Related
I need to replace my current handset, I understand you have to unroot before doing so or get charged. I followed the instructions step by step, Installed a stock rooted ROM, Flashed PC10img.zip, etc but when i boot into the bootloader i still see S-Off. I do not have root access but the S-On is making me paranoid about ordering a replacement. Any reports or fixes for this?
You may want to specify which rooting method you performed on your phone (e.g. Rage, VISIONary). I will need to unroot my phone soon as I'm expecting a replacement, and I believe I've seen a couple different ways of successfully unrooting the phone. Interested to hear what others have to say about your issue.
dustrho said:
You may want to specify which rooting method you performed on your phone (e.g. Rage, VISIONary). I will need to unroot my phone soon as I'm expecting a replacement, and I believe I've seen a couple different ways of successfully unrooting the phone. Interested to hear what others have to say about your issue.
Click to expand...
Click to collapse
Originally used the RAGE method, but i ran the program Gfree over it to get the SIM card unlock also.
Veiger said:
Originally used the RAGE method, but i ran the program Gfree over it to get the SIM card unlock also.
Click to expand...
Click to collapse
There is an option in gfree to turn secu_flag on or off, here is the options from the Wiki, just re-run gfree commands with the -s option:
Code:
gfree usage:
gfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
-h | -? | --help: display this message
-v | --version: display program version
[COLOR="red"]-s[/COLOR] | --secu_flag on|off: turn secu_flag[COLOR="Red"] on [/COLOR]or [COLOR="red"]off[/COLOR]
-c | --cid <CID>: set the CID to the 8-char long CID
-S | --sim_unlock: remove the SIMLOCK
-f | --free_all: same as --secu_flag off --sim_unlock --cid 11111111
Wiki link:
http://forum.xda-developers.com/wik...Subsidy_Unlock.2C_SuperCID.2C_and_Radio_S-OFF
joemm said:
There is an option in gfree to turn secu_flag on or off, here is the options from the Wiki, just re-run gfree commands with the -s option:
Code:
gfree usage:
gfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
-h | -? | --help: display this message
-v | --version: display program version
[COLOR="red"]-s[/COLOR] | --secu_flag on|off: turn secu_flag[COLOR="Red"] on [/COLOR]or [COLOR="red"]off[/COLOR]
-c | --cid <CID>: set the CID to the 8-char long CID
-S | --sim_unlock: remove the SIMLOCK
-f | --free_all: same as --secu_flag off --sim_unlock --cid 11111111
Wiki link:
http://forum.xda-developers.com/wik...Subsidy_Unlock.2C_SuperCID.2C_and_Radio_S-OFF
Click to expand...
Click to collapse
Thanks a ton
Never mind got it to work
Unfortunately I formated my sdcard after i have rooted my Desire Z. Can i just enter "./gfree -s on" to make an image with s-on again and load it via "dd if=/sdcard/partition7-gfree-s-on.img of=/dev/block/mmcblk0p7"? Will this work to get s-on permanently?
Edit: I tried it and after "./gfree -s on" I entered "reboot bootloader" which showed me s-on. But I still had root. Then I entered the second line "dd if..." and after I pressed return the phone rebooted. Still had root after this reboot. So I clicked "unroot" in Visionary and the phone was unrooted.
But: When I received the systemupdate I was unable to install it. The phone reboots, starts installing and I get a triangle with an exclamation mark in after a couple seconds of progressing. ClockworkMod Recovery gives me this message when I press the power button:
"Verifying update package...
E:failed to verify whole-file signature
E:signature verification failed
Installation aborted."
Can someone help me please?
pl4cid said:
Unfortunately I formated my sdcard after i have rooted my Desire Z. Can i just enter "./gfree -s on" to make an image with s-on again and load it via "dd if=/sdcard/partition7-gfree-s-on.img of=/dev/block/mmcblk0p7"? Will this work to get s-on permanently?
Click to expand...
Click to collapse
"./gfree -s on" will edit your radio config partition (7) to make it S-ON. No need to dd anything after that. The only thing you have lost through losing your part7 backup is the ability to re-lock the SIM, if there was a lock there in the first place.
Edit: I tried it and after "./gfree -s on" I entered "reboot bootloader" which showed me s-on. But I still had root. Then I entered the second line "dd if..." and after I pressed return the phone rebooted. Still had root after this reboot. So I clicked "unroot" in Visionary and the phone was unrooted.
Click to expand...
Click to collapse
gfree doesn't unroot, gfree can set S-OFF/S-ON etc, change the CID etc. But to unroot you need to do other stuff (like flash a stock ROM or just remove the su binary and Superuser app).
But: When I received the systemupdate I was unable to install it. The phone reboots, starts installing and I get a triangle with an exclamation mark in after a couple seconds of progressing. ClockworkMod Recovery gives me this message when I press the power button:
"Verifying update package...
E:failed to verify whole-file signature
E:signature verification failed
Installation aborted."
Can someone help me please?
Click to expand...
Click to collapse
That's the stock recovery rather than clockwork. What system update are you talking about, the 1.72 OTA for the DZ ? Or are you trying to flash a whole ROM from SD card ?
steviewevie said:
"./gfree -s on" will edit your radio config partition (7) to make it S-ON. No need to dd anything after that. The only thing you have lost through losing your part7 backup is the ability to re-lock the SIM, if there was a lock there in the first place.
gfree doesn't unroot, gfree can set S-OFF/S-ON etc, change the CID etc. But to unroot you need to do other stuff (like flash a stock ROM or just remove the su binary and Superuser app).
