sales)
htc_ocnwhl - North America (Single SIM US Unlocked, Sprint)
Helpful links:
[GUIDE | FIX] PIN/PATTERN/PASSWORD not recognised after TWRP restore
[GUIDE] HTC U11 How-To - Return to Full Stock ROM/Firmware
Downloads of fastboot mini platform tools from Google: Win64 | Linux
Downloads of htc_fastboot from HTCDev: Win64 | Linux | macOS
Instructions on fastboot flashing and Firmware by @Sneakyghost
Instructions on how to get an OTA link from HTC by @topjohnwu
Universal HTC RUU/ROM Decryption Tool by @nkk71 and @Captain_Throwback
SunShine Unlock/S-OFF thread by @jcase and @beaups
I cannot accept any liability and/or responsibility for these firmware packs. I am not able to go through the process of testing each pack, hence community members are called to test these on their own.
Regards 5m4r7ph0n36uru
Post #2: Google Spreadsheet with download links
Post #3: Firmware flashing methods by @Sneakyghost
Post #4: General Information by @Sneakyghost
Post #5: How-To Guidelines
1. How-To flash a RUU using the SD card method
2. How-To restore an untouched/pristine system image using a Nandroid Backup
3. How-To manually flash an OTA Update
Post #6: RUU Errors & Fixes
This thread wouldn't be as good as it already is without all those contributes named at the end of this thread. Thanks again to all of you sharing your files and knowledge that enables me to hold up this thread.
There are some special thanks I want to express to
@Sneakyghost by whom's firmware threads I gained the most, if not all, my knowledge about firmware reagarding HTC
@Captain_Throwback for creating and maintaining the HTC RUU decrypt tool, as well as maintaining all those TWRP Recoveries
@nkk71 for creating and maintaining the HTC RUU decrypt tool, as well as the MultiROM Mod on my past HTC devices
XDA:DevDB Information
[GUIDE][Collection] HTCU U11 – RUU/Firmware/Recovery/OTA/Backups
Contributors
@5m4r7ph0n36uru, @ziand_, @Kisakuku, @OMJ, @JEANRIVERA, @blueberry60, @Golv, @sergos1221, @topjohnwu, @andybg40, @Petert87, @sirioo
Created 2017-05-25
Last Updated 2017-06-24
[Collection] Spreadsheet with download links
GOOGLE SPREADSHEET
Recent Additions:
Please remember: you're writing to boot-critical parts of your phone. If anything goes wrong along the way, your phone might be bricked.
2019/02/09 - 2.42.709.86 RUU thanks to @ziand
2018/10/12 - 2.42.709.82 Nandroid thanks to @ziand / 2.33.91.7 Nandroid thanks to @korom42
2018/10/12 - 2.42.709.7 DUGL Nandroid, 2.42.709.7 > 2.42.709.82 DUGL OTA thanks to @ziand
2018/10/11 - 2.42.709.6 > 2.42.709.7 DUGL OTA, 2.33.401.19 DUGL Nandroid thanks to @ziand / 1.27.89.10 RUU thanks to @ziand and @migascalp / Updated all OTA links possible to AFH links thanks to @ziand, and removed those whhich are no longer working, due to HTC's server changes
2018/09/19 - 2.33.401.19 Nandroid thanks to @scotty2000 / 1.13.161.7, 1.27.161.5, 1.27.161.10, 2.33.161.11 Combined FullWipe Firmware thanks to @Petert87
2018/09/18 - 2.33.161.11 > 2.33.161.12 OTA, 2.33.161.12 Firmware, Nandroid & Stock Recovery thanks to @Petert87
2018/09/15 - 2.33.401.10 > 2.33.401.19 OTA thanks to @ziand
2018/09/06 - 2.42.400.3 DUGL RUU thanks to @ziand
2018/08/24 - 2.42.617.7 RUU ZIP thanks to @ziand / 2.42.400.6 > 2.42.400.7 DUGL OTA thanks to @desean
2018/08/12 - 2.33.91.6 Nandroid thanks to @korom42 / 2.42.617.7 Nandroid thanks to @8bitbang / 2.42.617.7 NoWipe Combined Firmware thanks to @darwinmach
2018/01/13 - EMEA DUGL: 1.27.401.11 > 2.33.401.10 OTA thanks to @jhil110/@sirioo, 2.33.401.10 Stock Recovery thanks to @ziand_ / EMEA UHL 1.27.401.12 > 2.33.401.10 OTA / 2.31.709.1 > 2.42.709.1 OTA, Stock Recovery & Nandroid thanks to @ziand_ / 2.31.617.2 > 2.42.617.1 OTA, Stock Recovery thanks to @JEANRIVERA / RUU (EXE & ZIP) thanks to @OMJ / Nandroid (AFH) thanks to @ziand_
2017/12/28 - 1.11.701.5 > 1.28.710.4, 1.28.710.4 > 1.29.710.5, 1.29.710.5 > 2.33.710.9 OTAs added thanks to @GraeFNZ
2017/12/17 - 1.27.400.8 > 1.27.400.21 OTA, 1.27.400.21 RUU & Nandroid thanks to @Kisakuku / 1.27.118.5 > 1.27.118.12 OTA, Nandroid & Stock Recovery thanks to @buttie / 1.27.1405.7, 1.35.1405.2 RUUs & 1.27.1405.6, 1.27.1405.7, 1.35.1405.2 Nandroids thanks to @liweichen6 / 1.28.617.30 > 2.31.617.2 OTA & Nandroid thanks to @OMJ / RUU (.EXE/.ZIP), Stock Recovery, Combined NoWipe & Full Wipe Firmwares thanks to @Kisakuku / 1.27.400.21 > 3.31.400.6 OTA thanks to @goodman_east / Stock Recovery, Combined FullWipe & No Wipe Finmares thanks to @Kisakuku
2017/11/03 - 1.28.651.40 > 1.28.651.50 thanks to @OMJ / 1.28.651.50 RUU (EXE & ZIP), Combine FullWipe & NoWipe Firmwares, Stock Recovery, Nandroid thanks to @Kisakuku / 1.27.401.11 (DUGL) OTA thanks to @Electronic Punk / 1.27.401.11 (DUGL) Combined FullWipe & NoWipe Firmware, Stock Recovery thanks to @Kisakuku / 1.27.401.11 (DUGL) Nandroid thanks to @ziand_ / 1.27.401.12 (UHL) OTA thanks to @axst_68 / 1.27.401.12 (UHL) Combined FullWipe & NoWipe Firmwares, Stock Recovery as well as 1.28.617.30 RUU (EXE & ZIP), Combine FullWipe & NoWipe Firmwares, Stock Recovery, Nandroid thanks to @Kisakuku
2017/10/15 - 1.27.401.5 UHL RUU, Combined FullWipe &NoWipe Firmware, Nandroid / 1.27.401.5 DUGL RUU, Combined FullWipe & NoWipe, Nandroid by @Kisakuku
2017/09/14 - 1.27.401.5 Stock Recovery by @Kisakuku
2017/09/12 - 1.27.401.5 OTA by @axst_68
2017/09/10 - 1.28.709.6 OTA by @topjohnwu, 1.28.709.6 Recovery, Combined FullWipe & NoWipe Firmware, Nandroid by @Kisakuku
2017/09/03 - 1.27.401.5 OTA & Nandroid by @ziand_, Recovery by @Kisakuku / 1.28.651.3 OTA by @OMJ, Nandroid, RUU, Recovery, Combined FullStock & Combined noWipe Firmware / 1.27.400.8 Nandroid, RUU, Recovery, Combined FullStock & Combined noWipe Firmware all by @Kisakuku / 1.27.1405.4 & 1.27.1405.6 RUU by @liweichen6 all added to the spreadsheet
[...]
