Related
[GUIDE] Downgrade G2 (2.3.X) & DZ (2.3.X) & mT4g (2.3.4) & DHD w/ S-ON to Stock Froyo
This guide is written for anyone who has "Stock Gingerbread" and wants to downgrade their phone which originally had "Stock Froyo". The following is a list of phone models this guide is intended for and that are known to work:
Working Phone Models:
G2 (Vision)
Desire Z (Vision)
myTouch 4G (Glacier)
Desire HD (Ace)
It should also be noted, this guide WILL NOT work with the following:
myTouch 4G Slide (Doubleshot)
Desire HD (Ace) w/ Sense 3.x (a recent OTA update as patched this method).*
*See these threads for a fix for the Desire HD (Ace) w/ Sense 3.x:
[GUIDE] Downgrade from 3.13 (Sense 3.0) roms
Temp root on Desire HD (Ace) with Sense 3.x
Special Notes
If you have used HTCDEV unlock your phone, please visit the following guide prior to using this guide, otherwise you will not be able to downgrade.
[GUIDE] How to get root/flash custom roms with HTCDEV unlock written by Nipqer
strawmetal has been kind enough to make an amazing PDF for each of the various phone models this guide supports which may be easier to read and follow for some users. I highly recommend taking a look at these files, especially if you are finding yourself a little confused during this guide (as this guide is written for multiple devices though he has PDFs for each device individually).
STRAWMETAL's Downgrade From Gingerbread to Froyo Guides and Tools
HTC Desire Z-G2 Downgrade & Root *Recently Updated*
Table of Contents
Introduction
Gaining Temp Root
Changing Version Number to Allow Downgrade and Gaining SuperCID with a Goldcard
Temp-Rooting to Backup (*Optional*)
Downgrading
Manual Downgrade
Fastboot Downgrade
Sources
Troubleshooting
Change Log
Attachments
I) Introduction
This guide is written with the assumption that the user has previously used "adb". If you are unfamiliar with "adb" or do not even know what "adb" is, download the Android SDK (found at http://developer.android.com/sdk/index.html). There are a couple guides to help you get started setting up the Android SDK and understanding ADB. If you have not installed the Android SDK or you are unfamiliar with ADB, please take some time and read a couple guides to get a basic understanding of it.
[GUIDE] ADB Workshop and Guide for everyone
[HOW-TO] ADB for Dummies(How-To Learner's Guide)
How To Set Up ADB/USB Drivers for Android Devices
I - 1) Gaining Temp Root
Download the attached files, unzip them, and place the files in your platform-tools folder. To elaborate, place the fre3vo file inside of the View attachment fre3vo.zip file in your platform-tools folder and the misc_version file inside the View attachment misc_version_01.zip file in your platform-tools folder.
Make sure you have your sdcard inserted in your phone, and you are NOT in USB Storage Mode, and your sdcard is NOT FULL.
Run the following command to verify the exploit has access to what it needs. (Only the first line is the command. The second line should be the result returned if all goes well.)
Code:
[B]> adb shell cat /dev/msm_rotator[/B]
[I]/dev/msm_rotator: invalid length[/I]
If you received the same message, you're good to continue on. If not… refer to the troubleshooting section of the guide before you continue.
Run the following commands from your platform-tools directory.
Code:
[B]> adb push fre3vo /data/local/tmp
> adb shell
$ chmod 777 /data/local/tmp/fre3vo
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF[/B]
After you enter that command, you should see something similar to the last few lines in the following displayed.
(It may take a minute or two. From what I can tell, this appears to be the quickest method as the exploit seems to be found in the latter regions.)
Code:
[I]Buffer offset: 00000000
Buffer size: 8192
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba90000...
Potential exploit area found at address fbb4d600:a00.
Exploiting device...[/I]
If the exploit works, you will be kicked out of ADB shell, proceed to Step #8.
If the above does not work, and fails, you can try the following, and hopefully one will work, try the following (you must reboot your phone before you try another set):
Code:
[B]$ /data/local/tmp/fre3vo -debug -start 10000000 -end 1FFFFFFF
$ /data/local/tmp/fre3vo -debug -start 20000000 -end 2FFFFFFF
$ /data/local/tmp/fre3vo -debug -start 30000000 -end 3FFFFFFF
$ /data/local/tmp/fre3vo -debug -start F0000000 -end FFFFFFFF
$ /data/local/tmp/fre3vo -debug -start E0000000 -end EFFFFFFF[/B]
If you did get kicked out of adb shell, open it again. You should now see # instead of $, thus granting you temp root. Go ahead and exit out of shell to proceed to the next stage.
Code:
[B]> adb shell
# exit[/B]
I - 2) Changing Version Number to Allow Downgrade and Gaining SuperCID with a Goldcard
If you followed the first portion of this, you should of unzipped View attachment misc_version_01.zip ad View attachment flashgc.zip in the platform-tools directory.
If you haven't done that yet, do that now and then run the following commands from your platform-tools directory.
