This guide tells you how to create a goldcard very easily giving you the ability to flash custom rom and root again. Guide found here: http://android.modaco.com/content/general-discussion/305672/creating-a-goldcard/. There is a standalone pc application which allows creating a gold card. Link for app found here: http://android.modaco.com/content/software/308798/pc-application-goldcardtool/.
Note: Does not work for Aria but made here since at the time it wasn't tested.
Thanks ECEXCURSION for the link.
Very interesting, thanks for the guide! I don't need a GoldCard, but it's interesting to read none the less.
Just found this in that thread. Someone made a stand-alone PC application to generate GoldCards: http://android.modaco.com/content/software/308798/pc-application-goldcardtool/
theonew said:
This guide tells you how to create a goldcard very easily giving you the ability to flash custom rom and root again. Guide found here: http://android.modaco.com/content/general-discussion/305672/creating-a-goldcard/. Please post your results.
Click to expand...
Click to collapse
Did you actually try this yourself?
Making a gold card won't help you root the Aria.
drumist said:
Making a gold card won't help you root the Aria.
Click to expand...
Click to collapse
Didn't think so but I tried it anyway. Created the gold card but the RUU failed when it tried to write the hboot.
drumist said:
Making a gold card won't help you root the Aria.
Click to expand...
Click to collapse
Oh.. Thought that was the purpose of a goldcard.
My mistake.
What is it that's holding one back from writing to the hboot?
m a r k said:
What is it that's holding one back from writing to the hboot?
Click to expand...
Click to collapse
HTC implemented a new hboot in the latest official 2.2.2 update for the Aria. The new hboot version is 1.0.2.0000. This hboot can not be overwritten by flashing back to the original RUU. The new hboot also fixed the exploit that was used to root the Aria previously.
To date the Aria with the new hboot is un-rootable without hardware.
m a r k said:
What is it that's holding one back from writing to the hboot?
Click to expand...
Click to collapse
HTC devices have a security flag that allows the phone's NAND memory to be written to. This is referred to as the S-ON/S-OFF flag. In order for the NAND memory which houses the HBOOT loader and ROM to be written to, the security flag needs to be OFF. The HBOOT loader can control this flag and when an official HTC signed RUU is used, the HBOOT loader will turn the flag OFF and allow the RUU contents to be written to the NAND memory.
Previous versions of the HBOOT had an exploit in it that allowed rooting and installing a custom recovery, i.e. ClockworkMod and this is how custom ROMs were installed. The current HBOOT version no longer has this exploit available via software. The only way a new HBOOT or Recovery module can be written to the Aria is if the security flag is turned OFF and as of now the only way to do that is to use the XTC Clip device.
tpbklake said:
HTC devices have a security flag that allows the phone's NAND memory to be written to. This is referred to as the S-ON/S-OFF flag. In order for the NAND memory which houses the HBOOT loader and ROM to be written to, the security flag needs to be OFF. The HBOOT loader can control this flag and when an official HTC signed RUU is used, the HBOOT loader will turn the flag OFF and allow the RUU contents to be written to the NAND memory.
Previous versions of the HBOOT had an exploit in it that allowed rooting and installing a custom recovery, i.e. ClockworkMod and this is how custom ROMs were installed. The current HBOOT version no longer has this exploit available via software. The only way a new HBOOT or Recovery module can be written to the Aria is if the security flag is turned OFF and as of now the only way to do that is to use the XTC Clip device.
Click to expand...
Click to collapse
Well done - nice summary of the situation.
I have rooted the updated Aria with my XTC clip. There is a guy that frequents the IRC channel in my thread who has a cell phone store and an XTC clip. I've coached him through a couple of updated Aria roots and he's competent to do the job. He won't charge much, and whoever wants him to do the work will have to pay a modest fee plus return shipping. All he would need is the device - no case, no batter cover, no battery, no sim, no sdcard, no cables - no box. This makes shipping in a small padded envelope via USPS cheap - even insured.
Anyone interested should stop by the IRC channel in my sig.
OP: please update post #1 so a lot of people don't spin their wheels on that process - it's futile.
tpbklake said:
HTC devices have a security flag that allows the phone's NAND memory to be written to. This is referred to as the S-ON/S-OFF flag. In order for the NAND memory which houses the HBOOT loader and ROM to be written to, the security flag needs to be OFF. The HBOOT loader can control this flag and when an official HTC signed RUU is used, the HBOOT loader will turn the flag OFF and allow the RUU contents to be written to the NAND memory.
Previous versions of the HBOOT had an exploit in it that allowed rooting and installing a custom recovery, i.e. ClockworkMod and this is how custom ROMs were installed. The current HBOOT version no longer has this exploit available via software. The only way a new HBOOT or Recovery module can be written to the Aria is if the security flag is turned OFF and as of now the only way to do that is to use the XTC Clip device.
Click to expand...
Click to collapse
After I went through the AlphaRev flashing process, I learned the truth of the previous HBOOT's exploit is that it let you gain temporary NAND unlock.
While it's unlocked and once you got temporary root permission from, for example, the famous RageAgainstTheCage, then you are allowed to put su and SuperUser.apk to your system partition to gain permanent root permission, and flash recovery image to recovery partition as well.
The above is basically how Unrevoked works, imo. As for AlphaRev, it needs your device to be rooted already. It gets temporary NAND unlock first, then flashes and runs a boot image with a NAND module that would add some extra partitions, including HBOOT of course, to the MTD table in order to flash an hacked HBOOT/SPL into your device.
The new 1.x HBOOT has that exploit patched, both Unrevoked and AlphaRev won't work anymore. This thread I found might be the last hope that doesn't involve XTC Clip:
How-To [Root] The myTouch 3GS if you updated to Offical 2.2.1 and lost root
ladios said:
After I went through the AlphaRev flashing process, I learned the truth of the previous HBOOT's exploit is that it let you gain temporary NAND unlock.
