Database Users

[Guide] How to recover your semi-brick

YES YOU NEED TO READ THIS WHOLE POST, PROB MORE THEN ONCE TO MAKE SURE YOU GOT IT. YES I KNOW HOW LONG IT IS, I TYPED IT!
the reason i call it a semi-brick is because a true brick can bot be recovered with out opening the case.
first go here and read this for info: http://forum.xda-developers.com/showthread.php?t=838484
now since your here im going to assume that its too late.
*things you will need.
copy of cwm recovery. get it here (the manual install link): http://forum.xda-developers.com/showpost.php?p=9145724&postcount=28
adb installed and working.
a known good rom, or nandroid backup. here is one: http://forum.xda-developers.com/showthread.php?t=836042 (use odex one)
a wpthis.ko for YOUR specfic kernel (run (adb shell cat /proc/version) that will tell you what kernel you have)
*first thing we need to know is, are you s-off or s-on now?
if your s-off just boot into clockwork mod recovery, wipe the phone and flash a known good rom and be done with it. if you dont have cwm recovery installed. boot into fastboot (vol down+power) you must have the sdk/adb installed and working, and type fastboot flash recovery LocationOfRecovery.img (where LocationOfRecovery.img= where you have the recovery, ie c:\android\recovery.img). once thats installed follow instructions above.
*if you are s-on:
will the phone boot into android? if so your not bad off.
if you want to unroot to return the phone, follow the unroot thread here: http://forum.xda-developers.com/showthread.php?t=835971
if you dont want to unroot then you have a couple of different options. if you have cwm recovery still installed, just follow instructions above and flash a known good rom. ive been told that boot.img (kernel) wont flash if you are s-on. the way to fix this (temporarily) is boot into recovery, but before you flash run these commands:
(put wpthis.ko in sdk folder)
adb remount
adb push wpthis.ko /data/local/wpthis.ko (specific for your kernel)
adb shell
# insmod /data/local/wpthis.ko (should get same function not implemented error as when u rooted first time)
then proceed to flash the rom. once booted into android skip down to, "now to get back to s-off"
*if you have stock or eng-recovery installed.
will the phone attempt to boot android at all? where is it stuck at?
a good min after it starts to try to boot, type these commands:
adb remount
adb shell
if you can get in shell then theres still hope. back out shell for a second and start here:
put the cwm recovery.img and wpthis.ko in your sdk folder
adb remount
adb push wpthis.ko /data/local/wpthis.ko (specific for your kernel)
adb push recovery.img /data/local/recovery.img
adb shell
# insmod /data/local/wpthis.ko (should get same function not implemented error as when u rooted first time)
# dd if=/data/local/recovery.img of=/dev/block/mmcblk0p21 (now wait a min or 2 to give it time to finish)
#sync (give it another min or to just to be safe)
#reboot recovery
at this point you should be in cwm recovery. follow instructions above for flashing with s-on.
*if you cannot get into shell while booting, but have eng-recovery installed, there might be some options.(however this is all theory)
boot into recovery-
if you are on linux using adb, you can try taking sh from /system/bin folder of any custom rom, chmod 0755 it, then push it to /system/bin and adb shell might work.
windows-
boot into recovery.
a system.img compatible with your installed kernel pushed may work. put the system.img into the sdk folder.
adb push system.img /data/block/mmcblk0p25
then reboot and see where you are. if that dont work, grab the modified miscnew.img here: http://www.4shared.com/file/pUPfrGi-/mmcblk0p17.html
rename it misc.img put it in sdk folder and
adb push misc.img /dev/block/mmcblk0p17
then reboot into bootloader with PC10IMG.zip on root of sdcard and it should run though. if it does your fully stock and get to start all over again.
*if you cannot get into shell, and you have stock recovery, im sorry your pretty screwed. as of right now the only thing thats gonna bring it back is a full img/update signed from htc thats equal to or higher then the version currently on the phone. (well and jtag of course)
*well now you've done one of the steps above. your booted into android, you have perm root, and cwm recovery installed, just still s-on. dont worry your almost there!
first take that wpthis.ko for you kernel and push it, and the eng hboot.
adb push wpthis.ko /data/local/
adb push hboot-eng.img /data/local
then from adb shell, or terminal root prompt:
# insmod /data/local/wpthis.ko (again you should get the function not implemented error)
NOW REMEMBER THIS NEXT STEP COULD MEAN DEATH FOR YOU G2 IF TYPED WRONG, AND AFTER ALL THIS HARD WORK!
# dd if=/data/local/hboot-eng.img of=/dev/block/mmcblk0p18
wait a few mins to be sure its done.
# sync
wait a few more just cause.
reboot, you should now be s-off, cwm recovery installed, and free to do whatever you want. just dont go screwing it up again
* as new methods are discovered, or ones here are proven wrong, i will update as necessary. as of the writing post, 2 devices that i know of have been saved!
good luck!
wpthis.ko for bacon bits.03 kernel: http://www.4shared.com/file/OAcd1bix/wpthis-263221-cyanogenmod.html

[Q] 1.34 rooted and S-off.. Need to go back. How ?

So i've rooted my Desire Z with the stock rom of v. 1.34 .. I think i need to send it back for repairs since my green led is not working anymore.. But before i can do that i want to unroot the phone.. can someone here explain to me how i do it ? Im a total retard when it comes to this.. Sometimes i even wonder how the heck i managed to root the device
EDIT: Forgot to mention that i've applied a OC kernel.. !