Code:
[B]> adb push misc_version /data/local/tmp/misc_version
> adb push flashgc /data/local/tmp/flashgc
> adb shell chmod 777 /data/local/tmp/*
> adb shell
# cd /data/local/tmp
# ./misc_version -s 1.00.000.0[/B]
[I]--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...[/I]
[B]# ./flashgc[/B]
*Note: If you get the following error, please make sure your sdcard is inserted in your phone and is NOT mounted to your computer (ie: make sure you are NOT in USB Storage Mode). This is a fairly common error and/or oversight many people tend to miss. Please double check this before continuing.
Code:
Error opening backup file.
Code:
[B]# sync[/B]
Double check and make sure everything looks good so far by running the following command (still in adb shell).
Code:
[B]# dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10[/B]
[I]1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.001 secs (10000 bytes/sec)[/I]
BE SURE TO BACKUP ANY DATA!!!***
I - 3) Temp-Rooting to Backup
If you have nothing to back up or don't care to back anything up, proceed to the next section.
Credit goes to Nipqer from #g2root for providing me with this method.
Download the attached file: View attachment Vision-fre3vo-temp-root.zip
Extract the contents to your platform-tools directory.
Run the following commands in command prompt while in platform-tools directory:
Code:
> adb push su /data/local/tmp/
> adb push busybox /data/local/tmp/
> adb push fixsu.sh /data/local/tmp/
> adb install SuperUser.apk
> adb shell chmod 755 /data/local/tmp/fixsu.sh
> adb shell /data/local/tmp/fixsu.sh
Download a backing up application such as...
Titanium Backup
MyBackup Root
Make a backup!
I - 4) Downgrading
Download the Stock Rom for your device:
G2: PC10IMG_Vision_TMOUS_1.19.531.1_Radio_12.21.60.09b_26.02.01.15_M2_release_149459_signed.zip (Link not working last time I checked... hopefully it will come back up).
Mirrors:
Vision_G2_1.19.531.1_PC10IMG.zip (Working as of April 2023)
MD5: 531c08dc402e15577b947bf4cd22aec2
Desire Z: PC10IMG.zip
Mirrors:
PC10IMG.zip
Vision_DZ_1.34.405.5_PC10IMG.zip
Vision_DZ_1.34.405.5_PC10IMG.zip
MD5: 2ff42897cd27e0db425a2cf36c8bd078
myTouch 4G: PD15IMG.zip
Mirrors:
http://cmw.22aaf3.com/glacier/stock/1.17.531.2/PD15IMG.zip
http://goo-inside.me/ruu/glacier/fu....140e_26.03.02.26_M_release_155771_signed.zip
Glacier_mT4G_1.17.531.2_PD15IMG.zip
Glacier_mT4G_1.17.531.2_PD15IMG.zip
MD5: 49d07f0ee7de1765a6a84cb12fa53110
Desire HD: RUU_Ace_HTC_WWE_1.24.405.1_Radio_12.27.60.14b_26.02.00.29_M4_release_151852_signed.zip
Mirrors:
Ace_DHD_1.24.405.1_PD98IMG.zip
Ace_DHD_1.24.405.1_PD98IMG.zip
MD5: a107b30a4b397c9238ddc7f4571c2ee8
Follow either Manual Downgrade OR Fastboot Downgrade.
I - 4a) Manual Downgrade
Rename the downloaded rom to it's proper update name:
(Please note, the filenames MUST be all uppercase except for the extension, and if file extensions are hidden, do not include ".zip"):
G2: "PC10IMG.zip"
Desire Z: "PC10IMG.zip"
myTouch 4G: "PD15IMG.zip"
Desire HD: "PD98IMG.zip"
Place the zip file in the root of your sdcard.
Reboot your phone into bootloader by typing the following command:
Code:
[B]> adb reboot bootloader [/B]
After your phone has entered bootloader, press the power button. It will then scan for the associated rom file and ask you to update by pressing a key.
Press the key it requests to perform the update.
DO NOT INTERRUPT THIS PROCESS.
Your phone will reboot once or twice - this is completely normal.
This process will take roughly 5-10 minutes so make sure your phone is plugged in, either to an outlet or your computer.
Once the process is finished, it will ask you to reboot by pressing a key. Press the associated key and it will reboot into the Stock Froyo rom!
After booting into Android 2.2, DO NOT update the OTA that is around 70MB. That is the update to Gingerbread. There is one update that will come before that, that is a lot smaller in size, which is the WiFi-Calling update - that update is okay to install.
I - 4b) Fastboot Downgrade
Rename the downloaded stock rom "StockRom.zip" (if extensions are hidden, rename it "StockRom").
Place the downloaded stock rom zip file in your platform-tools directory.
Download the attached file View attachment fastboot.zip. In the zip archive there are three folders, "windows", "mac", and "linux".
Extract the file from the associated with your operating system and place it in platform-tools directory.