That's the stock recovery rather than clockwork. What system update are you talking about, the 1.72 OTA for the DZ ? Or are you trying to flash a whole ROM from SD card ?
Click to expand...
Click to collapse
Yes you guess right, I want to install the 1.72 OTA. So what shall I do? I got the DZ unlocked and unbranded. The OTA is already downloaded. Is it enough to delete the binaries and the SU-App or are there any other things to prepare.
Thanks in advance for your help
Sent from my HTC Vision using XDA App
pl4cid said:
Yes you guess right, I want to install the 1.72 OTA. So what shall I do? I got the DZ unlocked and unbranded. The OTA is already downloaded. Is it enough to delete the binaries and the SU-App or are there any other things to prepare.
Click to expand...
Click to collapse
You realise you will lose root by applying that update and will not be able to root again at 1.72 ? Not until someone figures out a way to root that ROM ? And if you have gone back to S-ON you will not be able to downgrade after going to the OTA either ?
steviewevie said:
You realise you will lose root by applying that update and will not be able to root again at 1.72 ? Not until someone figures out a way to root that ROM ? And if you have gone back to S-ON you will not be able to downgrade after going to the OTA either ?
Click to expand...
Click to collapse
Hey my friend, thanks for this really helpful news. That was new to me and in this case I deserve root accessibility Thanks a lot again and have a nice day!
Sent from my HTC Vision using XDA App
So i've rooted my Desire Z with the stock rom of v. 1.34 .. I think i need to send it back for repairs since my green led is not working anymore.. But before i can do that i want to unroot the phone.. can someone here explain to me how i do it ? Im a total retard when it comes to this.. Sometimes i even wonder how the heck i managed to root the device
EDIT: Forgot to mention that i've applied a OC kernel.. !
No one ?
5char
I reckon ppl are a bit cautious in giving advice as there have been a few issues.
Lets start with which method did you use to root and s-off?
wileykat said:
I reckon ppl are a bit cautious in giving advice as there have been a few issues.
Lets start with which method did you use to root and s-off?
Click to expand...
Click to collapse
Thanks man.. Glad you want to help ..
I wanted to able to use this kernel, so i followed the suggested rooting guide from that thread.. Which i believe is this
I just want to make sure i do everything right you know
Da9L said:
So i've rooted my Desire Z with the stock rom of v. 1.34 .. I think i need to send it back for repairs since my green led is not working anymore.. But before i can do that i want to unroot the phone.. can someone here explain to me how i do it ? Im a total retard when it comes to this.. Sometimes i even wonder how the heck i managed to root the device
EDIT: Forgot to mention that i've applied a OC kernel.. !
Click to expand...
Click to collapse
Hi !
I need to know 2 things before I can help you:
1. Did you install the engineering hboot?
You can check this by booting into fastboot mode:
- Shutdown the phone
- Press and hold the touchpad-button and hold it while pressing the Power button.
-> On the screen with the surfing androids the first lines contains either SHIP or ENG. If you have ENG then you installed the engineering hboot.
2. Did you use gfree to achive radio S-OFF
You can check this by using the gfree_verify procedure - see http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#VERIFY_.28using_.22gfree_verify.22.29
if you have @secu_flag = 0 then you are radio S-OFF if @secu_flag = 1 you are radio S-ON.
Please check this and post your results, then i can post your way to go.
have fun - Guhl
guhl99 said:
Hi !
I need to know 2 things before I can help you:
1. Did you install the engineering hboot?
You can check this by booting into fastboot mode:
- Shutdown the phone
- Press and hold the touchpad-button and hold it while pressing the Power button.
-> On the screen with the surfing androids the first lines contains either SHIP or ENG. If you have ENG then you installed the engineering hboot.
2. Did you use gfree to achive radio S-OFF
You can check this by using the gfree_verify procedure - see http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#VERIFY_.28using_.22gfree_verify.22.29
if you have @secu_flag = 0 then you are radio S-OFF if @secu_flag = 1 you are radio S-ON.
Please check this and post your results, then i can post your way to go.
have fun - Guhl
Click to expand...
Click to collapse
1. Nope it shows SHIP
2. Gave me this output (My phone has allways been sim unlocked however.. Bought it without contract!)
Code:
gfree verify_cid returned:
@CID: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@SIMLOCK= 00
OK
Da9L said:
1. Nope it shows SHIP
2. Gave me this output :...
gfree verify_secu_flag returned:
@secu_flag: 0
Click to expand...
Click to collapse
!!! WARNING FOR OTHERS - DO NOT DO THIS IF YOU ARE NOT RADIO S-OFF AND HAVE THE ENGINEERING HBOOT INSTALLED !!!
OK this is good because as you don't have the eng-hboot installed we can safely flash the full stock rom and i assume that you have a custom kernel and a custom recovery installed that we need to get rid off.
Before i go into details of commands i would like to give you the principle procedure:
1. reinstall the stock firmware by copying a PC10IMG.zip to /sdcard and then boot into hboot and let it install the complete stock rom.