No one ?
5char

I reckon ppl are a bit cautious in giving advice as there have been a few issues.
Lets start with which method did you use to root and s-off?

wileykat said:
I reckon ppl are a bit cautious in giving advice as there have been a few issues.
Lets start with which method did you use to root and s-off?
Click to expand...
Click to collapse
Thanks man.. Glad you want to help ..
I wanted to able to use this kernel, so i followed the suggested rooting guide from that thread.. Which i believe is this
I just want to make sure i do everything right you know

Da9L said:
So i've rooted my Desire Z with the stock rom of v. 1.34 .. I think i need to send it back for repairs since my green led is not working anymore.. But before i can do that i want to unroot the phone.. can someone here explain to me how i do it ? Im a total retard when it comes to this.. Sometimes i even wonder how the heck i managed to root the device
EDIT: Forgot to mention that i've applied a OC kernel.. !
Click to expand...
Click to collapse
Hi !
I need to know 2 things before I can help you:
1. Did you install the engineering hboot?
You can check this by booting into fastboot mode:
- Shutdown the phone
- Press and hold the touchpad-button and hold it while pressing the Power button.
-> On the screen with the surfing androids the first lines contains either SHIP or ENG. If you have ENG then you installed the engineering hboot.
2. Did you use gfree to achive radio S-OFF
You can check this by using the gfree_verify procedure - see http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#VERIFY_.28using_.22gfree_verify.22.29
if you have @secu_flag = 0 then you are radio S-OFF if @secu_flag = 1 you are radio S-ON.
Please check this and post your results, then i can post your way to go.
have fun - Guhl

guhl99 said:
Hi !
I need to know 2 things before I can help you:
1. Did you install the engineering hboot?
You can check this by booting into fastboot mode:
- Shutdown the phone
- Press and hold the touchpad-button and hold it while pressing the Power button.
-> On the screen with the surfing androids the first lines contains either SHIP or ENG. If you have ENG then you installed the engineering hboot.
2. Did you use gfree to achive radio S-OFF
You can check this by using the gfree_verify procedure - see http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#VERIFY_.28using_.22gfree_verify.22.29
if you have @secu_flag = 0 then you are radio S-OFF if @secu_flag = 1 you are radio S-ON.
Please check this and post your results, then i can post your way to go.
have fun - Guhl
Click to expand...
Click to collapse
1. Nope it shows SHIP
2. Gave me this output (My phone has allways been sim unlocked however.. Bought it without contract!)
Code:
gfree verify_cid returned:
@CID: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@SIMLOCK= 00
OK

Da9L said:
1. Nope it shows SHIP
2. Gave me this output :...
gfree verify_secu_flag returned:
@secu_flag: 0
Click to expand...
Click to collapse
!!! WARNING FOR OTHERS - DO NOT DO THIS IF YOU ARE NOT RADIO S-OFF AND HAVE THE ENGINEERING HBOOT INSTALLED !!!
OK this is good because as you don't have the eng-hboot installed we can safely flash the full stock rom and i assume that you have a custom kernel and a custom recovery installed that we need to get rid off.
Before i go into details of commands i would like to give you the principle procedure:
1. reinstall the stock firmware by copying a PC10IMG.zip to /sdcard and then boot into hboot and let it install the complete stock rom.
2. temproot again using psneuter
3. restore the backup of your partition 7 using gfree 0.4
So what we need is:
- a stock rom from here http://www.multiupload.com/GH26HXLLES
- psneuter from here http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/psneuter/psneuter.zip
- gfree 0.4 from here http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_04.zip
You need to make sure that this PC10IMG.zip really is your stock version (maybe find yours somewhere else)
1. Installing the stock rom:
connect the phone to usb.
download the file and rename it to PC10IMG.zip and put it to the root of your sdcard using:
Code:
adb push PCIMG10.zip /sdcard/
shutdown your phone.
boot into hboot by holding the <Vol-Down> key while you press <Power> to boot.
hboot (white screen with surfing androids and the word HBOOT in blue) will scan for the file PCIMG10.img and load it.
Then you can use <Vol-Up> to start the process. In the middle of the process the screen will get dark for some seconds and then it will start again -> don't panic wait until it is completely finished.
When done - reboot
2. Temp-root using psneuter:
On the phone go to Settings - Applications - Development and enable USB debugging again.
Unzip the psneuter.zip, install and execute psneuter on your phone:
Code:
adb push psneuter /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell /data/local/psneuter
3. use gfree to restore your partition 7 backup
Unzip gfree_04.zip and install it on the phone
Code:
adb push gfree /data/local/
adb shell chmod 777 /data/local/gfree
3.a When you used gfree to get radio s-off it created a backup of the partition named /sdcard/part7backup-<time>.bin (replace <time> with the time number). We will restore this file now.
Get a root shell:
Code:
adb shell
The prompt should be # now
Execute gfree to restore the backup (in the root shell) - replace <time> with your time number in the following command.
Code:
/data/local/gfree -r /sdcard/part7backup-<time>.bin
3.b Alternative: (if you don't have your partition 7 backup anymore - don't do if you did 3.a):
You need to know the CID that your phone had originaly, it could be HTC__001
Excecute gfree to set S-ON and CID:
Code:
/data/local/gfree -s on -c HTC__001
4. clean up (still in the root shell):
Code:
rm /data/local/psneuter
rm /data/local/gfree
rm /sdcard/PC10IMG.zip
So now you are back to stock.
You might want to boot to hboot again and use "FACTORY RESET" to wipe data and cache.
And you might format the micro-sd card before you return the phone.
I hope this is it (written without a phone so there might be typos)
have fun - Guhl

Wow guhl99 that is really really helpfull ! I appriciate it so much! Im gonna try it later today ..
However i dont think i got the backup of that partition.. Must have deleted by mistake for some reason
Is there anyway i can find out what CID my phone had originaly ?
EDIT: Another question.. What would happen if i just acceptet the OTA upgrade ? Wouldn't that unroot and s-on my phone ?