In command prompt, type the following command to reboot into bootloader:
Code:
[B]> adb reboot bootloader[/B]
Make sure your device is recognized by typing the following command.
Code:
[B]> fastboot devices[/B]
If you device is recognized, it should return a serial/model number.
Code:
[B]> fastboot oem rebootRUU[/B]
Your phone should now reboot into a black screen with a gray/silver "HTC" logo on it.
Next we flash the Stock Rom. This may take a few minutes as it transfers the file to the phone then attemps to update (downgrade).
Code:
[B]> fastboot flash zip StockRom.zip[/B]
In rare cases the flash stops and the user gets a warning to repeat the flash immediately - no panic, just run the "fastboot flash zip StockRom.zip" (only this command, not the rebootRUU one) again and it will work.
When it finishes, wait a minute or two (just in case) then reboot your phone by typing:
Code:
[B]> fastboot reboot[/B]
After booting into Android 2.2, DO NOT update the OTA that is around 70MB. That is the update to Gingerbread. There is one update that will come before that, that is a lot smaller in size, which is the WiFi-Calling update - that update is okay to install.
II) Sources:
#g2root: http://fishporn.ca/vision.gingerbread.root.html
Using fre3vo: http://therootofallevo.com/forums/viewtopic.php?f=6&t=120
[GUIDE] ADB Workshop and Guide for everyone
[HOW-TO] ADB for Dummies(How-To Learner's Guide)
How To Set Up ADB/USB Drivers for Android Devices
[ROM]Ace Test & Stock ROMS [RE-UPLOADED]
Instructions for flashgc
Temp-Root Backup Post by Nipqer
[GUIDE] How to get root/flash custom roms with HTCDEV unlock
flashgc by skorgon
Various Chats I've had with individuals.
If anyone needs further help and would prefer messaging me, feel free.
AIM: IgnorantNihilist
G-Talk: [email protected]
MSN: [email protected]
III) Troubleshooting
Cimer said:
[...] If [the downgrade] does not work, Right click your Command prompt, Select All, Right click again. Then go to pastebin.com, paste there, Scroll down, name it and hit submit. After that post the link here and we'll take a look at it.
EVERYONE: If you want a faster diagnostic please do this in advance and other people can see your mistakes.
Click to expand...
Click to collapse
You can also join the IRC channel #g2root on irc.freenode.net and ask questions in there. If you are unfamiliar with IRC, you can go to http://webchat.freenode.net and pick an alias, for channel type in #g2root and enter the reCAPTCHA and connect.
I wanted to give credit to specific individuals whom have helped write this guide, provided important feedback to further improve this guide, and/or in any other way further improved this guide. I think these invidiuals should be recognized, as if it were not for them, this would wouldn't be as elaborate, dynamic, and informative as it is. So a special thanks to, Cimer, strawmetal petarpLab, iDylan1357, asharma5290, guhl, pierre_ja, and skorgon from #g2root. And I would also like to recognize and give a major thanks to Nipqer whom offers a lot of support with constant responses helping assist those whom ask for help both in this thread as well as on IRC. And he is always making sure I keep this as updated as it can be.
IV) Change Log
2023/04/14
I'm no longer supporting this thread anymore however I will try to update it if someone messages me with an issue. I don't have time anymore unfortunately. I did however update the downgrade ROM for the G2. The link in the mirror is currently hosted on my google drive. If there's a problem let me know in a private message.
2013/06/14
Update ratherphallic.co.cc links to ratherphallic.tk. -Nipqer
2012/11/11
Made some minor changes (grammar, spelling, layout/format).
Added links to guides which fix the issue with Desire HD (Ace) w/ Sense 3.x
2012/05/22
Changed "fastboot" attachment to have 3 folders ("windows","linux",and "mac") each with "fastboot" in it instead of having "fastboot-linux", "fastboot-mac", and "fastboot-windows.exe".
Changed fastboot portion of guide to reflect change to attachment for easier usability.
2012/04/21
Updated strawmetal's PDF document for G2/Desire Z Downgrade.
Added link to strawmetal's tools used in his PDF Guide.
2012/03/07
Added a PDF file that strawmetal was kind enough to make for Vision users.
Added links to attached files in the guide where I reference them.
2012/02/03
Changed link to the Stock Vision (G2) Rom and added mirrors.
Changed link to the Stock Vision (Desire Z) Rom and added mirrors.
Added mirrors to the Stock Glacier (myTouch 4G) Rom.
Changed link to the Stock Ace (Desire HD) Rom and added mirrors.
2012/02/03
Added a guide to help individuals whom have used the "official" htcdev.com unlocker method.
2012/02/03
Fixed link for the G2, Desire Z, and Desire HD (thanks to repast & cmstlist.
2012/04/13
Possible exploit found for Desire HD updated to latest OTA update (which patched our current method).
2012/01/28
Fixed link for myTouch 4G as megaupload has been taken down. Also added mirrors for myTouch 4G Stock Rom.
2011/12/20
Clearified which phone models this guide is intended for as well as noting that the Doubleshot does not work.