While it's unlocked and once you got temporary root permission from, for example, the famous RageAgainstTheCage, then you are allowed to put su and SuperUser.apk to your system partition to gain permanent root permission, and flash recovery image to recovery partition as well.
The above is basically how Unrevoked works, imo. As for AlphaRev, it needs your device to be rooted already. It gets temporary NAND unlock first, then flashes and runs a boot image with a NAND module that would add some extra partitions, including HBOOT of course, to the MTD table in order to flash an hacked HBOOT/SPL into your device.
The new 1.x HBOOT has that exploit patched, both Unrevoked and AlphaRev won't work anymore. This thread I found might be the last hope that doesn't involve XTC Clip:
How-To [Root] The myTouch 3GS if you updated to Offical 2.2.1 and lost root
Click to expand...
Click to collapse
The problem with this solution is it requires an HTC engineering hboot. Here is a thread posted by ATTN1 when the Aria was first released stating that a Liberty eng-hboot doesn't exist:
http://forum.xda-developers.com/showpost.php?p=6910622&postcount=12
tpbklake said:
The problem with this solution is it requires an HTC engineering hboot. Here is a thread posted by ATTN1 when the Aria was first released stating that a Liberty eng-hboot doesn't exist:
http://forum.xda-developers.com/showpost.php?p=6910622&postcount=12
Click to expand...
Click to collapse
It's worth to try. I don't think anyone has tried this on Aria before. Previously we just tried to install an old RUU with gold card hoping the hboot would be downgraded, but this is different.
Step 5-6, hboot installs LIBEIMG.zip. We can extract the rom.zip from RUU and rename it.
Step 7-9, DO NOT REBOOT and get into stock recovery. These must be the key if this happens to work.
Step 10, apply update.zip which is a clockworkmod flashable zip.
Again, it's worth to try, as they got this work on stock 2.2.1 espresso with hboot 1.x. We just need to make an MISC.img to let people try.
ladios said:
It's worth to try. I don't think anyone has tried this on Aria before. Previously we just tried to install an old RUU with gold card hoping the hboot would be downgraded, but this is different.
Step 5-6, hboot installs LIBEIMG.zip. We can extract the rom.zip from RUU and rename it.
Step 7-9, DO NOT REBOOT and get into stock recovery. These must be the key if this happens to work.
Step 10, apply update.zip which is a clockworkmod flashable zip.
Again, it's worth to try, as they got this work on stock 2.2.1 espresso with hboot 1.x. We just need to make an MISC.img to let people try.
Click to expand...
Click to collapse
Sign me up...it's worth a shot.
Sorry for the double post.
I did the following:
Created a gold card.
Obtained update.zip(clockwork).
Extracted rom.zip from the original 2.1 RUU.
Downloaded superoneclick v1.9.1.
Put update.zip and rom.zip on the gold card.
Unmounted the goldcard.
Ran superoneclick and got success on shell root.
Used adb shell and poked around.
My question:
How do we get around not having the engineering recovery package for the Aria?
Im keeping my eye on what happens here.
A$$h4t said:
Sorry for the double post.
I did the following:
Created a gold card.
Obtained update.zip(clockwork).
Extracted rom.zip from the original 2.1 RUU.
Downloaded superoneclick v1.9.1.
Put update.zip and rom.zip on the gold card.
Unmounted the goldcard.
Ran superoneclick and got success on shell root.
Used adb shell and poked around.
My question:
How do we get around not having the engineering recovery package for the Aria?
Click to expand...
Click to collapse
I did a little research about the mtd0.img that was mentioned in the referenced thread and found some posts about creating a mtd0.img (misc.img) for the HTC Desire. There is even a web site that lets you input the appropriate values from your phone and it generates one for you. Don't know if it will work on the Aria, but it may be a place to start. Just Google HTC+Desire mtd0.img and you'll find the various posts. That would be the misc.img that ladios mentioned.
tpbklake said:
I did a little research about the mtd0.img that was mentioned in the referenced thread and found some posts about creating a mtd0.img (misc.img) for the HTC Desire. There is even a web site that lets you input the appropriate values from your phone and it generates one for you. Don't know if it will work on the Aria, but it may be a place to start. Just Google HTC+Desire mtd0.img and you'll find the various posts. That would be the misc.img that ladios mentioned.
Click to expand...
Click to collapse
I'm unclear on this as I thought the CID was much longer than 8 characters yet the image creator only requires 8.
A$$h4t said:
I'm unclear on this as I thought the CID was much longer than 8 characters yet the image creator only requires 8.
Click to expand...
Click to collapse
We can use hex editor to make our own.
Open android-info.txt extracted from the rom.zip you are using
On the line begin with "cidnum: ", there's an 8-character CID number, copy that
On the line begin with "mainver: ", that's the rom version, eg. 1.35.707.5, then 707 would be the rom's region code
Use a hex editor to open mtd0.img extracted from espresso-eng.zip
At 0x0000, overwrite the CID number with the one you found in android-info.txt
At 0x00A0, overwrite the version number with 1.01.XXX.1 where XXX is the region code, eg. 1.01.707.1
Save and use it
To whom who also want to try, please use the files in this post and follow the instructions in How-To [Root] The myTouch 3GS if you updated to Offical 2.2.1 and lost root.
Liberty version of needed files:
(1) Engineering package: liberty-eng.zip is attached.
(4) Stock firmware: Download LIBEIMG_Liberty_hTC_Asia_WWE_1.35.707.5_Radio_47.41.35.10_7.09.35.13_release_138500_signed.zip and rename it to LIBEIMG.zip
(5) ClockworkMod Recovery: Download recovery-clockwork-2.5.0.7-liberty.zip and rename it to update.zip​
Related
Paul released Visionary R14 "with r/w"
I used it on a fresh S-ON stock ROM and it roots OK, I tick "mount r/w" and seems OK
Then I boot to bootloader and I see "S-ON", BUT I CAN enter Clockwork and flash my nandroid back
Has somebody else tested it ??