2017/07/08 - Initial release of the newly created spreedsheets with all links provided as of today
Click to expand...
Click to collapse
Disclaimer
You are aware that writing to security protected, boot-critical partitions increases your risk to lose the device exponentially. You understand and agree that I cannot be held responsible for such or any other damages. The flash process is theoretically safe and well tested, however you are the brains behind the wheel and you are solely responsible for the execution of the process. I will not accept any liability. The method itself is developed by Google and HTC, I only provide access and information to it and I am trying my best to make it understandable and simple. Do not use this if you have difficulties understanding what this is!
You understand that you should not do it if you are not willing to accept this risk.
As some questions within this thread already showed that people don't read the OP, which includes all linked threads linked to in post #1, I'll leave the follwing here. With courtesy of our fellow contributer @Sneakyghost who allowed me to use his work in this thread, I'll quote his explanations on flashing methods, as well as the provided firmware.zip variants below.
If S-OFF will get available I'll double check all what's written below and alter it to reflect the the currrent situation on the HTC U11 if needed. For as long as we don't know what still holds true on the U11, I'll leave his fabulous work untouched as a quote.
The whole thanks and respect for this work belongs to @Sneakyghost. Thanks again to you mate!
Sneakyghost said:
Flashing methods:
The safest way is still HTCs RUU and OTA method. US RUUs can be accessed via HTC's US Support Site. Jump to your device, then click "View" and scroll down for the download-link. The page has Dev/Unlocked (617), Sprint (651), AT&T (502) and T-Mobile US (531) covered. RUU's are superior to other flashing methods because they carry lab tested combinations of partition images and the method itself is also known to work well (plus the psychological advantage).
Other than HTC's original OTA's which are "incremental", My packages are always FULL packages (applies to my NoWipe as well! It can also be considered a FULL update as opposed to incremental) - with these you can safely jump from a very old firmware right up to the newest. Following this original RUU / OTA method, come the methods most suitable for my packs:
My preferred method is the "Fastboot method", which needs a PC or Mac or Linux computer. I will be detailing how to fastboot flash firmware further down.
The "SDCard Method" can be considered the fastest and most suitable for people without a PC. I will be detailing how to SDCard flash firmware further down.
An explainer to the ZIP variants provided here:
Full Stock WIPE ZIPs:
NOTICE: FullStock zips currently permanently break the phones ability to receive HTC stock OTA's - to restore your OTA functionality, refer to post #5 for more information!
Only System removed (and encryption broken) - Everything else stock! This type of zip also re-flashes the /data partition with HTC's DZDATA files (meaning you loose everything on your internal SDCARD). Also replaces the Kernel, recovery and Splash1 with latest stock images! The /system partition will not be touched. (Else this would be a RUU.zip). It also includes the "apppreload.img" with all the carrier-bloatware (WWE has no bloat in there!).
Be sure to put a ROM onto your EXTERNAL SD before proceeding with a Full WIPE ZIP! If you forgot to put a zip on your sdcard: you can reflash TWRP with Fastboot (use my batch tool) and then choose between ADB file push, MTP transfer or even USB mass storage transfer mode. Last but not least you can take out the sdcard and use a card-reader with your computer. Phone will NOT boot without ROM reflash after using this!
NoWipe ZIPs:
These packages are modified. This type of ZIP updates basic Firmware partitions, does not touch the /data partition, leaves kernel, splash and ramdisk (in order to support custom ROM's modifying ramdisk) alone. The "apppreload.img" is removed, the bloatware partition will remain unchanged (to remove already existing bloat permanently flash apppreload.img from International/WWE/401, it is an empty image). Recovery will be replaced with the current TWRP. Phone should in most cases boot normally after using this.
And what you won't get here (fine print):
Since this is a Firmware Update Thread and not a ROM thread, you do NOT EVER get a ROM (a.k.a "System.img" or plain: "System" here. You understand and agree that you cannot have this from me. You also acknowledge that I cannot be blamed for your non-booting phone due to you not reading or not understanding this. You may find stock system backups here
How to flash firmware.zip's using fastboot
Prerequisites:
You need ADB and Fastboot on your PC. To get ADB and Fastboot up and running I strongly suggest you use my "Batch Tool" setup, because it contains an updated htc_fastboot, which is 100% working with the HTC 10 . This is important: the generic Google fastboot from SDK API Level 24 (latest at time of writing) is NOT FULLY COMPATIBLE.
The method outlined here does apply to my zips as well as HTC signed zips. The difference is, that for my zips, S-OFF is mandatory, while HTC signed zips can under certain conditions also be flashed to S-ON phones, however, different prerequisites and risks apply there. I will not cover HTC signed zips here as they are fundamentally different in some aspects while the flashing method remains the same.
Note: use "htc_fastboot" with my batch tool. If you use another ADB/Fastboot set, it will probably be Google Fastboot and then the commands should be starting with "fastboot".
Step-By-Step:1. If device is booted into Android, reboot into download mode by running:
Code:
adb reboot download
NOTICE: adb reboot download is new since the M9 for those who come from earlier HTC devices - zips can be flashed in download mode or RUUMode, both work. The on-screen status report is more detailed in download mode. This making it the preferred flashing mode for now.
1.a Or else, if your device is in a different state or you just prefer the button method:
In Android: Press and hold Power and VolDown at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power, keep holding VolDown a little longer.
During Boot and sometimes when booted into Recovery: Press and hold Power, VolDown and VolUp at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power and VolUp, keep holding VolDown a little longer.
When in download mode, use the VolUp and VolDown buttons to navigate up and down and use Power to confirm.
2. Now place the Firmware_xx.zip into your adb/fastboot folder (which will be "C:\Android\com" if you use my Batch Tool).