Made note that a recent OTA patch for the Ace, giving it Sense 3.x, has patched this method and this method will no longer work on Ace models which have Sense 3.x
2011/12/17
Added new goldcard generator and simplified the guide.
2011/10/27
Changed the download link for the Desire HD.
Added MD5 checksums next to the rooms.
2011/10/26
Re-added the manual downgrade method due to people having issues with the fastboot method.
2011/10/23
Fixed a slightly error in code during the temp-root backup section. Had "adb install install Superuser.apk", replaced it with "adb install Superuser.apk"
2011/10/22
Added a method to be able to backup data prior to downgrading! (thanks to Nipqer from #g2root)
2011/10/20
Added Desire HD.
Changed the downgrading method to use fastboot rather than manually downgrading.
Added "Creating A Goldcard" method from http://www.thinkthinkdo.com/trac/project1/attachment/wiki/pierre_ja/flashgc_instructions
2011/08/26
Changed modified version number for each device to 1.00.000 as it is more universal and works for each one.
Made it more clear to extract the attached files and place them in the platform-tools directory for use.
2011/08/06
Added a couple links to ADB guide.
2011/08/05
Added myTouch 4G
Added link to an "adb" guide.
Changed title from "[GUIDE] Downgrade G2 2.13.531.8 (2.3.3 T-Mobile Rom w/ S-ON) & DZ 2.3.3 w/ S-ON" to "[GUIDE] Downgrade G2 (2.3.3) & DZ (2.3.3) & mT4g (2.3.4) w/ S-ON to Stock Froyo"
V) Attached Files
View attachment misc_version_01.zip
View attachment fre3vo.zip
View attachment fastboot.zip
View attachment Vision-fre3vo-temp-root.zip
View attachment flashgc.zip
Wow first guide. Nice! I hope this helps people who have 2.3.3 so they can stop asking how to downgrade
Sent from my HTC Vision using XDA App
Sweet, now I can finally get my phone replaced. Accidentally blew out my LED and was scared of asking for a new one for fear of being unable to root. Thanks for the peace of mind I'll be using this in a few days
Just some suggestions to avoid confusion when you run the command
Code:
adb shell cat /dev/msm_rotator
you should get the return of
Code:
/dev/msm_rotator: invalid length
you do not need to enter in this line.
Also after entering
Code:
/data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
or one like it and it fails (It should not) you need to reboot the phone between these attempts.
Thanks for writing the guide! We just posted the log lol
Late side note: I've recently read an article on how root exploits are not credited to their original inventors. Just letting everyone know that agrabren should be credited as well for his work with Fr3v0, and his willingness to help during the process
Thanks for the tips Cimer, I edited the post, hopefully that clarifies it a bit more.
I've been a quiet browser here on XDA for quite a while but I believe that was actually the first post I made =3 It took me a while to try to get it formatted... fluently / tried to make it easy to read and follow.
And hey, if it wasn't for you all posting the logs from #g2root, I would of never gotten my G2 back to being rooted. I think I had like 8 different pages open when I was doing it, reading the chat log, reviewing the pastebin data, et cetera. But it worked, after searching every day, the trick has been found.
On a side note, I picked the range "-start FAA90000 -end FFFFFFFF" because it appears that the exploit is most likely within that range. It was for yours "FBB47C00:1400", mine was "FBB4D600:A00", and a friend of mine was also an FBB*.
Does it work for the european desire Z ?
ilbeppez said:
Does it work for the european desire Z ?
Click to expand...
Click to collapse
Personally, I have no idea. I don't imagine it would hurt the phone any if you tried. I know you would have to change the version number (when using misc_version) to a different number, one that would be equivalent to the stock rom that came with the phone. As for the exploit itself, I don't see any harm it could do to try (though I'm no expert). Just be sure to reboot your phone after each attempt of using fre3vo.
ilbeppez said:
Does it work for the european desire Z ?
Click to expand...
Click to collapse
Give me a second, Guhl made a post about this...
http://forum.xda-developers.com/showpost.php?p=15825944&postcount=27
Should explain things for Desire Z users.
Cimer said:
Give me a second, Guhl made a post about this...
http://forum.xda-developers.com/showpost.php?p=15825944&postcount=27
Should explain things for Desire Z users.
Click to expand...
Click to collapse
Ok
thanks
Thank you. I have been searching for this.
Setherio, please divide a section for 2.3.3 DZ owners. the appropriate PC10IMG.zip for them is
http://www.multiupload.com/GH26HXLLES (md5 2ff42897cd27e0db425a2cf36c8bd078)
the mics_version command is: /data/local/tmp/misc_version -s 1.33.405.5
the push command is: adb push PC10IMG.zip /sdcard/
petarpLab said:
Setherio, please divide a section for 2.3.3 DZ owners. the appropriate PC10IMG.zip for them is
multiupload.com/GH26HXLLES (md5 2ff42897cd27e0db425a2cf36c8bd078)
the mics_version command is: /data/local/tmp/misc_version -s 1.33.405.5
the push command is: adb push PC10IMG.zip /sdcard/
Click to expand...
