[Q] Possible Hboot Hack ???? - Wildfire General

Whilst spending more endless hours attempting to root my wildfire, I have noticed that if I push mtd0 to sdcard as mtd0.img, and then use HxD to edit it as though to use flash_version ( I was thinking I wonder if it's possible to spoof supercid 111111) so after backing up the original I filled the entire file full of 1's (I tried 0's first, the error message tells me if i could force 0's this may be a good thing???) and flashed misc.
On entering hboot when it checks sdcard a load of 1's came up before anything else, so i repeated the experiment with stars *, and *'s is what hboot seen.
I'm thinking possiblity of some kind of alternate boot or mabye a command (fastboot oem unlock, or fastboot erase hboot) or something along those lines. Tried modifying the first line, but still came up *'s so somewhere else in the file possibly where version goes, but version doesnt usually show up on sdcheck does it.
Experiments continue

Keep up the experiments!
Thanks!

keep up doing it, you are great

thousands of people hope this work in the future...
i think unrevoked is not doing anything now
we r 4 months from 2.2....

Any more luck? How is this getting on?

dannyjmcguinness said:
Whilst spending more endless hours attempting to root my wildfire, I have noticed that if I push mtd0 to sdcard as mtd0.img, and then use HxD to edit it as though to use flash_version ( I was thinking I wonder if it's possible to spoof supercid 111111) so after backing up the original I filled the entire file full of 1's (I tried 0's first, the error message tells me if i could force 0's this may be a good thing???) and flashed misc.
On entering hboot when it checks sdcard a load of 1's came up before anything else, so i repeated the experiment with stars *, and *'s is what hboot seen.
I'm thinking possiblity of some kind of alternate boot or mabye a command (fastboot oem unlock, or fastboot erase hboot) or something along those lines. Tried modifying the first line, but still came up *'s so somewhere else in the file possibly where version goes, but version doesnt usually show up on sdcheck does it.
Experiments continue
Click to expand...
Click to collapse
I tried this a week ago and it does not seems to work :S
cid version is on "ro.cid" prop. Change cid on mtd0, flash it and then try a "getprop ro.cid"
Of course, you'll get the original CID, not the supercid. You cannot change these properties (ro.secure is another one. The ONE that prevent us from writing on system, etc)
I think these properties are Read-Only and are loaded into the system from the hboot at boot time.
I managed to change the default.prop on "/" from ro.secure=1 to ro.secure=0 but every time you reboot your phone this file goes back to ro.secure=1, so I think hboot re-load every file and prop needed for their security lock at boot.
I repeat, even with root access you won't change a single property with "ro." before.
Not a single one.
Sorry guys, we'll have to wait more...
For more information abot the proccess read my post: http://forum.xda-developers.com/showthread.php?t=1042077
As you can see, no one has answered yet so I think this is useless...

Looks promising!
Sent from my HTC Wildfire using XDA App

Think I've discovered a bit more, I'm absolutly posotive that this is the way forward. Problem is not enough people seem interested in this post.
It would appear that this can be used to issue a boot message, so please share your knowledge on what you know of boot messages, coz I'm pretty sure a boot message could be used to override certain parameters.
Please people, if you read this, HELP ME OUT

I know what are you talking about,and I think that might help you
http://runtimeworld.com/2011/04/a-complete-list-of-hboot-commands/
I could work with you on this, PM me if you are interested
edit: this command has 8 letters (like cidnum):
writemid // write model ID

The best thing u've found.. I'm feeling like we'll oly root wildfire before unrevoked.,
It'll be good if we do it our self as unrevoked has tried hard but not succeeded due to heavy lock of hboot.. If there is a luck and ability to do it, we can do it..
I dont hav knowledge in linux and android much elz i would hav joined to root wildfire with u all..
Best of luck for rooting and make sure not to brick the phone..

God, I must follow this post.
Thanks for your hard work.
Sent from my HTC Wildfire using XDA App

Maybe you'll find something interesting there
tjworld.net/wiki/Android/HTC/Vision/HbootAnalysis
sry, can't add urls i'm new

ejnreon said:
Maybe you'll find something interesting there
tjworld.net/wiki/Android/HTC/Vision/HbootAnalysis
sry, can't add urls i'm new
Click to expand...
Click to collapse
cant be THAT new if you joined in 2009 :L

Related

Real Big Problem!!

I was running haykuros hero, i had run two optimizers and started deleting things to make space and increase performance,
I think i deleted something that now doesnt allow the phone to start.The only things i think could do this were 1, the gmail widget, this prevented the phone from syncing with my account prompting me to attempt to reflash, and 2, i had also deleted some setup app (which i thought many people had) and im guessing this is why i couldnt get past the very initial setup after reflashing.
I decided to use my card reader to flash dude 1.2 lite in an attempt to start over but it just bootloops at HTC.
I am desperate to determine what i deleted and how to put it back on my phone, PLEASE PLEASE PLEASE help in any way possible. I have card reader and adb but dont know where to start.
Honestly at this point, you're better off starting from scratch (ALT+W and ALT+S). You shouldn't loose anything but time. It's all replaceable (assuming any contacts u created since were all sync'd first). No worries, you'll be just that more familiar with your fone and how to flash it!
(P.S. No sarcasm intended )
Aloha-
i did alt w alt s when i flashed dude and it looped. I was just able to flash ion alright though so maybe that will be my starting point to get back to rosie...
So its the htc setup wizard im missing, anybody know enough about this stuff to tell me how i can get this back on my phone...
i would say you are gonna need to pull it out of the update you flashed and adb push it to your /system/app directory, i don't know for sure that this will help but it might
DMaverick50 said:
i did alt w alt s when i flashed dude and it looped. I was just able to flash ion alright though so maybe that will be my starting point to get back to rosie...
So its the htc setup wizard im missing, anybody know enough about this stuff to tell me how i can get this back on my phone...
Click to expand...
Click to collapse
What I am saying is that since you are unable to unequivocally determine which file caused this problem after deleting, it would be easier to start over again. That's worked 4 me every time I've unintentionally deleted a needed file or something similar. It might require loading another ROM (ION is great 4 this, that's what I use as well as easy if u have a backup and can just fastboot flash it) to get the app2sd info all back in the right place on the ext2 partition. IMO this is better because u all the files in their proper place and that's a good starting point. Are you using Haykuro's HERO or one of the compacted builds that don't use app2sd?
tubaking182 is also correct if you know what files u need to replace.

