Related
I am in need of warranty services so I installed stock vha rom and did a factory reset, etc.
Problem is the phone is still s-on and rooted.
I can remove root in visionary... How do i s-on? I would not like any traces of hacking left over. thanks.
You have to flash a stock RUU
Aamir.Badat said:
You have to flash a stock RUU
Click to expand...
Click to collapse
uhm can you explain?
I need that too
thanks in advance
If we hard reset our phone without keeping the backup and untick the option of installing the backup from the options, then i think we loose the root and the S-OFF.
I am interested also too, to remove the s-off
Antonios, no, S-OFF would remain. Also using stock RUU is not enough in most cases, as it would fail at hboot version checking while flashing OR Radio S-OFF would remain in the phone nevertheless. One tried, tested and simple way to S-ON from pretty much any phone state is to:
- Do Radio S-OFF (yes, S-OFF) with my tool if not already (link in sig)
- Follow the instructions in my Radio tool thread to go S-ON
It will remove clockworkmod, eng hboot, custom rom, everything. Your device will be completely stock after the process.
Should be sticky in Desire HD Android Development section. no?
Ok I got my G2 when it first came out. Used the old rage method to get S-OFF and perma root. Now i'm reading people say that they have "real" S-OFF and real permaroot. Do I have to do the "gfree" method now or is my phone good as it is?
I understand that with gfree you can unlock your SIM and you can switch between S-OFF and S-ON.. I'd like to have those functions. How should I go about it? Do I do a factory reset to go back to stock and unroot and then use gfree method or is there a simpler way to do it?
Here's what I have right now:
Stock rom, I NEVER installed any OTA's.
I have Baconbits.
My baseband is: 12.22.60.09bU_26.02.01.15_M2
Kernel: 2.6.32.21-cyanogenmod [email protected]#1
Build #: 1.19.531.1 CL255798 release-keys
Thanks for all the help.
Since you have root and a stock rom installed, just run gfree -- that is ALL you need to do. The advantage, aside from unlocking the radio, is that with the proper s-off, there is some new security for the radio... for unbricking and for being able to withstand accidental OTA updates. A true radio s-off can take an OTA update containing BOTH an SPL and a Radio, and yet s-off remains.
dhkr234 said:
Since you have root and a stock rom installed, just run gfree -- that is ALL you need to do. The advantage, aside from unlocking the radio, is that with the proper s-off, there is some new security for the radio... for unbricking and for being able to withstand accidental OTA updates. A true radio s-off can take an OTA update containing BOTH an SPL and a Radio, and yet s-off remains.
Click to expand...
Click to collapse
I'm in the same boat as the OP. How do i go about just running gfree?
sent from my V I S I O N.
Well I'm rooted with the old method as well but because I I cant flash cwm 3.x with the gree method. You need the eng hboot so ill stick with the old method until clockwork makes it work with the gfree method.
Sent from my gSpot2
PatrickHuey said:
I'm in the same boat as the OP. How do i go about just running gfree?
sent from my V I S I O N.
Click to expand...
Click to collapse
See the Wiki for details. Assuming you are running a kernel where gfree works (again, see the Wiki on this), you just need a root shell on your phone, copy gfree to your phone (e.g. via adb push), then run gfree with the appropriate options, e.g. "./gfree -f".
Sent from my HTC Desire Z
elracing21 said:
Well I'm rooted with the old method as well but because I I cant flash cwm 3.x with the gree method. You need the eng hboot so ill stick with the old method until clockwork makes it work with the gfree method.
Sent from my gSpot2
Click to expand...
Click to collapse
Using gfree does not get rid of the engineering hboot (or modify your existing hboot in anyway), so it's safe to do. And even if this was not the case, you can still flash the CWM3 recovery without the engineering hboot, only you'll have to use a different method than fastboot.
dhkr234 said:
Since you have root and a stock rom installed, just run gfree -- that is ALL you need to do. The advantage, aside from unlocking the radio, is that with the proper s-off, there is some new security for the radio... for unbricking and for being able to withstand accidental OTA updates. A true radio s-off can take an OTA update containing BOTH an SPL and a Radio, and yet s-off remains.
Click to expand...
Click to collapse
thanks for responding. so this will work even though i dont have a stock kernel?
also, as far as OTA's go, you mean that if after i run gfree i will be able to apply the OTA without it unrooting my phone?
thank you
konoplya said:
thanks for responding. so this will work even though i dont have a stock kernel?
also, as far as OTA's go, you mean that if after i run gfree i will be able to apply the OTA without it unrooting my phone?
Click to expand...