3. Followed by:
Code:
htc_fastboot flash zip Firmware_xx.zip
(replace "Firmware_xx.zip" with the name of your zip)
4. Now check the console output. It should approximately look like this log:
NOTICE: this flash log is taken from a NoWipe (not all images included) flash on an HTC 10. New is (compared to M7, M8) that the checking routine is way more sophisticated and Controller Firmware for e.g. the touch panel or the Infra Red Remote (One Series only, not available on the HTC10) and the like do NOT get flashed if the checks determine that they are already up-to-date. Images that do not get flashed show "BYPASSED", which is NOT an error.
Important: Should you decide to flash in RUUMode (instead of Download Mode like suggested further up), the flash process halts at around 90% on phone screen! This is normal and a safety precaution! The last few percent is the reboot, which is NOT happening automatically, so you get a chance to check the console output to make sure it is safe to reboot! The bar will only fill up to 100% once you type:
Code:
htc_fastboot reboot
Important: Download Mode flashes finish at 100% on phone screen and in console and ask you to hit Power to return to Download Mode screen.
IF you encounter any errors which are not "FAIL90", have a look into Post #3 or ask in the thread! DO NOT reboot the device until you have an idea what happened!
5a.
Code:
htc_fastboot reboot-bootloader
or press Power to return to Download Mode screen - depending on the mode you used to flash the zip. In Download Mode and Bootloader you can go to either regular reboot or shut-down the device via button navigation.
5b. Optional:
Code:
htc_fastboot reboot
to just reboot the phone to Android.
How to flash firmware using SDCard MethodPrerequisites:
Compatible SDCard, should be formatted with FT32 for older firmware, newer firmware can also handle ExtFS formatted cards.
A firmware.zip you would like to flash, taken from Post #2 (Downloads)
Phone charged up at least 30% (will fail with low power warning if lower than 30%)
Step-By-Step:1. Rename your firmware.zip to exactly "2PS6IMG.zip" - make sure you enable "show file extensions" in Windows Explorer, if you rename it on your PC. Else you might end up with a "2PS6IMG.zip.zip" which won't flash.
2. Copy your "2PS6IMG.zip" over to the root of your SDCard. Use a cardreader, or MTP protocol in Android or Recovery, or USB Mass Storage protocol in Recovery, or ADB push the file in Android or Recovery - many methods available.
3. Now, if device is booted into Android, reboot into download mode by running:
Code:
adb reboot download
3.a Or else, if your device is in a different state or you just prefer the button method:
In Android: Press and hold Power and VolDown at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power, keep holding VolDown a little longer.
During Boot and sometimes when booted into Recovery: Press and hold Power, VolDown and VolUp at the same time for approx. 15 seconds, when the screen and charging LED go dark immediately let go of power and VolUp, keep holding VolDown a little longer.
4. Once Download Mode starts, it will "see" the 2PS6IMG.zip and ask you (yellow text at bottom of screen) if you want to flash the firmware. Press VolUp to confirm and proceed with the flash, or press VolDown to cancel and continue into Download Mode UI.
5. Now check the screen while it flashes. It should stop at "end UI updating. Press Power to continue" - the phone will now shut off! To turn it back on, press and briefly hold power again.
Click to expand...
Click to collapse
General Information
The whole thanks and respect for this work belongs to @Sneakyghost. Thanks again to you mate!
Sneakyghost said:
FullStockWipe and HTC OTA's a.k.a "Verity"
What's the problem?
The way the new security works, a FullStock zip will break your OTA capability in almost all scenarios. The only scenario where that would NOT happen is if you have, before you flash the zip, already the corresponding untouched, hash-sum matching stock system image flashed. Nobody using custom ROM's has that. So, what happens is this:
- FullStock.zip flashes stock kernel which has verity enabled and checks partition integrity upon boot.
- After flashing, you reboot. The kernel kicks in (around when bootanimation would start). The kernel checks the /system partition if it is the correct one.
- The kernel finds it is not the correct system and reports a fail-status, sets this as persistent information, and will force a reboot
- At reboot, (and every reboot after) the Bootloader picks up the fail status and pass it on to the kernel, which in turn will pass it on to the system.
- Now, Android thinks, System is messed up and will not allow you to download and apply an OTA.
From now on, every boot, even if you flash a clean stock system, the aboot will tell the rest of the guys working inside your phone: hey, this thing has been messed with, it cannot be updated anymore!
Fixing strategies:
1.) To restore OTA function fast and easy: run a RUU.
2.) If there is no RUU for your specific model, you could convert to another model which has a RUU.
3.) Then there is a third, theoretical way I have not yet tested: obtain an untouched system image that fits your FullStock (same version), flash that in fastboot (it can be a raw dump or a TWRP systemimage backup of the correct system) and then flash the corresponding FullStock again. That should, like a RUU, restore OTA functionality too.
4.) Also very simple: grab the HTC OTA file which you find in /data/data/com.htc.updater somewhere if you can download. If not, find it on XDA from someone else who got it. Then put it on your sdcard, have stock recovery flash it from SDCard (no detailed guide here but its the same since years, there are tons of guides on how to manually flash a HTC OTA out there. Use Google).
5.) Remove boot.img from my FullStock zip before you flash. Your custom ROM of choice will put a hacked kernel into your phone again anyway...
However, at time of writing this, I know @nkk71 is investigating other, simpler methods to restore the correct state.
So, if you absolutely depend on HTC's OTA's, best would be to just not flash/boot a stock kernel ever while a custom system is installed.
Flash Process Output (applies mostly to older phones, the newer HOSD driven output is much more detailed)
There are a few steps in the flash process which are not really straightforward but i can maybe explain some of them here:
sending 'zip' means: fastboot is sending zip over to client (here referred to as “remoteâ€)
OKAY [ 2.839s] means status of sending was good. Transfer succeeded.
writing 'zip'... means the zip is being written to some location on the phone from the /temp location.
(bootloader) zip header checking... means the zip header is being checked for validity, see if it’s a real zip file and check for HTC’s signature, which often resides in the header part.
(bootloader) zip info parsing... means most likely a check on the file hashes in the zip (integrity check - if the zip is borked, it will fail here)
(bootloader) checking model ID... The bootloader checks if the android-info.txt contains the right MID. If it fails here you gotta swap out your model ID in the android-info.txt file or write another MID to your phone.
(bootloader) checking custom ID... The bootloader checks if the android-info.txt contains the right CID. If it fails here you gotta swap out your Customer ID in the android-info.txt file or write another CID, possibly SuperCID, to your phone.
(bootloader) start image[hboot] unzipping for pre-update check... means the bootloader is now unzipping the [hboot] image. This line will be repeated before every image that is to be flashed.