Click to collapse
Thanks for the information. I updated the guide.
thanks a lot
Incase anyone did not know already gfree is the best way to root after the downgrade...visionary bricks phones. You can find gfree in the xda wiki.
Sent from my HTC Vision using XDA App
Great guide. My first downgrade and I haven't bricked my phone
Thanks to all people that made it possible
Cimer said:
Incase anyone did not know already gfree is the best way to root after the downgrade...visionary bricks phones. You can find gfree in the xda wiki.
Sent from my HTC Vision using XDA App
Click to expand...
Click to collapse
So AMT is ok for rooting after downgrade?
This package contains:
- gfree
- gfree_verify
- Superuser
- Busybox
- flash_image
- psneuter
- root_psn
- misc_version
- GingerBreak APK
Click to expand...
Click to collapse
trzype said:
Great guide.
My first downgrade and I haven't bricked my phone
Thanks to all people that made it possible
Click to expand...
Click to collapse
Thank you Glad it helped you.
trzype said:
So AMT is ok for rooting after downgrade?
Click to expand...
Click to collapse
Yes. I downgraded and rooted, went ahead and installed Cyanogen nightly. As did a couple others I've talked to who have downgraded as well.
Used AMT. Got some error about 1.34 and "Double" but cliked Continue button anyway. Everything went fine.
Setherio said:
I downgraded and rooted, went ahead and installed Cyanogen nightly. As did a couple others I've talked to who have downgraded as well.
Click to expand...
Click to collapse
I'm going for Virtuous 2.0.0. Can't live without Sense UI
Thanks again
Should I rename the stock Rom to just PC10IMG before I push it to sd card or can I just put it on sd card before hand
Sent from my HTC Sensation 4G using XDA Premium App
Got it worked great thanks
Thank you so much worked like a charm - Peace
Anyony give it a try?
How to downgrade and root 2.43.661.1 and up:
http://androidforums.com/desire-hd-all-things-root/382082-how-downgrade-root-2-43-661-1-up.html
I'll try it later this week (see my posts over there)...
wat abt 2.42 ??????????????
And 2.50.405.2? It ins´t for this?
dwyaneW said:
And 2.50.405.2? It ins´t for this?
Click to expand...
Click to collapse
Apparently it works too, this guy has that build number: http://androidforums.com/desire-hd-...downgrade-root-2-43-661-1-up.html#post2995693
Finally we have a way to downgrade from 2.50 !!!
Hi All !
I tested it and it worked, so here are the things you need:
Download the downgrade.zip
An SD card with the 1.32 PD89IMG.zip
Connect your phone in Charge Only mode with USB Debugging enabled.
Run these commands with enter after every line:
adb push fre3vo /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/fre3vo
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/fre3vo -debug -start F0000000 -end FFFFFFFF
If you success you will see this message:
Potential exploit area found at address (maybe fbb6b600:1a00 or something else).
Exploiting device...
Then run the following:
adb shell (you will have to get the "#"
/data/local/tmp/misc_version -s 1.31.405.3
adb reboot bootloader
Run the ROM setup and you will done
This method is the same as CubZ
im all over both threads, please post offsets at which the exploit was found on your device.
so as we can narrow down the searches to make a quick one click method.
JSLEnterprises said:
This method is the same as CubZ
im all over both threads, please post offsets at which the exploit was found on your device.
so as we can narrow down the searches to make a quick one click method.
Click to expand...
Click to collapse
Potential exploit area found at address (maybe fbb6b600:1a00 or something else). This is the address of my phone.
great
great
great
great
greatgreat
CONFIRMED on Telus Desire HD running 2.43!
Follow the instructions on this link here:
http://driphter.com/index.php?topic=3867.0
I just completed Step 7. Step 8 will have to wait until I get home, since I don't have administrative access on this computer, so I can't run the batch to turn off Radio S-Off yet. BUT my phone is rooted now. Now running on Android 2.2 build 1.32.405
Also, just perm rooted using Visionary+. Just tested it with adb shell and got the magical #.
Thank you JSL from Dripther.com!
Totally works! No problems at all on my unbranded DHD.
JSLEnterprises said:
This method is the same as CubZ
im all over both threads, please post offsets at which the exploit was found on your device.
so as we can narrow down the searches to make a quick one click method.
Click to expand...
Click to collapse
It found an exploit area at fbb7f800:1800 on my Telus-branded Desire HD.
EDIT: I've tried the process about 4 or 5 times, and everything goes fine until it boots into the bootloader. Whenever it gets to that stage, nothing appears to get flashed and my phone goes right back to the way it was. Any particular reason for that?
Finaly, i give it a try.
Sent from my Desire HD using XDA Premium App
Now I downgraded 2.50 build !!