Da9L said:
Wow guhl99 that is really really helpfull ! I appriciate it so much! Im gonna try it later today ..
However i dont think i got the backup of that partition.. Must have deleted by mistake for some reason
Is there anyway i can find out what CID my phone had originaly ?
Click to expand...
Click to collapse
Hi !
Welcome, i think it was time to summarize this once. And as I am constantly going back to stock to test some exploits and then reroot i have some practive.
Yes there is. The CID is also stored in the first 8 bytes of partition 17 - the misc partition - (and no one knows why).
So you can to the following (in a adb root shell)
Code:
dd if=/dev/block/mmcblk0p17 bs=8 count=1 2>/dev/null
The first 8 characters of the output should be your CID (the # behind it is the prompt for the next command as you do not receive a new-line by the command above)
have fun - Guhl

Da9L said:
EDIT: Another question.. What would happen if i just acceptet the OTA upgrade ? Wouldn't that unroot and s-on my phone ?
Click to expand...
Click to collapse
Sorry I did not see this question.
It will unroot but will NOT S-ON the phone.
But something really nasty will happen:
- It will install a radio firmware version that prevents gfree from dropping the write protection of the emmc chip for the radio configuration partition 7. And because of this you are not able to set S-ON again or set your CID back (or restore your partition 7 backup).
You would then have to downgrade the firmware again to 1.34 (using a procedure that is documented in this forum) and is even more complicated. And after the downgrade (that includes installing the stock rom as i described above) you would have to continue at point 2 of my description above.
SO DO NOT ACCEPT THE OTA (it would not brick things but needs another 2 steps).
have fun - Guhl

Guhl, could you use Gfree to restore your backup (or go S-ON) first while you were still rooted? Then with S-ON, use the PC10IMG.zip to restore back to the shipping ROM (which should work, assuming the zip to be signed).
Just wondering if that extra step of temp rooting before using gfree is necessary...

ianmcquinn said:
Guhl, could you use Gfree to restore your backup (or go S-ON) first while you were still rooted? Then with S-ON, use the PC10IMG.zip to restore back to the shipping ROM (which should work, assuming the zip to be signed).
Just wondering if that extra step of temp rooting before using gfree is necessary...
Click to expand...
Click to collapse
Hi !
You are absolutely right, you could do it this way.
The reason why i always remove s-on as the last step is just to have the system and recovery partitions write enabled till the last step.
So if anything goes wrong you still have options till the end.
But if you don't need that extra security you could do it your way.
have fun - Guhl

HTC Desire HD won't boot after flash

Hello!
I have a big problem.
I might have bricked the device however the things what i can do are the following:
- Boot into recovery (clockworkmod)
- start a usb data connection with a computer (clockworkmod)
- input of the ADB commands through terminal running in the computer
What i did?
Flashed the memory with a Cyanogenmod 6.3 according to official guideline:
http://wiki.cyanogenmod.com/index.php?title=HTC_Desire_HD:_Full_Update_Guide
and took note and used most procedures from there actually:
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2
Didn't do the engineering hboot.
Everything was working. I got cyanogenmod working.
Then after a while i tried to restore a backup which i had from original HTC configuration which was actually just before i did the cyanogenmod flash with clockworkmod.
So the backup was from the time i already unlocked the phone from locks and had root access.
So again the restore function worked and everything was back to normal.
How i managed to half brick the device?
Yesterday i wanted to put cyanogenmod back to my phone and then the s hit happened.
I admit that i didn't check whether the locks were off i just thought that these should have been off because backup soft was from time i had phone unlocked.
Anyway to cut the long story short - after flashing the memory with cyanogenmod with the help of rom manager the phone didn't boot anymore.
I tried all the options from clockworkmod flash and format and upgrade straight from sd card a new cyanogenmod but nothing worked. Again the white HTC screen and connection through a usb cable.
So probably i have the s-off and who knows what else.
I dont have a root access anymore as well because i already tried it through the terminal. It doesn't recognize the su command.
Question is, how can i put the cyanogenmod back on by only using clockworkmod recovery and working ADB connection through usb link?
Probably have to just get the locks off but the original instructions say i have to have terminal emulator running in phone but i only have clockworkmod recovery soft running at best.
S hit, again very long story, but hope someone can help me!
Cheers!

I had a similar problem yesterday, after flashing ClockwordkMod Recovery to version 3.0.0.5 (it said it had an update) and trying to reinstall CyanoGenmod 6.3 my phone would no longer boot, it got stuck in the white HTC Logo screen.
I'm not really an expert on this stuff, but I managed to "recover" my device by downgrading it again to 1.32.405.6 using this thread: http://forum.xda-developers.com/showthread.php?t=905003. First I had tried to recover a previously backed-up ROM, but that did not work.
I had to put the stock 1.32 PD98IMG.zip file on my SD card using ClockwordMod Recovery (since I could no longer boot), I'm not exactly sure which steps I took to do so, I have tried a lot of things yesterday before I got everything working again.
After this my phone could boot again and I was ready to play around again. I reinstalled CyanogenMod again using an older version of ClockwordMod Recovery. I'm not sure if this is related in any way, but my phone works smooth again..
Once again; I'm really not on expert on how all this stuffs works, I just hope that I can help you on the way with some ideas on how to fix your device.
So probably i have the s-off and who knows what else.
Click to expand...
Click to collapse
I figured out wether my device was S-OFF and/or Eng S-OFF by entering "adb reboot bootloader" from cmd. At the top of the page for me it states:
ACE PVT ENG S-OFF
I believe it stated only SHIP S-OFF when I had the problems you describe.