(bootloader) start image[hboot] flushing... means the bootloader is now beginning to flash the [hboot] image.
(bootloader) [RUU]WP,hboot,0
(bootloader) [RUU]WP,hboot,99
(bootloader) [RUU]WP,hboot,100 these three lines read [RUU] for what mode fastboot is in, WP for “Write Partition†for what is currently being done in RUUmode, “hboot†is the name of the currently flashed partition, number xx is a percent stage of the write process.
(bootloader) ...... Successful means the final status is successful.
Now, before the [RUU]WP,hboot,xx line we often see another line reading [RUU]UZ,radio,50 for example. That reads RUUmode is currently unzipping the Radio.img and at stage 50 percent. UZ means UNZIP.
If you see something like this:
(bootloader) start image[sbl1-1] unzipping & flushing...
(bootloader) [RUU]UZ,sbl1-1,0
(bootloader) [RUU]UZ,sbl1-1,100
(bootloader) signature checking... means it is checking the signature of the partition if it matches the expexted signature stored in the hboot.
(bootloader) verified fail means the signature in the image did not meet expectations.
(bootloader) ..... Bypassed means the image got skipped because its got the wrong signature.
This has to be interpreted like this: there are multiple “SBL†images, to be exact: type 1 has 3 variants and type 2 has only one variant. Of type 1 (“SBL1-xâ€), two get skipped, one gets flashed (see my log above), of type two (“SBLxâ€) both get flashed. I believe, SBL 2 and 3 are device independent, but SBL1 has three variants, of which only one fits the current device. So, depending on the device you have, you will see either SBL1-1, SBL1-2 or SBL1-3 being flashed and the other two subtypes being skipped (bypassed).
The same goes for the "dzdata" images in the firmware package. They come in two or three size flavors (16, 32 and 64 GB) and resemble the file structure of the /data partition. Depending on your device and model, only the one with the right size gets flashed, the others skipped.
Important to understand: nearly all FAILED messages that do NOT occur while [RUU]WP (write partition) should be considered harmless. Only a FAIL during a write operation will most likely result in a damaged partition. All other fails will probably leave the original partition intact and thus the device can be rebooted. So far my understanding.
General hints for RUUmode / Download Mode zips
- Opening a zip is best done with 7zip as WinRAR and other zipping tools have lead to flash fails in the past.
- Choose low compression, higher compressions often fail. Pick "save" or "normal" to be safe, anything higher could cause the unzip in Bootloader to fail.
- Adding and Removing images is not a problem. The naming of the partition images seems flexible, yet if you encounter an “Error 23: parsing image fail†you need to rename the relevant image to something stock as not all names seem to be recognizable. The Hboot/Aboot determines the right partition from the header inside the image.
- Additional Dots in zip file names are known to have caused issues for a few people.
- Spaces in names are a no-go!
- Custom Recoveries can be added to those zips as well as custom kernels. In fact, if your phone is S-OFF, you can pretty much add anything and name it e.g. “recovery.img†and it will be flashed. You gotta be very very careful, as this is an easy way to break your phone. Make sure not to mess around with modified images!
- With S-ON, those zips only flash if everything is totally stock, from the android-info.txt being right up to all images being the correct versions for that update package and all having the right signatures. Reads: no custom messing with firmware zips for S-ON phones. In fact: apart from HTC OTA firmware.zip’s and RUU’s, nothing will flash with S-ON at all...
General hints for android-info.txt
- Use an Editor that doesn't mess up linebreaks like Windows Notepad does. Use Notepad++
- MID’s can be added one per line. Also supports wildcards i think e.g.: 71******, but i’m not sure.
- CID's can easily be added or removed- one per line, definitely supports wildcards (used by HTC in DevEd phone)
- Mainver line: should hold the version of the used set of firmware images. Example how to format the version: 2.24.401.1 (2= Base version always increases by 1 with each Android base version rise, 24= Build version from HTC, 401= Regional/Customer identifier, 1= Revision of the HTC Build). This line is being written to the /misc Partition and is meant to reflect the whole phones software version - it is not meant to only describe the “firmware†part or the “ROM†part alone. HTC has intended the Version to always represent the whole thing, firmware version matching the ROM version. therefore, it would be wise to always run matching firmware and ROM versions, except where explicitly recommended otherwise. Mismatches can cause anything from no issues over radio problems up to semi-bricks.
- hboot pre-update line: usually says "3" but i have seen different numbers. I think they determine if hboot-preflash is required (when you get “Error 90 - please flush image again immediately†this is when the hboot/aboot needs to be flashed separately first and then the rest. If you encounter this, you need to run the flash command you just did, again.
- btype:1 not clear. [Item subject to change]
- aareport:1 Since HTC hboots/aboots, boot and recovery images come as "hboot_signedbyaa†/ “aboot_signedbyaa†/ “boot_signedbyaa†and “recovery_signedbyaa†i would read this as "aa" representing htc ("hboot signed by aa"). It could possibly mean check on the signature in hboot/aboot/boot/recovery - all of those also come in unsigned flavors - in HTC OTA’s, those are usually without the “_signedbyaa†but in the RUU, they are carrying a signature). So, aareport: 1 can just mean check on signature yes or no.
- Delcache means erase cache when rebooting. Simple. Some firmwares seem to need it, some don't. Line is not present in every android-info.txt. If you mess with a zip that contains the line, leave it active. This is also not referring to the Android OS cache partition. It refers to the separate Kernel and Recovery Cache. Sometimes, not deleting Kernel or Recovery Cache after flashing those leads to malfunctions. If the Kernel is launching and there is an older conflicting copy cached, the phone won’t boot past Kernel stage (before the bootanimation starts), if Recovery is conflicting with a cached copy (usually after flashing a new/different recovery), it will lead to the recovery not booting or malfunction (like aborting an ongoing ROM flash or not being able to execute other functions).
RUUmode:
is the mode used for RUU flashes by HTC. It allows a few more things than the normal fastboot. You recognize it by looking at the phone’s screen. It will be black, showing only a silver HTC logo and if a command is being active, a green progress bar. New M9 RUUMode now shows a percentage counter below the bar.
Download Mode:
New flashing mode, introduced 2015 with the HTC One M9, due to changing to a different, aboot-based bootloader structure, HTC also introduced the use of an HOSD partition containing sort of a micro-linux with extended fastboot-capabilities. It provides much more logging output and can be considered the better flashing environment now. When flashing my firmware.zips, I recommend using Download Mode over RUUMode, as it gives you much more feedback. The ARUWizard (a.k.a RUU or FUU) might still expect RUUMode for flashing, but when manually flashing or also when using SDCard method, Download Mode will work best.