Click to collapse
Not sure about Baconbits, check the Wiki for the list of kernels that are known not to work with gfree.
If you apply the OTA after unlocking with gfree, you will still lose root but you won't lose the S-OFF and other stuff from gfree.
Sent from my HTC Desire Z
steviewevie said:
Not sure about Baconbits, check the Wiki for the list of kernels that are known not to work with gfree.
If you apply the OTA after unlocking with gfree, you will still lose root but you won't lose the S-OFF and other stuff from gfree.
Sent from my HTC Desire Z
Click to expand...
Click to collapse
ok, i see. so if i loose root would i just have to run gfree again after I install OTA to gain root back?
konoplya said:
ok, i see. so if i loose root would i just have to run gfree again after I install OTA to gain root back?
Click to expand...
Click to collapse
Not just gfree on its own, but you will need to go through the steps of getting temp root then perm root, which does use gfree as part of it. It's all in the Wiki.
konoplya said:
ok, i see. so if i loose root would i just have to run gfree again after I install OTA to gain root back?
Click to expand...
Click to collapse
gfree does NOT root your phone. It UNLOCKS RADIO SECURITY -- permanently. You only run it ONCE, you NEVER have to run it again... EVER.
With UNLOCKED RADIO SECURITY, gaining root is TRIVIAL.
What gets root is RAGE or PSNEUTER.
dhkr234 said:
gfree does NOT root your phone. It UNLOCKS RADIO SECURITY -- permanently. You only run it ONCE, you NEVER have to run it again... EVER.
With UNLOCKED RADIO SECURITY, gaining root is TRIVIAL.
What gets root is RAGE or PSNEUTER.
Click to expand...
Click to collapse
Yeah but gfree is often used as part of the rooting process, so I can see why people associate gfree with rooting.
gfree might be run more than once on a phone as part of the process to lock in root, i.e. to defeat the NAND write protection. Even though it's only needed once to unlock the radio etc, you might run it other times if you need to root a stock ROM and updates to that ROM.
gfree can be used to unlock radio security, but it has other options too. Sorry but I think your reply might confuse more people than it helps.
x
Help me please! I tried to find my answer, but i'm not sure.
Can be possible use the update.zip without any modification? Or i need change the hboot?
Thank you!
Janaboy
I'm perm rooted! but I lost the ota update cause I was simi-brick how can I get the OTA update? do I have to to a factory reset?
You should get the OTA right away after restarting the phone, I know I did after going back to stock on just Saturday of this week. The first time I connected to the network it said an update was available and it was the OTA.
that hasnt happen and it need to hurry up!! lol
So do a Factory reset?
hiya guys, im kinda in the same boat. Just got the g2 with build 1.22.531.8 and perma rooted it with visionary/rage method. I want to get supercid, sim unlock with gfree. can someone post or direct me to instructions on how to do so? thanks for helping a noob.
aok680 said:
hiya guys, im kinda in the same boat. Just got the g2 with build 1.22.531.8 and perma rooted it with visionary/rage method. I want to get supercid, sim unlock with gfree. can someone post or direct me to instructions on how to do so? thanks for helping a noob.
Click to expand...
Click to collapse
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Unlock_the_Phone.2C_Set_SuperCID.2C_and_Turn_Radio_S-OFF
http://www.youtube.com/watch?v=tU9zn_BEth4&feature=player_embedded
I rooted my phone like this back in December. I am not sure what hack I had performed on my phone.
Did I remove ENG-Hboot? Is it an S-off? Did I get SuperCID? Did I perform a subsidy unlock? Do I need to have a radio-S off?
Anyhelp would be much appreciated.
bump
10char
You have permanent root with fake S-OFF using the engineering HBOOT (if you go into the bootloader, you'll see ENG S-OFF as opposed to SHIP S-ON).
You do not have SuperCID, subsidy unlock, or radio S-OFF. You will need to use gfree to obtain those if you want. The Wiki contains info about what each of those means as well as how to use gfree if you already have root.
Today I accidently turned it on (the thing in the bootloader) and now I can't turn it off no matter what so I can do a revert to stock .img, I used the PDI15.img or w.e that would revert back to stock forgetting that I had the newest radio and now I can't revert to stock or turn S-OFF. Please help
Current Configurations:
GLACIER PVT SHIP S-ON
HBOOT - 0.86.0000
MICORP - 0429
RADIO - 26.09.04.26_M
eMMC - BOOT
More Info:
When I use a PDIMG or w/e file it errors out as being old
Can you still boot? Like into your rom? If so just try rooting using visionary and using a root explorer to push the gfree files to data/local/ then just follow the normal rooting procedure
Sent from my HTC Glacier using XDA Premium App
Nicgraner said:
Can you still boot? Like into your rom? If so just try rooting using visionary and using a root explorer to push the gfree files to data/local/ then just follow the normal rooting procedure
Sent from my HTC Glacier using XDA Premium App
Click to expand...
