ROOT DONE
See http://forum.xda-developers.com/showthread.php?t=724741
ERIS 2.1v3 LEAK ROOT ATTEMPT (07/11)
USE AND DEVELOP AT YOUR OWN RISK
WE TAKE NO RESPONSIBILITY FOR ANYTHING HAPPENING TO YOUR PHONE
This is the newly centralized thread for developing a set of scripts based off the scripts used to root the Evo at http://forum.xda-developers.com/showthread.php?t=718889
The EVO script attempts to exploit a vulnerability found in its flashlite plugin
This post is based on what started out as http://forum.xda-developers.com/showthread.php?t=718933
I have attached the OLD EVO files along with links to the scripts for ongoing work to happen.
OLD EVO INSTRUCTIONS
SteelH said:
Simpleroot method for this version is out, this app makes rooting this ROM version much easier.
This method developed by an anonymous user. It is for rooting the new OTA v1.47.651.1. If your stuck with the new ota or just bought an EVO with this version, this is for you.
VIDEO TUTORIAL HERE, Courtesy of jiqqaman
Make sure you have adb ready to go and know how to get into adb shell. You must use the EVO browser to perform these steps. If these steps don't work, use recovery to wipe your phone and start fresh (you will lose all of your data on the phone)
1. Unzip the files into a directory somewhere on your computer
2. Put the files into the root of your sdcard (mount the EVO as a disk drive)
3. Unmount your phone
4. Run "adb shell" and start part1 on your phone:
Code:
Code:
sh /sdcard/part1
5. If the script says to power down, hold your power button and turn off your phone, then turn it back on.
6. When it starts up it will ask you to open the EVO browser. open your EVO browser to http://bit.ly/ad0pRn
7. When it asks you to, refresh the EVO browser on the same page
8. Reboot your phone with "adb reboot"
9. Run adb shell as soon as you can (when the HTC logo is still showing). You need to be fast. If you get "error: device not found", try again.
Code:
Code:
adb shell /data/local/part2
10. It should print after part2 finished:
Code:
Code:
crw-rw-rw- root root 90, 2 2010-07-05 19:37 mtd1
11. When your phone finished booting, flash toastcfh's mtd-eng.img to misc:
Code:
Code:
cat /sdcard/flash_image > /data/local/flash_image
chmod 755 /data/local/flash_image
/data/local/flash_image misc /sdcard/mtd-eng.img
12. Now flash the Engineering SPL with toastcfh's post: http://forum.xda-developers.com/showthread.php?t=701835
13. If your are having troubles, you may find useful information HERE
FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY. DON'T **** UP YOUR ROOT!
Click to expand...
Click to collapse
Basically we're working with the part1 and part2 script, as those two things are the things we need to direct more towards an Eris environment. We'll also need some changing on the img files (could be wrong) so PLEASE be careful running part2 -- if you have root it might not be a good thing (??)
PART 1 & 2 (07/11): http://gist.github.com/468821
**Part 2 file was moved to the same page (the above link) **
Play with these files on your own and if you get any results try to post your change suggestions ON gist.github please. I'd like that to be the main spot to look for script changes, so we don't have to sift through the thread for that quite as much, but discussion may happen here.
Please lets keep this thread focused on working this script to fit the Eris and only on that.
I really don't know if this will work. I'll keep playing with this idea, but I'm no developer, so I could use some help/suggestions, but lets keep them CONSTRUCTIVE please. If you're just coming to say nay we don't need that, unless you have hard reasoning.
Thanks guys, hopefully we can get some good stuff out of this.
PM me if you compose or manipulate files that don't include part1 and 2 so I can try to keep things up to date here.
I tried messing around with this myself, it looks like app_appcache is owned by the user app_18 and is part of group app_18. Writing out to this would be hard without the rights. I am playing around with what I can do in the /data/data/com.android.browser directory hopefully either remove rights or create directories with shell's rights.
Well I was actually just talking to a guy who sent me a message from the github files, I wonder if we only have a lack of writes in the app_appcache folder and could possibly write changes to the "app_appcache/????????????????????????????????" (32) then we could just read the exit status of attempting to rm -r those 2 things... I'm not sure that would work I can't hook my phone up at the moment.
Root fs help please.
This root method relies on clearing out the cache folder, scanning it for a new entry, replacing that entry before the flashplayer runs the video file container as root.
On the 2.1 Eris the cache dir, /data/data/com.android.browser/app_appcache only has read/write permissions for the user app_53, which is the flashplugin user. Nothing else can pull a directory listing to find out the name of the file we need to hijack.
Test this theory out with this.
cd /
ls -d ???
dev
etc
sys
gives all 3 letter dirs
cd /data/
ls -d ????
????: No such file or directory
We know for a fact that /data/data/ exists, because we can cd through it.
My flash lite app is fubar (leak v3, need to RUU) so I can't get anything into the app_appcache dir. Has anyone gotten a return on this step?
ls -d /data/data/com.android.browser/app_appcache/????????????????????????????????
Can a rooted user do a ls -al on /data/data/com.android.browser/app_appcache after looking at some flash for us to see if the subdirs have an r-x or what the perms are on the created flash cache files?
Someone sent me a message saying that 2 folders exist there, and I THINK we have access to those its just that we don't have read access to app_appcache which causing the error on line 8.
What I think we could do is attempt the rm commands below line 8 and just read the exit statuses. The number of "?"s is currently correct (32) and there should be two directories, but they change from user to user, hence the use of "?"
I won't be able to test much until Monday, going out of town. I'll get everything more up to date when I return, but I'll have an eye on the posts a bit
Sorry chums, this will never work on the eris 2.1
This method requires that file switch. You are also having a failure on
mv /data/data/com.android.browser/flashlite/sharedobjects /data/data/com.android.browser/flashlite/sharedobjects-.$$
but you're not seeing it due to the 2> /dev/null on the end.
We never move /data/data/com.android.browser/flashlite/sharedobjects to a backup, because we can't.
This is why the ln -s step fails.
This causes the cat of three random system files into
/data/data/com.android.browser/app_appcache/blahblahblah
that we can't even see the name of because of permissions missing on /data/data/com.android.browser/flashlite/sharedobjects.
/data/data/com.android.browser/flashlite/sharedobjects isn't even there because we couldn't move the original directory out of the way to make the link.
this causes part2 to fail on reading the not linked anyways /data/data/com.android.browser/flashlite/sharedobjects/foo file that we didn't create with cat because we didn't have permissions to write to the not linked folder, so we can swap the file out with a link to our /system filesystems device file of /dev/mtd/mtd1 which would have caught the system's boot time chmod +rw and given us write access on /system so we could make a SUID0 sh executable.
We are wasting our time here. This hack is defeated by the permissions on /data/data/com.android.browser/flashlite/sharedobjects not allowing that first mv command.
wag3slav3 said:
This method requires that file switch. You are also having a failure on
mv /data/data/com.android.browser/flashlite/sharedobjects /data/data/com.android.browser/flashlite/sharedobjects-.$$
but you're not seeing it due to the 2> /dev/null on the end.
Click to expand...
Click to collapse
can someone with a stock rom post the permissions for the flashlite directory please.
Thanks,
thisismyanonymousaccount said:
can someone with a stock rom post the permissions for the flashlite directory please.
Thanks,
Click to expand...
Click to collapse
Pre-root 2.1 OTA:
Code:
$ ls -l /data/data/com.android.browser/
ls -l /data/data/com.android.browser/
drwxrwx--x app_38 app_38 2010-07-09 13:51 app_databases
drwxrwx--x app_38 app_38 2010-07-09 13:51 databases
drwxrwx--x app_38 app_38 2010-05-19 19:25 cache
drwxrwx--x app_38 app_38 2010-07-09 13:51 app_geolocation
drwxrwx--x app_38 app_38 2010-05-19 19:06 shared_prefs
drwxrwx--x app_38 app_38 2010-07-09 13:51 app_thumbnails
drwxr-xr-x system system 1980-01-05 19:02 lib
drwxrwx--x app_38 app_38 2010-07-09 13:51 app_icons
drwxrwx--x app_38 app_38 2010-05-25 16:20 app_appcache
drwx------ app_38 app_38 2010-05-20 06:04 files
drwxrwxrwx app_38 app_38 2010-05-23 12:50 flashlite
drwx------ app_38 app_38 2010-05-19 21:35 app_plugins
drwxrwx--x app_38 app_38 2010-05-19 21:35 app_sharedimage
$ ls -l /data/data/com.android.browser/flashlite
ls -l /data/data/com.android.browser/flashlite
drwxrwxrwx app_38 app_38 2010-05-23 12:50 sharedobjects
perhaps premature
I'm looking at my rooted incredible as a guide (HTC 2.1 sense w flashlite). I think that the reason my flashlite doesn't work on my v3leak is also why this root wouldn't be possible.
Tho a modified EVO crack should work on the dinc...
I'm off to get RUU'ed.
Ttttttttttttttttttttteeeeeeeeeeeeeeeesssssssst.
Don't give up yet!
MyFixofAndroid said:
Then this method won't work at all for any of us. Root is not possible with this Evo-derived method, maybe we SHOULD give up.
Click to expand...
Click to collapse
My Eris didn't have working flash lite because it was a v3 leaked rom on it. I'm RUUing to factory to see what's what with what everyone else has.
Tttttttttttteeeeeeeeeeest
MyFixofAndroid said:
Okay so are you RUUing back to 1.5 or is it a 2.1 RUU you're using? Also, if it's 2.1 RUU, could I do the same thing, i have v3 Leak, should I install the 2.1 RUU again? Because I've installed it at least 3 times in my phone's history, and all it does is wipe my data and settings, but it doesn't allow my flash lite to ever work with this EVO hack, as far as I can tell. Basically what I am asking is, is there something I'm missing in doing the RUU upgrade? Like you said, my Flashlite doesn't seem to work in v3 leak, however it did work when I had 1.5 originally, and even leak v1 I believe. I upgraded from 1.5 to leak v1, then v2, then v3, then RUU 2.1, three times on that, and here I am now. Also as a non-root user, how can I restore my FlashLite once I have the 2.1 RUU installed? Is there any steps to do there?
Thanks
Click to expand...
Click to collapse
I'm RUUing back to 2.1, HBOOT 1.49 won't let you do anything else. My flash lite simply doesn't work at all in my leak v3. I mean I can't see flash apps on the web browser, so once that's repaired I can use busybox and other tools to find out what the real deal is with the files/dirs that this script is.
Does flash lite work on the RUU version of 2.1? If not we're all pretty much SOL, but since people are talking about being able to get to those sites it says to hit I'm thinking that this might be the way to go. If you've got RUU 2.1 and your flash lite doesn't work at all I might as well quit.
I've got 5+ years of linux experience so the purpose of what's actually being done in these is pretty clear. If it can be massaged into working, I'll know in a few more hours.
wag3slav3 said:
I'm RUUing back to 2.1, HBOOT 1.49 won't let you do anything else. My flash lite simply doesn't work at all in my leak v3. I mean I can't see flash apps on the web browser, so once that's repaired I can use busybox and other tools to find out what the real deal is with the files/dirs that this script is.
Does flash lite work on the RUU version of 2.1? If not we're all pretty much SOL, but since people are talking about being able to get to those sites it says to hit I'm thinking that this might be the way to go. If you've got RUU 2.1 and your flash lite doesn't work at all I might as well quit.