2. temproot again using psneuter
3. restore the backup of your partition 7 using gfree 0.4
So what we need is:
- a stock rom from here http://www.multiupload.com/GH26HXLLES
- psneuter from here http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/psneuter/psneuter.zip
- gfree 0.4 from here http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_04.zip
You need to make sure that this PC10IMG.zip really is your stock version (maybe find yours somewhere else)
1. Installing the stock rom:
connect the phone to usb.
download the file and rename it to PC10IMG.zip and put it to the root of your sdcard using:
Code:
adb push PCIMG10.zip /sdcard/
shutdown your phone.
boot into hboot by holding the <Vol-Down> key while you press <Power> to boot.
hboot (white screen with surfing androids and the word HBOOT in blue) will scan for the file PCIMG10.img and load it.
Then you can use <Vol-Up> to start the process. In the middle of the process the screen will get dark for some seconds and then it will start again -> don't panic wait until it is completely finished.
When done - reboot
2. Temp-root using psneuter:
On the phone go to Settings - Applications - Development and enable USB debugging again.
Unzip the psneuter.zip, install and execute psneuter on your phone:
Code:
adb push psneuter /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell /data/local/psneuter
3. use gfree to restore your partition 7 backup
Unzip gfree_04.zip and install it on the phone
Code:
adb push gfree /data/local/
adb shell chmod 777 /data/local/gfree
3.a When you used gfree to get radio s-off it created a backup of the partition named /sdcard/part7backup-<time>.bin (replace <time> with the time number). We will restore this file now.
Get a root shell:
Code:
adb shell
The prompt should be # now
Execute gfree to restore the backup (in the root shell) - replace <time> with your time number in the following command.
Code:
/data/local/gfree -r /sdcard/part7backup-<time>.bin
3.b Alternative: (if you don't have your partition 7 backup anymore - don't do if you did 3.a):
You need to know the CID that your phone had originaly, it could be HTC__001
Excecute gfree to set S-ON and CID:
Code:
/data/local/gfree -s on -c HTC__001
4. clean up (still in the root shell):
Code:
rm /data/local/psneuter
rm /data/local/gfree
rm /sdcard/PC10IMG.zip
So now you are back to stock.
You might want to boot to hboot again and use "FACTORY RESET" to wipe data and cache.
And you might format the micro-sd card before you return the phone.
I hope this is it (written without a phone so there might be typos)
have fun - Guhl
Wow guhl99 that is really really helpfull ! I appriciate it so much! Im gonna try it later today ..
However i dont think i got the backup of that partition.. Must have deleted by mistake for some reason
Is there anyway i can find out what CID my phone had originaly ?
EDIT: Another question.. What would happen if i just acceptet the OTA upgrade ? Wouldn't that unroot and s-on my phone ?
Da9L said:
Wow guhl99 that is really really helpfull ! I appriciate it so much! Im gonna try it later today ..
However i dont think i got the backup of that partition.. Must have deleted by mistake for some reason
Is there anyway i can find out what CID my phone had originaly ?
Click to expand...
Click to collapse
Hi !
Welcome, i think it was time to summarize this once. And as I am constantly going back to stock to test some exploits and then reroot i have some practive.
Yes there is. The CID is also stored in the first 8 bytes of partition 17 - the misc partition - (and no one knows why).
So you can to the following (in a adb root shell)
Code:
dd if=/dev/block/mmcblk0p17 bs=8 count=1 2>/dev/null
The first 8 characters of the output should be your CID (the # behind it is the prompt for the next command as you do not receive a new-line by the command above)
have fun - Guhl
Da9L said:
EDIT: Another question.. What would happen if i just acceptet the OTA upgrade ? Wouldn't that unroot and s-on my phone ?
Click to expand...
Click to collapse
Sorry I did not see this question.
It will unroot but will NOT S-ON the phone.
But something really nasty will happen:
- It will install a radio firmware version that prevents gfree from dropping the write protection of the emmc chip for the radio configuration partition 7. And because of this you are not able to set S-ON again or set your CID back (or restore your partition 7 backup).
You would then have to downgrade the firmware again to 1.34 (using a procedure that is documented in this forum) and is even more complicated. And after the downgrade (that includes installing the stock rom as i described above) you would have to continue at point 2 of my description above.
SO DO NOT ACCEPT THE OTA (it would not brick things but needs another 2 steps).
have fun - Guhl
Guhl, could you use Gfree to restore your backup (or go S-ON) first while you were still rooted? Then with S-ON, use the PC10IMG.zip to restore back to the shipping ROM (which should work, assuming the zip to be signed).
Just wondering if that extra step of temp rooting before using gfree is necessary...
ianmcquinn said:
Guhl, could you use Gfree to restore your backup (or go S-ON) first while you were still rooted? Then with S-ON, use the PC10IMG.zip to restore back to the shipping ROM (which should work, assuming the zip to be signed).
Just wondering if that extra step of temp rooting before using gfree is necessary...
Click to expand...
Click to collapse
Hi !
You are absolutely right, you could do it this way.
The reason why i always remove s-on as the last step is just to have the system and recovery partitions write enabled till the last step.
So if anything goes wrong you still have options till the end.
But if you don't need that extra security you could do it your way.
have fun - Guhl
Hello!
I have a big problem.
I might have bricked the device however the things what i can do are the following:
- Boot into recovery (clockworkmod)
- start a usb data connection with a computer (clockworkmod)
- input of the ADB commands through terminal running in the computer
What i did?
Flashed the memory with a Cyanogenmod 6.3 according to official guideline:
http://wiki.cyanogenmod.com/index.php?title=HTC_Desire_HD:_Full_Update_Guide
and took note and used most procedures from there actually:
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2
Didn't do the engineering hboot.