Bootloader Mode:
You can also directly flash most firmware partition images with the by-name method, and that works only when booted to Bootloader (the white screen with colored text lines). In this mode, you can for example flash stuff like this: “htc_fastboot flash recovery recovery.img†or “htc_fastboot flash adsp adsp.img†- almost all image files can be flashed separately without HOSD or RUUMode in bootloader.
On the HTC10 this has become a critical function when recovering from flashing frankenbuild-firmware. After the Android N transition for example, a combination of old keymaster.img with new Android N firmware would lead to broken Download Mode and broken RUUMode, hence disabling all flashing methods. Using this direct image flashing method, you can recover your phone in such a situation. Inside the firmware.zips will be a file called “partition_info†- you can open that with a text editor like NotePad++ and see all the flashing names for the partition and this way figure out how to reflash every single partition manually.
NOTICE: do not flash aboot_signed.img this way! The only image that should not be flashed directly over itself when booted into bootloader!
Recovery flash risk:
Some of you might have heard of, or are thinking about flashing firmware using recovery.
Although it is perfectly possible to write firmware images to the NAND chip using the DD method in recovery (either with a script or by using ADB shell dd) it is highly recommended that no developer employs this method (except if it's the only way to rescue a damaged device, e.g it only boots to recovery or something like that). This suggestion can be limited to boot critical files (SBL images, Aboot, HOSD, Keymaster for instance), but I prefer to see this as a general “good practice†thing. The reason behind this is, that DD has no inbuilt write verification. If there is just one single bit that does not get written correctly, DD won’t notice and won’t correct it. With some bad luck, you end up with a brick this way.
JTAG with a RIFF Box
Every device of these days has so-called jtag test-points. Basically, these are points on the mainboards, where a direct connection to the main chip can be established and then that chip can be read and written to with an external device. Sometimes, these testpoints are hidden (like they are normal contacts of the chip) and no direct visible gold points on the board. It always takes a while after a device is released until the jtag layout is fully discovered but once that is done, companies like multi-com.pl start manufacturing small boards with pins that can be pressed onto the mainboard, so no soldering to the device is required. Once such a board exists, the mainboard can be hooked to the RIFF box which can rewrite a dead chip from the outside.
As long as there is no such small board (called a "JIG") the phone can still be revived but it is necessary to solder hair-thin wires to the test-points. That is perfectly possible, Tecardo can do such a thing, but its not very good for the board and cannot be done very often. At some point the solder points will degrade so much that the board is garbage then.
In case you really brick your device, you can contact Tecardo here: http://forum.xda-developers.com/showthread.php?t=2116062
MID and CID
MID = Model Identification. It serves the purpose of identifying the Model of the phone. There usually are several different ones. The ModelID in android-info.txt is CaSeSenSiTivE!
Some limited Data is here: https://docs.google.com/spreadsheet...ShfYNFAfSe-imhhqtVfeMPVDA/edit#gid=1606643937
CID = Customer ID and describes, for which customer HTC made this phone. HTC has a few own CID's for its regional stores. Then certain carriers decide to have their own CID. Some carriers even have their own Model ID’s.
So, while the MID more like describes the hardware, the CID basically just describes the software set that comes delivered with it. Both get checked on when flashing in RUUmode. How to trick this system? Fairly easy. Just add your respective MID or CID to the android-info.txt file inside the ZIP or make your phone SuperCID (My Batch Tool can do that automatically - but remember: all this only works on S-OFF phones).
S-OFF:
S-OFF refers to the NAND’s security lock. S is for security and OFF means the security is switched off. The factory state HTC’s phones ship with is ON, except for the userdata partition, which of course is always unlocked.
The key for that lock is the most heavily guarded secret in HTC’s software vaults. It cannot be extracted, bought or otherwise obtained from them. There is no official way to unlock the NAND partitions (approximately similar to what Apple fans do when they “jailbreak†their products, although technically not quite as similar). While the HTC Dev Unlock (available through htcdev.com) just unlocks 3 partitions (Boot, Recovery, System), the “S-OFF†hack we use unlocks all partitions, thus enabling the flashing of custom, modified or other devices firmware. This is what you want for this thread and you can get it from the famous reverse engineers Jcase and Beaups over at: http://theroot.ninja/ or alternatively purchase a “Java Card†and learn how to work it, from chinese sellers on Alibaba, sometimes Ebay. Then there is a way to do it with an XTC Clip. But SunShine S-OFF is by far the safest and fairest method. You will only be charged if it works and the guys over at sunshine are really helpful.
A more detailed look at how S-OFF works
[Subject to change - not a definite explanation, just how I think it works]
In the phone's Firmware is a component that checks if certain partitions have a digital signature from HTC and deny write access if the signature is wrong or missing. The checking component is known to be the Security, which can be set to OFF. Then we say the phone is
S-OFF.
System, recovery and boot do not get signature checked at all once you “unlocked†your phone on htcdev.com. The other partitions however do get checked as long as Security flag is set to ON. Partition 3 is where the Security flag is located and maybe also the checking routine that checks the other partions digital signatures,
The S-ON state is resembled by a 3 in the fastboot command to switch security on. It is: fastboot oem writesecurflag 3. You do NOT want to do that while any custom firmware is running. Only after a full RUU that removes any modifications.
Why? For some partitions like the splash screen, it might not lead to a brick if you set security to ON while a custom splash is installed (then failing the signature check), as this partition is not vital for the boot process, it might just be skipped and give you an error message (I have never tried obviously). Other partitions however, boot critical partitions like Hboot/Aboot.... You guys have to understand that altering any of these partitions can be deadly to your phone if you happen to leave them altered when switching security back on.
Determining your “Firmware Versionâ€
I believe there is some wrong info circulating the HTC Fora. People keep saying when running fastboot getvar all it will report the Firmware Version in the line “Version-Mainâ€. This is not always true though. Fastboot getvar all or alternatively getvar mainver pulls a version it finds in the MISC partition and relies on that to be correctly updated. Source
So how does that version string get updated? It is being taken from the android-info.txt file in any firmware zip that you flashed. The last zip you flashed determines what will be reported by the getvar function. So if you mess around with Firmware.zips and RUU’s a lot, chances are, that the version reported there is not equivalent to what you are already running. Often the android-info.txt has version entries not appropriate for the actual zip contents, for compatibility reasons, because it wasn’t done properly or whatever. My zips usually have the correct MainVer though.
The "Firmware" as a concept like we use it on XDA does not exist in HTC's terms. HTC does NOT differentiate between the /System Partition (what we know as "the ROM") and the other 36 partitions. Hence, if you run getvar all or getvar mainver on a stock phone, it will report correctly. It does not go looking for a fictitious place where it would find a separate "Firmware" version. That place it is looking at is the Misc Partition and that’s correct as long as you haven’t messed with lots of different Firmware zips... So, if you happen to run a hybrid system with a ROM from one base and the other partition images from another base or multiple bases (like hboot from 1.27, radio from 4.06 and ROM from 3.62) the getvar function will report as "Version-Main" what it finds in /misc/, precisely the last zip you flashed determines the string put there.