I've got 5+ years of linux experience so the purpose of what's actually being done in these is pretty clear. If it can be massaged into working, I'll know in a few more hours.
Click to expand...
Click to collapse
Here's something strange: in my default Browser app on my Eris, it shows homestarrunner.com website as "Adobe Flash" And not "Flash Lite" as it would with the regular 1.5, etc. But since it says Adobe Flash, the RUU 2.1 must not have a flash lite plugin anymore. Even if it did, it doesn't use it in the browser from my findings, unless I am not right about this. Heck maybe it's just my Phone's fault.
But yeah, according to Whatismyflash.com in my phone's browser, it reads 10.1.123 as my Flash version, and that is with my fresh install or RUU 2.1.
Unless you can hack enough to make it work properly before I do, we're sunk for a while. wag3slav3, maybe you're bound to figure it out with your Linux knowledge and stuff. Keep trying stuff out till it works.
wag3slav3 said:
I'm RUUing back to 2.1, HBOOT 1.49 won't let you do anything else. My flash lite simply doesn't work at all in my leak v3. I mean I can't see flash apps on the web browser, so once that's repaired I can use busybox and other tools to find out what the real deal is with the files/dirs that this script is.
Does flash lite work on the RUU version of 2.1? If not we're all pretty much SOL, but since people are talking about being able to get to those sites it says to hit I'm thinking that this might be the way to go. If you've got RUU 2.1 and your flash lite doesn't work at all I might as well quit.
I've got 5+ years of linux experience so the purpose of what's actually being done in these is pretty clear. If it can be massaged into working, I'll know in a few more hours.
Click to expand...
Click to collapse
Flash Lite definitely works for me, and I'm on the RUU. Flash itself shouldn't be the problem - let's hope the directory permissions don't screw this hack over.
Sounds like you really know what you're doing! I appreciate the time you're spending to figure this out once and for all.
ericFuels999 said:
Flash Lite definitely works for me, and I'm on the RUU. Flash itself shouldn't be the problem - let's hope the directory permissions don't screw this hack over.
Sounds like you really know what you're doing! I appreciate the time you're spending to figure this out once and for all.
Click to expand...
Click to collapse
Yeah thanks guys for helping me on this! I hope we do figure this out, even if it isn't through THIS particular method.
W00t!
Ok, I've gotten this thing to do EVERYTHING it's supposed to do, except throw an answer to
ls -d /data/data/com.android.browser/app_appcache/????????????????????????????????
But that's ok, because the flash player uses the same sequence of names each time! So I ran flashlite once, did
ls -d /data/data/com.android.browser/flashlite/sharedobjects
and got the 8037742C884EB88EA79EC8A276C90643 that it's using. Linked it up and on the next reboot I can do an
ls -d /data/data/com.android.browser/app_appcache/8037742C884EB88EA79EC8A276C90643/ and get a world writeable directory!
I'm working on the rest of the script, I'm not seeing any .*foo* or anything showing up in that dir, so I'm gonna run a scan on boot that shows me what's in there rather than piping it to dev/null.
If the system does a +rw or something on a .*foo* file I might be able to get directly to a su shell without these other steps and then we got it all.
You are my new hero!!!
wag3slav3 said:
Ok, I've gotten this thing to do EVERYTHING it's supposed to do, except throw an answer to
ls -d /data/data/com.android.browser/app_appcache/????????????????????????????????
But that's ok, because the flash player uses the same sequence of names each time! So I ran flashlite once, did
ls -d /data/data/com.android.browser/flashlite/sharedobjects
and got the 8037742C884EB88EA79EC8A276C90643 that it's using. Linked it up and on the next reboot I can do an
ls -d /data/data/com.android.browser/app_appcache/8037742C884EB88EA79EC8A276C90643/ and get a world writeable directory!
I'm working on the rest of the script, I'm not seeing any .*foo* or anything showing up in that dir, so I'm gonna run a scan on boot that shows me what's in there rather than piping it to dev/null.
If the system does a +rw or something on a .*foo* file I might be able to get directly to a su shell without these other steps and then we got it all.
Click to expand...
Click to collapse
wag3slav3 said:
Ok, I've gotten this thing to do EVERYTHING it's supposed to do, except throw an answer to
ls -d /data/data/com.android.browser/app_appcache/????????????????????????????????
But that's ok, because the flash player uses the same sequence of names each time! So I ran flashlite once, did
ls -d /data/data/com.android.browser/flashlite/sharedobjects
and got the 8037742C884EB88EA79EC8A276C90643 that it's using. Linked it up and on the next reboot I can do an
ls -d /data/data/com.android.browser/app_appcache/8037742C884EB88EA79EC8A276C90643/ and get a world writeable directory!
I'm working on the rest of the script, I'm not seeing any .*foo* or anything showing up in that dir, so I'm gonna run a scan on boot that shows me what's in there rather than piping it to dev/null.
If the system does a +rw or something on a .*foo* file I might be able to get directly to a su shell without these other steps and then we got it all.
Click to expand...
Click to collapse
Great work! Keep us updated
Filename check
Does everyone have a /data/data/com.android.browser/flashlite/sharedobjects/8037742C884EB88EA79EC8A276C90643 directory on their RUU 2.1 Eris?
If so, I can keep this thing automated, if not it's going to be a manual step by step process.
Related
First of all thanks to Amon_RA for this. I had no part in creating this. I am just providing a how to flash it. There may be an eaiser way but this is what worked for me.
First let me say I am on a Mac. If you are on windows the adb commands should work fine but I can't say how to get adb working for you.
1. download flash_image Here Link updated 3/17/10
2. Open the terminal and copy and paste the following commands.
adb shell [hit enter]
su [hit enter]
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system [hit enter]
3. In a new terminal window (don't close the original one).
adb push flash_image /system/bin [hit enter]
exit [hit enter]
4. Now in the original terminal window
chmod 755 /system/bin/flash_image [hit enter]
5. Now exit all termainl windows and reboot your phone.
6. Download Amon_AR's recovery Here.
7. Mount your phones sd card and drop recovery-RA-eris-v1.6.2.img on to it and eject your phone.
8. Open the Terminal and copy and paste the following commands with the phone connected to your computer.
8. adb shell [hit enter]
9. su [hit enter]
10. flash_image recovery /sdcard/recovery-RA-eris-v1.6.2.img
11. To get into recovery turn off you phone and hold the Volume Up + Power until it boots into recovery.
That's it.
I made an automator script the help all of you having problems getting adb working. Make sure you have the android sdk downloaded and named android-sdk Put it in your home folder and then run this script. Let me know how it works for you.
Disclaimer: I am not responsible for any damage you may do to your phone. I am only providing instructions on what worked for me. This is very beta. Good luck. Enjoy the nandroid goodness.
First link is Dead...........
ooopps Srry my bad, Its up.
You should mention that the chmod command is in the original terminal window. Also, you could do it in one window if you put:
adb remount
adb push bla /bla/bla
at the begining of everything.
adb push flash_image to /system/bin
Click to expand...
Click to collapse
I don't think there's a "to" in that command either. lol
testing567 said:
You should mention that the chmod command is in the original terminal window. Also, you could do it in one window if you put:
adb remount
adb push bla /bla/bla
at the begining of everything.
I don't think there's a "to" in that command either. lol
Click to expand...
Click to collapse
Thanks. I don't think the "to" is going to work either. I made the corrections.
Just a quick question. What does this boot too. Im new to all this phone stuff. I did the upgrade to 2.1 leaked so just been searching the forum here each day to see if a solution has come about. i just noticed v.1.6.2 in there so was curious as to what this will do.
Will this put the regular android on it or keep it the same, sorry just kinda getting started with android
coupla questions -
For northmendo:
Is the reboot in the middle of this even necessary? ( flash_image won't work right if /system is still mounted rw ?)
For testing567:
Do all the adb shell commands run as root against the 2.1_root install ... or maybe the above could be simplified even more by just running "adb root" first?
For Austinjs0102 (not a question)
This process only applies (at the moment) to phones with "2.1_root" - there isn't a path at present to go from "2.1_leak" to a rooted phone. Assuming that a way to roll back (or get root) for "2.1_leak" eventually is found, then the answer to your question is this: it is a process to apply a custom recovery partition to the phone that include tools that will allow you to perform complete phone backups and restore operations. This can be critical for devs who are experimenting with writing boot or system partitions to their phones - if something goes wrong with their experiments, they can "boot" their phone into recovery mode and restore back to a working configuration. To reiterate, though: this only applies to phones that are already rooted.
bftb0
Thanks a bunch that helps clear up info.
hopefully the hard working dev's here find a 2.1 leaked fix for us early people, if not then i may need to lose the phone lol.
Austinjs0102 said:
Just a quick question. What does this boot too. Im new to all this phone stuff. I did the upgrade to 2.1 leaked so just been searching the forum here each day to see if a solution has come about. i just noticed v.1.6.2 in there so was curious as to what this will do.
Click to expand...
Click to collapse
I am in same boat as you...
Let me start off by saying that I'm not a phone dev. I've done software development for many years, but never messed with the phone.
Can someone explain why we can't just load the 1.5 rooted PB001IMG.ZIP file over our 2.1 leaked handset? Is it a matter of the version number being lower? If so, since the 1.5 is rooted, couldn't someone just up the version number to whatever the 2.1 leak is plus one? Then, once it's loaded, write a little app to drop the number back where it should be?
TIA for the education.
Doc
DocTauri said:
Let me start off by saying that I'm not a phone dev. I've done software development for many years, but never messed with the phone.
Can someone explain why we can't just load the 1.5 rooted PB001IMG.ZIP file over our 2.1 leaked handset? Is it a matter of the version number being lower? If so, since the 1.5 is rooted, couldn't someone just up the version number to whatever the 2.1 leak is plus one? Then, once it's loaded, write a little app to drop the number back where it should be?
TIA for the education.
Doc
Click to expand...
Click to collapse
(I suppose I shouldn't respond, 'cuz DocTauri is jacking northmendo's thread. Sorry north!)
Doc,
I understand exactly what you are getting at... and also think I can explain why it's not easy.
First - what has been discovered so far was not a "root break-in", but rather an engineering ROM with root "built in". It is cryptographically signed so that a production phone will recognize the .zip file as a valid ROM. That first validation step has nothing to do with version numbers.
If the "SPL" on an unrooted phone was doing something as simple as looking at a couple of bytes in the initial file downloaded to the phone, then yes - doing what you suggest would work... just patch a few bytes using a hex editor. Unfortunately, the phone SPL is quite sophisiticated: it verifies the crypto signature on the entire zip file first, unpacks that zip, and then examines the contents of an individual file within the zip archive (and possibly even unpacks one of the YAFFS image files and then looks in a file within the YAFFS image) to read version numbers.
That means that the fundamental issue is the cryptographic signature on the .zip file. If you do anything which breaks step #1, step #2 (version # checks) are never reached. Certainly an individual file could be byte-patched, and then images and zip files could be re-assembled... but you would have no way to sign the zip with HTC's private key. Or you could even attempt to byte-patch the zip file - but then that would break the crypto signature. Either way, the crypto signature on the zip file is no longer valid.
If you have HTC's private RSA key, let us know!
bftb0
bftb0 said:
coupla questions -
For northmendo:
Is the reboot in the middle of this even necessary? ( flash_image won't work right if /system is still mounted rw ?)
Click to expand...