New Info about Clockwork Brickings

Hi devs,
Strictly speaking, this is not a development issue, but I thought it warranted some special attention as it sheds a little bit of new light on the "bricking" caused by Clockwork (version unknown).
A new XDA member, SoSickWiTiT, brought back an Eris from the grave. The phone he started with could only be put into RUU mode - initially it would not even start correctly in Hboot or Fastboot mode (weird, right?), and is now fully functional. The long and tortuous thread is here in the Q&A forum.
The essential finding was that the "bricking" was apparently caused by enormous numbers of pages in the flash memory device being marked as bad pages, and that this was correctable by using the "flash_erase" tool of the mtd-util project. (This tool allows you to reclaim flash pages marked as bad if they erase successfully.) I built some of the tools for ARM/Android and posted them up here.. As long as you can get Amon_RA to come up, you can run this tool from Amon_RA (using adb) and erase/reclaim partitions on a partition-by-partition basis.
Also SoSickWiTiT found a useful hack that I hadn't seen before: because he could only get his phone to start in RUU mode, he started the "Official RUU", ran it to the point where it unpacks all files, and then replaced the "rom.zip" file (in the Temp folder the RUU utility unpacks) with the HTC Root-ROM (renaming it to "rom.zip", of course). Because it signed by HTC, it got the 1.49.2000 S-OFF bootloader installed (but the rest of the install failed). SoSickWiTiT was then able to flash Amon_RA via fastboot and continue gaining traction from there. Note that just flashing a ROM from this point would not work - his mtd3 (system) partition appeared as if over 60% of the pages were marked as bad, and I think his boot partition was similarly affected. "flash_erase" was able to reclaim these pages using the "-N" command line option.
Anyway, the behavior of his phone (excluding the RUU-only behavior) was consistent with prior bricking reports of how filesystems appear to be "corrupted", and this causes difficulties flashing new ROMs (largely due to lack of free space). SoSickWiTiT reports that the phone he obtained from a friend had been bricked by "a failed ROM flash in Clockwork/ROM Manager followed up with an attempt to use the RUU" - there have been at least one other report of this exact same scenario causing the "bricking".
So now I am wondering - are there a few "bricks" laying around that might be rescued?
bftb0
Very interesting and good to know, thanks! And thank you for the tool, great work.
Think this could be applied to deleting the NRAM flash on a router? =p
WAIT wait wait!!!
He changed the bootloader from S-On to S-off??? Was it on 1.49? If so couldnt that have been used to root our phones, A LONGGG time ago? lol
Nikolai2.1 said:
WAIT wait wait!!!
He changed the bootloader from S-On to S-off??? Was it on 1.49? If so couldnt that have been used to root our phones, A LONGGG time ago? lol
Click to expand...
Click to collapse
A looooooong time ago - December '09 (circa "MR1") iirc, someone attempted to stuff a different - and unsigned - "rom.zip" file into the running (MR1) RUU.
Naturally, that didn't work, 'cuz it wasn't a HTC-signed PB00IMG.zip file. To my knowledge, this is the first time anybody tried doing things this way (swapping in the validly-signed HTC Root-ROM into the RUU's "rom.zip" location)... maybe it would have worked for the "leakers". I suppose that someone could roll back their phone and give it a shot to see it if works, but that seems sort of academic at this point - hence your "LOL".
There is evidence that both the RUU- and Hboot- based update processes actually end up checking the contents of the "misc" partition for version information TWICE - first before any flashing occurs, and second, only after the bootloader has been flashed and reloaded, but before the remainder of the PB00IMG.zip/rom.zip file has been flashed. I don't think that even at this point in time this behavior is well understood: it is possible that the hboot flash of the bootloader can occur, but then the subsequent flashing of the rest of the PB00IMG.zip file fails due to a "Main Version is Older" error. Sort of hard to understand why that would ever occur (it happened to me once, so I know it occurs).
For anybody that has a brick, but can get RUU mode running, it is certainly worth a try to see if they can replace the bootloader with the S-OFF bootloader - what do they have to lose? In this particular case, it is hard to know what the state of the misc partition was; after all, it was a phone that was previously rooted. The result obtained using the RUU utility likely depends on what was going on in the misc partition on that phone, so it is not obvious that this (RUU utility) "trick" is universal. It might have been that the same phone would have been happy to accept the Root PB00IMG.zip file - but SickWiTiT couldn't get the phone into Hboot mode initially, so that wasn't tried.
cheers
bftb0
So if I have been using Clockwork to flash a few roms do you think I would have any bad pages in my flash memory? Is there an easy way to check this?
xtreme3737 said:
So if I have been using Clockwork to flash a few roms do you think I would have any bad pages in my flash memory? Is there an easy way to check this?
Click to expand...
Click to collapse
I don't think that using Clockwork causes slow growth in bad pages; afaik, when the problem occurs - whatever causes it - only then do you see a catastrophic number of pages marked this way. I mentioned it only in case someone bricks their phone and then asks for advice here - they can check to see if this repair works for them at that time - after they have determined that this is the nature of their problem. In the meantime, there is not much need to worry about it.
Short of actually performing a flash_erase with the "-N" option turned on, I don't know off the top of my head a way to determine the number of bad blocks easily, and there are good reasons why you should not be doing that unless you absolutely have to.
The tool "nanddump" that I compiled actually reports the number of bad blocks - but it also wedges the Amon_RA kernel when you run it. Rats.
bftb0
I just wanted to add my thanks for this very informative and interesting information and tool in case it becomes necessary. I do use Clockwork (loaded from Amon RA), BTW.
Thanks for the useful info as always.
It really seems like a bad idea to use clockwork
Sent from my nonsensikal froyo
SikYou said:
Thanks for the useful info as always.
It really seems like a bad idea to use clockwork
Sent from my nonsensikal froyo
Click to expand...
Click to collapse
bftb0 said:
I don't think that using Clockwork causes slow growth in bad pages; afaik, when the problem occurs - whatever causes it...
Click to expand...
Click to collapse
I haven't once had an issue with Clockwork Mod through ROM Manager, and have been using it for 3+ months now.
thanks for this thread i sort of helped one person put their phone into the grave by telling them to flash an ruu (still feel bad about it)
jamezelle said:
thanks for this thread i sort of helped one person put their phone into the grave by telling them to flash an ruu (still feel bad about it)