Thanks man for quick reply!
I definitely try the downgrading solution and i remember i too did the update for clockworkmod rom manager before the flash.
I'll report back tomorrow.
Cheers!

couldn't boot up any roms earlier after upgrading clockworkmod recovery to v3... downgraded to 2.5.1.3 and worked fine

Hi Guys, I have exactly the same problem. It would be really great if you provide me the step by step process to downgrade clockworkmod recovery.
Cheers,
Pav

I'd like to say to you guys that the downgrading solution worked
Didn't have to use any programs inside phone except clocworkmod recovery which was the only thing i had running.
Thank you user jvdminne!
The downgrading solution was in official cyanogenmod guidelines as well but forgot it anyway.
------------
Pavanka!
The downgrading solution from the link is pretty step by step actually.
But anyway, with my half-broken phone the lines didnt do the trick:
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
I had to copy psneuter and misc_version to /tmp folder not into /data/local/tmp.
But anyhow, i already had # root access through computer. Probably from last half flashed system.
So only thing i basically had to do was to cd in windows cmd into folder where i had psneuter and misc_version and after that:
Code:
adb push misc_version /tmp
adb shell chmod 777 /tmp/misc_version
adb shell
in the shell (adb shell):
Code:
cd /tmp
./misc_version -s 1.31.405.6
And after that follow the instructions from previous link.
To get the ADB functions working just follow the guide here or from previous link where it had adb program included, but not sure whether it was working cause i had it from Android SDK package already set.
Hope you got some sense out of it.
Cheers!

Hey
I had similar problems to those mentioned in the beginning with the cyanogen mod...
I installed cyanogen and the it got to the screen with the blue swirlyness and then just kept restarting. I decided to restore a backup and just got stuck on the white htc screen.
I decided to follow this post and now am stuck with this...
I just tried a couple of different things to no avail...

maxa1577 said:
Hey
I had similar problems to those mentioned in the beginning with the cyanogen mod...
I installed cyanogen and the it got to the screen with the blue swirlyness and then just kept restarting. I decided to restore a backup and just got stuck on the white htc screen.
I decided to follow this post and now am stuck with this...
I just tried a couple of different things to no avail...
Click to expand...
Click to collapse
If you had ROOT , S-OFF etc you shouldn't need to go through all this rigmarole, if you can access recovery carry out a full wipe /system /cache /dalvik-cache and reflash your chosen ROM, should be all that's required

ghostofcain said:
If you had ROOT , S-OFF etc you shouldn't need to go through all this rigmarole, if you can access recovery carry out a full wipe /system /cache /dalvik-cache and reflash your chosen ROM, should be all that's required
Click to expand...
Click to collapse
phew cheers for that. First time flashing and I thought I killed me poor desire.

[GUIDE] Returning to stock, unroot. Also with broken screen/digitizer

I've been meaning to write this guide for a little while, and someone needing it recently posted a question asking how, so I figured I'd get off my ass and do it.
This will work for Vision, Ace and Glacier devices.
NOTE: This will only work if you are TRUE S-OFF
You will need ADB set up and running to finish this off.
Also, make sure you're on charge only mode.
Flashing one of the roms provided will have that as default
Section 1: Download the appropriate rom for your device.
Obtain an appropriate rom from http://thetable.poseidon.feralhosting.com/VISION/VISION/
these are stock roms with the only change being "persist.service.adb.enable = 1" added so /system/build.prop
I modified these roms for people with broken screens/digitzers, so if you're phone is perfectly functional, go ahead and grab a rom from UNMODDED dir. Just enable adb debugging once its flashed
Section 2: Flash the rom via fastboot RUU mode.
If you don't have a fastboot executable, download the zip attached to this post, and run the one appropriate for your OS
Make sure the fastboot executable and the rom are in the same directory, and you're command prompt/terminal is pointed to that directory.
Also, make sure you don't have a PC10IMG/PD98IMG/PG15IMG on your sdcard
A. Make sure phone is powered off
B. Hold Volume Down, and press Power to run phone on
C. Wait a minute or so (while hboot scans for updates) then press Power ONCE
D. Verify you are in fastboot mode by running:
Code:
fastboot-[OS] devices
this will return your serial number if you are in fastboot mode
E. Reboot to RUU mode
Code:
fastboot-[OS] oem rebootRUU
F. Flash the rom
Code:
fastboot-[OS] flash zip [NAME].zip
This will start flashing the rom to your device.
IT (MOST PROBABLY) WILL FAIL
REPEAT THE LAST COMMAND
Code:
fastboot-[OS] flash zip [NAME].zip
G. Reboot Phone
Code:
fastboot-[OS] reboot
Section 3: Return to S-ON and original CID
A. Obtain temp-root
Download the attached psneuter and gfree zips
Code:
> adb push psneuter /data/local/tmp
> adb push gfree /data/local/tmp
> adb shell
$ cd /data/local/tmp
$ chmod 755 *
$ ./psneuter
This will kick you out of adb shell
B. Restore S-ON
If you have your part7backup-xxxxxxx.bin (check sdcard):
Code:
> adb shell
# /data/local/tmp/gfree -r /sdcard/part7backup-xxxxxxx.bin
(replace the xxxxxxx's with the correct numbers)
Rejoice! You are back to S-ON!
If you do not have your part7backup:
Find your original cid:
Code:
> adb shell
# dd if=/dev/block/mmcblk0p17 bs=1 count=8 2>/dev/null; echo
Restore S-ON and CID
Code:
# /data/local/tmp/gfree -s on -c ORIGINAL_CID
Section 4: Rejoice! And Optionally flash an official stock rom
Completely stock/unmodded roms can be found at http://thetable.poseidon.feralhosting.com/VISION/VISION/UNMODDED/
Flash them same as Section 2.
If you have any issues, need help, etc. Please join #G2ROOT on freenode
There are normally people on there all the time, but please either hang around, or come back if no one responds
Credits:
scotty2 for psneuter
scotty2 and Guhl for gfree
Setherio for the fastboot collection zip
pierre_ja for making me make those rom.zips
laga_ for how to make those rom.zips
anyone else I may've forgotten
-Nipqer