We also have a giude from CuBz90 in "Desire HD Android Development" forum: http://forum.xda-developers.com/showthread.php?t=1152233
Works perfect, custom rom, android revolution installed
Sent from my Desire HD using XDA Premium App
Command_HDX said:
We also have a giude from CuBz90 in "Desire HD Android Development" forum: http://forum.xda-developers.com/showthread.php?t=1152233
Click to expand...
Click to collapse
I had the exact same luck with that. I've used this exact same SD card with my old HTC Hero, so it's not the card. Could it just be something as simple as me having a corrupted download of PD98IMG.zip? I'll check the MD5 and report back.
This works for 2.50xxx. Just did it. If it fails 1st time, unplug and try again.
Sent from my Motorola Startac running Atari 2600 software!
im trying to downgrade my MT4G (2.3.4) back to the froyo (2.2.1)
i cant get passed step 5 in this guide http://forum.xda-developers.com/showthread.php?t=1178912
this is what pops up http://pastebin.com/htzKxSYv
any and all help would be greatly appreciated!!!
same thing
http://pastebin.com/8PR1Q7a7
I've only done this guide once and it worked as expected for me. My question for you is when you type the initial command:
Code:
adb shell cat /dev/msm_rotator
Do you get a return of:
Code:
/dev/msm_rotator: invalid length
As I understand it if you get a different return like a permission denied, it means you don't have enough access rights and can't exploit the device. Unfortunately, I don't know enough about this exploit to point to the next step if you don't get the right return.
My suggestion is asking within the guide thread as well if you do not yield any results here.
you are typing something in wrong this line in step 5 its the last line in the step: $ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF.....yours looks like this : $ /data/local/tmp/fre3vo -debug -start F0000000 -end FFFFFFFF....you see the difference in the FAA90000 (correct) yours is F0000000 (incorrect)....if you make any typos it will not work been there done that....
To make it very simple, try this method.
Just follow this steps for an error free downgrade.
1. Download the rom here.
2. Rename it to PD15IMG.zip
2. Place it on the root of your sd card.
3. Switch On your phone while holding the Power button & the down volume button.
4. The hboot menu will update your phone (do according to the hboot instructions).
The original bootloader is 0.86.0000
Now reboot & enjoy your update......This is the original T-mobile 2.2.1 version....so no worries.....
Hi, I just received a replacement phone and it came with version 2.3.4. I would like to know how I can root it..
Please help
you have to downgrade and then root currently i don't think there is a exploit to root gingerbread 2.3.4...how do i know because i recently had to do that with my phone search the forums....
Rooting the Mytouch 4g
I keep reading in different forum posts that there is a way to force an older version on android on the mytouch 4g so it can be rooted. I don't know how to install an older version. I went to one site that gave instructions, and I couldn't even get past the first step without receiving an error.
http://forum.xda-developers.com/showthread.php?t=1178912&page=4
Please help. I broke my other phone so was forced to get a new one, and with this new one I can't get cyanogenmod on it because it's Android 2.3.4. The only way to root the phone is to put older software on it, supposedly (at least that's what I understood from reading several sites). I miss cyanogenmod. :-(
juju-bees said:
I keep reading in different forum posts that there is a way to force an older version on android on the mytouch 4g so it can be rooted. I don't know how to install an older version. I went to one site that gave instructions, and I couldn't even get past the first step without receiving an error.
http://forum.xda-developers.com/showthread.php?t=1178912&page=4
Please help. I broke my other phone so was forced to get a new one, and with this new one I can't get cyanogenmod on it because it's Android 2.3.4. The only way to root the phone is to put older software on it, supposedly (at least that's what I understood from reading several sites). I miss cyanogenmod. :-(
Click to expand...
Click to collapse
Yeah that's the only way to downgrade. That worked for my buddy last night. Hopefully you know how to use ADB.
This is how far I got...
So I followed all of the steps for installing cyanogenmod on my Mytouch 4g aka Glacier (which has Android 2.3.4 on it).
http://wiki.cyanogenmod.com/wiki/TMobile_myTouch_4G:_Full_Update_Guide
Step 6.
b shell
chmod 755 /data/local/tmp/*
/data/local/tmp/psneuter
NOTE: You will drop out of the shell after this command. Restart the shell using:
When I got to this step, I got an error message on command prompt: "Failed to set prot mask (Inappropriate ioctl for device).”
I was like, “WTF!!”
I did some research and came across sites that had people post about the issue. They tried offering different methods.
http://forum.cyanogenmod.com/topic/24670-unlock-bootloader-or-not/
Here someone said, “This is incorrect. While it isn't possible to root stock 2.3.4 yet, you can still root your device using the passimg method, which is basically forcing an older version of Android onto the phone. A version which does allow rooting. Then you can keep your bootloader locked and still have custom firmware.”
I don’t know how to do this though.
There is a link on this site, stating to use NEXUS ONE method to unlock my phone.
http://wiki.cyanogenmod.com/index.php?title=Nexus_One:_Full_Update_Guide
I tried this, and the command prompt says “waiting for phone” and nothing happens. I read on another site that I have to get the correct USB drivers for my phone, but I don’t quite understand what they are referring to.