With r/w achieved, seems S-OFF will not be necessary anymore ??
This will save many noobs from bricking their phones
OOpen for discussion
gtrab said:
Paul released Visionary R14 "with r/w"
I used it on a fresh S-ON stock ROM and it roots OK, I tick "mount r/w" and seems OK
Then I boot to bootloader and I see "S-ON", BUT I CAN enter Clockwork and flash my nandroid back
Has somebody else tested it ??
With r/w achieved, seems S-OFF will not be necessary anymore ??
This will save many noobs from bricking their phones
OOpen for discussion
Click to expand...
Click to collapse
Weird.
I'd prefer S-OFF though. Dunno why, just an engineering hboot seems better to me. Like the splash screens. And stuff.
so I can use visionary now instead of S-OFF and install roms and all is that the case?
Problem is you need S-OFF to flash clockwork,
so as long as the ROM you flash doesn't contain a recovery...
That's why this thread is up for discussion, I'd like to hear comments and experiences.
I'd stick to S-OFF in the mean time.
gtrab said:
Problem is you need S-OFF to flash clockwork,
Click to expand...
Click to collapse
...but when you first install the ENG HBOOT you flash it at this point (via dd) - so is the recovery partition not writable but the HBOOT is?
I just do not get the difference between temp root, and then enabling temproot on boot, and permanent root.
I mean if you temp root and then enable temproot on boot, the device will be root every time, so why should you perm root?
Can anyone answer me?
Thanks in advance
buzmay said:
I just do not get the difference between temp root, and then enabling temproot on boot, and permanent root.
I mean if you temp root and then enable temproot on boot, the device will be root every time, so why should you perm root?
Can anyone answer me?
Click to expand...
Click to collapse
I'm sure someone else will have a better answer, but from my own point of view, with the temp root, you haven't properly rooted it really. The phone effectively hasn't been rooted, but you're rooting it specifically every time you boot up, because any writes to the system aren't being saved in permanent storage, only in cache memory (lost when shut down). What if something goes wrong with that process ?
Seems to me it's much better to have the rooting actually written to the phone's permanent storage (NAND).
steviewevie said:
I'm sure someone else will have a better answer, but from my own point of view, with the temp root, you haven't properly rooted it really. The phone effectively hasn't been rooted, but you're rooting it specifically every time you boot up, because any writes to the system aren't being saved in permanent storage, only in cache memory (lost when shut down). What if something goes wrong with that process ?
Seems to me it's much better to have the rooting actually written to the phone's permanent storage (NAND).
Click to expand...
Click to collapse
Thanks for the answer, what if something goes wrong? isn't this method currently the safest?
I was just wonder, because I would like to root my desire z but seems to be quite unstable still with the methods availble, and until there is no ROM that supports A2SD then I do not see a reason for either perm root or S-Off.
So that is why I was wondering.
Gtrab, I've updated to version Visionary r14 and then enabled the new option for R/W, restarted and I still have S-OFF and the ClockWorkMod.
I use root explorer to make changes to the /system partition, it allows to mount it r/w so I think I'm going to disable this on boot option for security...
Have you flashed the stock hboot earlier or did some changes/testing prior the update of this program?
EDIT: here's the link of the Visionary app thread with the description, maybe it can answer some questions.
http://android.modaco.com/content/h...m/322658/19-nov-r14-visionary-one-click-root/
zuachs said:
Gtrab, I've updated to version Visionary r14 and then enabled the new option for R/W, restarted and I still have S-OFF and the ClockWorkMod.
I use root explorer to make changes to the /system partition, it allows to mount it r/w so I think I'm going to disable this on boot option for security...
Have you flashed the stock hboot earlier or did some changes/testing prior the update of this program?
EDIT: here's the link of the Visionary app thread with the description, maybe it can answer some questions.
http://android.modaco.com/content/h...m/322658/19-nov-r14-visionary-one-click-root/
Click to expand...
Click to collapse
I've tested tons of combinations, but yes I did as you say:
Flahsed a fresh untouched ROM from my version's RUU, this turned S-ON and lost root.
Then used Visionary 14 to temp root-> perm root with r/w ticked.
After reboot, I had root and was able to mount r/w on demand, but was unable to install ClockworkMod (CWM) from the ROM Manager app because I was S-ON (obviously because visionary r14 doesn't have engineering hboot).
I think CWM is priceless, so I installed the eng hboot again to go S-OFF.
If you check koush's (ROM Manager) thread, he states CWM requires S-OFF
http://forum.xda-developers.com/showthread.php?t=834731
gtrab said:
I've tested tons of combinations, but yes I did as you say:
Flahsed a fresh untouched ROM from my version's RUU, this turned S-ON and lost root.
Then used Visionary 14 to temp root-> perm root with r/w ticked.
After reboot, I had root and was able to mount r/w on demand, but was unable to install ClockworkMod (CWM) from the ROM Manager app because I was S-ON (obviously because visionary r14 doesn't have engineering hboot).
I think CWM is priceless, so I installed the eng hboot again to go S-OFF.
If you check koush's (ROM Manager) thread, he states CWM requires S-OFF
http://forum.xda-developers.com/showthread.php?t=834731
Click to expand...
Click to collapse
Yes it was the problem, I'm glad it's working for you! I agree with you regarding the CWM
gtrab said:
I've tested tons of combinations, but yes I did as you say:
Flahsed a fresh untouched ROM from my version's RUU, this turned S-ON and lost root.
Then used Visionary 14 to temp root-> perm root with r/w ticked.
After reboot, I had root and was able to mount r/w on demand, but was unable to install ClockworkMod (CWM) from the ROM Manager app because I was S-ON (obviously because visionary r14 doesn't have engineering hboot).
I think CWM is priceless, so I installed the eng hboot again to go S-OFF.