Click to collapse
I added the reboot because. All I would get is out of memory errors. The reboot fixed that.
e.g.
mtd: read error at 0x001e0000 (Out of memory)
mtd: read error at 0x00200000 (Out of memory)
mtd: read error at 0x00220000 (Out of memory)
mtd: read error at 0x00240000 (Out of memory)
northmendo -
That first link (that you corrected) now points to the recovery image, not "flash_image".
Note that the "flash_image" executable which Amon_RA originally included with his first recovery (.zip) is identical to the /system/bin/flash_image binary which ships on the Eris with 1.5 (1.17.605.1); the md5sum signature (of both of those files) is:
16559f2c27d08ff1ddfcaca05fbf10fb flash_image
That's also the same md5 signature as the "flash_image" file which was posted to dl.dropbox.
I don't have 2.1_root installed on my phone, but if the same binary is already on the phone after installing the 2.1_root ROM, there's no need to include those steps in your instructions. It is also possible that even if the "2.1_root" version of /system/bin/flash_image is different, it would also work.
Note that the only reason I bring it up is that your instructions might be (a) unnecessary, and (b) are encouraging folks to overwrite a binary that is already on the phone. No harm (but unneeded) if it is the same, and unknown harm if it is different.
Also (while I'm at it)
901167f6b5541b488c8e0404bceb0631 recovery-RA-eris-v1.6.2.img ***
It appears to me ( reading between the lines here ) that Amon_RA is trying to improve his v1.6.2 recovery - folks might want to keep an eye on that thread.
An alternative and quicker method than all of this is what zifnab06 suggested here. It's only two lines long, after all.
bftb0
[Edit]***Wow, my post was obsolete the moment I posted it - don't know how I missed Amon_RA's announcement post. Note that there appears to be several versions of "v1.6.2" floating around now - make sure to check his post if you want the most recent.
bftb0 said:
It appears to me ( reading between the lines here ) that Amon_RA is trying to improve his v1.6.2 recovery - folks might want to keep an eye on that thread.
An alternative and quicker method than all of this is what zifnab06 suggested here. It's only two lines long, after all.
bftb0
Click to expand...
Click to collapse
I will keep the link updated to the newest version here. Also I tried the quicker method without success. I will try it again when I get home from work.
Thanks
bftb0 said:
(I suppose I shouldn't respond, 'cuz DocTauri is jacking northmendo's thread. Sorry north!)
Click to expand...
Click to collapse
Sorry, didn't mean to. Understood on the explaination. I didn't realize it was a different rom image, I thought the key had been broken, allowing someone to resign a modified image.
Thanks!
Doc
I used this method and it was all really easy until I got to the end. It just says usage and then sits their and does nothing. I unplugged it and went into recovery and see the android dude and a yellow traiangle and exclamation point. Did I forget something? Is their an alternative way to flashing this?
sdk issues for flashing recovery...
Hey guys,
Im a noob but here's whats going on, Ive downloaded sdk extracted it to my c drive, ive downloaded all the required packages reccomended in the forum, Ive up dated my driver and still my machine doesnt recognize my phone...
Ive also extracted the recovery image to my tools directory and added the the path in enviromentals...
So at this point Im stuck as to how to get my pc (xp) phone and sdk in sync in order to get this recovery image working...So any advice would be highly appreciated. Thanks in advance.
Chris
Spencer_Moore said:
I used this method and it was all really easy until I got to the end. It just says usage and then sits their and does nothing. I unplugged it and went into recovery and see the android dude and a yellow traiangle and exclamation point. Did I forget something? Is their an alternative way to flashing this?
Click to expand...
Click to collapse
You could try this.
If you have your phone pluged in and type in to the terminal
adb reboot recovery [hit enter]
After you phone reboots it should come up with text options to do back-ups and restores. Do you get any of that?
Anyone know the key combo to get into recovery without adb?
having issues getting adb
got the command prompts working in xp, however while trying the methods here in the forum i am getting adb not foud errors. Any suggestions?
Ran across this thread in the evo section, seeing how we also have htc's flash lite. It made me hopeful of attaining root. Ive tried every card mentioned as being successful on three different systems:-(
http://forum.xda-developers.com/showthread.php?t=718889
bowtieduece said:
Ran across this thread in the evo section, seeing how we also have htc's flash lite. It made me hopeful of attaining root. Ive tried every card mentioned as being successful on three different systems:-(
http://forum.xda-developers.com/showthread.php?t=718889
Click to expand...
Click to collapse
Even though I didn't really think it would work, I gave it a shot anyway. Naturally, it was unsuccessful. The Eris take FOREVER to load that website, and it never triggers the shell script to ask for a reload, therefore permission is denied for the second part when you reboot with adb shell.
Interesting exploit, though. I wonder if there is some way to modify it for the Eris. Maybe you could contact the devs.
Really, nobody else is interested in this?
MyFixofAndroid said:
Yep that's what I expected. Yea there's gotta be someone here that can do the changes to the EVO files so they work with Eris, and upload the proper files to file sites and have us downloading in no time, so we can get root finally. Yes please anyone here up and willing
Click to expand...
Click to collapse
Toastcfh used to do some work for the Eris someone may want to start there since he provided what looks to be a pretty main part of the EVO root.
sickbox said:
Toastcfh used to do some work for the Eris someone may want to start there since he provided what looks to be a pretty main part of the EVO root.
Click to expand...
Click to collapse
Thanks for the tip. I sent him a PM. Will report back when I find something.
Anyone with an Eris can help out - rooted or unrooted.
I looked at those scripts last night - what seems like the necessary conditions for the beginning of the exploit (part1) are:
(1) there is a directory read/write/traversal permission security flaw in the data area for flash-lite;
(2) apparently, when flash-lite is running it must have root privilege at a moment when it performs a file "chmod" operation
So, an unprivileged user goes in, and makes a symlink (at the correct moment in time) in flash-lite's data area that points to a mtd partition - moments later, flash-lite "chmods" what it thinks is a file in it's data area, but instead, it is chmod'ing the target of a symlink - the normally protected mtd partition.
This allows use of flash_image to write whatever is wanted to that partition - even as an unprivileged user.
It should be easy enough for someone with Linux/Unix command line scripting experience to test to see if these conditions prevail on the Eris. You don't even need to be root - make your symlink point to something in /data/local if you are worried about something bad happening to a mtd partition. Chmod it initially to 600, and see if it get's changed by flash-lite when (and if) you drop the symlink into place.
I would do it, but I've got to go buy all the parts for ( & build) a new computer (no dev station as of last night ).
bftb0
bftb0 said:
Anyone with an Eris can help out - rooted or unrooted.
bftb0
Click to expand...
Click to collapse
Thank you for the detailed explanation. I'll have a look at the scripts, though it's more about learning new things for me, as this exceeds the current state of my unix knowledge. Hope others with more immediate knowledge of the subject will take a crack at it.
The shell script points to sharedobjects within /data/data/com.android.browser/flashlite, but sharedobjects, nor any folder for that matter, exists within that directory on the Eris. Is there a different place this could point; does the Eris have the same objects stored in a different location?
UPDATE: I'm searching my filesystem on my Eris right now to find it. I will report back later with results.
Also If we find a sharedobjects folder (and the right one) then we can point the script in the proper direction and have root very soon.
MyFixofAndroid said:
Maybe the "sharedobjects" folder and other missing folders are really on the Eris, one of you should look for them. Use ASTRO or a different file manager and search most of the whole filesystem and see if you can find "sharedobjects" on your Erises.
In the meantime I'll try the same thing. Maybe there's a search engine for the file system of the Eris that you can get in the Android Market, that would do the trick. A file and/or folder search engine.
If we find a sharedobjects folder (and the right one) then we can point the script in the proper direction and have root very soon.
Click to expand...
Click to collapse
From what I see (and this may just be my eris), the directory probably does exist but we can't touch it:
ls -l
...
drwxrwx--x system system 2010-04-15 02:23 data
...
No read or write permissions to the directory using adb or Astro.
I do have permissions for /sdcard/data on my Eris:
d---rwxr-x system sdcard_rw 2010-06-26 13:26 data
but it doesn't contain the referenced folders and I don't think the browser downloads temporary files to the SD card.
I checked on my other Eris which is rooted. It seems that these may be the directories that we are looking for. However I don't find anything in an app-cache directory.
# find / -name *flashlite
find / -name *flashlite
/data/data/com.android.browser/flashlite
find: /proc/851: No such file or directory
# find / -name com.android.browser
find / -name com.android.browser
/data/data/com.android.browser
Well this appears to be the deal breaker then. Because non-root users of Eris cannot access /data as non-root, they cannot see anything in app-cache, and therefore cannot root yet, at least with this particular method unless there's another way to do it.
We should think of a way to still exploit Flash Lite on Eris, but use a different folder/folders in the Part? scripts that they point to for the operations of the script. This may be possible to do, however, still unlikely to work, and it is still going to be hard at this point.
But does anyone want to give my modified EVO method but for Eris a try? One of you should, so that we can root this thing and get it over with.
jimbonj said:
From what I see (and this may just be my eris), the directory probably does exist but we can't touch it:
ls -l
...
drwxrwx--x system system 2010-04-15 02:23 data
...
No read or write permissions to the directory using adb or Astro.
I do have permissions for /sdcard/data on my Eris:
d---rwxr-x system sdcard_rw 2010-06-26 13:26 data
but it doesn't contain the referenced folders and I don't think the browser downloads temporary files to the SD card.
Click to expand...
Click to collapse
I dont think we would need read write permissions to begin with to use this root, if we had them to start we would be rooted
Because is he using a exploit in flash lite to write to a restricted folder, hes not just found a folder where the permissions aren't set correctly.
If flash lite can invoke admin access and we can exploit it there should be a way to root this.
I am going to the bar going to get some beers for my friends birthday, when I get home I am going to see if I can modify this into an eris root
Yeah JVWARD!
On your rooting effort, all the better, try modifying it for Eris and let all of us know if you succeed, hope you can, so we can get root too. Keep trying it with different changes until you get it to work.
Thanks.
You are able to cd directly into /data/data/com.android.browser/ and then ls, so all hope may not be lost yet. The flashlite directory does not show up, I'm guessing because I haven't used my browser yet so I need to try and get to a flash site and see if it is created. I'm having some problems with the touch screen my leak Eris right now that I'm trying to fix right now if anyone else wants to give it a shot.
You are able to cd directly into /data/data/com.android.browser/ and then ls, so all hope may not be lost yet. The flashlite directory does not show up, I'm guessing because I haven't used my browser yet so I need to try and get to a flash site and see if it is created. I'm having some problems with the touch screen my leak Eris right now that I'm trying to fix right now if anyone else wants to give it a shot.
Click to expand...
Click to collapse
Yes sickbox, by all means, keep trying stuff, and finding that "flashlite" directory etc. till you get it to root. Hope your touchscreen returns to normal, and that you can create the directory that you mentioned in your previous post by using a flash site.
Hey guys, I know this is a tall order, but I want to help. Any chance you could do a "step by step" set of instructions, or at least copy & paste the Evo instructions with the appropriate changes to try this on the Eris? I'm still not rooted, and the SD card Timing root method isn't working for me. I'd like to try something different.
hey can someone with a rooted Eris using a an almost 100% stock Rom setup dump there file system and post it. Anyone using a highly customized Rom don't bother.