Example: you flashed a radio with a RUUmode zip from Base X.YY but the android-info.txt is maybe still an old one because the dude who made the zip, just dropped the new radio into an old existing zip, the getvar function will later report that old version as your mainver.
To check your firmware: boot to bootloader and look at the combination of hboot version and radio version - if you didn't flash those separate, the combination will let you know what base you are on (each OTA and RUU has the radioversion in its name).
Finding out your firmware is a game of guesses and knowing what you did to your device and where you are coming from.
If totally lost, best thing is to reflash some clean stock package to be sure you are on the same level with all partitions.
Long story short: you better know what you do because finding out your firmware is going to be difficult if you don't.
Click to expand...
Click to collapse
How-To Guides
1. How-To flash a RUU using the SD card method
reboot to download mode
perform
Code:
htc_fastboot getvar all
and note down your original software version
download the latest Stock RUU for your device.
flash your RUU to revert to stock
rename RUU to 2PZCIMG.zip
copy 2PZCIMG.zip to root directory of SD card
reboot to download mode
press Volume Up button to confirm flash of RUU
As soon as your RUU has been flashed sucessfully, that's it. Your are now Full Stock again, or updated to lates software version respectively!
2. How-To restore an untouched/pristine system by using a Nandroid Backup
flash TWRP custom recovery
download custom recovery at https://twrp.me
reboot to download mode
Code:
adb reboot download
flash recovery image
Code:
htc_fastboot flash recovery nameoftwrp.zip
Restore your Nandroid. If you got none yourself, it might be possible that you’ll find one in the above linked Google spreedsheet.
unzip the according Nandroid
copy Nandroid to TWRP/Backup/SerialNo/Nameofbackup on your extSD
restore Nandroid by using TWRP > RESTORE and choosing above copied Nandroid
Flash incremental OTA firmware
reboot to download mode
perform
Code:
htc_fastboot getvar all
and note down your original software version
download all incremental OTA firmwares to your PC, starting with the one above your current firmware version, up to the software version number of your above choosen Nandroid Backup (ATTENTION: If you are S-OFF it will suffice to download the latest Incremental OTA as well as the latest Combined Full Wipe firmware according to the above choosen Nandroid Backup)
flash all incremental OTA firmwares – one after another – following the below named steps (ATTENTION: If you are S-OFF you start with the Combined FullWipe, and proceed with the Incremental OTA one, to ensure that you’ll be able to receive upcoming OTA updates)
Code:
htc_fastboot flash zip nameoffirmeware.zip
(ATTENTION: this has to be done twice to comlete, and it will flash full firmware, thus TWRP will be replaced by stock recovery)
As soon as you restored the Nandroid and flashed all incremental firmware file up to the current build number of your Nandroid, that's it. Your are now Full Stock again!
3. How-To manually flash an OTA Update
3.1 Pre-ota preparations:
Download needed OTA package, in my example we will use
Code:
OTA_OCEAN_UHL_N71_SENSE90GP_HTC_Europe_1.13.401.1-1.03.401.6_release_5054200ovndmjh5kcwjecc.zip
Check your ROM version in Settings > About > Software Information, it MUST match the second value. In this example case
Code:
1.13.401.1-1.03.401.6
, if you have version different from
Code:
1.03.401.6
, update will FAIL.
Make sure that your device running system without any app/files modifications, otherwise update will FAIL.
Check your recovery, official OTA should be applied only on Stock Recovery.
Now copy your OTA package to system storage, I recommend to copy file in root of the Internal Storage.
When preparation stage is done, we can proceed to installation.
3.2 OTA installation:
Turn off device.
Press Power button and Volume down button, keep them until you see download mode.
Use the Volume rocker to navigate to the menu entry Reboot to bootloader and press Power button to confirm this action.
Use the Volume rocker to navigate to the menu entry Reboot to Recovery and press Power button to confirm this action. Your device will now reboot to recovery mode.
When recovery starts, you will see a red triangle with an exclamation mark within. Don’t worry nothing bad happened, this is just the entry screen of your stock recovery.
Wait for a short while and press Volume-Up button with Power button. This combination allows you to enter the Recovery menu.
Use the Volume rocker to navigate to apply from phone storage option and press Power button to confirm.
Now you can choose your OTA package. In our example it will be stored in
Code:
data/media/0/OTA_OCEAN_UHL_N71_SENSE90GP_HTC_Europe_1.13.401.1-1.03.401.6_release_5054200ovndmjh5kcwjecc.zip
then press Power button.
After reboot you will get message that you successfully updated your device.
4. How-To to take an OTA using TWRP Recovery
The whole thanks and respect for this work belongs to @Captain_Throwback. Thanks to you mate!
Captain_Throwback said:
You can take the OTA directly with TWRP installed; it should work fine - in fact, that's how I took it today.
Prior to hitting the "Install Now" radio button in the System Update notification, though, I had to make a copy of the OTA zip and place it elsewhere on the device. Then, I extracted the firmware.zip from it. Then I extracted the zip itself, and zipped it back up without recovery.img (so that I wouldn't overwrite TWRP). Renamed the new zip 2PS6IMG.zip and placed on the root of my SD.
Then hit "Install Now". System reboots into recovery and OTA install begins. You'll see some red text in the console at the end of the install but it'll complete successfully.
Take a fresh "System Image" backup in case you decide to modify system later. Reboot to download mode, and install the firmware zip. It reboots once by itself to update aboot, and finishes updating after then. Then you have to press power to power off the device (for some reason). When powering back on, hold Volume Down to get back to download mode, this time cancelling the update and rebooting to bootloader, then back to recovery (TWRP). Re-root with SuperSU, flash systemless Xposed or whatever and when you're done, reboot. It'll reboot by itself once to process the SuperSU install, and then booting will proceed. It'll optimize apps, which will take a while, but once it's finally back up, you'll be all updated, without ever having flashed a stock recovery, and fully rooted once again
[...]
P.S. Obviously the OTA will only apply if your system is completely stock, without ever having been mounted rw.
P.P.S. You can only modify the firmware.zip and successfully flash it if you're S-OFF. Otherwise, you have to leave the firmware zip untouched and flash it that way. Then you'll have to re-flash TWRP.
P.P.P.S. You can obviously root using whatever method you'd like. I'm no longer using SuperSU - I'm currently using Magisk combined with phh's open-source root.
Click to expand...