If you check koush's (ROM Manager) thread, he states CWM requires S-OFF
http://forum.xda-developers.com/showthread.php?t=834731
Click to expand...
Click to collapse
Since your guides are so amazing Do you think you can make a dummy one for how to loose root and S-Off, more specifically where to get the stock RUUs and how to flash them?
Do you get them from shipped-roms.com or where?
I just want to be sure in case of having to return back the device.
Thanks in advance
gtrab said:
If you check koush's (ROM Manager) thread, he states CWM requires S-OFF
http://forum.xda-developers.com/showthread.php?t=834731
Click to expand...
Click to collapse
I don't understand why though - if you can flash to the HBOOT partition why can't you flash to the recovery partition?
You can. You'd need to use the wpthis thing before using clockwork. Think I'd prefer S-OFF though.
Sent from a Pulse. Yes, a Pulse.
DanWilson said:
You can. You'd need to use the wpthis thing before using clockwork. Think I'd prefer S-OFF though.
Click to expand...
Click to collapse
OK so Visionary will temproot and then insmod wpthis... So theoretically you could then (without rebooting) run Rom Manager and it could flash ClockworkRecovery, which itself has been modified to include wpthis so you wouldn't need to flash HBOOT?
I know some would prefer to have S-OFF in the HBOOT, but if you're not fussed or don't want to take the risk then the above could be an option... if my understanding's right!?
DanWilson said:
You can. You'd need to use the wpthis thing before using clockwork. Think I'd prefer S-OFF though.
Sent from a Pulse. Yes, a Pulse.
Click to expand...
Click to collapse
What is wpthis??
buzmay said:
What is wpthis??
Click to expand...
Click to collapse
The module that turns off the write protection on the internal NAND storage. See the sticky threads on rooting for more details.
mamoulian666 said:
OK so Visionary will temproot and then insmod wpthis... So theoretically you could then (without rebooting) run Rom Manager and it could flash ClockworkRecovery, which itself has been modified to include wpthis so you wouldn't need to flash HBOOT?
I know some would prefer to have S-OFF in the HBOOT, but if you're not fussed or don't want to take the risk then the above could be an option... if my understanding's right!?
Click to expand...
Click to collapse
the wpthis ("write protect this") effect is temporary since a reboot will delete it and restore stock values
theoretically speaking, you could insmod wpthis and then tell ROM Manager to install CWM
buzmay said:
Since your guides are so amazing Do you think you can make a dummy one for how to loose root and S-Off, more specifically where to get the stock RUUs and how to flash them?
Do you get them from shipped-roms.com or where?
I just want to be sure in case of having to return back the device.
Thanks in advance
Click to expand...
Click to collapse
I've been updating the FAQs day after day,
I think all of your requirements are already there (flashing from RUU, getting the RUUs, how to go back from root and S-OFF, etc. It's all in the FAQ.
Where do I get 'em ?? The Desire Z Android Development forum has several RUUs listed, these are the only ones I am aware of.
A specific link to a specific RUU ?? Not a good idea:
I could link them on the tutorial, but newer ones will always pop up and links will get obsolete, people will get confused.
Thats why I btter state "check the forum for currnt / latest available RUUs".
gtrab said:
I've been updating the FAQs day after day,
I think all of your requirements are already there (flashing from RUU, getting the RUUs, how to go back from root and S-OFF, etc. It's all in the FAQ.
Where do I get 'em ?? The Desire Z Android Development forum has several RUUs listed, these are the only ones I am aware of.
A specific link to a specific RUU ?? Not a good idea:
I could link them on the tutorial, but newer ones will always pop up and links will get obsolete, people will get confused.
Thats why I btter state "check the forum for currnt / latest available RUUs".
Click to expand...
Click to collapse
Could you having s-off and of course perm root, to come back to stock rom could you copy the PC10img to the root of the sdcard and enter into bootloader? will that work?
Thanks a lot in advance
Please help, I'm trying to root so I can run netflix on mt4g, almost there (i think)
Tysvm2: the folks that wrote: the true root article @
http://forum.xda-developers.com/showthread.php?t=858996
I am trying to flash a custom recovery and rom (hoping to do: panache or CM7 and twrp recovery
(PG86IMG.zip) My end goal is to run netflix app on htc glacier)
I have succeeded in setting up ADB/SDK drivers, etc.
On hboot i see: S=off
I am having a PROBLEM with TRUE ROOT gfree method
At step 12. It says:
"If this is the first time you have rooted your device you will need to run visionary again (temproot w/set system r/w after root checked and then attempt permroot) to make root privileges permanent and then reboot again. Now "su" should work properly for you."
I've run into a problem :
I restarted in hboot and I see s=off but when I try to open terminal:
It reads:
$ export PATH=/data/local/bin:$PATH
$su
PERMISSION DENIED
I tried to run temproot and permroot on visionary + R14 to "seal the deal" & move onto install of the engineering bootloader
It appears I am stuck in between temproot and perm root won't stick for some reason ...
FYI: all sorts of apps force closed immediately after reboot after I ran the reboot it says s=off and has bootloader version 0.86.0000
I just did:
1. a factory reset from hboot
2. Reinstalled visionary + R14
3. And ... astro file manager, terminal emulator app and easy installer, etc
4. i have all the files that the TRUE ROOT thread reccomended but terminal emulator says permission denied when I type: su
PERMISSION DENIED
It looks to me like visionary Is not properly establishing temp root or perm root after s=off.
Suggestions please.
thank you,
CP
HTC GLACIER
s=off
bootloader version 0.86.0000
also: HTC DREAM aka Tmobile g1 rooted with cyanogen old school
Ps: I'm new to the forum culture and I want to be sure to be respectful and post properly; if this is not a proper place for this kind of question please redirect me patiently
Try the older verson of Visionary. R11 I believe. This has come up before and it has worked for other people.
If you have already received the OTA, use Gingerbreak or fre3vo method for temp root instead of Visionary.