Sent from my Eris using Tapatalk
lostpilot28 said:
Hey guys, I know this is a tall order, but I want to help. Any chance you could do a "step by step" set of instructions, or at least copy & paste the Evo instructions with the appropriate changes to try this on the Eris? I'm still not rooted, and the SD card Timing root method isn't working for me. I'd like to try something different.
Click to expand...
Click to collapse
Link to the Evo instructions is in the OP. Currently working to see if it's possible on the Eris, so that's a no-go for now.
Stay tuned.
Team,
I've been working with the scripts with the awesome folks on IRC and have currently gotten thus far:
Part1 - http://pastebin.com/FUJWM3zW
Part2 - http://pastebin.com/6h07zrdm
I believe at this point I've screwed up my FlashLite plugin with my testing, so I'm going to try to recover that and keep moving along.
LR
hi.. after following the instructions on how to downgrade my phone, and obtain root, i have, and after i had my foryo rooted, i downloaded RUU_Vision_Gingerbread_S_HTC_WWE_2.42.405.2 because my original intent was to have a rooted gingerbread and it didn't make much sense to have roms provided by htc itself.
but now i see i don't have root, so oops, i guess i was wrong.
so do i have to go though the whole kaka procedure again, and then find a custom rom, because my end game, is to have as close as possible a rooted gingerbread as close as possible to the original HTC rom. where can i get one?
oh, and what's the difference between the asia and wwe? does any of them handle hebrew bidi writing correctly (without applying the patch?)
I think there is a way to root gingerbread, or you have to downgrade. At either rate, you want to get to a place where you can flash your own ROM. Having clockworkmod installed would be just fine.
Then you would take the stock gingerbread, extract and unzip it, add Superuser and su, make the boot insecure, repack it for flashing, flash via CWM, and presto- rooted stock gingerbread. If you want to build in hebrew bidi writing, you can add that too.
There might be a few rooted stock gingerbread roms out there, but it seems that the trend is toward cooked up versions, rather than stock.
AFAIK i don't there's a way to root gingerbreak, it's un-rootable, that's why i downgraded in the first place. i think i can do it again, question is:
where do i find the stock gingerbread rom? is it in the RUU exe? if so, how get it out from there, without installing it
second, how on earth would i do all the things you said (add su,make boot insecure,repack,flash cwm).
is there a guide out there for all there above?
I think there is a some software for windows that will allow you to extract the rom from the RUU. I don't use windows, so I don't know anything about it. I've seen some posts about it, so I can say it seems to involve using the RUU to almost install the ROM, but at the last minute, just stop and the ROM will be extracted into one of the temp directories. You just use the RUU to extract the rom, not install it.
As far as all those other steps, I think all the information is scattered about xda.
Here's some information about the insecure boot image. It's for the transformer, but it's essentially the same thing, except for the blob parts. You'll have to use something like splitbootimg or bootunpack, and mkbootimg (search for them) instead of blobunpack.
http://forum.xda-developers.com/showthread.php?t=1193737
This might be more helpful:
http://forum.xda-developers.com/showthread.php?t=1100189
As for the other parts, you can use some of the other updates and zip files as a guide to figure out how to unpack, mod them, and repack them. I think there might be a rom kitchen script that will do this too, but I can't speak to that either.
Sorry if this sounds so complex- it's not that bad once you've done it once. I have a rooted stock GB that I made this way from the GB update, but it's the US version. Let me know when you have the WWE version extracted.
ok, let's take it one step at a time, (maybe we'll make a guide out of it
i activated the but i never continued instead i used process explorer to find out which files it's holds, so i got the temp directory and extracted rom.zip a 260 mg file (containing various img files)
now what?
btw is this relavent? http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
yea, i've seen it is, but one issue is that where do i get the cpio and makebootfs, (if i need to compile stuff, this is where i stop, i allready downloaded the perl scripts, as well as GZIP
ok, so far so good.
That link is exactly what you need. You can use that info to unpack the boot.img and make it insecure "ro.secure=0" by editing the default.prop file in the ramdisk.
I think some of the links to the tools might not work, but these will work instead - https://github.com/AndroidRoot/BootTools
Use the guides to mod and then repack the ramdisk
put the kernel and the modded ramdisk back together with makebootimg. There might be some specific command lines and kernel addresses- the hdrboot tool will show you want they should be from the original boot.img
Also, could you upload the zip file or PM me a link? This would be a perfect project for a guide.
ok wait, which tools am i missing? i have a windows machine (ultimate 7 64 bit) and the boottools needs to be compiled, (i don't have developer studio installed just eclipse)
so far i have the following tools:
repack-bootimg.pl
unpack-bootimg.pl
split-bootimg.pl
cpio for windows
gzip
what zip file?
(i'm going to sleep now as i'm in israel,i will "boot" in 6 hrs, luckily i have a vacation tommorow, so i hope we'll have time to finish this.
I think you might need gunzip to extract the ramdisk. unzip might work, but I'm not sure with Windows.
The zip is the rom.zip which has the rom.
I seem to recall there being at least 2 rooted stock ROMs in the dev forum. I think the one I've used was posted by either suilmagic (may be siulmagic), or rmk40. Xboarder56 posted one some time ago, but he started stripping things out that I used, like QuickOffice. If nothing else, this finally drove me to use Titanium backup...
Sent from my HTC Vision using Tapatalk
Yeah, I guess a search would take some of the fun out of it....
http://forum.xda-developers.com/showthread.php?t=1169004
actually i DID google "rooted stock rom desire z"
but i could find anything for sure, that's why i posted this, is this rom appear in the developer list of roms linked in the downgrade wiki? because i couldn't find it there either, would be nice if it was added.
No worries- I didn't actually search for it- I just paged through some of the dev sections.
I think you'll have flash it using CWM recovery.
great, i'm assuming CWM is Clockwork something?
Yup- look for the 3.x version. There was a 5.x, but i think it has some issues.
ok, so now, i must re-downgrade, root,
http://forum.xda-developers.com/wiki/ClockworkMod_Recovery
get rom manager, and ah... wait, what's the update.zip? is that actual image i need to place on the sdcard?
That wiki seems kinda old- I don't think the stock recovery will flash the update.zip
This is more up to date and specific for the G2/DZ:
http://forum.xda-developers.com/wiki/HTC_Vision#Rooting_the_Vision_.28G2.2FDZ.29_and_DHD
yea i've read that one (that's how i rooted in the first place.
isn't there a way to short ciruit this somehow and instead of pc10img have the update itself installed ? or is it because it's a an OTA, i have to do the whole thing?
looking at the image, i think i'm missing someting it looks like i can somehow use the scripts inside the image when i get temp_root (meaning i won't have to update the original image. am i wrong?
ok i've gone through the motions over and over, finally rooted it, have rom manager, clicked flash recovery, copied the zip file for rom i wanted to the root of sdcard, selected it rom manager, rebooted, now i selected apply update from sdcard,
now i see the hat signal and nothing happens, (i also selected backup rom and wipe cache and data)
i also noticed that i have install zip from sdcard, but i didnt' select it, how long should it take?
ok i FINALLY managed to install (it actually i pressed power button again and immdietly returned the cwm main menu, from then on, i chose reboot, i think it's moved on.
problem is, some things looked odd, for example the phone bar on the buttom, looks distorted, when i click on the application list i can only see half the list (meaning half the screen shows the list although i can scroll up and down the buttom half remains blank..
never mind it's ok now after re-boot..
btw i tried creating a batch file like so:
adb shell cat /dev/msm_rotator
rem expected output
rem /dev/msm_rotator: invalid length
pause
rem temp_root
rem adb push fre3vo /data/local/tmp
rem adb shell chmod 777 /data/local/tmp/fre3vo
rem adb shell /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
echo wait for device to reconnect
pause
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 1.00.000.0
adb shell sync
adb shell dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
rem expected output is:
rem 1.00.000.010+0 records in
rem 10+0 records out
rem 10 bytes transferred in 0.001 secs (10000 bytes/sec)
pause
rem downgrade
rem wget http://www59.multiupload.com:81/fil...118187CA1236F3BA6767A7/1.34.405.5_PC10IMG.zip
adb push 1.34.405.5_PC10IMG.zip /sdcard/PC10IMG.zip
adb reboot bootloader
but it didn't workout so much, don't know why it said something about it couldn't write recovery img file
Umm if you already rooted via the xda wiki then you should've had a bootloader that was engineering s-off right? Just saying because you could've flashed a custom rooted rom through bootloader and not had to re-root, that is unless the ruu applied an updated bootloader with s-on. Maybe boot into bootloader and see if the top line says PVT ENG S-OFF, worth a look anyway, could save you some headache
Sent from my Bulletproof G2
actually i'm haveing another headache a couple actually, for some reason, during the restore, it failed to download google maps among the gailion apps i downloaded, now i can't download no matter, i tried installing it manually, and it worked, but i can't see in the market.
the market on the web site says the application is not compatible.
also when i tried using anysoft keyboard and use the hebrew fonts, even though it installed i still couldn't get the keyboard.
right not i have no idea what's the state of my phone.
ATTENTION! this thread is OUTDATED
unrevoked has always been a finicky program,3.22 working fine for some,not so much for others.recent updates seemd to have made it even worse, i see alot of issue and fustration with it lately. as such, i do not recomend this method any longer.
IMO,at this time htcdev is the best way to root,downgrade,and achieve s-off. while it technically does void your warranty,and wipe your data,it has thus far at least proven to be reliable. i doubt may original droid incredibles have factory warranty left anyway it does not use unrevoked,or any otehr root tools or programs,just htcs own unlock(you can giggle loudly,or silently,as you use their unlock to achieve s-off
the original home of the hctdev method is here, on android forums.
it is also here: http://forum.xda-developers.com/showthread.php?t=1600904 but not as well supported since im not here as much.
_______________________________________________________________________________________________________________________
*outdated guide:
i wasnt sure if this should be here,or in development,so feel free to move it if you feel its in the weong spot. i cant take credit for any of this,i just took it all from different places and put it all here. unfortunately,i cant gaurantee that this will work for everyone. but several have succesfully downgraded and regained s-off.
its intended for someone who has no adb experinece,and is overwhelmed at the thot of downloading and installing the SDK. if your proficient at adb,your welcome to pull flash_image and mtd0 out,and place them in tools,platform tools,or wherever you usually push files from,rather than changing to the mini-adb_inc directory.
thots and feed back are welcome. ive had this guide up here on AF for a few days. ill try and provide support here as well,but please underdstand computer time is limited these days and i dont make it here as often. in otherwords,please help each other out
_______________________________________________________________________________________
PLEASE NOTE: this thread is for the original droid incredible. NOT the incredible 2(vivow) or incredible S(vivo)
for info on downgrading the inc 2 to .97 hboot so you can root with revolutionary,see this thread here in the inc 2 all things root subforum
if you DO have an original droid incredible,aka Inc 1,then procede
_________________________________________________________________
**********************************************************
_________________________________________________________________
READ THIS: i dont mean to sound like i dont want to be bothered with questions. however,folks are having basically the same issues thru-out the 600+ posts,so i can almost gauarntee if you have a prollem,it has been covered. please try and search for some answers before jumping to the end and posting. answering the same things over and over is just making the thread even longer and harder to search.
if you do have trouble and need to post questions about ADB commands,please provide a copy of your entire session in the command window along with the question. its usually pretty easy to see what went wrong when we can see the whole thing.
copy everything in the command window,and paste it into a code box by:
-right click in the command window,click mark.