Click to collapse
5. How-To Downgrade your device while S-ON
The whole thanks and respect for this work belongs to @ziand_. Thanks to you mate! But never do it if you do not have a clear vision how to do it. For inexperienced users it is a way to get a brick, I will not accept any liability!
ziand_ said:
There is a possibility to flash old RUU with with S-ON Unlocked. It is necessary to delete current ROM number in misc (example on my OCEN_DUGL 1.13.401.1):
Boot into TWRP recovery.
Check position of ROM version number in misc by command (0x2208 - the same as on HTC 10 and HTC One M9):
c:\adb>adb shell "dd if=/dev/block/platform/soc/1da4000.ufshc/by-name/misc bs=1 skip=2208 count=16"
(or c:\adb>adb shell "dd if=/dev/block/sde1 bs=1 skip=2208 count=16")
1.13.401.1 16+0 records in
16+0 records out
16 bytes (16B) copied, 0.007585 seconds, 2.1KB/s
Delete ROM version number (1.13.401.1):
c:\adb>adb shell "dd if=/dev/zero of=/dev/block/platform/soc/1da4000.ufshc/by-name/misc bs=1 seek=2208 count=16"
16+0 records in
16+0 records out
16 bytes (16B) copied, 0.007466 seconds, 2.1KB/s
Boot into download mode (you can see empty line "OS- ") and flash previous RUU by PC or SD card flashing method, I prefer last one.
It works, I checked it on my U11 (some users checked earlier on HTC 10 and HTC One M9). This can be helpful to flash RUU for removing troubles and fixing phone when there isn't a current running RUU.
Click to expand...
Click to collapse
07 RU_CID_FAIL: CID in android-info.txt does not match your phone’s CID
10 RU_MODELID_FAIL: MID in android-info.txt does not match your phone’s MID
12 SIGNATURE FAIL: phone expects an HTC signature and can't find one; or found a wrong one
22 RU_HEADER_ERROR: something wrong with your zip; check md5 of download
23 PARSING IMAGE FAIL: something wrong with the image within the zip
24 ANDROID-INFO FAIL: something wrong with android-info.txt within the zip
32 HEADER ERROR: the zip couldn't be read and unzipped properly; seems same as 22.
33 NOT KNOWN YET: might indicate hardware failure.
35 FAILED (remote: 35 RU_PARTITION_NOT_SUPPORT <PartitionName>): means you can’t flash an image in download mode, as it has to be done in bootloader mode.
41 WRONG MODEL ID: means the RUU is menat for a different device
42 WRONG CUSTOMER ID: means you got to swap CID first
90 PRE-UPDATE FAIL: means it only flashed aboot and you have to run the process again immediately to flash all other partitions. The htc_fastboot.exe now auto-reboots on Error 90!
99 UNKNOWN: usually indicates you are S-ON, but sometimes also recognizes other Security related issues.
130 WRONG MODEL ID: see 41
152 IIMAGE ERROR: phone ccreen shows a little triangle beside a full green bar
155 INDICATES DIFFERENT THINGS:
the need to relock bootloader; if S-ON
the RUU cannot be executed, because the software versions of ROM, Firmware and RUU aren't matching
170 CHECK USB: RUU won’t run because ADB isn't working properly
171 USB ERROR: happens all the time when the RUU reboots the phone to download mode. For some reason the device is losing its connection and making a RUU flash virtually impossible . There is an incompatibility between USB 3/3.1 and Fastboot/ADB, as well as an issue with Windows Device Detection on the newer Windows 10 builds.
ERROR FIXES by @Sneakyghost:
For Error “7 RU_CID_FAIL” do:
- Make your phone have SuperCID (htc_fastboot oem writecid 11111111)
- Or: edit android-info.txt inside the zip to have your phone’s CID in its list
For Error “10 RU_MODELID_FAIL” do:
- check that the Model ID in android-info.txt matches your phone’s Model ID.
Typically, making your phone “SuperCID” makes it ignore CID and MID mismatches alike. However, lately we have noticed HTC has changed that behavior. MID mismatches are not ignored by SuperCID anymore. You will need to unzip my firmware package, change the MID in there to your MID and rezip it. Or, alternatively, change your phone’s MID, which is a bit trickier.
To un- and re-zip, please refer to Post #5 of this thread for more information!)
For Error 12 “signature fail" do:
- might indicate that a signed firmware package is required. This would only happen with S-ON phones though.
For Error 22 "RU_HEADER_ERROR" do:
- verify that you followed my zipping instructions exactly. If a correct zip is given (e.g. you get this error with one of my zips as well), we will need further information to work out what happened. This means a complete log and step-by-step post of what you did. Best just copy and paste the full console window contents so we can take a look.
For Error 23 "parsing image fail" do:
- change image names in the zip to stock image names like “hboot.img" or “radio.img" or whatever failed there....
For Error 24 "android-info fail" do:
- check that your ZIP isn’t some HTC OTA or anything that’s got no android-info.txt - those cannot be flashed with “htc_fastboot flash zip nameof.zip” command.
- check that your zip has a good MD5 and is not broken, check android-info.txt etc...
For Error 32 "header error" do:
- Make sure there is only one . (dot) in the filename, before the extension. Fastboot reads anything after the first dot it sees as the extension. If that is not zip, it fails.
- See Error 22.
For Error 33 "Update fail" do:
- Try other flashing modes, such as "SDCard method" or direct bootloader-flashing (only available for images named in "partition-info" file inside the firmware zip) if Fastboot Method fails.
- If all modes keep failing, validate image integrity with someone else who was able to flash successfully (MD5 Hash Sum compare).
- [UPDATE] Re-try to flash the image again and again, even for days. Maybe power it down completely for a night, then try again. It might eventually flash again. If you notice stuff in your phone failing again after it was actually fixed (like Sensors again not working if it was Sensor_Hub.img that didn’t properly flash initially, like if the symptoms come back after you fixed the flash), you might have a hardware damage rather than a broken software.
- Send it in for warranty! Should we find a "soft" solution, I will update this piece of info.
For Error 42 "Wrong Customer ID" and: 41 "Wrong Model ID" do:
Code:
htc_fastboot getvar all
Read that output, take note of your CID and MID and then edit the "android-info.txt" in your firmware.zip accordingly (For Wrong MID change the MID in the text, for wrong CID add your CID to the text).
Alternative method for MID and CID errors:
go SuperCID. Do:
Code:
htc_fastboot oem writecid 11111111
You can change back to any desired CID after a successful firmware flash. Notice: this command only works on S-OFF phones (which you have already of course or else you wouldn't be here).
For “pre-update FAIL 90 ..." do:
- Let the phone reboot itself into Download Mode. If it doesn't boot to download mode, force it back there (From Android with adb reboot download or with the button method, see "step 1").