I have tried this method (see link just below this mini-paragraph), and I can’t even get passed the first step. I get an error message like “Access denied/don’t have permissions.”
http://forum.xda-developers.com/showthread.php?t=1178912
I tried this way, too. I got a weird error and couldn’t do anything:
http://android.modaco.com/topic/299078-how-to-unlock-the-bootloader-on-your-nexus-one/
This one also gave me a weird error message: http://android.modaco.com/topic/299078-how-to-unlock-the-bootloader-on-your-nexus-one/
I also found a video online of some guy unlocking his phone with Visionary. I tried that, my phone’s screen went black, and then Visionary failed to work once I restarted my phone to get rid of the black screen. I even uninstalled and reinstalled it, and the program still wouldn’t work right. I wiped my phone, started over with Visionary, and it gave me a black screen again. Nothing happened. I waited for 30 minutes, and I couldn’t get out of the black screen. I reset my phone, and continued down the same vicious cycle of total lameness.
These directions seemed splotchy, so I wasn’t sure when I got an error message using this method if it was due to my own inexperience, or if there was something wrong b/c of the phone or whatever: http://android.modaco.com/topic/299078-how-to-unlock-the-bootloader-on-your-nexus-one/
This method seems promising, but I can’t even attempt it because I am having issues unlocking the bootloader: http://chensun.net/android-development/root-nexus-one-with-android-2-3-3-gingerbread/8/
I started to read this, but I didn’t finish because by this point I was very frustrated and overwhelmed: http://forum.xda-developers.com/showthread.php?t=643359
Extra places I have gone to look for assistance:
http://www.nexusoneforum.net/forum/nexus-one-development-hacking/8830-have-i-rooted-properly.html
http://dottech.org/tipsntricks/2153...ows-computer-for-use-with-your-android-phone/
After several hours of working on this, I am at a loss. If someone could help me, that would be great.
89 bootloader
Supposedly all of these methods are for the 86 and 88 bootloaders (although a lot of my sources do not specify)... I have 89 on my phone. I tried a google search for a method to root or unlock a phone with 89 bootloader, and there is nothing. Let me know what you think.
This guide is for downgrading from Gingerbread to a rootable Froyo buid:
http://forum.xda-developers.com/showthread.php?t=1178912
Note that it's a mixed guide that also includes the G2/Desire Z, so make sure you follow the parts meant for the MT4G. It uses Fre3vo to temp-root. Gfree doesn't work on GB ROMs so you have to fool the phone into allowing a downgrade.
Once the downgrade is complete you can go back to the instructions from the CyanogenMod Wiki. Once you have S-OFF you can flash whatever you want.
got mine to work
for mytouch 4g you should follow this first to get adb running on the computer right
http://forum.xda-developers.com/showthread.php?t=928370
after that follow this thread from the Gaining temp root
http://forum.xda-developers.com/showthread.php?t=1178912
i got stuck at the push the img to sdcard so i just put it on the root and skip the push to sdcard and went to adb reboot bootloader
mine looked like this in cmd bold is what i typed red you can skip and put the image file on your sd card
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\home>cd\
C:\>cd\adb
C:\adb>adb devices
List of devices attached
SH0B******** device
C:\adb>adb shell cat /dev/msm_rotator
/dev/msm_rotator: invalid length
C:\adb>adb push fre3vo /data/local/tmp
797 KB/s (9796 bytes in 0.012s)
C:\adb>
C:\adb>adb shell
$ chmod 777 /data/local/tmp/fre3vo
chmod 777 /data/local/tmp/fre3vo
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
/data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
fre3vo by #teamwin
Please wait...
Attempting to modify ro.secure property...
fb_fix_screeninfo:
id: msmfb
smem_start: 802160640
smem_len: 3145728
type: 0
type_aux: 0
visual: 2
xpanstep: 0
ypanstep: 1
line_length: 1920
mmio_start: 0
accel: 0
fb_var_screeninfo:
xres: 480
yres: 800
xres_virtual: 480
yres_virtual: 1600
xoffset: 0
yoffset: 0
bits_per_pixel: 32
activate: 16
height: 80
width: 48
rotate: 0
grayscale: 0
nonstd: 0
accel_flags: 0
pixclock: 0
left_margin: 0
right_margin: 0
upper_margin: 0
lower_margin: 0
hsync_len: 0
vsync_len: 0
sync: 0
vmode: 0
Buffer offset: 00000000
Buffer size: 8192
Scanning region faa90000...
Scanning region fab80000...
Scanning region fac70000...
Scanning region fad60000...
Scanning region fae50000...
Scanning region faf40000...
Scanning region fb030000...
Scanning region fb120000...
Scanning region fb210000...
Scanning region fb300000...
Scanning region fb3f0000...
Scanning region fb4e0000...
Scanning region fb5d0000...
Scanning region fb6c0000...