Click to collapse
Yeah I can still boot into my rom, bootloader, and recovery and okay will try that
EDIT: Okay I did, I tried turning S-OFF but it says something about eMMC power cycle failed
XxKOLOHExX said:
Yeah I can still boot into my rom, bootloader, and recovery and okay will try that
EDIT: Okay I did, I tried turning S-OFF but it says something about eMMC power cycle failed
Click to expand...
Click to collapse
dude! I noticed this also this morning. I am rooted(using setcpu and root explorer just fine) but in hboot it says s=on. I was also wanting to flash the stock .img and start fresh. thought I was the only one having this problem. tried everything you did and got the same results.
What ROM are you on? AFAIK, gfree, requires the stock kernel to do what it does. How on earth did you turn S-ON? That sort of thing shouldn't just happen out of nowhere.
How is the progress on fixing your phone?
jdkoren said:
What ROM are you on? AFAIK, gfree, requires the stock kernel to do what it does. How on earth did you turn S-ON? That sort of thing shouldn't just happen out of nowhere.
Click to expand...
Click to collapse
currently on Evil D mTGB v1.0, Faux 0.0.7 CFS lv leak kernel. everything works fine, no FC's or anything. just having the same issues as XxKOLOHExX. I really have no idea how it turned on by itself, I dont remember doing anything out of the ordinary
I was trying to get back to stock from the rom i was on. (MIUI) and when I used the stock .img though the bootloader it went all good till it rebooted, then it said failed because the file was old and now I am stuck with s-on and I don't know how to turn it off
How did you get to the stock bootloader? Did you have eng bootloader at one point? What meth of root did you use? Alot of info missing.
Now download the stock radio.img and push it via adb or just download the PD15IMG.zip (radio only not rom included). Once this is done you can revert back to stock rom/radio using standard PD15IMG.zip (radio+rom). Now depending on the type of root you used it would depend if you still have radio flag on/off even if your reverted back to stock bootloader.
PS: You can get PD15IMG.zip (stock radio) from master radio thread and PD15IMG.zip (stock radio/rom) by doing search.
PermROOT said:
How did you get to the stock bootloader? Did you have eng bootloader at one point? What meth of root did you use? Alot of info missing.
Now download the stock radio.img and push it via adb or just download the PD15IMG.zip (radio only not rom included). Once this is done you can revert back to stock rom/radio using standard PD15IMG.zip (radio+rom). Now depending on the type of root you used it would depend if you still have radio flag on/off even if your reverted back to stock bootloader.
PS: You can get PD15IMG.zip (stock radio) from master radio thread and PD15IMG.zip (stock radio/rom) by doing search.
Click to expand...
Click to collapse
It flashed the bootloader when I flashed the PD15IMG.zip, it just stop when I did the whole procedure. Nope never flashed an Engineer Bootloader. I used theunlockr.com sites method
I tried that, it uziped then tried to flash the radio then just went back to the original menu for the bootloader
If you used the VISIONary+ (TempROOT) and root.sh (PermROOT) meth then you already had engineering hboot (0.85.2007) pushed though terminal on "/dev/block/mmcblk0p18". Now you did something in between is what I would like to know.
As you flashed new radio (26.09.04.26_M) which I am clear. But what I like to know is how did you end up with default hboot (0.86.0000)? If you had S=OFF you didn't lose it via flashing new radio. Which PD15IMG.zip did you install? Now when you say PD15IMG.zip what do you mean? It can be anything as its default mt4g system based image. Stock PD15IMG.zip = (Sense 2.2.1 Rom/Radio 26.03.02.26_M). Did you install leaked PD15IMG.zip from Panache? or GB2.3.3S?
Are you not 1 of the Royal dev's? who try to take over Silence's IG if I recall. I am just assuming here but this is why you do "NOT" dump system image via hboot. What you should have done was do complete total system wipe (format /data; /system) and then flash new edify based CWMR flashable rom.
PermROOT said:
If you used the VISIONary+ (TempROOT) and root.sh (PermROOT) meth then you already had engineering hboot (0.85.2007) pushed though terminal on "/dev/block/mmcblk0p18". Now you did something in between is what I would like to know.