Everything was working. I got cyanogenmod working.
Then after a while i tried to restore a backup which i had from original HTC configuration which was actually just before i did the cyanogenmod flash with clockworkmod.
So the backup was from the time i already unlocked the phone from locks and had root access.
So again the restore function worked and everything was back to normal.
How i managed to half brick the device?
Yesterday i wanted to put cyanogenmod back to my phone and then the s hit happened.
I admit that i didn't check whether the locks were off i just thought that these should have been off because backup soft was from time i had phone unlocked.
Anyway to cut the long story short - after flashing the memory with cyanogenmod with the help of rom manager the phone didn't boot anymore.
I tried all the options from clockworkmod flash and format and upgrade straight from sd card a new cyanogenmod but nothing worked. Again the white HTC screen and connection through a usb cable.
So probably i have the s-off and who knows what else.
I dont have a root access anymore as well because i already tried it through the terminal. It doesn't recognize the su command.
Question is, how can i put the cyanogenmod back on by only using clockworkmod recovery and working ADB connection through usb link?
Probably have to just get the locks off but the original instructions say i have to have terminal emulator running in phone but i only have clockworkmod recovery soft running at best.
S hit, again very long story, but hope someone can help me!
Cheers!
I had a similar problem yesterday, after flashing ClockwordkMod Recovery to version 3.0.0.5 (it said it had an update) and trying to reinstall CyanoGenmod 6.3 my phone would no longer boot, it got stuck in the white HTC Logo screen.
I'm not really an expert on this stuff, but I managed to "recover" my device by downgrading it again to 1.32.405.6 using this thread: http://forum.xda-developers.com/showthread.php?t=905003. First I had tried to recover a previously backed-up ROM, but that did not work.
I had to put the stock 1.32 PD98IMG.zip file on my SD card using ClockwordMod Recovery (since I could no longer boot), I'm not exactly sure which steps I took to do so, I have tried a lot of things yesterday before I got everything working again.
After this my phone could boot again and I was ready to play around again. I reinstalled CyanogenMod again using an older version of ClockwordMod Recovery. I'm not sure if this is related in any way, but my phone works smooth again..
Once again; I'm really not on expert on how all this stuffs works, I just hope that I can help you on the way with some ideas on how to fix your device.
So probably i have the s-off and who knows what else.
Click to expand...
Click to collapse
I figured out wether my device was S-OFF and/or Eng S-OFF by entering "adb reboot bootloader" from cmd. At the top of the page for me it states:
ACE PVT ENG S-OFF
I believe it stated only SHIP S-OFF when I had the problems you describe.
Thanks man for quick reply!
I definitely try the downgrading solution and i remember i too did the update for clockworkmod rom manager before the flash.
I'll report back tomorrow.
Cheers!
couldn't boot up any roms earlier after upgrading clockworkmod recovery to v3... downgraded to 2.5.1.3 and worked fine
Hi Guys, I have exactly the same problem. It would be really great if you provide me the step by step process to downgrade clockworkmod recovery.
Cheers,
Pav
I'd like to say to you guys that the downgrading solution worked
Didn't have to use any programs inside phone except clocworkmod recovery which was the only thing i had running.
Thank you user jvdminne!
The downgrading solution was in official cyanogenmod guidelines as well but forgot it anyway.
------------
Pavanka!
The downgrading solution from the link is pretty step by step actually.
But anyway, with my half-broken phone the lines didnt do the trick:
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
I had to copy psneuter and misc_version to /tmp folder not into /data/local/tmp.
But anyhow, i already had # root access through computer. Probably from last half flashed system.
So only thing i basically had to do was to cd in windows cmd into folder where i had psneuter and misc_version and after that:
Code:
adb push misc_version /tmp
adb shell chmod 777 /tmp/misc_version
adb shell
in the shell (adb shell):
Code:
cd /tmp
./misc_version -s 1.31.405.6
And after that follow the instructions from previous link.
To get the ADB functions working just follow the guide here or from previous link where it had adb program included, but not sure whether it was working cause i had it from Android SDK package already set.
Hope you got some sense out of it.
Cheers!
Hey
I had similar problems to those mentioned in the beginning with the cyanogen mod...
I installed cyanogen and the it got to the screen with the blue swirlyness and then just kept restarting. I decided to restore a backup and just got stuck on the white htc screen.
I decided to follow this post and now am stuck with this...
I just tried a couple of different things to no avail...
maxa1577 said:
Hey
I had similar problems to those mentioned in the beginning with the cyanogen mod...
I installed cyanogen and the it got to the screen with the blue swirlyness and then just kept restarting. I decided to restore a backup and just got stuck on the white htc screen.
I decided to follow this post and now am stuck with this...
I just tried a couple of different things to no avail...
Click to expand...
Click to collapse
If you had ROOT , S-OFF etc you shouldn't need to go through all this rigmarole, if you can access recovery carry out a full wipe /system /cache /dalvik-cache and reflash your chosen ROM, should be all that's required
ghostofcain said:
If you had ROOT , S-OFF etc you shouldn't need to go through all this rigmarole, if you can access recovery carry out a full wipe /system /cache /dalvik-cache and reflash your chosen ROM, should be all that's required
Click to expand...
Click to collapse
phew cheers for that. First time flashing and I thought I killed me poor desire.