- If the flash does not auto-resume, run the same flash command again which you just ran (press arrow up on your keyboard to get to the previous command in console)
For “Error 99 UNKNOWN" do:
- Check with other zip’s if they work!
- Check if your S-OFF is correct
- You are S-ON? Then almost definetely this means the ZIP is not signed - get an unmodified zip!
For “Error 130 wrong model ID" do:
- Please refer to Error Code 41/42.
For “Error 155 relock bootloader" do:
- Since my thread works only with S-OFF phones anyway, this error can be read as: you need to S-OFF first!
- Error 155 can mean that you need SuperCID. On a few occasions this was shown when the RUU refused to run because of a wrong region lock.
- Error 155 also sometimes occurs when a RUU was launched from within Android. When encountering a RUU error 155 with the process stalling after the rebootRUU (stuck at black screen with silver HTC logo), please just restart the RUU and leave the phone in that mode, or reboot the phone, then reboot to bootloader, then do “htc_fastboot oem rebootRUU” and then launch the RUU again.
- run the fastboot command “htc_fastboot oem lock" - only applies to S-ON phones that want to update the firmware with a stock OTA package (not offered on this thread!!). Stock OTA files sometimes need a locked bootloader.
For “Error 170 Check USB" do:
- Sometimes shown when running a RUU. Indicates issues with drivers. One way to solve is to run the ARUWizard with the phone already in Fastboot mode. Else you will have to re-install HTC Sync manager. Also, avoid USB 3 ports (the blue ones) - they have a complete new driver stack and that still doesn't always as expected.
For “Error 171 USB" do:
How to fix RUU error 171 on Windows 10x64 easily. System: Win 10 Redstone (1607) x64 with Intel based USB3.0 and USB2.0 ports:
Sync Manager from HTC Website
Download the attached file Fastboot.reg.txt and change the extension to Fastboot.reg.
Right click on the Start button and choose Command Prompt (admin). Then type "regedit" and press enter.
Go to File > Import > choose Fastboot.reg.
Reboot
NOT safe to reboot / Flash (partly) happened Errors (if you encounter one of them, DON’T reboot):
For “Error 152 Image Error" do:
- Error 152 is quite rare, have seen it only once with a friend’s phone and it aborted the flash nearly at the end. The flash was started by the FUU. We could resolve the matter by NOT rebooting the phone and flashing the zip again through a manual fastboot flash as outlined further up.
Click to expand...
Click to collapse
Good times. I guess just for completeness sake, let's mark htc_ocnuhl as "Asia / EMEA (Single SIM for carriers and HTC direct sales)" since HTC is selling it in the UK and possibly in other markets.
Thanks for the heads-up. Will correct as soon as I'm back home in an hour or two.
Sent from my htc_pmeuhl using XDA Labs
H3G, OrangeEU, EE, VodafoneUK, CHS RUUs found
Mornin' folks,
just a little informational heads-up. I've been able to find H3G, OrangeEU, EE, VodafoneUK, and CHS RUUs. Already saved them on my harddrive. As I'm away all day today, will try to upload them on saturday, or sunday so stay tuned.
Greeting s
5m4r7ph0n36uru
Interesting, Vodafone UK basically said they weren't getting the handset...
Flinny said:
Interesting, Vodafone UK basically said they weren't getting the handset...
Click to expand...
Click to collapse
2PZCIMG_OCEAN_UHL_N71_SENSE90GP_Vodafone_UK_1.03.161.6_Radio_8998-001791AE-1705110032_release_503500_signed_2_4.zip does exist though.
I'm not denying it, just very strange that it exists!. I wonder if it was a late decision to not stock it, or maybe it's only available to business customers. I've been with them forever and am making the jump to EE because of them not stocking htc phones anymore. EE just better not lock the bootloader or it's going straight back
Flinny said:
I've been with them forever and am making the jump to EE because of them not stocking htc phones anymore. EE just better not lock the bootloader or it's going straight back
Click to expand...
Click to collapse
Then 2PZCIMG_OCEAN_UHL_N71_SENSE90GP_EE_UK_1.03.91.6_Radio_8998-001791AE-1705092019_release_503492_signed_2_4.zip should be more up your alley )
I'll help for now yes, and it'll still be useful to pull some system/build.prop settings out of.
As long as I can unlock the bootloader I'll likely switch to SlimRoms as soon as I get it working, that'll likely require some kernel source first though!
Kisakuku said:
Then 2PZCIMG_OCEAN_UHL_N71_SENSE90GP_EE_UK_1.03.91.6_Radio_8998-001791AE-1705092019_release_503492_signed_2_4.zip should be more up your alley )
Click to expand...
Click to collapse
Flinny said:
I'll help for now yes, and it'll still be useful to pull some system/build.prop settings out of.
As long as I can unlock the bootloader I'll likely switch to SlimRoms as soon as I get it working, that'll likely require some kernel source first though!
Click to expand...
Click to collapse
Will upload this RUU at the weekend.
Sent from my htc_pmeuhl using XDA Labs
No rush for me, I grabbed it already. Noticed there are others on easy firmware also.
Finally received my AFH developer status. Uploading promised RUUs right now. Will transfer one of the RUUs on my GDrive to AFH later this week. As soon as all RUUs are up I'll update the currently missing links.
Sent from my htc_pmeuhl using XDA Labs
OP updated
Uploaded the following RUUs to my AFH account and added links accordingly
H3G,
OrangeEU,
EE,
VodafoneUK,
and CHS
Uploaded the following recoveries to my AFH account and added links accordingly
EE,
VodafoneUK
Whats next:
upload recoveries for H3G, OrangeEU, and CHS
Noticed that U11 firmware does not contain the good old 900+Kb aboot_signed.img. Instead it has a much smaller abl_signed.img of around 140 Kb, which has no red text warning string or any plain text string for that matter. Gets unarchived during boot?
BTW, US Unlocked 1.11.617.1 has been posted (2PZCIMG_OCEAN_WHL_N71_SENSE90GP_NA_Gen_Unlock_1.11.617.1_Radio_8998-001791-1705231845_release_505052_signed_2_4.zip).
Kisakuku said:
Noticed that U11 firmware does not contain the good old 900+Kb aboot_signed.img. Instead it has a much smaller abl_signed.img of around 140 Kb, which has no red text warning string or any plain text string for that matter. Gets unarchived during boot?
BTW, US Unlocked 1.11.617.1 has been posted (2PZCIMG_OCEAN_WHL_N71_SENSE90GP_NA_Gen_Unlock_1.11.617.1_Radio_8998-001791-1705231845_release_505052_signed_2_4.zip).
Click to expand...
Click to collapse
Thanks for your information. Already got three more and will upload them at the weekend. If I got enough time I'll as well unpack and upload all recoveries.
Sent from my htc_pmeuhl using XDA Labs