-highlight everything in white. hit enter.
-then,in your "reply to thread" box here,click the "#" up top
-right click and "paste" everything between the
Code:
tags.
_________________________________________________________________
i cant take credit for any of this,i just took it all from different places and put it all here. unfortunately,i cant gaurantee that this will work for everyone. but several now have rooted 2.3.4,and 1 has succesfully downgraded and gained s-off.
its intended for someone who has no adb experinece,and is overwhelmed at the thot of downloading and installing the SDK. if your proficient at adb,your welcome to pull flash_image and mtd0 out,and place them in tools,platform tools,or wherever you usually push files from,rather than changing to the mini-adb_inc directory.
thots and feed back are welcome. there will prolly be several edits of this as i try to clarify it,and make it a lil better. but for now im tired and 5am comes early ;)
[B]first and foremost,giving proper credit to all that deserve it:[/B]
*alpharev and unrevoked for all they for the root community :cool:
-efizzle for getting the ball rolling in [URL="http://forum.xda-developers.com/showthread.php?t=1286223"]this thread[/URL] on xda by figuring out that an older version of unrevoked would get superuser access on 2.3.4
-iowabowtech for point me in the direction of [URL="http://forum.xda-developers.com/showthread.php?t=768295&highlight=ota"]this thread[/URL] that i collected the misc image,and parts of the guide. also for his support answering questions.
-sele and the crew in the "rescue squad" on [URL="http://api.viglink.com/api/click?format=go&drKey=1153&loc=http%3A%2F%2Fandroidforums.com%2Fthunderbolt-all-things-root%2F418539-thunderbolt-root-unroot-thread.html&v=1&libid=1318297929451&out=http%3A%2F%2Fwww.thunderboltforums.com%2F&ref=http%3A%2F%2Fandroidforums.com%2Fthunderbolt-all-things-root%2F&title=Thunderbolt%20Root%2FUnroot%20Thread%20-%20Android%20Forums&txt=HTC%20Thunderbolt%20Forum&jsonp=vglnk_jsonp_13182980284911"]the thunderbolt forum[/URL] for what i like to call the "mini-adb" concept.
-rooter28 for testing and keeping me updated as he made progress. hopefully he will stop in and help answer questions :)
-mkreiger for fearlessly jumping in to be the second official tester
-lovejess for finding a mac download for unrevoked 3.22
-gkinsella2 for contributing the mac specific instructions
-whomever origianlly came up with the images and guide linked above. if i can figure out who this was,ill add you in later.
*special thanks to sdrawcab for his invaluable support in helping answer questions and prollems
-prolly more,im sure there will be several edits of this.
1)[B][I]download these files[/I][/B],and save them somewhere you can easily find them:
[U]unrevoked 3.22[/U] [url=http://www.multiupload.com/WMGYYGL97Z]unrevoked 3.22[/url]
[U]mirror:[/U] [URL="https://www.box.net/shared/8e3nb5l5lnjjuh6vbqt7"]unrevoked 3.22 mirror[/URL]
md5: [COLOR="red"]5760fbe8ed6d44752e78433252f2d5b2[/COLOR]
[U]unrevokeds modified usb drivers[/U] [url=http://unrevoked.com/rootwiki/doku.php/public/windows_hboot_driver_install]public:windows_hboot_driver_install [RootWiki][/url]
[U]mini-adb_inc[/U](contains misc image,flash image,and some basic adb tools)[url=http://www.multiupload.com/0G635MCZS2]Multiupload.com - upload your files to multiple file hosting sites![/url]
md5: [COLOR="red"]a793cc0142e1cd18f60849894bbc47cd[/COLOR]
[U]mirror:[/U][url]http://www.mediafire.com/?o6c4kq4wyccuom5[/url]
mirror md5: [COLOR="Red"]7c5211686a20b558ccd660c782f82e2b[/COLOR]
[I]*clockwork and zergrush included in mirror[/I]
[U]PB31IMG for 2.2[/U] (2.2 downgrade) [url=http://www.mediafire.com/?uvha2u2pv3xp8d5]PB31IMG.zip[/url]
[U]mirror:[/U] [url]http://pvillecomp.com/?page_id=22[/url]
md5: [COLOR="red"]31bb1611a0fa8197d447c0438426717e[/COLOR]
[U]clockwork 5.0.2.0[/U] [url=http://www.multiupload.com/FGEU9VPGKF]Multiupload.com - upload your files to multiple file hosting sites![/url]
[U]mirror:[/U][url]http://pvillecomp.com/?page_id=28[/url]
md5: [COLOR="Red"]e8ac35ddc1c37000bb0852d1f380b5bb[/COLOR]
**make sure to check the md5 sums match those listed!**
if you dont have an md5 sum verifier on your PC,there are many out there for free. heres an example: [url=http://www.md5summer.org/]Home of the MD5summer[/url]
2)[B][I]root with unrevoked 3.22[/I][/B]
-go to settings/applications and [U]uncheck[/U] "fastboot". having this checked will prevent you from getting to hboot via power/vol down.
-open the recovery-clockwork-5.0.2.0-inc_PB31IMG download. extract it first if you need to. inside there is an image called "recovery-clockwork-5.0.2.0-inc". right click on this image,then click "copy". navigate to a directory you can easily find it,then right click in that directory,then "paste". alternatively,you can drag it from the extracted folder to a convienient spot(i personally like to drag files around,but its fine either way).
-use your md5 summer to verify the md5 of just the image,not the whole .zip. it should be: [COLOR="Red"]ea382ca5809cb872d0582aa22741d592[/COLOR]
-install the drivers as described on unrevokeds page above.
-unplug your phone.
-extract the contents of the unrevoked 3.22 .zip. open the folder, right click on "reflash" and run as administrator if possible.
-click on "file" in the corner of the relfash window
-click custom recovery
-navigate to,and select your "recovery-clockwork-5.0.2.0-inc" image and select it. at the bottom of your reflash app window, it should now say "recovery:custom" and "waiting for device"
-make sure usb debugging is checked ON in settings/applications/development.
-plug in your phone and place it in charge only mode. assuming you installed the drivers correctly,unrevoked 3.22 will start. let it do its thing. it will reboot a couple of times. when its finished,it may leave you on a blank screen. if this is the case,pull the battery and reboot.
-you [I]should[/I] now have the superuser app in your app drawer. if so,go to settings/applications/manage apps/superuser and clear data. test that superuser is working and granting permissions by downloading rom manager,and using it to flash the newest clockwork recovery. alternatively,download and run a "root checker" or any of your favorite "root only" apps and make sure they work.
-once you get "successfully flashed clockwork recovery" boot to it and make a backup,since downgrading to get s-off [U]WILL[/U] wipe all your data. boot back into the operating system.
*[I]special note to slcd users[/I]: this version of unrevoked is installig an old, non-compatible version of clockwork,so you will just see a black screen if you do not install newer clockwork as described above.
-if you plan to install a custom rom after downgrading,now is a good time to download titaium backup,and its pro key(WELL worth the $$) and do a batch backup of all your user apps and app data(no system data)
*at this point,you could just enjoy root access without doing anything else. if all you care about is using a couple of root only apps,and deleting some bloatware,you can remain rooted and s-on if youd like. id personally reccomend to downgrade and become s-off in case future OTAs knock out your root access.
3)[B][I]prepare to downgrad[/I]e[/B]
-extract the mini-adb_inc .zip. place the extracted folder on the root of your c drive. it comtains mtd0,flash_image,and some adb tools.
-place the 2.2 downgrade on the root of your sd card,and verify it is named "PB31IMG". now is a good time to verify that your SD card is formatted "FAT32" by right clicking on the drive that is your phones sd card,then click "properties". if you find your card is formated anything else,youll have to re-format it. start by backing up all files to your PC as reformatting [U]WILL[/U] wipe it clean. using your PC,do a full format to FAT32. you can then transfer the files back. *this is important-as your phone will not find the downgrade PB31IMG unless your card is formatted to FAT 32,and the file is correctly named.
[U]special notes on hboot flashing PB31IMG files[/U] a common issue folks are having is the PB31IMG is not being found by hboot.
*there are only 2 reasons a PB31IMG is not found on the root of the sd card:
a)not named correctly. the phone muse see exactly "PB31IMG.zip". due to the way windows automatically adds and hides file extensions,it is usually correct to name the file "PB31IMG" with windows. common errors are for the file to be named "PB31IMG.zip.zip" after manually tying in the ".zip". on rarer occasions,it may not be adding/hiding the file extension,resulting in the file actually beening seen by the phone as "PB31IMG" :eek: [I]check your file with a file manager on your phone[/I] and see how its seeing it.
b)sd card not formatted FAT32. if it is plain FAT or anything else,PB31IMG is invisible. on rare occasion,i have seen claims that a bad sd card,or card that needs reformatted(even tho it may be FAT32) will have the same affect.
*this has been addressed [U]several[/U] times in the thread,skim thru it for more information.
4)[B][I]downgrade with adb[/I][/B]. make sure your phone is charged to 100% before starting.
-on windows 7,click the start bubble and type "command" in the search box. this should open a small black command window. from this point forward,all code will be in [B]bold[/B] so you know what lines to copy and paste(or type,if you really want to type them all in). additional comments will be blue,and should not be copy/pasted. please note that each line is one command. copy/paste it into the prompt in your command window,and push enter. one line at a time.
at the end of the post,is a copy of my session,to show what the outputs of the entered lines should look like. hopefully,its a little less scary when you know that youre getting the right responses to the things you enter.
-make sure phone is plugged in and usb debugging checked on,in charge only mode
-at the promt in your command window:
[B]cd c:mini-adb_inc [/B] [COLOR="Blue"]this should change your command promt to "mini-adb_inc",indicating youre using that directory.[/COLOR]
[B]adb devices[/B] [COLOR="blue"]this should output your phones serial number,indicating its recognized[/COLOR]
[B]md5sums mtd0.img [/B] [COLOR="blue"]it should output a few things.at the end you should see this number 34307be744275f1db1dd16af04c37839
[/COLOR]
[B]md5sums flash_image[/B] [COLOR="blue"]again,it will output some things,then you should see this number: 0098a7dd6600b55fac34fc6645be5d7a[/COLOR]
[COLOR="Red"]*both those numbers must match exactly. if they do then you can procede.
[/COLOR]
[B]adb push flash_image /data/local/[/B]
[B]adb push mtd0.img /sdcard/[/B]
[B]adb shell[/B] [COLOR="Blue"]your prompt should change to a #. if it changes to a $,then type[/COLOR] [B]su[/B] [COLOR="blue"]note your phone may pop up a message asking you to allow permissions the first time you do this. if it does check "always" and touch "allow" on the superuser request on the phone screen.[/COLOR]
[B]cd /data/local[/B]
[B]chmod 0755 /data/local/flash_image[/B]
[B]cd /data/local[/B]
[B]./flash_image misc /sdcard/mtd0.img[/B]
[COLOR="blue"]you can now downgrade back to 2.2,so you can run "unrevoked forever" to regain s-off[/COLOR]
[B]exit[/B] [COLOR="Blue"]to get out of your adb shell,and back to the "mini-adb_inc" prompt[/COLOR]
[B]adb reboot bootloader[/B] [COLOR="blue"]this will boot your phone to "fastboot" select "bootloader" with the power button.[/COLOR]
hopefully what you will see now,is a blue status bar as your phone finds the PB31IMG,unpacks it,checks it,then asks if youd like to update. select yes to update with the volume up rocker. if youve never installed a full ruu in hboot,it will take a few minutes,so dont panic. place the phone gently down somewhere where it wont fall and spit out the battery. let it do its thing. push power to reboot when prompted.
let the phone fully boot,then place in disk drive mode and immediately delete PB31IMG from your sd card,as it will interefere with running unrevoked forever.