NOTE: This guide is for phones shipped with froyo and updated to the 3.x firmware! For phones shipped with gingerbread (even the lower versions) please read attn1's posts in this thread!
With the Sense 3.0 upgrade HTC patched against fre3vo, so we can no longer temproot to use misc_version on that firmware. Lucky us, a new exploit was issued @rootzwiki. This exploit was tested at #g2root (freenode) and was able to temproot a 3.13.161.3 firmware version.
The usual disclaimer applies: Everything you do is your responsibility, No one outside of you can be held accountable for any state you put yourself and/or your phone into. If you did not donate to EFF and rooting is illegal in you country, you should read this guide for intellectual purposes only (sorry dude/dudette).
If you meet troubles search for help at IRC: freenode, #g2root
make sure your phone is in 'charge only' mode and the 'fast boot' feature is turned off.
What you need:
tacoroot
misc_version NOTE: you need THAT version of misc_version. Earlier versions would not work.
flashgc for a goldcard
1.32 PD98IMG.zip
put all files in your platform-tools directory (unzip misc_version and tacoroot.sh)
Code:
adb push tacoroot.sh /data/local/tmp/tacoroot
adb push misc_version /data/local/tmp/
adb push flashgc /data/local/tmp/
adb push PD98IMG.zip /sdcard/
NOTE: the last command will take a long time
After all files are pushed you have to run tacoroot:
Code:
adb shell
chmod 755 /data/local/tmp/*
/data/local/tmp/tacoroot --setup
This command will reboot the phone to recovery. Once it is done, use vol up/power then choose 'reboot' to reboot the phone. After it boots (it will bootloop, that's expected):
Code:
adb shell
/data/local/tmp/tacoroot --root
this command will kick you out of adb shell, so we need to return there and see the # sign of root access, after which we can change the main version, create a goldcard and undo tacoroot to boot he phone normally:
Code:
adb shell
cd /data/local/tmp
./misc_version -s 1.00.000.0
./flashgc
./tacoroot --undo
After these commands are done, the phone should get rebooted by tacoroot. After it boots, boot to bootloader to flash the 1.32 firmware:
Code:
adb reboot bootloader
Once in bootloader, use the vol buttons to go to 'bootloader' and the power button to execute. The rom will flash. Enjoy!
Credits:
Guhl and Scotty2 - they made all this possible. Guhl created and coded misc_version and lots of other good stuff to make unlocking our phones doable and safe.
the tacoroot team
skorgon for flashgc
Donate to EFF!!!!!! and RevSkills -
EFF has the power to keep rooting/unlocking legal.
revskills provides the goldcard solution and online goldcard creation.
Anti-credits:
paul for visionary - among the worst things that happened to the vision community over the years.
Added this to the Main Dev Sticky Thread --> DHD Development Sticky Roll-Up Thread **Check this thread BEFORE posting**
Really happy to see dev's putting tacoroot to use <3
Most up to date versions of tacoroot and burritoroot are opensourced here https://github.com/CunningLogic
petarpLab said:
With the Sense 3.0 upgrade HTC patched against fre3vo, so we can no longer temproot to use misc_version on that firmware. Lucky us, a new exploit was issued @rootzwiki. This exploit was tested at #g2root (freenode) and was able to temproot a 3.13.161.3 firmware version.
The usual disclaimer applies: Everything you do is your responsibility, no one can be held accountable for the state you put your phone into.
If you meet troubles search for help at IRC: freenode, #g2root
What you need:
tacoroot
misc_version NOTE: you need THAT version of misc_version. Earlier versions would not work.
flashgc for a goldcard
1.32 PD98IMG.zip
put all files in your platform-tools directory (unzip misc_version)
Code:
adb push tacoroot.bin /data/local/tmp/tacoroot
adb push misc_version /data/local/tmp/
adb push flashgc /data/local/tmp/
adb push PD98IMG.zip /sdcard/
NOTE: the last command will take a long time
After all files are pushed you have to run tacoroot:
Code:
adb shell
chmod 755 /data/local/tmp/*
/data/local/tmp/tacoroot --setup
This command will reboot the phone to recovery. Once it is done, press vol up then power then choose 'rebot' to bot the phone normally. After it boots:
Code:
adb shell
/data/local/tmp/tacoroot --root
this command will kick you out of adb shell, so we need to return there and see the # sign of root access, after which we can change the main version and create a goldcard:
Code:
adb shell
cd /data/local/tmp
./misc_version -s 1.00.000.0
./flashgc
./tacoroot --undo
After these commands are done, the phone should get rebooted by tacoroot. After it boots, boot to bootloader to flash the 1.32 firmware:
Code:
adb reboot bootloader
Once in bootloader, use the vol buttons to go to 'bootloader' and the power button to execute. The rom will flash. Enjoy!
Credits:
the tacoroot team
skorgon for flashgc
Donate to RevSkills and EFF!
Click to expand...
Click to collapse
Good stuff, but that RUU can jam up newer GB-shipped ACES miserably.
Drop back to a 2.x based RUU instead of a 1.x.
attn1 said:
Good stuff, but that RUU can jam up newer GB-shipped ACES miserably.
Drop back to a 2.x based RUU instead of a 1.x.
Click to expand...
Click to collapse
attn1, can you please elaborate further on that? The reason I link to the 1.32 rom is that it is perfectly and safely unlockable by gfree.
Will it work with 3.12.405.1 too?
petarpLab said:
attn1, can you please elaborate further on that? The reason I link to the 1.32 rom is that it is perfectly and safely unlockable by gfree.