This guide is officially supported by #g2root. If you need help, join irc freenode, #g2root.
Donate to EFF

Possible errors using gfree
Hello Nipqer, cool tutorial!
An possible addition for using gfree: Make sure that the phone is in "charge only" mode. I heard that this solved some problems in the past when using "gfree -s on -c OIGINAL_CID".
Best regards,
Catherall
-----------------
HTC Desire Z with currently installed ROMs:
Virtuous Affinity 2.0.5
PyroMod's CyanogenMod 7.2 Nightly
CyanogenMod 7.1
Virtuous G-Lite 2.0.1
MIUI 1.7.22
Virtuous Quattro RC3

Added that info, charge only mode will be default anyway if they flash one of the provided roms.
-Nipqer

In step 1 For a T-Mobile G2 using http://www.ratherphallic.co.cc/ the rom I would download is 'G2_PC10IMG.zip' correct?
Also in step 2 can I flash the rom via fastboot w/o adb??? I think I rename the zip file to PC10IMG.zip correct?

Yes, use the G2_PC10IMG.
If you use fastboot, it doesn't matter how the rom is named.
If you use hboot however, then yeah it needs to be named PC10IMG.zip, and yeah, it just goes on the root of your sdcard
-Nipqer
Sent from my HTC Vision using xda premium

nice guide!
Ty for the information.
Nice guide with good downloadlink.

Hey Nipqer thank you so much, this definitely needs to be more known and used. It's the second time I need to send the phone back and I couldn't understand what to do and which files to use because the guide is for g2 and there are everywhere menaces like don't flash this/that/all pc10img with s/off.
Then pierre_ja linked me your guide and did it in ten minutes...
Edit: the bad thing is that I haven't been able to find this searching everywhere in the web....
Sent from my HTC Vision using XDA

Perfect! Thanks a lot.
When the flashing of stock rom fails it says this?
FAILED (remote: 43 main version check fail)
So its enough just to run the command again?

Hmm, that error means you're not true (radio) s-off
to resolve it you'll need to run misc_version as per this guide http://forum.xda-developers.com/showthread.php?t=1178912
-Nipqer

You were right. I was trying to flash stock rom after S-ON. The only reason I wanted to flash version w/o adb debugging on was because I couldnt update using classic Settings/Info/Update software. Everytime I got stuck on screen with red rectangle. When booting to hboot I had on top line with pink background "Locked (OOW)". I flashed stock ROM over RUU and it vanished. Everything is ok now. Fully updated stock phone.
I think I messed up things by flashing htcdev.zip. If I understand this is for people who used oficial htc unlocking method. I flashed my device back in 2011 even before it was release so I didnt know about this option.

i keep getting error message everytime i try to flash the PC10IMG.zip file doing it tru fastboot. also when i try the none adb it loads up at the boatloader but just goes back to boatloader screen . any ideas?

Whats the error message your getting?
-Nipqer

error: cannot load 'PC10IMG.zip'
i put the zip file in the same directory . platform tools

Nipqer you are the f***ing MAN thanks alot. you saved my phone. now going for a warranty. again thank you . thank you thank you.

Returning to Stock w/o S-ON
Thank you for the great guide Nipqer.
I am running CM7.2 RC version with true s-off.
I want to go back to the Stock ROM with the latest Updates but with S-OFF.
How do i achieve that???

Just download a stock rom and flash it.
S-OFF will stay no matter what you do, until you re run gfree to remove it.
If you flash a stock rom from www.ratherphallic.co.cc you should get OTA's (thought I can't guarantee that), or you could download a stock gingerbread rom from www.shipped-roms.com
-Nipqer
Sent from my HTC Vision using xda premium

Getting an error= remote : 53 image unzipping failed
after that not able to switch on the phone or anything.
was flashing Vision_DZ_1.34.405.5_PC10IMG.zip
Please Help !!!

hmm, the phone should be able to turn on fine, if it failed opening the rom to flash then it wouldn't of changed anything.
Can you run an md5 check on the downloaded rom? it might be corrupted.
Otherwise, just try a different rom.
-Nipqer

Nipqer said:
hmm, the phone should be able to turn on fine, if it failed opening the rom to flash then it wouldn't of changed anything.
Can you run an md5 check on the downloaded rom? it might be corrupted.
Otherwise, just try a different rom.
-Nipqer
Click to expand...
Click to collapse
I tried the modded rom and it worked.....thanks a lot Nipqer

How to unroot the latest RUU (5.07) [GUIDE]