*[I][U]special note:[/U][/I] if your phone does not fully boot after running PB31IMG,dont panic. its happened to quite a few users,for some reason. simply pull your battery,boot to hboot via power/volume down and run PB31IMG again.
download unrevoked forever from here: [url=http://www.unrevoked.com/recovery/]unrevoked3 recovery reflash tool, v3.32[/url]
run it as you did the previous version. before plugging in your phone,make sure "disable phone security is checked" in the file menu. this time,it will root you,and turn the secure flag off on your radio. this is good,as it will allow you to always flash things that werent signed and approved by htc. you can flash new radios and recoveries,and flash any ruu you wish. the secure flag is in the radio,so running ruus or even accepting OTAs will not over-ride it. you will always stay s-off.
[I][U]*unrevoked 3.32 note:[/U][/I] if you check the "disable phone security" box as described above,and unrevoked still fails to turn s-off,you are not lost.[U]simply flash the s-off tool in recovery[/U]. you can find it here: [url=http://unrevoked.com/rootwiki/doku.php/public/forever]public:forever [RootWiki][/url]
if you wish to return to where you were,sign into google,download rom manger,flash the latest clockwork recovery. boot to recovery,then restore the back you made before we started.
optionally,you can now install the custom rom of your choice,along with a new recovery and radio if you desire. :)
and heres what you will see when entering the commands(the red are my copy/paste's):
[CODE]Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:UsersScott>[COLOR="Red"]cd c:mini-adb_inc[/COLOR]
c:mini-adb_inc>[COLOR="red"]adb devices[/COLOR]
List of devices attached
HT07DHJ02777 device
c:mini-adb_inc>[COLOR="red"]md5sums mtd0.img[/COLOR]
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[c:mini-adb_inc]
mtd0.img 34307be744275f1db1dd16af04c37839
c:mini-adb_inc>[COLOR="red"]md5sums flash_image[/COLOR]
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[c:mini-adb_inc]
flash_image 0098a7dd6600b55fac34fc6645be5d7a
c:mini-adb_inc>[COLOR="red"]adb push flash_image /data/local/[/COLOR]
1547 KB/s (76044 bytes in 0.048s)
c:mini-adb_inc>[COLOR="red"]adb push mtd0.img /sdcard/[/COLOR]
1662 KB/s (655360 bytes in 0.385s)
c:mini-adb_inc>[COLOR="red"]adb shell[/COLOR]
$ [COLOR="red"]su[/COLOR]
su
# [COLOR="red"]cd /data/local[/COLOR]
cd /data/local
# [COLOR="red"]chmod 0755 /data/local/flash_image[/COLOR]
chmod 0755 /data/local/flash_image
# [COLOR="red"]cd /data/local[/COLOR]
cd /data/local
# [COLOR="red"]./flash_image misc /sdcard/mtd0.img[/COLOR]
./flash_image misc /sdcard/mtd0.img
# [COLOR="red"]exit[/COLOR]
exit
$ [COLOR="red"]exit[/COLOR]
exit
c:mini-adb_inc>[COLOR="red"]adb reboot bootloader[/COLOR]
c:mini-adb_inc>
other info:
-unrevoked 3.22 for mac can be found here: http://downloads.unrevoked.com/recovery/3.22/Reflash.dmg at this point youre on your own converting the adb commands. if someone wants to translate,or make a mac adb guide,ill gladly add it in
-until we put together a mac specific guide,directions for modifying the rest of it to work on a mac are found in post #629,here: http://androidforums.com/incredible...-3-4-root-downgrade-s-off-13.html#post3623666 courtesy of gkinsella2. mac users(and everyone else ) make sure to click the thanks button on his post!
______________________________________________________________________________________
*last and not least,this is a direct copy/paste of the AF thread,so any references to pages numbers are references to THAT thread on AF
the zergRoot method
this is for folks who for whatever reason,unrevoked 3.22 does not work to get them root access.
this could also be used if youve got a replacement device thats not setup,and you could care less about installing a recovery. this still requires unrevokeds drivers to be set up,so you can root with unrevoked 3.32 after downgrading,but otherwise,it prolly is a lil quicker since you dont need to download and run unrevoked 3.22.
alternately,use this if you just like ADB if your proficient in adb,feel free to remove the images from mini-adb_inc,and place them and the zergRush tool into whatever folder you typically push files from.
like above,this is intended for someone whose never installed ADB or entered command lines before.
1)download these files,and save them somewhere you can easily find them:
unrevokeds modified usb drivers public:windows_hboot_driver_install [RootWiki]
mini-adb_inc(contains misc image,flash image,and some basic adb tools)Multiupload.com - upload your files to multiple file hosting sites!
md5: a793cc0142e1cd18f60849894bbc47cd
PB31IMG for 2.2 PB31IMG.zip
md5: 31bb1611a0fa8197d447c0438426717e
zergRush tool from xda: Revolutionary - zergRush local root 2.2/2.3 - xda-developers
md5: 12c52b97e75e73595b325c03610b3380
**make sure to check the md5 sums match those listed!**
if you dont have an md5 sum verifier on your PC,there are many out there for free. heres an example: Home of the MD5summer
3)prepare to downgrade
-extract the mini-adb_inc .zip. place the extracted folder on the root of your c\ drive. it comtains mtd0,flash_image,and some adb tools.
-extract zergRush.zip. take the image inside,and either copy/paste or drag it into your mini-adb_inc folder
-place the PB31IMG of 2.2 on the root of your sd card. rename PB31IMG. now is a good time to verify that your SD card is formatted "FAT32" by right clicking on the drive that is your phones sd card,then click "properties". if you find your card is formated anything else,youll have to re-format it. start by backing up all files to your PC as reformatting WILL wipe it clean. using your PC,do a full format to FAT32. you can then transfer the files back. *this is important-as your phone will not find the downgrade PB31IMG unless your card is formatted to FAT 32,and the file is correctly named.
4)downgrade with adb. make sure your phone is charged to 100% before starting.
-on windows 7,click the start bubble and type "command" in the search box. this should open a small black command window. from this point forward,all code will be in bold so you know what lines to copy and paste(or type,if you really want to type them all in). additional comments will be blue,and should not be copy/pasted. please note that each line is one command. copy/paste it into the prompt in your command window,and push enter. one line at a time.
at the end of the post,is a copy of my session,to show what the outputs of the entered lines should look like. hopefully,its a little less scary when you know that youre getting the right responses to the things you enter.
-make sure phone is plugged in and usb debugging checked on in charge only mode
-at the promt in your command window:
cd c:\mini-adb_inc this should change your command promt to "mini-adb_inc",indicating youre using that directory.
adb devices this should output your phones serial number,indicating its recognized
md5sums mtd0.img it should output a few things.at the end you should see this number 34307be744275f1db1dd16af04c37839
md5sums flash_image again,it will output some things,then you should see this number: 0098a7dd6600b55fac34fc6645be5d7a
md5sums zergRush again,output stuff, then this number: 3cf8a3fbceb667121d91f4ef1a66684c
*all those numbers must match exactly. if they do then you can procede.
adb push zergRush /data/local/
adb shell this will change your promt to a $
chmod 755 /data/local/zergRush
/data/local/zergRush
this will cause zergRush to start,and it shoudl say "found a gingerbread!" followed by a bunch of other funny stuff.
last thing it says will be: Killing ADB and restarting as root... enjoy!
you should then be returned to your "mini-adb_inc>" prompt
adb push flash_image /data/local/
adb push mtd0.img /sdcard/
adb shell your prompt should change to a #
cd /data/local
chmod 0755 /data/local/flash_image
cd /data/local
./flash_image misc /sdcard/mtd0.img
you can now downgrade back to 2.2,so you can run "unrevoked forever" to regain s-off
exit to get out of your adb shell,and back to the "mini-adb_inc" prompt
adb reboot bootloader this will boot your phone to "fastboot" select "bootloader" with the power button.
hopefully what you will see now,is a blue status bar as your phone finds the PB31IMG,unpacks it,checks it,then asks if youd like to update. select yes to update with the volume up rocker. if youve never installed a full ruu in hboot,it will take a few minutes,so dont panic. place the phone gently down somewhere where it wont fall and spit out the battery. let it do its thing. push power to reboot when prompted.
let the phone fully boot,then place in disk drive mode and immediately delete PB31IMG from your sd card,as it will interefere with running unrevoked forever.
download unrevoked forever from here: unrevoked3 recovery reflash tool, v3.32
run unrevoked(extract the contents,right click on "reflash",run as adminstrator if possible). this time,it will root you,and turn the secure flag off on your radio. this is good,as it will allow you to always flash things that werent signed and approved by htc. you can flash new radios and recoveries,and flash any ruu you wish. the secure flag is in the radio,so running ruus or even accepting OTAs will not over-ride it. you will always stay s-off.
and heres what you should see when entering the commands(my copy/pastes are in red):
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_inc[/COLOR]
c:\mini-adb_inc>[COLOR="red"]adb devices[/COLOR]
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HT117HJ00242 device
c:\mini-adb_inc>[COLOR="red"]md5sums mtd0.img[/COLOR]
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[c:\mini-adb_inc\]
mtd0.img 34307be744275f1db1dd16af04c37839
c:\mini-adb_inc>[COLOR="red"]md5sums flash_image[/COLOR]
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[c:\mini-adb_inc\]
flash_image 0098a7dd6600b55fac34fc6645be5d7a
c:\mini-adb_inc>[COLOR="red"]md5sums zergRush[/COLOR]
MD5sums 1.2 freeware for Win9x/ME/NT/2000/XP+
Copyright (C) 2001-2005 Jem Berkes - http://www.pc-tools.net/
Type md5sums -h for help
[Path] / filename MD5 sum
-------------------------------------------------------------------------------
[c:\mini-adb_inc\]
zergRush 3cf8a3fbceb667121d91f4ef1a66684c
c:\mini-adb_inc>[COLOR="red"]adb push zergRush /data/local/[/COLOR]
1150 KB/s (21215 bytes in 0.018s)
c:\mini-adb_inc>[COLOR="red"]adb shell[/COLOR]
$ [COLOR="red"]chmod 755 /data/local/zergRush[/COLOR]
chmod 755 /data/local/zergRush
$ [COLOR="red"]/data/local/zergRush[/COLOR]
/data/local/zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015108
[*] Scooting ...