Click to expand...
Click to collapse
Devices shipped with later gingerbread hboots don't boot properly when downgrading to the Froyo hboots. It can take up to 1/2 hour for a normal boot, and flashing RUUs generally fails. We first noticed this on Inspires. Note: This problem only seems to be occurring on devices SHIPPED with GB, not on any of those upgraded to GB.
You can fix if you can temproot, gfree to cycle emmc (even if you can't s-off yet) and dd a current hboot back to the phone. It's a pain in the ass, and I've seen a lot of them - now on some original DHDs and not just Inspires. We've been fixing hboots from downgrades from virtually every older method, including my own.
Since then, we've not done full downgrades - I flash the signed firmware.zip from a very early OTA. This downgrades radio, boot and recovery only - no hboot.
upon reboot:
There is usb debugging support working
There is no video support for current GB roms - this is okay - we fix that later
The GB rom combined with the early froyo kernel will not allow gfree to set s-off, but it will allow emmc cycling, so I flash cwm with an early version kernel.
Reboot to recovery, and from there, mount system and data, run gfree to set s-off, supercid and sim unlock.
Once that's done, push a proper boot image, root files and correct wifi module back to the phone - again from recovery.
Here's the firmware.zip I have been using - no HBOOT - fortunately. http://tau.shadowchild.nl:/files/firmware.zip
So the GB ROM is never downgraded with an HBOOT that can do harm, gfree has done it's thing successfully, and no data is lost on most runs.
Sense 3 changes the picture entirely, as the downgrade firmware is incompatible. Those ROMS must be downgraded. But instead of going to Froyo for those shipped with GB, I strongly recommend downgrading to a 2.x Sense version of GB to avoid those booting issues.
I do not know WHY the newer devices don't work correctly with older hboots, but they don't. I suspect it's some firmware hook not impacted when we flash RUUs.
The WWE 2.50.405.2 RUU is perfectly rootable/s-off-able with the right custom recovery and the above firmware package. It's a popular build, so if we are using goldcard anyway, it's safest to just have everyone downgrade to that, or a comparable GB RUU supporting their own CID.
how is software no 3.13.707.4 work?
vysus, cihatcık, tacoroot works on all current htc firmwares
Thankssssssss
attn1 said:
Devices shipped with later gingerbread hboots don't boot properly when downgrading to the Froyo hboots. It can take up to 1/2 hour for a normal boot, and flashing RUUs generally fails. We first noticed this on Inspires. Note: This problem only seems to be occurring on devices SHIPPED with GB, not on any of those upgraded to GB.
You can fix if you can temproot, gfree to cycle emmc (even if you can't s-off yet) and dd a current hboot back to the phone. It's a pain in the ass, and I've seen a lot of them - now on some original DHDs and not just Inspires. We've been fixing hboots from downgrades from virtually every older method, including my own.
Since then, we've not done full downgrades - I flash the signed firmware.zip from a very early OTA. This downgrades radio, boot and recovery only - no hboot.
upon reboot:
There is usb debugging support working
There is no video support for current GB roms - this is okay - we fix that later
The GB rom combined with the early froyo kernel will not allow gfree to set s-off, but it will allow emmc cycling, so I flash cwm with an early version kernel.
Reboot to recovery, and from there, mount system and data, run gfree to set s-off, supercid and sim unlock.
Once that's done, push a proper boot image, root files and correct wifi module back to the phone - again from recovery.
Here's the firmware.zip I have been using - no HBOOT - fortunately. http://tau.shadowchild.nl:/files/firmware.zip
So the GB ROM is never downgraded with an HBOOT that can do harm, gfree has done it's thing successfully, and no data is lost on most runs.
Sense 3 changes the picture entirely, as the downgrade firmware is incompatible. Those ROMS must be downgraded. But instead of going to Froyo for those shipped with GB, I strongly recommend downgrading to a 2.x Sense version of GB to avoid those booting issues.
I do not know WHY the newer devices don't work correctly with older hboots, but they don't. I suspect it's some firmware hook not impacted when we flash RUUs.
The WWE 2.50.405.2 RUU is perfectly rootable/s-off-able with the right custom recovery and the above firmware package. It's a popular build, so if we are using goldcard anyway, it's safest to just have everyone downgrade to that, or a comparable GB RUU supporting their own CID.
Click to expand...
Click to collapse
my desire hd just got a new mainboard from the repair center and it came with sense 3.0 vodafone branded ROM, in this case i should downgrade to sense 2.1 and then root/s-off with "hack ace"?
fuinhu said:
my desire hd just got a new mainboard from the repair center and it came with sense 3.0 vodafone branded ROM, in this case i should downgrade to sense 2.1 and then root/s-off with "hack ace"?
Click to expand...
Click to collapse
That's what I'd do, unless you care to confirm that your new mainboard shipped with GB has the issue.
petarpLab said:
With the Sense 3.0 upgrade HTC patched against fre3vo, so we can no longer temproot to use misc_version on that firmware. Lucky us, a new exploit was issued @rootzwiki. This exploit was tested at #g2root (freenode) and was able to temproot a 3.13.161.3 firmware version.
The usual disclaimer applies: Everything you do is your responsibility, no one can be held accountable for the state you put your phone into.