I suggest to flash engineering bootloader ASAP, it'll save you the question next time, by allowing to flash custom recovery (thus enabling root by flashing any su.zip package) at any time, independent of the ROM.
I got a replacement phone, and this is what I had to do...
1. Install Visionary r14 and Terminal Emulator
2. Download gfree file and move to phone
3. Temproot (with r/w switched on), then su on TE, then run gfree*
4. Reboot and validate S=OFF
5. Temproot again (with r/w switched on), then click on Permroot
Hi Thank you for your reply, I tried visionary r11 but when I installed it would not run (perhaps i installed the wrong one) my easy install app read it as visionary 1.0 is that the same as R11?
Thank you for your reply but i tried this:
http://forum.xda-developers.com/showthread.php?t=1030119
from Shaddy-Z.(10th April 2011, 01:35 PM) <- thank you Shaddy
"
http://forum.xda-developers.com/show...&postcount=899
It's the last download link."
But my easy install app calls it visionary 1.0 (is that the same as R11?) And it did not work ... it won't even open up, can you tell me do you have any experience with:
Jack R_1's suggestion: "If you have already received the OTA, use Gingerbreak or fre3vo method for temp root instead of Visionary."
What are benefits of gingerbreak vs. fre3vo? I just want to be sure to be careful so as to not brick my baby.
If you already have Radio S-OFF, have you tried flashing custom recovery via fastboot flash recovery? Or does your bootloader version not allow that?
Also try this post:
http://forum.xda-developers.com/showpost.php?p=15943010&postcount=6
I only know about gingerbreak not the other one, it will use a new exploit to gain perm root under gingerbread. But if you have the new OTA that's gingerbread 2.3.4 I think it won't work. Others have upgraded to the new OTA and can't root again, why? Since a new Radio and I think SPL are in this new OTA. And HTC has used a new security method to prevent such things as rooting.
Check this thread
http://forum.xda-developers.com/showthread.php?t=1174344
Flash the .85 engineering bootloader with adb and then clockworkmod from fastboot. You then can use the rooted nandroid backup in rom Bible (if you want to stay stock). Once you do that happy flashing. If you need any help pm me
Sent from my Google Nexus 12! yup I'm from the future
mark manning said:
Flash the .85 engineering bootloader with adb and then clockworkmod from fastboot. You then can use the rooted nandroid backup in rom Bible (if you want to stay stock). Once you do that happy flashing. If you need any help pm me
Sent from my Google Nexus 12! yup I'm from the future
Click to expand...
Click to collapse
Are you sure this holds true for users with newest OTA?
Ace42 said:
Are you sure this holds true for users with newest OTA?
Click to expand...
Click to collapse
As long as he has s-off it will.
Sent from my Google Nexus 12! yup I'm from the future
Ace42 said:
Are you sure this holds true for users with newest OTA?
Click to expand...
Click to collapse
Wait, he can't gain even temp root huh. NM your sol until a dev figures out how to root the gingerbread rom.
Its kind of a long shot. Since you have s-off you can try using the PD15IMG.ZIP from hboot and root the froyo rom. Not sure if that will work or not
Sent from my Google Nexus 12! yup I'm from the future
mark manning said:
Wait, he can't gain even temp root huh. NM your sol until a dev figures out how to root the gingerbread rom.
Its kind of a long shot. Since you have s-off you can try using the PD15IMG.ZIP from hboot and root the froyo rom. Not sure if that will work or not
Sent from my Google Nexus 12! yup I'm from the future
Click to expand...
Click to collapse
I'm using MIUI, I was asking cause I have a friend who's stuck on the new OTA since they accidentally flashed the non-rooted version of the OTA, probably since all of them had the same title and he didn't read...
Okay let me ask this: What about packing an unsigned PD15IMG.zip with ENG HBOOT and/or ClockworkMod Recovery and nothing else inside it? If you have Radio S-OFF, this image should be accepted by the bootloader and give you a route back to root.
I don't know if such a .zip has been made yet for the MT4G but it's not impossible. It's been done for the S-OFF Sensation:
http://forum.xda-developers.com/showthread.php?t=1122053
See "ENG Hboot" - there is a PG58IMG.zip file there, and there is another under "Here is the download link to recovery".
Again this thread has nothing to do with the MT4G but it's the same principle.
So... if there is anyone out there who knows how to pack a PD15IMG.zip for a Radio S-OFF device, please speak up and help out the OP!
Interesting, I think all you need to do is replace the file inside of zip but not totally sure.
Sent from my Google Nexus 12! yup I'm from the future
What I don't know is if the zip has to be constructed in some particular way to be accepted as valid, even with S-OFF. But yeah, there should be a way to flash CWM to the S-OFF bootloader.
Sent from my Nexus One using Tapatalk
Thank you but I don't know what that is exactly.
Ru suggesting I restart holding down on volume and select recovery from hboot?
Sent from my HTC Glacier using XDA App
crouchingpossum said:
Thank you but I don't know what that is exactly.
Ru suggesting I restart holding down on volume and select recovery from hboot?
Sent from my HTC Glacier using XDA App
Click to expand...
Click to collapse
No not yet, gonna try to figure something out for you tomorrow. Be patient please
Sent from my Google Nexus 12! yup I'm from the future
Are you on 2.2.1 or are you on 2.3.?
Okay I'm just poking around blindly in the dark here... I'm not a developer, just a script tinkerer... but if you're brave enough...
I grabbed one of the PD15IMG.zip radio files from the Dev section just to obtain the proper android-info.txt file. Then I created a new zip containing only:
- android-info.txt
- CWM version 3.0.2.4 for Glacier, in .img format, renamed to recovery.img
I've attached it here. Rename it to PD15IMG.zip, put it on the root of your SD, and try booting into HBOOT and see if it prompts you to install the zip. If so, does it succeed?
If yes, then try booting into recovery. Do you get Clockwork?
If it does not succeed, please report any error messages.