Click to expand...
Click to collapse
That cus you are a baddie jamezelle xD
Very informative read, thanks bftb0!
I spent some time tonight fooling around with RomManager (v3.0.0.7) and ClockworkMod (v2.5.0.1 for the Eris). Sort of an eye-opener, actually.
The way it works is that it is actually NEVER "FLASHES" ANYTHING TO THE RECOVERY PARTITION. Instead, when you first tap on the menu item to "flash the recovery", what ROM Manager does is identify your handset type, and then downloads some files to
/sdcard/clockworkmod, e.g.:
/sdcard/clockworkmod:
----rwxr-x 1 system sdcard_r 829658 Jan 17 02:23 recovery-update.zip
/sdcard/clockworkmod/download/koush.tandtgaming.com/recoveries:
----rwxr-x 1 system sdcard_r 829658 Jan 17 00:56 recovery-clockwork-2.5.0.1-desirec.zip
/sdcard/clockworkmod/download/rommanager.appspot.com:
d---rwxr-x 2 system sdcard_r 4096 Jan 17 02:23 manifests
/sdcard/clockworkmod/download/rommanager.appspot.com/manifests:
----rwxr-x 1 system sdcard_r 11492 Jan 17 02:23 devices.js
Note that "recovery-update.zip" and "recovery-clockwork-2.5.0.1-desirec.zip" are the same size - less than 1 MB. In fact, they are identical. It is a signed update package - but too small to even contain an Android kernel.
Here's how ROM Manager works: when you press the button "Reboot into Recovery", what actually takes place is this:
- Rom Manager copies "recovery-update.zip" into /cache/update.zip, and then places the following command into /cache/recovery/command
Code:
"/sbin/recovery" "--update_package=CACHE:update.zip"
and then executes a "reboot recovery" command.
The next thing that happens is that whatever Custom Recovery that IS ALREADY FLASHED to your recovery partition on the phone boots up, and immediately begins to process the /cache/update.zip file
Here's the $64,000 observation:
This update.zip modifies NOTHING IN FLASH MEMORY - IT ONLY MODIFIES THE RAMDISK OF THE BOOTED RECOVERY ALREADY PRESENT.
Towards the end of the updater-script, it kills off the old /sbin/recovery and /sbin/adbd processes; but since these processes are defined as services, they get restarted automatically, using the new "ClockworkMod" version of these program files. Voila! The ClockworkMod recovery menus pop up.
There are two important observations that arise from this analysis:
- It does not have it's own kernel - it uses the kernel of whatever was already present in the recovery partition boot
- To get ClockworkMod to be cold-bootable, you need to COMBINE IT WITH A KERNEL AND BOOTSCRIPTS FROM SOMEPLACE ELSE - but WHERE exactly?
Now, I don't know if ROM Manager formerly worked in a different fashion - but the point is fairly obvious: if you wanted to provide a rooting method which installs "ClockworkMod" as a recovery - well then, you would need to combine the minimal components of "ClockworkMod" (mostly just the /sbin/recovery program !) with someone else's bootable recovery. And you could not use an HTC stock recovery - because then koush's "update.zip" files would have needed to be signed by HTC in order to get processed.
If you accept the hypothesis that the so-called "Clockwork" brickings have been due to a bug in the kernel MTD driver - and nobody ever seems to see those bugs happening with Amon_RA v1.6.2 - then the real problem comes from a kernel which is was kanged into a flashable "Clockwork Mod" recovery by a third party - not koush.
Who is it then - the unrevoked team? Someone else? What kernel is it?
As I recall, nearly every one of the brickings that have been reported here have been folks that got their rooting instructions from outside the XDA Eris community.
Bottom line - it's starting to look like the problem is not really due to Clockwork - its a problem kernel from unknown origins.
Perhaps Rom Manager did not always work this way on the Eris - but the way it works now is that if you install it after already having Amon_RA in the recovery partition, if you cold-boot (Vol-up+End or via HBOOT), what will come up is Amon_RA, not Clockwork.
So - if you can cold-start your phone into recovery, and up pops a ClockworkMod menu instead of a Amon_RA menu - how did you root your phone originally?
bftb0
(sorry if this post is a bit of a ramble - it's pretty late/early)
When I 'cold boot' I get the Clockwork V2.5.0.1 screen.
I rooted originally the day root was discovered here at XDA. I originally loaded Amon. Somewhere in the last year, I may have clicked the 'install Clockwork mod' at the top of ROM Manager, but I don't think I did.
I don't know if this helps, but I found your post interesting.
meanm50 said:
When I 'cold boot' I get the Clockwork V2.5.0.1 screen.
I rooted originally the day root was discovered here at XDA. I originally loaded Amon. Somewhere in the last year, I may have clicked the 'install Clockwork mod' at the top of ROM Manager, but I don't think I did.
I don't know if this helps, but I found your post interesting.
Click to expand...
Click to collapse
Huh.
If you do that, and then fire up an adb session, what kernel string does
Code:
adb shell uname -a
report?
When I click "Flash ClockworkMod Recovery", all it does is ask me to verify the phone model ("Droid Eris (CDMA)"), requests root (SuperUser), goes to the Internet and downloads stuff, and then pops up a message on the screen saying "Successfully downloaded Clockworkmod Recovery!" If I shut down the phone normally and then cold-boot the recovery afterward, what is there is Amon_RA - not clockwork.
Hmmm. Just used it to perform a ROM backup**. For this operation, the same thing happens - Amon_RA comes up first, followed by chaining to ClockworkMod and then the backup starts happening. I note that it also backs up the recovery partition - maybe it only modifies the recovery partition when it is installing a new ROM?
Hmmm (part 2). Just wiped and flashed a clean ROM using Clockwork. Cold start into recovery afterward gives me Amon_RA, not Clockwork.
Maybe koush has changed the basic methodology somehow. I have to say, the way I currently am experiencing it makes a great deal of sense - it means that koush does not need to be in the kernel-making/kernel-collecting business in order to support ROM Manager on a new handset.
Can anyone with a more long-term exposure to Rom Manager/ClockworkMod (on the Eris) shed some light on this?
bftb0
** Interesting side note: CWM backup now backs up (and I presume restores) /sdcard/.android_secure; also, a "wipe" operation will attempt to wipe any SD card ext partition if it is found.
I will adb when I get home...my work comp doesn't have the required programs installed...
bftb0 said:
** Interesting side note: CWM backup now backs up (and I presume restores) /sdcard/.android_secure; also, a "wipe" operation will attempt to wipe any SD card ext partition if it is found.
Click to expand...
Click to collapse
Also the /cache partition.
bftb0 said:
Huh.
If you do that, and then fire up an adb session, what kernel string does
Code:
adb shell uname -a
report?
Click to expand...
Click to collapse
Linux localhost 2.6.29-DecaFuctCFS-dirty-c6271491
meanm50 said:
Linux localhost 2.6.29-DecaFuctCFS-dirty-c6271491
Click to expand...
Click to collapse
Sorry - I meant adb with your recovery booted, not the normal OS. (The above must be from your regular OS right?)