As you flashed new radio (26.09.04.26_M) which I am clear. But what I like to know is how did you end up with default hboot (0.86.0000)? If you had S=OFF you didn't lose it via flashing new radio. Which PD15IMG.zip did you install? Now when you say PD15IMG.zip what do you mean? It can be anything as its default mt4g system based image. Stock PD15IMG.zip = (Sense 2.2.1 Rom/Radio 26.03.02.26_M). Did you install leaked PD15IMG.zip from Panache? or GB2.3.3S?
Are you not 1 of the Royal dev's? who try to take over Silence's IG if I recall. I am just assuming here but this is why you do "NOT" dump system image via hboot. What you should have done was do complete total system wipe (format /data; /system) and then flash new edify based CWMR flashable rom.
Click to expand...
Click to collapse
Yeah I know that, I Was trying to go back to stock everything using the unrooting method(PD15IMG.zip). Using this file I was able to get through the first step and it rebooted, then it went back to bootloader and now it won't take the PD15IMG.zip saying that it is an older file. Yes I am one of the devs, That's why before posting I tried everything I could think of, gfree, old unrooting methods, etc. I didn't use a dump lol I'm not that noobish haha
Thats where you got owned as the PD15IMG.zip (stock rom/radio) just reverted back to hboot (0.86.0000) from eng hboot (0.85.2007). While you attempted to go further you couldn't do to security turning on (S=ON). Now this normally wouldn't be problem but since you had newer radio (26.09.04.26_M) it wouldn't replace it with old.
All you had to do was follow few simple meths which you should have learned it over the years. Go back same way you came by first reverting back to original radio image and then after doing complete system wipe you should have reverted back to original factory based via stock pd15img.
Ill post back with solution soon let me think this out. I don't want to brick your phone trying to manually push the radio.img nor the eng_hboot.img. As if you try to push radio now would fail on write and give you hard brick. Since S=ON and if you try to push eng_hboot.img who knows what will happen as no R/W access on mmcblk could could also fail thus giving bad flash which can also brick the device. Ill see what happens and post back at... you folks just made more extra work for me.
PermROOT said:
Thats where you got owned as the PD15IMG.zip (stock rom/radio) just reverted back to hboot (0.86.0000) from eng hboot (0.85.2007). While you attempted to go further you couldn't do to security turning on (S=ON). Now this normally wouldn't be problem but since you had newer radio (26.09.04.26_M) it wouldn't replace it with old.
All you had to do was follow few simple meths which you should have learned it over the years. Go back same way you came by first reverting back to original radio image and then after doing complete system wipe you should have reverted back to original factory based via stock pd15img.
Ill post back with solution soon let me think this out. I don't want to brick your phone trying to manually push the radio.img nor the eng_hboot.img. As if you try to push radio now would fail on write and give you hard brick. Since S=ON and if you try to push eng_hboot.img who knows what will happen as no R/W access on mmcblk could could also fail thus giving bad flash which can also brick the device. Ill see what happens and post back at... you folks just made more extra work for me.
Click to expand...
Click to collapse
Thank you so much for the help
PermROOT said:
Thats where you got owned as the PD15IMG.zip (stock rom/radio) just reverted back to hboot (0.86.0000) from eng hboot (0.85.2007). While you attempted to go further you couldn't do to security turning on (S=ON). Now this normally wouldn't be problem but since you had newer radio (26.09.04.26_M) it wouldn't replace it with old.
All you had to do was follow few simple meths which you should have learned it over the years. Go back same way you came by first reverting back to original radio image and then after doing complete system wipe you should have reverted back to original factory based via stock pd15img.
Ill post back with solution soon let me think this out. I don't want to brick your phone trying to manually push the radio.img nor the eng_hboot.img. As if you try to push radio now would fail on write and give you hard brick. Since S=ON and if you try to push eng_hboot.img who knows what will happen as no R/W access on mmcblk could could also fail thus giving bad flash which can also brick the device. Ill see what happens and post back at... you folks just made more extra work for me.
Click to expand...