I highly doubt this can damage your phone because your ROM is still bootable and your bootloader still works, so the worst you could get is a bad recovery that you have to fix up. But I hold no liability for anything that gets borked
I was looking for an alternative method to flash a new radio on my HTC DHD, because I cannot connect my DHD anymore to the pc. It will only charge my phone. Even in the bootloader my pc doesn't recognize my phone. This is due a hardware problem that recently occured on my phone I think, but i still wanted to upgrade my radio with the newest version.
So I searched for an other method, instead of the fastboot one, but didn't found a lot of info. Only that I needed a flashable zip file with the name PD98IMG.zip. Normally you flash the whole phone with that file, but I only wanted to flash the radio.
Then I discovered that inside the PD98IMG.zip file the radio.img and the android-info.txt files are in it. So I decided to delete all the other files in the zipfile. I placed the edited PD98IMG.zip file on the root of my SD card and started my phone in the bootloader. Now the bootloader asked me to update and I did that. The update went fine and now my radio is up to date!!
I don't know if this method is save or not, and that you need S-OFF and ENG-OFF, but I have both so that wasn't a problem for me.
This method is very interesting
Thank you for having shared.
Totally safe.
Sent from my Motorola Startac running Atari 2600 software!
http://forum.xda-developers.com/showthread.php?t=1054304
Hope this helps.
Sent from my Desire HD using Tapatalk
lauw8 said:
I was looking for an alternative method to flash a new radio on my HTC DHD, because I cannot connect my DHD anymore to the pc. It will only charge my phone. Even in the bootloader my pc doesn't recognize my phone. This is due a hardware problem that recently occured on my phone I think, but i still wanted to upgrade my radio with the newest version.
So I searched for an other method, instead of the fastboot one, but didn't found a lot of info. Only that I needed a flashable zip file with the name PD98IMG.zip. Normally you flash the whole phone with that file, but I only wanted to flash the radio.
Then I discovered that inside the PD98IMG.zip file the radio.img and the android-info.txt files are in it. So I decided to delete all the other files in the zipfile. I placed the edited PD98IMG.zip file on the root of my SD card and started my phone in the bootloader. Now the bootloader asked me to update and I did that. The update went fine and now my radio is up to date!!
I don't know if this method is save or not, and that you need S-OFF and ENG-OFF, but I have both so that wasn't a problem for me.
Click to expand...
Click to collapse
You need only S-OFF (Signature OFF).
With s-off the bootloader doesn't control the signature of the zip file, so it flash it without problem.
I always flash radio with this method, and you can downgrade always without any procedure, just put PD98IMG.zip in the root of sd card and reboot in bootloader
is this method working if i have already ENG S-OFF ?
L00n said:
is this method working if i have already ENG S-OFF ?
Click to expand...
Click to collapse
Yes, it works.
Hi about 10 months ago I rooted my Wildfire with no problems using Turkeys ultimate guide from these forums.
I have got apps to sd, live wallpapers running, and all is good. However my phone is still S-on and the H Boot version is 0.80.0002.
When I was playing around with the settings in SetCPU it informed me that the binary was out of date and to update it, but when i tried it would not update as the phone is still S-on.
My question is can I S-off using Revolutionary as it is already rooted? Obviously I will back up using clockworkmod, but if I s-off the phone are there any obvious advantages apart from being able to update the binary in SetCPU?
Thanks
Are you talking about an outdated Superuser Binary? If so, you can download the latest binary here:
http://tinyurl.com/63tsg9c
And simply flash it in Clockworkmod Recovery. This will give you the updated binary and SetCPU should work fine again.
If you have to get S-OFF, then, you will have to apply the official Froyo RUU and update your HBoot to 1.01.0001 because Revolutionary doesn't support any other HBoots, including 0.80.x. Advantages include a writeable /system partition (Which enables you copy paste stuff in the /system folder on a running handset, one case in point is precisely what you described. This will allow updating of the binary), and the other advantage is enabling of Fastboot commands, which allows you to flash stuff like radio's, recoveries, nandroid backups etc directly to the phone without using Clockworkmod Recovery.
Tl;dr - You will have to completely format your device, install official Froyo, and only then can you obtain S-OFF
And simply flash it in Clockworkmod Recovery.
When you say simply flash it in Clockworkmod recovery, what do you mean? And when you say apply the official Froyo RUU and update the HBoot how can I do that as I am running Wildpuzzle ROM at the moment and it says there are no updates available, so can you explain in simple terms what steps to take?
Thanks
Flash in Clockworkmod Recovery - Same way as you installed your WildPuzzle ROM ZIP file. Turn off phone, start using Vol Down + Power, then navigate to RECOVERY, Press Power Button. Here, select "Install Zip from SDCard", then browse to "Select Zip from SDCard", and select the Zip file I linked above.
This entire process is called "flashing".
If you are still interested in getting S-OFF:
- Download the EXE WWE Froyo 2.22.405.1 RUU from here:
http://shipped-roms.com/index.php?category=android&model=Buzz
- Connect your Wildfire to your PC, run it. It will automatically proceed and perform the required steps.
- If you get s Customer ID 131, you will need to create a Goldcard using your SDCard. This an be done using GoldcardTool. The required steps and download can be found here:
http://android.modaco.com/topic/308798-pc-application-goldcardtool/
IMO, I would not recommend you to go for S-OFF since it doesn't seem you are too much inclined to stuff like these (It is not a necessity. Besides, once /system is writeable, it is a two edged sword. Messing something up there will likely cause your phone to not boot). Further, it breaks certain functions on Sense ROMs which needs an additional fix found here:
http://forum.xda-developers.com/showthread.php?t=1156713
hey man, you could also try the test version of unrevoked 3.2 and run that to s off your phone. it works on your h-boot ( i know as i have the same)
since i am new the forum wont let me post the link, its to sstop spamming :/ just search for unrevoked test 3.2 ( it has to be test 3.2 because the others wont work on the hboot to my knowlege. :/)
just download the program and run it and it should do it with no hassle.
good luck
heavy_metal_man said:
hey man, you could also try the test version of unrevoked 3.2 and run that to s off your phone. it works on your h-boot ( i know as i have the same)
Click to expand...