If you meet troubles search for help at IRC: freenode, #g2root
What you need:
tacoroot
misc_version NOTE: you need THAT version of misc_version. Earlier versions would not work.
flashgc for a goldcard
1.32 PD98IMG.zip
put all files in your platform-tools directory (unzip misc_version)
Code:
adb push tacoroot.bin /data/local/tmp/tacoroot
adb push misc_version /data/local/tmp/
adb push flashgc /data/local/tmp/
adb push PD98IMG.zip /sdcard/
NOTE: the last command will take a long time
After all files are pushed you have to run tacoroot:
Code:
adb shell
chmod 755 /data/local/tmp/*
/data/local/tmp/tacoroot --setup
This command will reboot the phone to recovery. Once it is done, press vol up then power then choose 'rebot' to bot the phone normally. After it boots:
Code:
adb shell
/data/local/tmp/tacoroot --root
this command will kick you out of adb shell, so we need to return there and see the # sign of root access, after which we can change the main version and create a goldcard:
Code:
adb shell
cd /data/local/tmp
./misc_version -s 1.00.000.0
./flashgc
./tacoroot --undo
After these commands are done, the phone should get rebooted by tacoroot. After it boots, boot to bootloader to flash the 1.32 firmware:
Code:
adb reboot bootloader
Once in bootloader, use the vol buttons to go to 'bootloader' and the power button to execute. The rom will flash. Enjoy!
Credits:
the tacoroot team
skorgon for flashgc
Donate to RevSkills and EFF!
Click to expand...
Click to collapse
can you explain me better, becouse I am new in this, I just got my desire HD, where is platform-tools directory?
kiretocin said:
can you explain me better, becouse I am new in this, I just got my desire HD, where is platform-tools directory?
Click to expand...
Click to collapse
The guide is written with AndroidSDK in mind: http://forum.xda-developers.com/showthread.php?t=865685
petarpLab said:
That guide is written with AndroidSDK in mind: http://forum.xda-developers.com/showthread.php?t=865685
Click to expand...
Click to collapse
thanks man, I will try that
i only able to reach until the step where the phone shows a phone with triangle in middle.. afterwards im stucked there already.. it happends after i typed:
adb shell
chmod 755 /data/local/tmp/*
/data/local/tmp/tacoroot --setup
current software number is : 3.13.707.4
aqblood said:
i only able to reach until the step where the phone shows a phone with triangle in middle.. afterwards im stucked there already.. it happends after i typed:
adb shell
chmod 755 /data/local/tmp/*
/data/local/tmp/tacoroot --setup
current software number is : 3.13.707.4
Click to expand...
Click to collapse
that's ok, press vol up, then navigate to reboot and continue with the guide.
Forget=)
Worked it out
Good day all
I have some Question
Can I root this using new firmware If I go to HTCDEV.COM
I have a sensation and it works for me also if you go back
old ROMs WITH the new firmware the device become more solid in signal and Power Usage
I want to update the firmware for my friend device do you recommend that.
Also is it possible to make it S-OFF in HTCDEV site.
No you can not S-OFF the Desire HD from the htcdev site.
But you can use the Advanced ACE Hack Kit to make it S-OFF.
I recommend that..
I've been meaning to write this guide for a little while, and someone needing it recently posted a question asking how, so I figured I'd get off my ass and do it.
This will work for Vision, Ace and Glacier devices.
NOTE: This will only work if you are TRUE S-OFF
You will need ADB set up and running to finish this off.
Also, make sure you're on charge only mode.
Flashing one of the roms provided will have that as default
Section 1: Download the appropriate rom for your device.
Obtain an appropriate rom from http://thetable.poseidon.feralhosting.com/VISION/VISION/
these are stock roms with the only change being "persist.service.adb.enable = 1" added so /system/build.prop
I modified these roms for people with broken screens/digitzers, so if you're phone is perfectly functional, go ahead and grab a rom from UNMODDED dir. Just enable adb debugging once its flashed
Section 2: Flash the rom via fastboot RUU mode.
If you don't have a fastboot executable, download the zip attached to this post, and run the one appropriate for your OS
Make sure the fastboot executable and the rom are in the same directory, and you're command prompt/terminal is pointed to that directory.
Also, make sure you don't have a PC10IMG/PD98IMG/PG15IMG on your sdcard
A. Make sure phone is powered off
B. Hold Volume Down, and press Power to run phone on
C. Wait a minute or so (while hboot scans for updates) then press Power ONCE
D. Verify you are in fastboot mode by running:
Code:
fastboot-[OS] devices
this will return your serial number if you are in fastboot mode
E. Reboot to RUU mode
Code:
fastboot-[OS] oem rebootRUU
F. Flash the rom
Code:
fastboot-[OS] flash zip [NAME].zip
This will start flashing the rom to your device.
IT (MOST PROBABLY) WILL FAIL
REPEAT THE LAST COMMAND
Code:
fastboot-[OS] flash zip [NAME].zip
G. Reboot Phone
Code:
fastboot-[OS] reboot
Section 3: Return to S-ON and original CID
A. Obtain temp-root
Download the attached psneuter and gfree zips
Code:
> adb push psneuter /data/local/tmp
> adb push gfree /data/local/tmp
> adb shell
$ cd /data/local/tmp
$ chmod 755 *
$ ./psneuter
This will kick you out of adb shell
B. Restore S-ON
If you have your part7backup-xxxxxxx.bin (check sdcard):
Code:
> adb shell
# /data/local/tmp/gfree -r /sdcard/part7backup-xxxxxxx.bin
(replace the xxxxxxx's with the correct numbers)
Rejoice! You are back to S-ON!