Here is a quick guide on how to unroot the latest RUU 5.07. It seems that quite a few people are having trouble unrooting their device or running an official RUU while being on the latest update, or a ROM based on the latest update.
The problem is that HTC has fixed the bootloader (in particular Hboot 2.18) so that it will reject any PC36IMG.zip official software or RUU files that update previous operating systems on the phone (a S-ON phone). You would usually need a RUU (I'm calling both the PC3IMG.zip file and the RUU file an RUU) that is for your current operating system. If your phone is on the latest 5.07 update or a ROM that is based on the 5.07 update, then latest RUU that exist is for the Evo with RUU Supersonic 4.67. 5.07 never came out, done intentionally by HTC I believe. So none of the RUUs which exist today will work with the 5.07 update. The problem exist because the phone's misc partition is updated whenever you accept an update or run a RUU from HTC, or even flash a ROM. There are other cases as well. The only way to run an official RUU on a phone that is not currently S-OFF is either to downgrade the phone's misc partition, or to turn the phone S-OFF (which you will still have to flash the phone's misc partition to do).
What I've done is put together a quick guide for those who need (or just insist) on unrooting their Evo. It is brief and only for a PC (not a Mac). Hopefully, someone in the future can provide further details or make it Mac friendly or even more user friendly because I don't have a Mac, nor the time to spend to make this guide perfect. I have another phone too to deal with. Remember too, that everything is done at your own risk. So if something goes wrong, well you knew the risks.
For this guide I'm going to assume that you are on Hboot 2.18, the phone is S-ON, the bootloader is unlocked (UNLOCKED), and that the phone's ROM is currently rooted. If not, then this is not the right guide for you.
1. Download this zip file. It contains the necessary files that you will need.
https://dl.dropbox.com/u/38127313/sdk.zip
2. Plug your phone into your computer. Then go to Settings/Applications and uncheck Fastboot. Then goto Development and make sure that USB debugging is now checked. If you have a custom ROM, then the locations of these settings may be slightly different.
If you need the HTC drivers, then I have also included the drivers.exe file that you must run from your computer to install the "MyHtc" drivers that you must have under the computer's device manager when the phone is plug in.
3. Next, unzip the file to a folder, preferably sdk. Rename the "PC36IMG_SuperSonic_GB_Sprint_WWE_4.54.651.1_Radio_2.15.00.0808_NV_2.15_release_220182_signed" file to PC36IMG.zip (not PC36IMG.zip.zip). Place the phone into "Disk drive, then copy the PC36IMG.zip file to your sdcard. Afterwards, don't forget to change the phone back to "Charge only".
4. Next you will need to open a command prompt at the folder where you extracted the files. If you are not familiar or uncomfortable with adb commands, then I cannot help you here.
5. Type or copy the below commands exactly as they appear.
adb push flash_image /data/local <ENTER>
(This places the file on your phone in the /data/local directory).
adb push mtd-eng.img /data/local <ENTER>
(This places the file on your phone in the /data/local directory).
adb shell <ENTER>
(You should see either a dollar sign ($) or a pound sign (#) at your prompt, depending on your ROM. If you do not then something went wrong. And, No the phone will not brick if you should stop at this point).
su <ENTER>
(You might not need this command depending on your ROM, and also you should check to see if your phone is asking for superuser permissions. If everything went Ok, you should now see a pound (#) sign at your prompt. If you do not then something went wrong. And, No the phone will not brick if you should stop at this point).
cd /data/local <ENTER>
(You need to be in the directory where you put the flash_image and mtd-eng.img files).
chmod 755 flash_image <ENTER>
(flash_image needs to be assigned permissions).
./flash_image misc mtd-eng.img <ENTER>
(This is the most critical step here).
reboot bootloader <ENTER>
(I prefer this step, as it is much faster than pulling the battery and all that other stuff that people suggest).
The phone should now reboot directly into the bootloader. Also the phone will now be locked again (LOCKED OWW) regardless of its previous state. Next hit the power button. It will then take some time to read the PC36IMG.zip file. If everything went Ok, then it should ask you whether or not you want to accept the update, which means that your misc partition was successfully downgraded, and now you can successfully run the RUU.
EDIT: I have to re-upload the sdk.zip file, because the original one had a problem with the PC36IMG.zip file. It should be available shortly. The one I added does work this time; however, the phone may have to be updated in order to bring it back to the latest bootloader and update. It's not the latest RUU 4.67, but the second latest 4.54. I cannot believe that something was wrong with that file. Also, instead of the PC36IMG.zip file that I added, you could also use any other PC36IMG.zip file or a RUU.exe file from HTC. They should work as well. I would not recommend a RUU below Supersonic 3.70. I'm going to upload some of these as well when I get a chance. I have like all of them.

Re: How to unroot the latest RUU (5.07)
You should put "[GUIDE]" in the title, right now it seems like a question
Just a thought anyway.
Sent from my PG06100 using xda premium

CNexus said:
You should put "[GUIDE]" in the title, right now it seems like a question
Just a thought anyway.
Sent from my PG06100 using xda premium
Click to expand...
Click to collapse
Thanks for the advice. I'm currently re-uploading the sdk.zip file. Something went wrong with the PC36IMG file. It should be available again in a little while.

I wonder if you can help me?
I have a problem with an Evo I got from someone, it mostly gets stuck in a bootloop but sometimes it actually boots all the way up. As your guide mentioned, I'm not able to RUU because its on the 5.0.7. I think the phone was rooted because it had a few .apk's that require root including su.apk. I did a factory reset while the phone was on a sprint account but it didn't fix the issue........ long story short, I noticed the bootlooping stopped when she got off the phone, so I figured the bootloop was caused by the data running through it or something. Today I turned the phone on and fooled around with it for about an hour before I decided to put it on my pageplus account because my verizon droid razr was stolen yesterday, as soon as I did the esn swap with the pageplus rep the phone started the bootlooping again. So I came across your post and luckily got the phone to boot up and began following your guide...... when i got to the "su" I didn't get "#" sign and permission was denied. I noticed the su.apk was not in the app draw so I downloaded it, I also installed root explorer to see if I get root access, no luck. Since then I can't get the Evo to boot up..... So finally my question, is it possible to execute your guide in fastboot or is there a way to push su through fastboot via adb?
---------- Post added at 09:12 PM ---------- Previous post was at 09:05 PM ----------
6foot5nbad said:
I have a problem with an Evo I got from someone, it mostly gets stuck in a bootloop but sometimes it actually boots all the way up. As your guide mentioned, I'm not able to RUU because its on the 5.0.7. I think the phone was rooted because it had a few .apk's that require root including su.apk. I did a factory reset while the phone was on a sprint account but it didn't fix the issue........ long story short, I noticed the bootlooping stopped when she got off the phone, so I figured the bootloop was caused by the data running through it or something. Today I turned the phone on and fooled around with it for about an hour before I decided to put it on my pageplus account because my verizon droid razr was stolen yesterday, as soon as I did the esn swap with the pageplus rep the phone started the bootlooping again. So I came across your post and luckily got the phone to boot up and began following your guide...... when i got to the "su" I didn't get "#" sign and permission was denied. I noticed the su.apk was not in the app draw so I downloaded it, I also installed root explorer to see if I get root access, no luck. Since then I can't get the Evo to boot up..... So finally my question, is it possible to execute your guide in fastboot or is there a way to push su through fastboot via adb?
Click to expand...
Click to collapse
BTW, Bootloader is still unlocked