Click to collapse
That's totally incorrect. Rooting with Unrevoked =/= S-OFF. Besides, on the very first line the OP says he has rooted his phone using Unrevoked.
ah, sorry about that i was looking at unrevoked forever :/ just ignore me ........
Hello all.. I am tryin to install the engineering bootloader and the file I need from the wiki page is not there anymore. Does anyone know where I can obtain a true copy of it. I d/l one and its not right, the md5sum was incorrect. It should be md5sum: df4fd77f44993eb05a4732210d2eddc6. Thanks if you can help. Im just trying to be thorough as i am learning all this. I have it rooted with s=off but I want to install eng. bl ....Thanks
**It is for MyTouch 4g**
Use this. Its the eng h-boot and clockworkmod recovery.
https://rapidshare.com/#!download|...|3930|R~C053B71776B49869847E4E328CF8DEC4|0|0
I got it from one of the stickies in the dev section.
Also, I have 2 Mt4g. One of the has the bootloader unlocked via HTCdev. I keep trying to flash a Stock 2.2.1 rom to it so I can do the Perma Root method on it. I have a custom rom on it currently, but it has s=on. Now the other one was stock 2.3.4 and I just got finished rooting it, for practice. Now back to the one with the bootloader unlocked by HTC, will traditional methods still work on it? I cant seem to get the adb/fastboot method to install the 2.2.1 rom on it. what would you recommend I do to get s=off on it if Im bent on doing it?
jjbadd385 said:
Also, I have 2 Mt4g. One of the has the bootloader unlocked via HTCdev. I keep trying to flash a Stock 2.2.1 rom to it so I can do the Perma Root method on it. I have a custom rom on it currently, but it has s=on. Now the other one was stock 2.3.4 and I just got finished rooting it, for practice. Now back to the one with the bootloader unlocked by HTC, will traditional methods still work on it? I cant seem to get the adb/fastboot method to install the 2.2.1 rom on it. what would you recommend I do to get s=off on it if Im bent on doing it?
Click to expand...
Click to collapse
I know NOTHING about the unlocked bootloader, so forgive me. Will flashing the froyo PD15IMG.zip from bootloader not replace your bootloader with the stock S-On bootloader that the rooting w S-Off guides are written for? Or has HTC figured out some way to bone you on that?
PD15IMG method of downgrading should take you to the older OS.
It won't necessarily take you to the older bootloader.
Not sure that being on the older bootloader is required for gfree to work. The older OS is indeed required.
Ok I'll tell you what I did this morning. I read a bunch last night. I am trying desperately to grasp & understand things. Its just there are so many different ways to acheive what I want to accomplish. Im doing this in small goals. My goal at this point is to get this MT4G, that is bootloader unlocked by HTC, to flash the Stock 2.2.1 Rom.But for some reason, it wont. Ive tried using my PC ADB/fastboot method, with no success. This morning I tried Recovery Clockwork, which I did wipe/factory reset, wipe cache, wipe davli cache, and then I choose the write zip from sd card, PD15IMG, and it wont do that either. I know I could be more helpful if I gave the exact errors but I forgot what they are, and at this point I am beginning to think that because its HTCdev unlocked, its not going to let me flash the 2.2.1. It does everything fine, until I attempt to flash the 2.2.1. The md5sum is ok too. If it were you, and you were running a custom ROM (ProjectMIUI 2.2.17 [R6]- UPDATED 2/21/12), and your device was HTC unlocked, but you wanted to get s=off, with engineer boot, how would you begin, and what method would YOU use? Give me some of your excellent advice for my birthday, which is today.
pdimg.zip files are flashed through the bootloader, not recovery. To do this, put zip on root of SD card power off phone hold volume down and power until bootloader appears and follow onscreen prompts.
HTC-Dev-unlocked bootloader 100% allows downgrading, because someone already did it before you. If you fail achieving it - means you're doing something wrong again and again, not realizing it. If I were you, I would think - why is it that your attempts to flash PD15IMG fail - and correct what you're doing wrong. But obviously, this excellent advice was given to you some time before your birthday, and still didn't help.
So, here's another advice:
Go download a PRE-ROOTED 2.2.1-based ROM.
Assuming you find one: flash it in recovery and flash boot.img from it separately.
Reboot to ROM.
Run gfree.
Flash Eng HBOOT.
If you don't find any 2.2.1-based ROM available, then you're out of luck. Sit down and find out what you're doing wrong that doesn't let you downgrade with PD15IMG.
Or just keep your phone as it is, and flash kernels manually, until you understand more.
Ok,I understand what you are saying. But when I put it on the root of my SD card as I have done multiple times, I pwr up in hboot, I wait on the blue progress bar, then a gold progress bar, then I get an error, I think it was "older version" if I remember correctly. There's not much I can do wrong to mess up a simple hboot flash of PD15IMG,you boot your phone up and wait ...
Sent from my HTC Glacier using Tapatalk
To avoid this error, you need to flash the MISC partition to "fool" the phone into thinking it's older than it is.
Read the downgrading guide, and since you're rooted - execute the "misc_version" part only:
> adb push misc_version /data/local/tmp/misc_version
> adb shell chmod 777 /data/local/tmp/*
> adb shell
Click to expand...
Click to collapse
If you see "$", it means you're not running in root shell. Then execute "su" and verify that you get "#" to continue.
# cd /data/local/tmp
# ./misc_version -s 1.00.000.0
Click to expand...
Click to collapse
You should see:
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...
Click to expand...
Click to collapse
Then attempt downgrading again.
Jack_R1 said:
To avoid this error, you need to flash the MISC partition to "fool" the phone into thinking it's older than it is.