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x401219e4 0x006c
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd158bf 0xafd1ace3
[*] Sending 149 zerglings ...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
c:\mini-adb_inc>[COLOR="red"]adb push flash_image /data/local/[/COLOR]
1547 KB/s (76044 bytes in 0.048s)
c:\mini-adb_inc>[COLOR="red"]adb push mtd0.img /sdcard/[/COLOR]
1017 KB/s (655360 bytes in 0.629s)
c:\mini-adb_inc>[COLOR="red"]adb shell[/COLOR]
# [COLOR="red"]cd /data/local[/COLOR]
cd /data/local
# [COLOR="red"]chmod 0755 /data/local/flash_image[/COLOR]
chmod 0755 /data/local/flash_image
# [COLOR="red"]cd /data/local[/COLOR]
cd /data/local
# [COLOR="red"]./flash_image misc /sdcard/mtd0.img[/COLOR]
./flash_image misc /sdcard/mtd0.img
#[COLOR="red"] exit[/COLOR]
exit
c:\mini-adb_inc>[COLOR="red"]adb reboot bootloader[/COLOR]
c:\mini-adb_inc>
edit:apparently the zergRush tool has changed. ive included the new md5s,so hopefully there wont be any more confusion like the old md5s caused earlier. be aware of this,however, in case they do change again. you are right to be cautious if it doesnt match,so ill do my best to keep up with it.
This does work, but god I wish it was all ADB it was all so easy before unrevoked it didn't work the first time it gave me SU and root but no s-off then unrevoked would not run again due to new firmware. I did full downgrade to 2.2 and followed all directions ADB is so simple but unrevoked took 2 hours of just missing around to get s-off which included flashing 2.2 in hboot again starting over, running what I could run again in ADB without the gingerbreak since I was now on froyo, it was mostly just repushing the files and binary. But after all that unrevoked ran and gained root and s-off. Worst root I have ever done but people its all about making smart decisions before you do it if you make a mistake and get stuck, get help or trouble shoot but use you head before you battery pull and make sure you read before you hit anything.
If I helped you in any way please use the thank you button
sorry you had such issue with unrevoked. usually thats the easy part most folks are confused by adb and running commnads and wish it was all automated!
just a couple things that may help folks in the future:
-if you dont want to fool with unrevoked 3.22 in 3.2.4 use the "zergRoot"method in post 2. its all adb up to the downgrade. once you get to this point,you could easily roll yourself all the way back to the shipping firmware(assuming amoled screen) if you wanted,and then use an adb method(if one exists,im not that flamiliar with the inc). you dont have to go back to 2.2. i just picked that cause most folks are familiar with it,and with using unrevoked 3.32 to root/s-off it
-there have been a few complaints of unrevoked not giving s-off on 2.2. before you start,make sure "disable phone security" is checked in the file menu. if s-off still fails,but gives you root and a recovery,its worked for everyone thus far to just run the "forever" .zip in recovery,no real need to reflash the 2.2 ruu and run unrevoked multiple times.
-last and not least unrevoked is not ever going to give s-off in the 2.3.4(unless they release a new version for 2.3.4),as is uses an unsupported baseband,thats why the 2.2 downgrade is needed. folks that have no intention of backing up or returning to 2.3.4 and are fairly savy like the poster above,id strongy encourage to just use directions in post 2,its a lil quicker to not have to mess with unrevoked 3.22. its mainly included for the folks that want to make a nandroid or run tibu prior to the downgrade(plus zergRoot hadnt come out yet,when i originally put this together )
once your back on 2.2 you could even just use z4root to get get root access,install rom manager and clockwork,then flash the forever patch. once you can downgrade,there are alot of ways to skin the cat
Worked after a few tries!
Thanks Scotty for this writeup. I thought for a minute that things wouldn't work, but a third try proved fruitful.
Here's a few tips that I can add to things.
Things failed for me at the restore 2.2 part - HBOOT would not recognize the zip file as correct.
I am on a Win XP machine... Format the sd card to fat 32 using something other than Windows - I used a little program called "fat32format.exe". Windows seems to have a problem formatting sd cards correctly, so that could have been it.
Once I made sure the sd card was formatted, I put the 2.2 zip (PB31IMG) back on the sd card and started over using the zergRush method.
If you have tried this before, you will have to remove two directories from the /data/local/tmp directory. These are sh and boomsh. Thanks to ieftm in this forum for this tidbit of info.
If your zergRush is giving you problems stating:
[-] Cannot copy boomsh.: Permission denied
Then use this method to fix as I stated in paragraph above: remove sh and boomsh
Once these directories were removed and the zergRush was completed, the downgrade commenced just as described.
Side note - Unrevoked 3.32 installed Unrevoked forever automatically onto my DInc, so there was no reason to do the additional forever installation. You may have the same results.
For anyone else that can't seem to get things working, the search is your friend. It took me a while of hacking away at things, but eventually they all turned up roses...
Good Luck!
problems install roms
I have a problen,I can't install a Rom error e: can't open/sdcard/primexl3d.zip, why?
saosinalm:
First off, that's the wrong name for the downgrade zip according to the instructions that scotty posted above. Make sure the file is titled correctly and follow his instructions from beginning to end. I believe when mine succeeded my file title was "PB31IMG.zip" but in his instructions he leaves off the ".zip" at the end.
If there is an error in the process, you will have to start over from about step 3. You can't just start back from where you left off if you reboot the phone. Make sure you check your MD5's once you download, then you won't have to go back over that step.
I found the zergRush method easier, but I am more comfortable with adb...
I would suggest re-reading the instructions and following closely - he walks you through things really well.
I have one question....
Why root a phone? I had my phone rooted and honestly it was a complete waste of time. NONE of the Roms I downloaded ever worked properly, the apps never worked, and it was nothing but trouble for me. My phone always "force close" my apps too. No offense to the developers I just didn't see a benefit.
Am I wrong?
epescina:
That's really best answered differently depending on the type of person you are. If you like to play around and experiment with things or like learning how things work, maybe this works for you. Some people do it to get a custom look that no one else has, some do it to try and get better performance out of their phone that may have been bloated with apps out of the factory, and others are learning about developing apps and programming with it. Every person is different. Maybe it's just not for you, but others on this board can't live without it. To each his (her) own...
saosinalm said:
I have a problen,I can't install a Rom error e: can't open/sdcard/primexl3d.zip, why?
Click to expand...
Click to collapse
what are you trying to do exactly? no part of this guide requires you to flash a rom. so if youre tryingto root,be more specific what youre having trouble with, and if this is just a general question about flashing roms,you might do some research and/or post a new thread where more people will see it
epescina said:
I have one question....
Why root a phone? I had my phone rooted and honestly it was a complete waste of time. NONE of the Roms I downloaded ever worked properly, the apps never worked, and it was nothing but trouble for me. My phone always "force close" my apps too. No offense to the developers I just didn't see a benefit.
Am I wrong?
Click to expand...
Click to collapse
i personally have the opposite experience. while there are a couple minor issues with the rom that i run,i feel my phone is faster and more pleasureable after root. i love htc phones,but hate htc sense,so i root mainly root so i can run AOSP based firmware.
but as was said,to each his(her) own
scotty1223 said:
i personally have the opposite experience. while there are a couple minor issues with the rom that i run,i feel my phone is faster and more pleasureable after root. i love htc phones,but hate htc sense,so i root mainly root so i can run AOSP based firmware.
but as was said,to each his(her) own
Click to expand...
Click to collapse
I too hate the HTC Sense and wish I could change the overall layout of my phone. When I did load a new ROM that changed the layout it always seemed to be screwed up for one reason or another.
For example the lastest rom (Cyanogen) I absolutely loved but it didn't have market and I never could find out how to load it!
scotty1223 said:
i personally have the opposite experience. while there are a couple minor issues with the rom that i run,i feel my phone is faster and more pleasureable after root. i love htc phones,but hate htc sense,so i root mainly root so i can run AOSP based firmware.
but as was said,to each his(her) own
Click to expand...
Click to collapse
Couple of quick questions (which might appear silly):
"place the PB31IMG of 2.2 on the root of your sd card. rename PB31IMG"
#1) What do we rename "PB31IMG.zip" to? The directions simply state to rename it.
#2) Move it to the root of the external sdcard or internal sdcard?
tia, and I hope these questions weren't too ridiculous.
kjy2010 said:
Couple of quick questions (which might appear silly):
"place the PB31IMG of 2.2 on the root of your sd card. rename PB31IMG"
#1) What do we rename "PB31IMG.zip" to? The directions simply state to rename it.
#2) Move it to the root of the external sdcard or internal sdcard?
tia, and I hope these questions weren't too ridiculous.
Click to expand...
Click to collapse
It should be named PB31IMG.zip
It all depends how you rename it, if you use your pc it may not show the.zip extension if you have "show extensions" turned off. So on your pc it may just say PB31IMG even though it is really a zip. Sometimes when extensions are off people end up naming it PB31IMG.zip.zip wich will not work. It is best to have your pc show extensions you can do that by going to controll pannel / folder options / view tab uncheck hide extensions for known file types.
cmlusco said:
It should be named PB31IMG.zip
It all depends how you rename it, if you use your pc it may not show the.zip extension if you have "show extensions" turned off. So on your pc it may just say PB31IMG even though it is really a zip. Sometimes when extensions are off people end up naming it PB31IMG.zip.zip wich will not work.
Click to expand...
Click to collapse
wow lol ok, that just seems common sense, but I guess you never know who your audience is
Which sdcard should the file be on?
kjy2010 said:
wow lol ok, that just seems common sense, but I guess you never know who your audience is
Which sdcard should the file be on?
Click to expand...
Click to collapse
It should be on the removable sd not the internal storage if thats what you were asking.
cmlusco said:
It should be on the removable sd not the internal storage if thats what you were asking.
Click to expand...
Click to collapse
thanks again, just making certain. going for my third try now!
---------- Post added at 01:20 PM ---------- Previous post was at 01:14 PM ----------
I'm getting an unmatched number on zergRush
"md5sums zergRush again,output stuff, then this number: 795275fb9c41ebd5b9fe7ab19108c52b"
I get "4bf71b766a9603fa7db98e71e3f3b470"
??
It states:
"*all those numbers must match exactly. if they do then you can procede."
What do you do if they don't match?
Sorry for the n00b questions, been dealing with nothing but HC since June.
I would try redownloading and then check it again. If its still wrong i would contact the op scotty and ask him, as he is the one who provided the original md5.
cmlusco said:
I would try redownloading and then check it again. If its still wrong i would contact the op scotty and ask him, as he is the one who provided the original md5.
Click to expand...
Click to collapse
thanks, d/l it three times already what a PITA
I get a md5 of
3cf8a3fbceb667121d91f4ef1a66684c
for the zergrush file in the zip and.
12c52b97e75e73595b325c03610b3380
for the zip it self, different than both of your guys.
Edit. I believe that the zergrush file has been updated since this post to include more phones so that is probably why the md5 is different.
DISCLAIMER: YOU AGREE TO TAKE FULL RESPONSIBILITY FOR YOUR DEVICE IF YOU PROCEED.
The original thread (http://forum.xda-developers.com/moto-g/general/mod-save-data-space-cache-partition-t2942765) was getting to cluttered up with development and testing so I decided to start a new thread with the "finished" product. The original thread will be renamed to Q&A/Development. We might even ask for the old thread to be closed down. (up to @Bert98, the thread's creator.)
Moto G's internal eMMC card has a ~600Mb partition called /cache, which is not used since the apps' cache is stored in /data, so the latter fills up and the first one stays empty.
Owning a 8Gb model, having 600Mb not available for storage really bugged me, because my phone's memory (/data partition) was always full because it's a 5.7Gb space shared between apps and microSD files.
Now, it may not work for you if:
a) you have A LOT of apps installed.