Cannot Connect to network after unlock (clean up) FIXED

Hurrah! this has been fixed WOO!.
see here.
well done guys, you have made me a happy g2 owner again!!
Hi Everyone,
i figured we might need to clean up the
http://forum.xda-developers.com/showthread.php?t=805024
conversation.
as i see it, there are 2 issues
1. people receive an unlock code, the phone accepts it but then it cannot find any network
2. people receive an unlock code, have troubles entering the code but eventually get it in ok.
please do not post anything "setting" related - apn's, bands etc as this has been tried and shown not to work (yet)
it might be helpful if people who have issue number 1 could post some answers to some questions.
as i am not at all smart enough to work out what we need to know from these people, id appreciate it if those in the know could pm me what they think could be useful, and ill make a template for people to follow
troubleshooting template
----
----
----
----
Current Theories: (please PM me if i have anything wrong here or if i need to add details.)
-------------
Theory #1
Ghul99: the code is accepted, but the phone is still locked?
http://forum.xda-developers.com/show...&postcount=121
------------
interesting information
this seems to support theory #1
1. i unlocked phone - code entered successfully, and i was no longer prompted to enter an unlock code
2. i perm-rooted my phone - all went to plan
3. i put the vision rom on my phone (http://forum.xda-developers.com/showthread.php?t=834450) loaded ok
4. i put a sim in my phone and now i am prompted for an unlock code.
5. i tried to re-enter my code but it would not accept it (it is the same code from step 1)
Nice idea for taking the initiative to clean up the thread which was getting excessilely long!
I'm hoping we can see some progress in a few days as I'm really missing being able to get any cell reception on a MOBILE PHONE!?
Regards.
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
guhl99 said:
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
That's really exciting.
Thanks for bring up the good news!
Sent from my T-Mobile G2 using XDA App
guhl99 said:
I will summerize my knowledge later but one thing upfront.
IntuativNipple posted today in IRC that he found the way to get real S-OFF which would also allow SIM-unlock without code.
So there is hope for a solution, but keep your patience.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
Just to help guhl and catch up with some unnecessary posts.
Common solutions like Reboot, different sims to try, Hard reset, flash stock ROM or trigger the unlock window to reenter the code doesn't work
Summary of my knowledge so far
For case 1 which was the original problem my theory is the following.
Cause:
Because of problems with the write procedure to the emmc memory the MCCMCN to which the phone is locked did not get cleared but set to an arbitrary value in my case "C3AB".
The CID value is still the same as it used to be (and also in case of a successful unlock would stay the same) which is "T-MOB010". The CID is a 8 character string and the case where all characters are the same (i.e. "11111111") is called Super-CID.
It is of no relevance if you use or used the hardware or software keys, T-Mobile or third party sources. The only reason where it would be your fault is if you pulled the battery!
The unlock-code that we possess (regardless if official or from a different source) is not valid to unlock the phone from this value "C3AB". If one tries again (directly with the modem, using my modified libril.so or a different ROM) the lock counter will increase.
Potential ways to repair this state:
1. Give it back to T-Mobile if you can In my opinion this is a clear warranty case
2. Find someone who has the MegaSIM and the HTC-diag software.
This will definitely work but it is going to be hard to find someone because the SIM is rare and very new.
3. Wait until (or help achieving) the so called "real S-OFF" state of the phone (when also the radio has security disabled) is reached.
When this is achieved one can disable the SIM-lock without any code.
There are still some very good developers after this goal even if for different reasons.
Which information could help us:
1. The output of the following AT-Command sequence from successful and unsuccessful unlocks
Code:
ATE1
ATV1
[email protected]?
[email protected]?AA
[email protected]?40
[email protected]?80
I will try to write a HowTo later for Windows.
For linux see the following posting from the old thread (http://forum.xda-developers.com/showpost.php?p=8750299&postcount=121)
2. The next thing that would help is a logcat from the first unlock process itself.
Howto:
Start the first logcat using the USB-cable and adb before you boot the phone with the foreign SIM.
Code:
adb logcat -b radio > lc_unlock.txt
leave the logcat running and complete the unlock procedure till the phone reboots (the logcat will end automatically)
As soon as the first logcat exits start a new one using:
Code:
adb logcat -b radio > lc_after_unlock.txt
leave it running for 1 minute and then stop it using <Ctrl>-C
3. The next thing that really would help is that you do not post anything in this thread (use the old one instead) that has to do with:
- the APN
- trying another SIM (you would be very lucky if you had one that fits the arbitrary SIMlock)
- reboot, factory reset, use a stock or non stock firmware
- use the hw/sw-keyboard, wait for the right outside temperature or other esoteric procedures
Finally I would like to ask moodecow to edit his original posting and incorporate or link everything that he finds important or helpful in his posting so that it will stay an top.
That is some very exciting news, thank you for the update!
One quick question, when we achieve radio-s off it esssentially would mean everyone could unlock their phones for free?
Thanks.
Sent from my T-Mobile G2 using XDA App
I have 2 ideas, which can help:
1. For people before unlock - maybe performing S-off before unlock will help.\
2. For people after unlock: in bootloader there is "SIMLOCK" option. When you open it, it shows file not found etc. As I think, it can be used to simlock phone for operator, whose numbers are in some file. There is my solution - find what that files are in phone's source code or by any other method, then put them in right place, enter numbers of operator you want to use, open that "SIMLOCK" and lock phone to your network. I don't know if it will work, but it makes some sense.