Click to collapse
lol sorry for the extra work, just dont wanna have the chance of bricking my phone but like XxKOLOHExX I wanted to revert back to stock from mTGB using the stock PD15IMG_Glacier_TMOUS_1.17.531.2_Radio_12.28b.60.140e_26.03.02.26_M_release_155771_signed. everything he described is happening to me also, step by step. I rooted with the visionary+ and permroot method(unlockr). I did download and flash the 26.08.04.30 radio. heres what I see in hboot
GLACIER PVT SHIP S-ON
HBOOT-0.86.0000
MICROP-0429
RADIO-26.08.04.30_M3
eMMC-boot
Sep 27 2010, 11:12:59
so what youre saying is that we should try flashing the stock radio first, wipe the whole phone(including sdcard?), then flash the stock PD15IMG? Ill give it a shot real quick, thanks
*edit* hboot wont even let me flash the stock radio, itll say checking but wont actually let me update it
Well clarknick27 the problem here is that root.sh to gain PermROOT via VISIONary+ just push the 0.85.2007 eng hboot and giving temporary S=OFF, the true security flag as we know it is controlled in the radio. So when you try to revert back using stock PD15IMG (rom/radio) it reverted back to the stock 0.86.0000 hboot thus turning on the security flag on.
What you all should have done is reverted back same way you installed it. Which would have been first use PD15IMG.zip (stock radio) and then use stock PD15IMG.zip (radio/rom). I still need some sleep lol I just wokeup after sleeping 2hours.
The MT4G I tested on I rooted it via VISIONary+ and then flashed GB Leak rom not the PD15IMG.zip (leak radio/rom) which contained the 0.89.0005 hboot. So after flashing stock radio PD15IMG.zip (radio 26.03.02.26_M) I was able to flash stock PD15IMG.zip (rom/radio) without problem. Which is same as I suspected even after S=ON due to same version radio no problem. If I had newer radio after that point it would be locked out. Let me go to sleep and wakeup and ill see what happens from there. As I have clean MT4G ill have to reroot it first.
BTW XxKOLOHExX and clarknick27 just in case my account gets disabled. Do the following and report it here and ill see from there.
1) Which working rom you currently have installed on the device?
I know trying to reroot using gfree may give you similar result as my test: http://forum.xda-developers.com/showthread.php?t=1066966 < not important but unable to root on newer rom.
2) What happens when you try to reroot it using VISIONary+ (TempROOT) and root.sh (PermROOT)?
Did you try it? If so what is the end result? so post back. Ill check and go from there.
PermROOT said:
BTW XxKOLOHExX and clarknick27 just in case my account gets disabled. Do the following and report it here and ill see from there.
1) Which working rom you currently have installed on the device?
I know trying to reroot using gfree may give you similar result as my test: http://forum.xda-developers.com/showthread.php?t=1066966 < not important but unable to root on newer rom.
2) What happens when you try to reroot it using VISIONary+ (TempROOT) and root.sh (PermROOT)?
Did you try it? If so what is the end result? so post back. Ill check and go from there.
Click to expand...
Click to collapse
1) currently running Evil D's mTGB v1.0 rom with Faux's 0.0.7 CFS LV leak kernel. tried rooting with visionary and terminal first, no success. I then tried out the gfree method, and got "Attempting to power cycle eMMC...failed. Module failed to load: No such file or directory."
2) I installed Visionary using Astro file manager, then run Visionary. I click on "temproot now" and it starts, but then the screen goes black and doesnt do anything. I have let it sit on the black screen for well over 15mins before with no luck. I can click on "attempt to permroot" and it will ask for permissions and reboot and everything. my s=on but I still have root access and 0.86.000 bootloader. this is what I see using terminal before rebooting to see if s=off
Did you do the Radio S=OFF using gfree? If so that would explain why you still have root as security is disabled on the device totally. If thats the case then just push the eng bootloader manually via adb or though terminal and reboot. For now XxKOLOHExX is locked lets see what I find ill post back for him.
PermROOT said:
Did you do the Radio S=OFF using gfree? If so that would explain why you still have root as security is disabled on the device totally. If thats the case then just push the eng bootloader manually via adb or though terminal and reboot. For now XxKOLOHExX is locked lets see what I find ill post back for him.
Click to expand...
Click to collapse
thanks for taking the time to help out, Ill give it a shot
*edit* just tried pushing the eng bootloader through adb and it didnt stick or flash, rebooted into hboot and it still says 0.86.0000, s=on, 26.08.04.30_M3 radio
Gfree S=OFF worked great for me. I'm looking at updating my radio but want to make sure I won't lose true S=OFF. In other words, are the changes that Gfree makes to the radio image itself or to an area outside the radio image?
No. Radio S=OFF means radio security disabled thus allowing you to flash radio rom and system rom. You can flash all radios you want just make sure its not corrupted and its for our MT4G or you will hard-brick the device.
gfree S=OFF survives radio flashes
Did more looking through the gfree thread and eventually found the answer.
The original gfree poster did the experiment and it kept S=OFF. He couldn't guarantee a future radio wouldn't kill it but the devs should notice it pretty quick.