And by "a lot", I mean more than 90-100 apps, but if you have a 8Gb model, you probably don't
b) you're running ART (this is default in lollipop and newer)
Since ART uses a lot more space than dalvik, the space in the /cache partition probably won't be enough. When I was running ART, it used 1Gb more than dalvik.
Original post by @Bert98
Click to expand...
Click to collapse
This was tested on my moto g 16GB which is running RetailUS_4.4.4 kitkat with CWM recovery. The custom ROM procedure was tested on the same phone but with cm11 Nightly installed.
Prerequisites:
1. You must have "adb root" functioning. If you don't head to this thread: http://forum.xda-developers.com/showthread.php?t=1687590 and there is a free download link at the bottom of the post.
Download and install the apk on your phone. Open up adbd insecure (the new app) and grant it superuser rights PERMANENTLY. Check the box that says "enable insecure binary" and make sure to check the box
that says "enable at boot."
2. You must have a recovery that can accept adb shell commands.
3. Root Access Duh?!
4. A windows machine capable of running batch files.
5. A decent text editor, notepad will work but notepad++ is strongly recommended. (Only needed if you are using STOCK ROM procedure)
Please, please make a nandroid backup before you continue!!!!
Stock ROM procedure:
Read the directions very carefully and then read them again, before continuing.
1. Download the cachemover_v1.3.zip from: LINK REMOVED DUE TO SCRIPT ISSUES.
2. Extract the contents.
3. Connect device to PC and navigate to the extracted folder.
4. Double click/Run the cachemover_Stock.bat
5. Follow the onscreen instructions until you get to the part where it says to edit a file.
6. About halfway through the script it will pull a file called "init.qcom.post_boot.sh" to the folder.
7. Open it with a TEXT editor and navigate to about line 487 (Might be different for 8gb model). Look here for a better understanding: https://www.dropbox.com/s/jr5lyl5s5i2jtpg/where to paste code.PNG?dl=0
8. Start a new line and paste this code in the file: (Refer to the image above for help)
Code:
chmod 655 /cache
chmod 655 /cache/dalvik-cache
chmod 655 /cache/dalvik-cache/*
9. Make sure to save the file in the same folder as the cachemover_Stock.bat
10. Press any key to continue on the script and let it do its thing.
11. It will reboot several times and land you on the home screen/lock screen.
12. If the script hangs after a reboot, you need to unlock the device to reestablish a connection with your computer.
13. There might be one or two force closes but once you close the notifications they will not come back.
Custom ROM procedure:
USE THIS FOR ROMS THAT DO NOT REMOUNT OR CHANGE PERMISSIONS OF /CACHE ON BOOT
1. Download the cachemover_v1.3.zip from: https://www.dropbox.com/s/bzj34g4q1s61ojz/cachemover_v1.3.zip?dl=0
2. Extract the contents.
3. Connect device to PC and navigate to the extracted folder.
4. Double click/Run the cachemover.bat
5. Follow the onscreen instructions.
If anything goes wrong:
Go to recovery, wipe cache, then wipe dalvik-cache and reboot. This should get your device back to how it was.
(If you used STOCK ROM procedure)
The script made a backup of the "init.qcom.post_boot.sh" file to /sdcard/init_backup
You can restore the shell script to /system/etc/ via shell commands or by using a root browser. To restore permissions:
Code:
chmod 740 /system/etc/init.qcom.post_boot.sh
chown root:root /system/etc/init.qcom.post_boot.sh
Custom ROM procedure already has a restore script!
I am currently working on an auto restore script for stock and that will be relased soon, hopefully! :good:
Changelog:
v1.0 - First stable release. Does not work on STOCK ROM.
v1.1 - Added a restore script.
v1.3 - Added support for STOCK ROM. There are still a few bugs.
How it works?!?!
Coming soon...
Huge thanks to @Bert98 and @dd043
Hit the thanks button if it worked! I went through about 50 factory resets, and reflashed the ROM about 25 times, and put about 10 hours of work into this script! Really motivates me for future projects. :laugh:
Thanks for your help man and effort.
I encountered a problem, everything works up until my device boots in CWM to fix permissions, then just sits there doing not alot I don't even see the option in my CWM.
Any ideas? cheers
Sent from my XT1032 using XDA Free mobile app
When it reboots to cwm unplug the cable and replug it, if it hangs just type these commands manually from a command window.
chmod 655 /cache
chmod 655 /cache/dalvik-cache
chmod 655 /cache/dalvik-cache/*
reboot
If this does not work you may ned to go into mounts & storage in the cwm menu and click mount /cache. Then try the commands again.
I'm having some issues on stock.
I thought 0655 fixed everything but no, I can't install any app after moving the dalvik-cache to /cache. I tried chmoding 0777 on the new cache folder, on /cache itself, to no avail.
Code:
E/dexopt cannot open '/data/dalvik-cache/[email protected]' for output
Anyone can confirm it's not only my device? And/or can help find a fix?
Also does someone knows how to execute commands on a particular init step? Real init.rc scripts can do:
Code:
on post-fs-data
mount -o bind /cache/dalvik /data/dalvik-cache
It there was a way to achieve the same from post_boot/init.d we could mount -o bind /cache/dalvik /data/dalvik-cache and all permissions issues would disappear as well as the need for symlink.
You have a typo in the threads title. Just a heads up.
Vuciz said:
You have a typo in the threads title. Just a heads up.
Click to expand...
Click to collapse
Thanks for letting me know!
dd043 said:
I'm having some issues on stock.
I thought 0655 fixed everything but no, I can't install any app after moving the dalvik-cache to /cache. I tried chmoding 0777 on the new cache folder, on /cache itself, to no avail.
Code:
E/dexopt cannot open '/data/dalvik-cache/[email protected]' for output
Anyone can confirm it's not only my device? And/or can help find a fix?
Also does someone knows how to execute commands on a particular init step? Real init.rc scripts can do:
Code:
on post-fs-data
mount -o bind /cache/dalvik /data/dalvik-cache
It there was a way to achieve the same from post_boot/init.d we could mount -o bind /cache/dalvik /data/dalvik-cache and all permissions issues would disappear as well as the need for symlink.
Click to expand...
Click to collapse
Let me try and do that right now... Ill get back to you if it does!
My script works on stock btw... But the mount way seems a bit easier and might cause less errors than my way.
Try it please.
skyguy126 said:
Let me try and do that right now... Ill get back to you if it does!
My script works on stock btw... But the mount way seems a bit easier and might cause less errors than my way.
Try it please.
Click to expand...
Click to collapse
Yes I've tried your script, all went well but the result is the same. The script itself works nicely btw
Applications present before moving cache work perfectly, but I can't install anything new. I suspect it might be my device but before wiping everything I'd prefer feedback from others :fingers-crossed:.
I cannot install new apps as well. The mount command you showed me has the same effect too. I honestly don't know anymore, the sym link did not allow the install of new apps nor did the mount command you sent me. Correct me if I am wrong.
Edit: Going through all the init files on my phone to see which one remounts /cache at boot.
Why does the init.rc get overwritten at boot. Is it because the kernel (boot.img) is the one that copies it over? I have found by changing the perms/locations in this file and init.target.rc you can achieve what this mod is trying to acomplish.
I don't see the mount cache command in CWM strange
I've managed to get back to normal, thanks for everyone's help though, I will keep and eye on the thread
Sent from my XT1032 using XDA Free mobile app
non-windows version?
Thanks for this tool. It's a great idea and our Motos really need it.
However, I have a problem - I do not own a windows license (os x and ubuntu user) and I would prefer not to spend $120 just to use it for this script. Pirating is out of the question for me.
I was wondering if there is any chance of having this script written for linux and/or mac. If impossible, is there a LEGAL way of running windows in a virtual machine? Something like a trial or similar?
If you know how just convert it to shell script for osx and Linux. I give you permission to do this but you may not take credit or rehost your creation.
Ok so I have the kernel extracted and we could modify and flash that, but I believe that it's not really necessary. There are a lot of risks to flashing kernels and I am not willing to take it. So is there a way we can modify dalvik so it creates it's cache in /cache instead.
skyguy126 said:
Why does the init.rc get overwritten at boot. Is it because the kernel (boot.img) is the one that copies it over? I have found by changing the perms/locations in this file and init.target.rc you can achieve what this mod is trying to acomplish.
Click to expand...
Click to collapse
Yes the init.rc is in the boot ramdisk. I don't think it would be worth the trouble to rebuild a boot.img. The moto g is fairly unbrickable but it's quite a lot of work to setup an environment to rebuild an image :/.
Too bad for the mount command, I was sure it was working but maybe I had changed something else and don't quite remember the steps to reproduce
We could possibly implement a shell script toggler for when we need to install new apps, but I'm afraid it'd become annoying fairly quickly: I noticed the issue initially because google play services decided to update itself, failed, and broke all google apps. As far as I know this autoupate can't be disabled.
Thanks for trying!
dd043 said:
Yes the init.rc is in the boot ramdisk. I don't think it would be worth the trouble to rebuild a boot.img. The moto g is fairly unbrickable but it's quite a lot of work to setup an environment to rebuild an image :/.
Too bad for the mount command, I was sure it was working but maybe I had changed something else and don't quite remember the steps to reproduce
We could possibly implement a shell script toggler for when we need to install new apps, but I'm afraid it'd become annoying fairly quickly: I noticed the issue initially because google play services decided to update itself, failed, and broke all google apps. As far as I know this autoupate can't be disabled.
Thanks for trying!
Click to expand...
Click to collapse
How about making a simple apk that toggles this feature. Something like when you click the icon it doesn't even open but gives a little notification of success. Something like that. I myself am not experienced with apks but I can put together a shell script for the apk.
skyguy126 said:
Ok so I have the kernel extracted and we could modify and flash that, but I believe that it's not really necessary. There are a lot of risks to flashing kernels and I am not willing to take it. So is there a way we can modify dalvik so it creates it's cache in /cache instead.
Click to expand...
Click to collapse
Patching dalvik itself sounds promising. It can probably be done with in a batch script with a command line hex editor.
The path is defined in frameworks/base/cmds/installd/installd.h
Code:
#define DALVIK_CACHE_PREFIX "/data/dalvik-cache/"
Not sure if there is another mention in the source tree.
But there's nothing to say we wouldn't face the same issue, the error message in the logcat is pretty generic
dd043 said:
Patching dalvik itself sounds promising. It can probably be done with in a batch script with a command line hex editor.
The path is defined in frameworks/base/cmds/installd/installd.h
Code:
#define DALVIK_CACHE_PREFIX "/data/dalvik-cache/"
Not sure if there is another mention in the source tree.
But there's nothing to say we wouldn't face the same issue, the error message in the logcat is pretty generic
Click to expand...
Click to collapse
Ill try it. I don't mind doing a bunch of resets because I am using my moto g as a test bench anyway. My daily driver is the OnePlus One
dd043 said:
Patching dalvik itself sounds promising. It can probably be done with in a batch script with a command line hex editor.
The path is defined in frameworks/base/cmds/installd/installd.h
Code:
#define DALVIK_CACHE_PREFIX "/data/dalvik-cache/"
Not sure if there is another mention in the source tree.
But there's nothing to say we wouldn't face the same issue, the error message in the logcat is pretty generic
Click to expand...
Click to collapse
EDIT: Unfortunately it didn't work. I don't know if I modified the installd file correctly. The program I used is HxD.
Is there a way we can force dalvik to start after the directories are created. And change dalvik to create it in /cache.