ms93 said:
I have 2 ideas, which can help:
1. For people before unlock - maybe performing S-off before unlock will help.\
2. For people after unlock: in bootloader there is "SIMLOCK" option. When you open it, it shows file not found etc. As I think, it can be used to simlock phone for operator, whose numbers are in some file. There is my solution - find what that files are in phone's source code or by any other method, then put them in right place, enter numbers of operator you want to use, open that "SIMLOCK" and lock phone to your network. I don't know if it will work, but it makes some sense.
Click to expand...
Click to collapse
Your first idea sounds reasonable and I would support it.
Your second idea is something that is worked on, but you do not only need the correct file (which is actually called DMCID.dat) but there also has to be some "magic number" (like on a gold card) on the micro-sd card.
an important piece of info to carryover from other thread:
1- No APNs are listed
2- if you try to define one, it doesnt save
No APNs being listed is related to the rom more or less, not the issue we're having.
APN is software issue, correct me if I'm wrong so either way it shouldn't pose as an issue to us.
im saying its a symptom that seems to go along with the problem in the title of this thread, so, worth noting.
ie: i think everyone who has the post-unlock no-connection problem, cannot save APNs. all others can.
if you are a counterexample please say so. that would help.
guhl99 said:
For case 1 which was the original problem my theory is the following.
Cause:
Because of problems with the write procedure to the emmc memory the MCCMCN to which the phone is locked did not get cleared but set to an arbitrary value in my case "C3AB".
The CID value is still the same as it used to be (and also in case of a successful unlock would stay the same) which is "T-MOB010". The CID is a 8 character string and the case where all characters are the same (i.e. "11111111") is called Super-CID.
It is of no relevance if you use or used the hardware or software keys, T-Mobile or third party sources. The only reason where it would be your fault is if you pulled the battery!
The unlock-code that we possess (regardless if official or from a different source) is not valid to unlock the phone from this value "C3AB". If one tries again (directly with the modem, using my modified libril.so or a different ROM) the lock counter will increase.
Potential ways to repair this state:
1. Give it back to T-Mobile if you can In my opinion this is a clear warranty case
2. Find someone who has the MegaSIM and the HTC-diag software.
This will definitely work but it is going to be hard to find someone because the SIM is rare and very new.
3. Wait until (or help achieving) the so called "real S-OFF" state of the phone (when also the radio has security disabled) is reached.
When this is achieved one can disable the SIM-lock without any code.
There are still some very good developers after this goal even if for different reasons.
.
Click to expand...
Click to collapse
i have got HTC MEGA SIM and Almost all DIAG files but
T-mobile G2 case =After putting unlock code NO NETWORK cant be solved because when we give s58 clear command it shows SIMLOCK CORRUPTED
i can post the detailed info and pictures if you want it would be a pleasure if could help in any kind of DEVELOPMENT
BTW
if we don t put code in the same version,same country,purchased in the same lot of handsets and use MEGASIM directly without touching anything than it works perfect
kabir_del said:
i have got HTC MEGA SIM and Almost all DIAG files but
T-mobile G2 case =After putting unlock code NO NETWORK cant be solved because when we give s58 clear command it shows SIMLOCK CORRUPTED
i can post the detailed info and pictures if you want it would be a pleasure if could help in any kind of DEVELOPMENT
BTW
if we don t put code in the same version,same country,purchased in the same lot of handsets and use MEGASIM directly without touching anything than it works perfect
Click to expand...
Click to collapse
Posting any further details and/or pictures would be much appreciated!
So if megasim has failed due to corruption I think that the only way to solve our issue is to write directly to emmc partition holding locking information. And I don't now how easy and plausible this is...
I think if we get S-Off for Radio, we'll be able to write to that partition. I hope
andrewklau said:
I think if we get S-Off for Radio, we'll be able to write to that partition. I hope
Click to expand...
Click to collapse
I am a little bit worried about writing this information directly because the partition will be encrypted.
And also copying the complete partition from a working phone or one that is still unlocked will not be an option because the IMEI will also be there and we would not want to overwrite that.
So my hopes are more that there is some kind of a restore procedure from a secure area (I know that Nokia phones can do this, but HTC ?) or that we can lock the phone again with the SIMLOCK option in hboot.
Sent from my T-Mobile G2 using XDA App
well I guess time will tell, does tmobile or htc do replacements (or has anyone tried) for phones no longer on a contract or that are now unlocked?
Sent from my T-Mobile G2 using XDA App
andrewklau said:
Posting any further details and/or pictures would be much appreciated!
Click to expand...
Click to collapse
here we go Pictures first Video coming soon
First Red colour is the error we get on when we try the command
1=clear s58 data
2ND IMAGE is the one when we press the DEVICE INFO
today is sunday not much time will upload the full clear video tommorow and still i have not tried to the all options of the diag maybe it can repair it but sure i will do some more things tomm.
88
I have tried to use my HTC vision G2 as I unlocked it but after that I am unable use as I am unable to find anything which would be hlpful for me as I have the first case problem. I just want to know that would it help me that if someone would flash my HTC Vision G2. I just want to know about that as now I am in Pakistan
Sent from my T-Mobile G2 using XDA App