If bootloader is unlocked, flash a recovery through fastboot
Code:
fastboot flash recovery path/to/RECOVERY_NAME_HERE
Most likely RECOVERY_NAME will end with ".img" so the command would be like this:
Code:
fastboot flash recovery /path/to/recovery-evo.img
After that, search google for a "zip" file named "su-signed-efghi.zip", look for a hit on goo.im (search "evo 4g su-signed-efghi.zip") and download and place it on your sdcard
Boot into recovery (VolDown + Power, then user volume keys to navigate and power key to select recovery)
Then choose "flash zip" and locate the "su-signed-efghi.zip" file and flash it
You should now have the su binary installed in the correct place
Sent from my PG06100

CNexus said:
If bootloader is unlocked, flash a recovery through fastboot
Code:
fastboot flash recovery path/to/RECOVERY_NAME_HERE
Most likely RECOVERY_NAME will end with ".img" so the command would be like this:
Code:
fastboot flash recovery / path/to/recovery-evo.img
After that, search google for a "zip" file named "su-signed-efghi.zip", look for a hit on goo.im (search "evo 4g su-signed-efghi.zip") and download and place it on your sdcard
Boot into recovery (VolDown + Power, then user volume keys to navigate and power key to select recovery)
Then choose "flash zip" and locate the "su-signed-efghi.zip" file and flash it
You should now have the su binary installed in the correct place
Sent from my PG06100
Click to expand...
Click to collapse
Thanks for your quick response. Been trying that but its been going into a bootloop after I select recovery from hboot. Can't boot into recovery at all I was thinking about using adb to flash a stock recovery but all the recovery.img's i come across.... seem to be for an older hboot and/or system. Also I don't want to attempt anything that will make things worse. I've rooted dozens of Evo's on hboot 2.18 and I have a good Idea of how adb works. I'm wondering if that if I can manage to get S-Off will the phone be able to take an RUU then? or is there anyway to push a older flash_image to trick RUU into updating? I guess the question I should ask is what would you do if your evo would barely boot normally and couldn't get into recovery? the only thing that does work consistently is Hboot and I can't launch recovery through adb nor hboot.

update
6foot5nbad said:
Thanks for your quick response. Been trying that but its been going into a bootloop after I select recovery from hboot. Can't boot into recovery at all I was thinking about using adb to flash a stock recovery but all the recovery.img's i come across.... seem to be for an older hboot and/or system. Also I don't want to attempt anything that will make things worse. I've rooted dozens of Evo's on hboot 2.18 and I have a good Idea of how adb works. I'm wondering if that if I can manage to get S-Off will the phone be able to take an RUU then? or is there anyway to push a older flash_image to trick RUU into updating? I guess the question I should ask is what would you do if your evo would barely boot normally and couldn't get into recovery? the only thing that does work consistently is Hboot and I can't launch recovery through adb nor hboot.
Click to expand...
Click to collapse
I found and exploit on TacoRoot that will get me temp root access without booting into recovery as long as I had an recovery log in /data/data/recovery/log (stock preferably). So I would greatly appreciate if someone can post the file here. I want to attempt to use the exploit to get temp root access then use this guide to get to the point where i can use an RUU.
---------- Post added at 01:22 AM ---------- Previous post was at 01:11 AM ----------
6foot5nbad said:
I found and exploit on TacoRoot that will get me temp root access without booting into recovery as long as I had an recovery log in /data/data/recovery/log (stock preferably). So I would greatly appreciate if someone can post the file here. I want to attempt to use the exploit to get temp root access then use this guide to get to the point where i can use an RUU.
Click to expand...
Click to collapse
Also, I would need help on how to push the recovery log file to /data/data/recovery/log if possible or would it simply be adb push log /data/data/recovery/ ?

An RUU would only work if you had a lower or equal version on your phone than the RUU
As for your actual issue....you cant use adb while its in the bootloader, phone has to be fully booted if you want to do anything with adb
The only thing you can do while in hboot is to use fastboot
Try running:
Code:
fastboot reboot recovery
And see if that gets you into recovery
Sent from my PG06100