If you do not have your part7backup:
Find your original cid:
Code:
> adb shell
# dd if=/dev/block/mmcblk0p17 bs=1 count=8 2>/dev/null; echo
Restore S-ON and CID
Code:
# /data/local/tmp/gfree -s on -c ORIGINAL_CID
Section 4: Rejoice! And Optionally flash an official stock rom
Completely stock/unmodded roms can be found at http://thetable.poseidon.feralhosting.com/VISION/VISION/UNMODDED/
Flash them same as Section 2.
If you have any issues, need help, etc. Please join #G2ROOT on freenode
There are normally people on there all the time, but please either hang around, or come back if no one responds
Credits:
scotty2 for psneuter
scotty2 and Guhl for gfree
Setherio for the fastboot collection zip
pierre_ja for making me make those rom.zips
laga_ for how to make those rom.zips
anyone else I may've forgotten
-Nipqer
This guide is officially supported by #g2root. If you need help, join irc freenode, #g2root.
Donate to EFF
Possible errors using gfree
Hello Nipqer, cool tutorial!
An possible addition for using gfree: Make sure that the phone is in "charge only" mode. I heard that this solved some problems in the past when using "gfree -s on -c OIGINAL_CID".
Best regards,
Catherall
-----------------
HTC Desire Z with currently installed ROMs:
Virtuous Affinity 2.0.5
PyroMod's CyanogenMod 7.2 Nightly
CyanogenMod 7.1
Virtuous G-Lite 2.0.1
MIUI 1.7.22
Virtuous Quattro RC3
Added that info, charge only mode will be default anyway if they flash one of the provided roms.
-Nipqer
In step 1 For a T-Mobile G2 using http://www.ratherphallic.co.cc/ the rom I would download is 'G2_PC10IMG.zip' correct?
Also in step 2 can I flash the rom via fastboot w/o adb??? I think I rename the zip file to PC10IMG.zip correct?
Yes, use the G2_PC10IMG.
If you use fastboot, it doesn't matter how the rom is named.
If you use hboot however, then yeah it needs to be named PC10IMG.zip, and yeah, it just goes on the root of your sdcard
-Nipqer
Sent from my HTC Vision using xda premium
nice guide!
Ty for the information.
Nice guide with good downloadlink.
Hey Nipqer thank you so much, this definitely needs to be more known and used. It's the second time I need to send the phone back and I couldn't understand what to do and which files to use because the guide is for g2 and there are everywhere menaces like don't flash this/that/all pc10img with s/off.
Then pierre_ja linked me your guide and did it in ten minutes...
Edit: the bad thing is that I haven't been able to find this searching everywhere in the web....
Sent from my HTC Vision using XDA
Perfect! Thanks a lot.
When the flashing of stock rom fails it says this?
FAILED (remote: 43 main version check fail)
So its enough just to run the command again?
Hmm, that error means you're not true (radio) s-off
to resolve it you'll need to run misc_version as per this guide http://forum.xda-developers.com/showthread.php?t=1178912
-Nipqer
You were right. I was trying to flash stock rom after S-ON. The only reason I wanted to flash version w/o adb debugging on was because I couldnt update using classic Settings/Info/Update software. Everytime I got stuck on screen with red rectangle. When booting to hboot I had on top line with pink background "Locked (OOW)". I flashed stock ROM over RUU and it vanished. Everything is ok now. Fully updated stock phone.
I think I messed up things by flashing htcdev.zip. If I understand this is for people who used oficial htc unlocking method. I flashed my device back in 2011 even before it was release so I didnt know about this option.
i keep getting error message everytime i try to flash the PC10IMG.zip file doing it tru fastboot. also when i try the none adb it loads up at the boatloader but just goes back to boatloader screen . any ideas?
Whats the error message your getting?
-Nipqer
error: cannot load 'PC10IMG.zip'
i put the zip file in the same directory . platform tools
Nipqer you are the f***ing MAN thanks alot. you saved my phone. now going for a warranty. again thank you . thank you thank you.
Returning to Stock w/o S-ON
Thank you for the great guide Nipqer.
I am running CM7.2 RC version with true s-off.
I want to go back to the Stock ROM with the latest Updates but with S-OFF.
How do i achieve that???
Just download a stock rom and flash it.
S-OFF will stay no matter what you do, until you re run gfree to remove it.
If you flash a stock rom from www.ratherphallic.co.cc you should get OTA's (thought I can't guarantee that), or you could download a stock gingerbread rom from www.shipped-roms.com
-Nipqer
Sent from my HTC Vision using xda premium
Getting an error= remote : 53 image unzipping failed
after that not able to switch on the phone or anything.
was flashing Vision_DZ_1.34.405.5_PC10IMG.zip
Please Help !!!
hmm, the phone should be able to turn on fine, if it failed opening the rom to flash then it wouldn't of changed anything.
Can you run an md5 check on the downloaded rom? it might be corrupted.
Otherwise, just try a different rom.
-Nipqer
Nipqer said:
hmm, the phone should be able to turn on fine, if it failed opening the rom to flash then it wouldn't of changed anything.
Can you run an md5 check on the downloaded rom? it might be corrupted.
Otherwise, just try a different rom.
-Nipqer
Click to expand...
Click to collapse
I tried the modded rom and it worked.....thanks a lot Nipqer