root for Desire Z 1.72 with non standard CID's

Hi @all,
as my thread was closed but i still want to thank you and share my experiences, i'll create this new thread.
It belongs to http://forum.xda-developers.com/showthread.php?t=926835 but maybe also can help other guys to get root on theire updated unrooted phones.
this weekend i did the work and finaly i can say:
on my phone I AM root!!!
Just to thank you and maybe help some less experienced people here, i will give you a small overview and some hints for changes to be done for the tutorials to work with the desire z.
so thanks for your help, it worked like a charm.
For the backup i used myBackup as it doesnt require root for backing up and it restored my data as i wished. So myBackup is the product i can recomment. It is available as 30days-demo and so is enough for the process of down- and reupgrading.
Another thing to remind in the following steps is: at any time usb-debugging works with the htc-sync-mode, too. so use this mode, as usb-mode at any time, as in another case (harddisk-mode) the phone cant access the sdcard anymore.
After the backup i removed the card from the phone and worked on with a blank one.
The following both tutorials i used:
Goldcard: http://forum.xda-developers.com/showthread.php?t=572683&highlight=gold+card
Down-Reupgrade: http://wiki.cyanogenmod.com/index.php?title=HTC_Desire_Z:_Rooting
You may also use this thread:
http://forum.xda-developers.com/showthread.php?t=832503
This one describes all the goldcard und down/upgrade-stuff explicitly for the desire z, but it looks a bit more hacky and seems to be good for people already experienced with hex-editors and rooting, also it doesnt mention, that the first 2 chars of the cardcode neet to be converted to "00", thats why i recommended the other tutorials.
I formated it to fat32 and put it into the phone, this step wasnt mentioned in the tutorial, so i tell it to all who dont know.
Then i read the card-ID with adb. Here is another problem with the tutorial. The DesireZ had no mmc1 with valid data, for the desire z you have to read the cid from mmc2!!! (just change the path from the tutorial) (so: adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid)
After that remove the card from the phone and reinster into the cardreader and do the patching with the image and the hexeditor.
Then youre done with the first tutorial (in step 18) and can move on with the cyanogen one (as it seems more trustful )
So now reinsert into the phone and copy the firmwareimage and then "update" to the older version (was very nervouse while that, but succeeded finaly )
If you get an Error in "/data/local/tmp/misc_version -s 1.33.405.5" (i got one like "unable to backup") you have not inserted the sdcard or used the filetransfermode, so the card is not mounted into the phones filesystem.
If so, switch to htc-sync-mode and try the command again.
When in the firmwareupgrade-mode after the reboot, you can navigate with vol-up and vol-down and enter with the powerkey.
After permroot install the rom of your chioce, best one with allready permroot done, that saves work
i decided for the virtuous as it has sense, any other/better rom someone can recomment???
When done that, too, at first reinsert the original sdcard with your backup on and restore that backup, as it overwrites existing data, it would be best to avoid any sms or calls to arrive before you restored the data, as those calls and messages will be lost.
After that you can set up all things you want and finaly you are done with a new 1.72 rooted and unbranded phone.
Thanks all for your help especially to guhl for giving me those links and taking the fear from me of bricking my phone....
Yours TK
tk-germany said:
The following both tutorials i used:
Goldcard: http://forum.xda-developers.com/showthread.php?t=572683&highlight=gold+card
Down-Reupgrade: http://wiki.cyanogenmod.com/index.php?title=HTC_Desire_Z:_Rooting
I formated it to fat32 and put it into the phone, this step wasnt mentioned in the tutorial, so i tell it to all who dont know.
Then i read the card-ID with adb. Here is another problem with the tutorial. The DesireZ had no mmc1 with valid data, for the desire z you have to read the cid from mmc2!!! (just change the path from the tutorial) (so: adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid)
Click to expand...
Click to collapse
There's a Vision-specific Gold card guide at http://forum.xda-developers.com/showthread.php?t=832503&highlight=debrand , which does uses mmc2, you might want to link that one up instead ?
steviewevie said:
There's a Vision-specific Gold card guide at http://forum.xda-developers.com/showthread.php?t=832503&highlight=debrand , which does uses mmc2, you might want to link that one up instead ?
Click to expand...
Click to collapse
Done that, but also told in the first post, why i used the other ones
btw: why you still use version 1.34? Better than 1.7?
any good desire z roms with sense anyone can recommend?
tk-germany said:
btw: why you still use version 1.34? Better than 1.7?
any good desire z roms with sense anyone can recommend?
Click to expand...
Click to collapse
I only use 1.34 because I haven't got round to trying anything else yet. But it works well enough not for me to want to get away from it as soon as possible. Virtuous is a popular Sense-based ROM, and I may well give that a try (it's based on 1.72 as well).
I use the 1.72 virtuous and feel good with it, as i have the impression that it is a bit smoother and the batteryusage seems to be a bit improved, but dunno if thats realy cuz of the new rom.
Only disadvantage, max volume doesnt seem to be bettered up, hope that gets solved soon
hoped to hear of any other rom with that solved and maybe packed with some nice gimmicks
Sent from my HTC Vision using XDA App
Assalam aleikum,
Hi Iam using a german vodaphone 1.72 rom and want to downgrade to get permaroot and so on for a brother,
I Tried to get the downgrade working with this scripture but it dont works i ve done all the way down from goldcart with hexediting stuff and so on but when i reach the point to flash the 1.3 rom on hboot i get everytime a wrong cid error message and he wont install
is there a way to change the CID? for vodafone phones?
hi
i've been trying to downgrade my girlfriends new desire z (bought in a german store). but everytime i tried to flash the PC10IMG.zip in the bootloader via fastboot, it startet searching for it, found it, checked it and then brought up an error "incorrect CID", which i didn't quite understood. i checked the infocid and it's HTC__102, so i did not have to do the goldcard stuff. but i still did not get it working. solution was: not every PC10IMG.zip you can find in the various threads about downgrading the desire z seems to work, for me only the one found in the thread http://forum.xda-developers.com/showthread.php?t=905261 worked.
just wanted to let you know, in case anyone is searching for a solution for this problem