Read the downgrading guide, and since you're rooted - execute the "misc_version" part only:
If you see "$", it means you're not running in root shell. Then execute "su" and verify that you get "#" to continue.
You should see:
Then attempt downgrading again.
Click to expand...
Click to collapse
Everything went well until I got to the flashing part again. I did it 2 times, one time with fastboot and i got this:
C:\adb>fastboot-windows oem rebootRUU
... OKAY
From my PC:
C:\adb>fastboot-windows flash zip StockRom.zip
sending 'zip' (319593 KB)... OKAY
writing 'zip'... INFOadopting the signature contained in this image...
INFOzip header checking...
INFOzip info parsing...
FAILED (remote: 99 unknown fail)
From my phone:
The next time, I did it in hboot from the handset and it returned an error that said "wrong zip file"
**I think I am going to be content flashing roms and the boot.img seperately until I find someone with this problem that figures it out. Besides I have another mt4g that I perm rooted s=off, so I truly feel like I have followed instructions well, since my 2nd phone worked out. Its just this one with the HTC unlocked b/l giving me problems.
Thank You for your help...
You insist on NOT following the guide, so I won't help you anymore.
FOLLOW THE DAMN GUIDE UNTIL YOU UNDERSTAND WHAT YOU'RE DOING!
Because obviously, you're doing lots of basically wrong stuff, like trying to flash a PD15IMG.ZIP by fastboot, or using fastboot oem commands.
I understand u getting frustrated, but I have followed the guide. It don't work that way either. It tells me " wrong zip file" in hboot when I do, & I know its the right one because I checked the md5sum. If its lettin me flash any Rom in CWM recovery, why can't I flash a 2.2.1 Rom in recovery? But just to let u know, I have followed the guide to the t, more than once. Sorry if u r getting frustrated but I have tried everything u told me, & thanks for helping.
Sent from my HTC Glacier using Tapatalk
Ok it says
***UNLOCKED*** (by HTCdev)
GLACIER PVT SHIP S-ON
HBOOT-0.89.0007
MICROP-0429
RADIO-26. 13.04.19_M
eMMC-boot
Dec 13 2011 21:07:39
HBOOT
FASTBOOT
RECOVERY
FACTORY RESET
SIMLOCK
IMG CRC
I do have Visionary and a stock unrooted 2.2.1 (PD15IMG). I also have Recovery CWM 5.0.2.0 and 4ext, just to let u know what resources I have. I think I have d/l everything under the sun..lol
Sent from my HTC Glacier using Tapatalk
Anglgodes19 said:
Good, now that makes it easy as I deleted my modified stock rom last year which I made specially for rooting, so lets move on...
1) Gain TempROOT via VISIONary+
2) On terminal.
adb shell [enter]
su [enter]
dd if=/dev/block/mmcblk0p17 of=/sdcard/msicold.img [enter]
3) Access /sdcard/msicold.img and open it in hex editor.
4) Find MSIC value XXX.XXX.XXX.XXX (ex: 2.09.1800.1) and change it to OTA "1.17.531.2" and save the file as msicnew.img on SDCard.
5) Now back on adb terminal:
dd if=/sdcard/miscnew.img of=/dev/block/mmcblk0p17 [enter]
sync [enter]
6) Now reboot in to bootloader and flash PD15IMG.zip as you would normally do.
Report back if you have issues or problems or can't find it in that case I suggest you upload your msicold.img and ill edit for you so you can replace it.
Click to expand...
Click to collapse
Ok I did that and opened the msicold.img in hex editor, and honestly I dont have a clue as to what i was doing, but i think i located the value and because i followed the downgrade guide, i beleive its 1.00.000.0, but i dont know how to change it. Any way i can email it to u and have u change it? my email is [email protected] if you will send me a blank email, I'll reply back with the attatched file...Thank you..
jjbadd385 said:
Ok I did that and opened the msicold.img in hex editor, and honestly I dont have a clue as to what i was doing, but i think i located the value and because i followed the downgrade guide, i beleive its 1.00.000.0, but i dont know how to change it. Any way i can email it to u and have u change it? my email is ****** if you will send me a blank email, I'll reply back with the attatched file...Thank you..
Click to expand...
Click to collapse
You may want to edit this post. Ask anyone interested in helping to PM you. Posting your email address on an open forum isn't a good idea.
estallings15 said:
You may want to edit this post. Ask anyone interested in helping to PM you. Posting your email address on an open forum isn't a good idea.
Click to expand...
Click to collapse
Wonder what happened to Anglgodes19 and all his posts? He disappeared like a theif in the night!!
1.00.000 is the correct value.
If bootloader doesn't accept PD15IMG.ZIP - it either means you're doing something wrong even though you're 100% sure you're not, or that HTC-Dev-unlocked HBOOT doesn't accept the image for downgrading, which I highly doubt.
In any case, as I wrote you, you can download and flash any 2.2.1 pre-rooted ROM, if you find one with working link, and continue the guide from there.
I don't think I can help you with anything beyond this point.
Jack_R1 said:
1.00.000 is the correct value.
If bootloader doesn't accept PD15IMG.ZIP - it either means you're doing something wrong even though you're 100% sure you're not, or that HTC-Dev-unlocked HBOOT doesn't accept the image for downgrading, which I highly doubt.
In any case, as I wrote you, you can download and flash any 2.2.1 pre-rooted ROM, if you find one with working link, and continue the guide from there.
I don't think I can help you with anything beyond this point.
Click to expand...
Click to collapse
Ok then, one last question. If I cannot get my phone to flash via hboot, Is it possible to flash the 2.2.1 rom through CWM like I am flashing other roms? Or if I flash a rooted 2.2.1 rom could I the proceed in getting s-off/ eng hboot? Or does it have to be done through hboot only with a stock rom? Or possibly a modified 2.2.1 rom that has been made to flash in recovery?
'