CNexus said:
An RUU would only work if you had a lower or equal version on your phone than the RUU
As for your actual issue....you cant use adb while its in the bootloader, phone has to be fully booted if you want to do anything with adb
The only thing you can do while in hboot is to use fastboot
Try running:
Code:
fastboot reboot recovery
And see if that gets you into recovery
Sent from my PG06100
Click to expand...
Click to collapse
Yes, I've tried -fastboot reboot recovery- in fastboot, just goes into a boot loop....... I did get the phone to stay booted overnight, I think as long as the battery is fully charged it stays on, and I can use adb now. The main issue now is that I can't boot into recovery therefore, like I mentioned it just goes into a bootloop and the battery discharges if I let the phone bootloop while trying to boot into recovery. Also, I noticed that the phone won't boot normally unless I have a full charge (Green Light). I think I just need the recovery log file, my thinking is if I can put the log file in the the correct location I can trick the phone into thinking it booted into recovery. If I can get temp root access then I use this guide to relock the bootloader and be able to use an RUU. Do you think that's possible?
---------- Post added at 12:24 PM ---------- Previous post was at 11:59 AM ----------
6foot5nbad said:
Yes, I've tried -fastboot reboot recovery- in fastboot, just goes into a boot loop....... I did get the phone to stay booted overnight, I think as long as the battery is fully charged it stays on, and I can use adb now. The main issue now is that I can't boot into recovery therefore, like I mentioned it just goes into a bootloop and the battery discharges if I let the phone bootloop while trying to boot into recovery. Also, I noticed that the phone won't boot normally unless I have a full charge (Green Light). I think I just need the recovery log file, my thinking is if I can put the log file in the the correct location I can trick the phone into thinking it booted into recovery. If I can get temp root access then I use this guide to relock the bootloader and be able to use an RUU. Do you think that's possible?
Click to expand...
Click to collapse
I forgot to mention, the TacoRoot Exploit requires the recovery log file (http://rootzwiki.com/topic/13713-tacoroot-htc-universal-root-exploit-12-30-2011/) to be in /data/data/recovery/ directory, so it requires a user to boot into recovery to create the log file, and I can't boot into recovery.... so my idea is to push the recovery log file to /data/data/recovery/log cause thats where the exploit is looking for the log file. I'm hoping that will prevent me from having to boot into recovery which is where I'm getting stuck on the tacoroot exploit. With shortydoggs guide, I'm getting stuck at the "su" command cause the evo (for some reason) isn't rooted anymore. So my plan is to get me temp root with TacoRoot so I can get "#" and continue with shortydoggs guide. Not sure if that's possible but at this point its my only option since I can't get into recovery to flash su.zip nor can I RUU cause I'm on 5.0.7 which has no RUU.

I can give you the file, but it's hard to get it to work without that recovery. You have to extract out of the zip file and then push it to the /data/data/recovery directory. I tried it myself and I can adb push it, but when doing the tacoroot --root, I get an error "/data/local/tacoroot.sh: cannot create /data/local.prop: permission denied".
EDIT: I uploaded the two files that you need. You need to unzip the two files. Then push the log file to the /data/data/recovery directory, and the local.prop file to the /data/ directory. Getting them there will be up to you, as I'm not the most Linux educated person out there. I'm only able to push the files because my phone is already rooted. Hopefully you figure it out or someone more familiar with Linux (adb) commands can help you. Then, the "adb shell /data/local/tacoroot.sh --root" command is a breeze.

Code:
adb push tacoroot.sh /data/local/tacoroot.sh
adb shell chmod /data/local/tacoroot.sh
adb shell sh /data/local/tacoroot.sh --setup
#should give an error after line above, its fine because you're pushing the local.prop yourself
adb push local.prop /data/local.prop
adb shell sh /data/local/tacoroot.sh --root
If anything goes wrong or it doesnt work, run this to revert
Code:
adb shell sh /data/local/tacoroot.sh --undo
I would've posted the tacoroot.sh for you since I use it in my shift utility to root your phone, but I wasn't sure if it was universal for all HTC devices or just for the evo shift. Sorry about that.
Sent from my PG06100

Thanks!!!
shortydoggg said:
I can give you the file, but it's hard to get it to work without that recovery. You have to extract out of the zip file and then push it to the /data/data/recovery directory. I tried it myself and I can adb push it, but when doing the tacoroot --root, I get an error "/data/local/tacoroot.sh: cannot create /data/local.prop: permission denied".
EDIT: I uploaded the two files that you need. You need to unzip the two files. Then push the log file to the /data/data/recovery directory, and the local.prop file to the /data/ directory. Getting them there will be up to you, as I'm not the most Linux educated person out there. I'm only able to push the files because my phone is already rooted. Hopefully you figure it out or someone more familiar with Linux (adb) commands can help you. Then, the "adb shell /data/local/tacoroot.sh --root" command is a breeze.
Click to expand...
Click to collapse
Thank you and CNexus. I'll try it and let you know how it went. I probably will fool around with it tomorrow sometime so I'll get back to you then. Going back a little, after I pushed flash_image and mtd-eng.img to data/local/, I noticed a blue status bar while in hboot, I'm assumming its searching for the pg36img.img update...... that said, is it necessary to push those files again?? BTW, great guide and write up. Thanks for everything. http://forum.xda-developers.com/images/smilies/good.gif
---------- Post added at 10:51 PM ---------- Previous post was at 10:46 PM ----------
Thanks for your help, I'll let you know how it goes tomorrow.
CNexus said:
Code:
adb push tacoroot.sh /data/local/tacoroot.sh
adb shell chmod /data/local/tacoroot.sh
adb shell sh /data/local/tacoroot.sh --setup
#should give an error after line above, its fine because you're pushing the local.prop yourself
adb push local.prop /data/local.prop
adb shell sh /data/local/tacoroot.sh --root
If anything goes wrong or it doesnt work, run this to revert
Code:
adb shell sh /data/local/tacoroot.sh --undo
I would've posted the tacoroot.sh for you since I use it in my shift utility to root your phone, but I wasn't sure if it was universal for all HTC devices or just for the evo shift. Sorry about that.
Thanks for your help, I'll let you know how it goes tomorrow.
Sent from my PG06100
Click to expand...
Click to collapse

Hi, Just wondering if you would mind re-uploading the original files? The link is broken, and I'd really like to unroot my phone, so it would be really appreciated. Thanks heaps!