Cant boot anymore

Hi folks, i'm looking for 2 days a way to solve my DHD problem:
It can't boot anymore. It pop up the "htc quietly brilliant" screen, play the boot sound and, start this step again, and again, and again...
So I'm googling a LOT about how to solve this, if exist a way to restore the original rom. Because i'm thinking that was the problem, my original rom is gone.
That happens when i try to install 3 softwares from appbrain, my device got freeze and i hit the power button to reset. So, after that, my device is gone.
So i came here, to ask you folks: There is a way to recover the original rom ? Without send to warranty (because it spend something like 1 month here).
I'm not a mobile hacker or something, i'm just trying to be happy with my device.
Thanks a lot and sorry for my poor english!!
Perhaps try booting to the bootloader, by holding Power + Volume down button. From there, you should be able to do a factory reset, which may or may not fix your problem. Worth a shot at least, imo
And if it does not work when you do a factory reset, you can use a rom.zip from HTC RUU to restore your phone.
Now the important thing is to know which HTC rom you are running. If it is unbranded, 1.72.405.3 is a sure shot. Download the RUU.exe from Stock roms thread in android development subforum, and run it. When the window pops up, open run prompt, and type: "%TEMP%". Then search for rom.zip, copy it to your desktop, rename it to PD98IMG.zip and put it to your SD card (I hope that you have a card reader). Then just reboot to bootloader as tmh described, and watch the magic happen
Then if your phone is branded, you can still use the same technique to make PD98IMG.zip, but you have to get the RUU that matches your branding. There are lots of RUUs in android development subforum, just search.
Hi guys,
thanks a lot for quik reply!
I perform the procedure indicated by tmh, but without lucky ;\
I think it is unbranded. I buy it at Portugal and i'm using at Brazil right now.
I'll perform your tip jkoljo.
I'll post a repply to let people know if it works or not.
Thanks a lot!!
Hope the advice the last guy gave helps , a factory re set may work fine and fix the issue. Iv had 3 dhd since the day of release , the second one I had wouldn't switch on, had it replaced by Vodafone . Not sure weather or not they will give you a new one . Hope u get it fixed
Sent from my Desire HD using XDA App
I'm not sure if i got cover from warranty.
Right now, my "PROOF OF PURCHASE" is at europe, and i'm at america, so i must get this work again by myself, or pay (some expensive value, i think) for htc support.
I found those ROM version:
RUU_Ace_HTC_WWE_1.72.405.3_R2_Radio_12.28e.60.140f_26.04.02.17_M2_SF_release_163262_signed.exe 04-Jan-2011 12:41 285M Windows executable file
RUU_Ace_HTC_WWE_1.72.405.3_R_Radio_12.28e.60.140f_26.04.02.17_M2_release_161342_signed.exe
but i'm not sure about "WWE". What it means?
dogasantos said:
I'm not sure if i got cover from warranty.
Right now, my "PROOF OF PURCHASE" is at europe, and i'm at america, so i must get this work again by myself, or pay (some expensive value, i think) for htc support.
I found those ROM version:
RUU_Ace_HTC_WWE_1.72.405.3_R2_Radio_12.28e.60.140f_26.04.02.17_M2_SF_release_163262_signed.exe 04-Jan-2011 12:41 285M Windows executable file
RUU_Ace_HTC_WWE_1.72.405.3_R_Radio_12.28e.60.140f_26.04.02.17_M2_release_161342_signed.exe
but i'm not sure about "WWE". What it means?
Click to expand...
Click to collapse
the different is just the radio version. just try flash one of them and see if that work.
WWE means World Wide English, which is an international release
Any one of those RUUs you linked is ok, as hedayat7 already said.
WWE is World wide English...so both are english Roms...try the RUU flash, it should work like a dream....
jkoljo said:
Download the RUU.exe from Stock roms thread in android development subforum, and run it.
Click to expand...
Click to collapse
Sorry ask for your help again, but at Official thread (thread number 841207) for DHD files, both 1.72.405.3 links are broken.
So i search for another thread, and found another one, but when i run the .exe, it ask for a USB connection to device, so it appears wrong.
Could you gimme a hand to find the correct file?
PS: I can help with a web hosting to all correct files.
You probably found the correct RUU, now proceed to %TEMP% and copy rom.zip to desktop.
You can find RUUs here: http://xdafil.es/index.php?path=DesireHD/RUU/
I am not completely sure if those zip files are actual rom.zips, you can check that. Open up the zip, and if it has a long list of hboot, system, android-info.txt etc, then it is rom.zip and you can just go ahead and rename it to PD98IMG.zip.
jkoljo said:
You probably found the correct RUU, now proceed to %TEMP% and copy rom.zip to desktop.
You can find RUUs here: ...
I am not completely sure if those zip files are actual rom.zips, you can check that. Open up the zip, and if it has a long list of hboot, system, android-info.txt etc, then it is rom.zip and you can just go ahead and rename it to PD98IMG.zip.
Click to expand...
Click to collapse
But i did that.
The "1.72.405.3" files at this URL are broken (Or need password to access it, because "You don't have permission to access" message pop up).
When i run the RRU i got two screens, first i must accept a advice, the second one ask if I have a USB connection to my device. Even when i proceed to next step, i got no .zip file on my %TEMP%.
Im lost because of that lol
UPDATE: OK I FOUND IT! haha ty
Thanks a lot my friends,
but it doesn't work.
I perform the process for 2 different roms, and it doesn't work.
Still can't boot.
I'll sent for warranty and wait a loooong time..
But thanks a lot for help me with this!!
Ok, then there is something wrong in the device itself. You have to send it to a service center.
Sent from my Desire HD using Tapatalk
Hi again,
i keep a little hope that i can restore my phone, so i found a possible solution:
OTA update.
At "showthread.php?t=667728&page=2", i found a guy with the same problem i think, here is the quote:
Kinma said:
I had the same problem last week.
I suspected it had to do with the EXT3 partition.
Solved it by first flashing the OTA 2.2 ROM (for rooted users) as this does not use the EXT3. Then used Rom manager to recreate the EXT3.
Now all ROMs that use the EXT3 run fine!
Click to expand...
Click to collapse
(thanks Kinma for the feedback)
So, i start a search for OTA update file here, and found at "showthread.php?t=885996".
But when i choose "Apply sdcard:update.zip", i got INVALID OPERATION.
Someone have a tip for me about this?
Thanks (its very sad, but i must keep hope).
dogasantos said:
(thanks Kinma for the feedback)
Click to expand...
Click to collapse
You are welcome.
What happened was that after a reboot of the phone the phone started rebooting in the boot sequence, i.e. a boot loop.
I tried a lot of things and nothing worked.
Finally I suspected that the problem might be with the SD card. I had a backup, so I had no problem doing a factory reset.
Then I booted the phone without the SD card.
The phone booted fine.
That way I was certain that the problem was with the SD card.
I had 2 partitions on the SD card, an EXT3 part and the rest was a normal Fat part.
I could still read the card, so I made a backup of all the data on the card.
Then I reformatted the card using windows.
The phone booted fine with an empty, reformatted, SD card.
Since I use Apps 2 SD, I had to recreate the EXT3 partition.
If your rom does not use this, you do not have to do this.
After recreating the EXT partition, put back all files that I want on my SD card.
My advice would be to do a factory reset and after that boot the phone without the SD card.
If the phone boots, you know the problem is with the card.
Hope that helps; good luck!
dogasantos said:
Sorry ask for your help again, but at Official thread (thread number 841207) for DHD files, both 1.72.405.3 links are broken.
So i search for another thread, and found another one, but when i run the .exe, it ask for a USB connection to device, so it appears wrong.
Could you gimme a hand to find the correct file?
PS: I can help with a web hosting to all correct files.
Click to expand...
Click to collapse
Here, use this link:
http://forum.xda-developers.com/archive/index.php/t-899564.html
From "football" post copy and paste his link, the download would start immediately..
Hi folks,
boot without the SD card, doesn't work =(
I'm really without luck with this.
I do:
- Factory reset
- Clear cache and userdata
- Boot without SD or/and SIM cards
- Reflash RUU WWE 1.72.405.3 Radio 26.04.02.17_M2
- Reflash RRU WWE 1.72.405.3 Radio 26.04.02.17_M2 SF
- erase all SD
One show was use OTA update.zip, but at this step i got "invalid operation"
SO, nothing works!
Well, it appears a lost battle =\
thanks folks for all help.
Yeah, there must be something wrong in your device itself, for example a motherboard fault. Send it back to HTC.
yukinok25 said:
Here, use this link:
http://forum.xda-developers.com/archive/index.php/t-899564.html
From "football" post copy and paste his link, the download would start immediately..
Click to expand...
Click to collapse
Hi,
I found the information extremely useful. Big Thanks
GRuti

Categories

Resources