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba80000...
Scanning region fbb70000...
Potential exploit area found at address fbb80e00:200.
Exploiting device...
C:\adb>adb shell
# exit
exit
C:\adb>adb push misc_version /data/local/tmp/misc_version
813 KB/s (15837 bytes in 0.019s)
C:\adb>adb shell chmod 777 /data/local/tmp/misc_version
C:\adb>adb shell
# /data/local/tmp/misc_version -s 1.00.000.0
/data/local/tmp/misc_version -s 1.00.000.0
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...
# sync
sync
# dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.003 secs (3333 bytes/sec)
# adb push PD15IMG.zip /sdcard/PD15IMG.zip
adb push PD15IMG.zip /sdcard/PD15IMG.zip
adb: not found
# exit
exit
C:\adb>adb devices
List of devices attached
SH0B5***** device
C:\adb>adb reboot bootloader
C:\adb>
phone should reboot follow last instructions and your back on 2.2.1
I went through the same thing, I just kept punching in commands because it would appear to gain temp root using visionary, but never update the recovery. After repeating the process and commands several times in a row to kind of force it and make sure, it works. I know these phones have a hard time communicating via usb cable so maybe thats it... but just repeat your commands and make sure that you aren't getting errors and that everything is actually gaining root not just appearing to gain root.
As far as visionary goes, I never got it to do perm root, I just installed recovery and bootloader using the wiki setup guide.
89 boot
I too have HBOOT-0.89.0005. Did you (or anyone else) find a solution, or does it even matter? Would be great if I could afford to brick the phone, but as it's my only phone, no can do.
pd
juju-bees said:
Supposedly all of these methods are for the 86 and 88 bootloaders (although a lot of my sources do not specify)... I have 89 on my phone. I tried a google search for a method to root or unlock a phone with 89 bootloader, and there is nothing. Let me know what you think.
Click to expand...
Click to collapse
I'm in this same boat and completely stuck.
I've got 89.0005 and stock 2.3.4
I can get temp root just fine and push all the needed files to the phone and can run the chmod commands. I can push the PD15IMg.zip file to the SD card.
I can reboot into bootloader and and it spins up PD15IMG.zip and starts doing it's thing for about 3-4 minutes...little blue bar on the side loading it, then a little gold bar checking it, all exactly like what happened when I rooted and downgraded the previous MT4G I had.
Then the phone starts up exactly as I left it before. Nothing is changed. I'm still running Android 2.3.4. No settings have been altered. Nothing.
The only thing that's glitchy during the temp root process is that the md5sum command doesn't work when you tell it to return the md5sum on PD15IMG.zip. It gives me the error md5sum: md5sum not found
I have been at this for 8 hours now. My brain is fried. I have searched every webpage I can find and can't find a solution.
The only thing that makes any sense to me (I didn't say it made actual sense...just sense to me! haha!) is that the PD15IMG.zip file is wonky, which is why it won't return an md5sum result. Does that make any sense or am I completely bonkers?
And no, it actually never occurred to me to re download Pd15IMG in the event the file is corrupted. Actually that just occurred to me when I typed up this post. I'll see if that fixes it. In the mean time if there's another tip here I'm missing, by all means give a shout out.
Skipjacks said:
The only thing that makes any sense to me (I didn't say it made actual sense...just sense to me! haha!) is that the PD15IMG.zip file is wonky, which is why it won't return an md5sum result. Does that make any sense or am I completely bonkers?
Click to expand...
Click to collapse
Download Astro File Manager. Long press the zip file, details. Any properly formed zip file should show an MD5 sum in that window. If it doesn't match, re-download or get it from a different source.
Got a different MD5sum when doing your method.
Here's a fun catch. The file size on the computer is 327263801 bytes
The transfer was only 327263743 bytes
So there's 58 bytes missing
This happens every time I do the transfer. Is there a normal reason for that?
I got the file from a different source. I transfered it using the Ubuntu interface rather than the terminal and the file on the phone ends up being the exact same size as the file on the computer.
Edit: Now it appears to be working......I'm in the middle of flashing the PD15IMG file now and it's doing a lot more this time than it did before.
Edit 2: Yup. That worked. I've got 2.2.1 now. That's REALLY weird. Why didn't the adb push command send the entire file? Oh well who cares? It works now. But I'll leave this up here in case someone else hits that snag.
I get up to this command and everything went smooth and then this brick wall any ideas?
/data/local/tmp/misc_version -s 1.00.000.0
/data/local/tmp/misc_version: permission denied
#
nesone516 said:
I get up to this command and everything went smooth and then this brick wall any ideas?
/data/local/tmp/misc_version -s 1.00.000.0
/data/local/tmp/misc_version: permission denied
#
Click to expand...
Click to collapse
You could just do it manually in a file manager
Sent from my HTC Glacier using xda premium
Skipjacks said:
Got a different MD5sum when doing your method.
Here's a fun catch. The file size on the computer is 327263801 bytes
The transfer was only 327263743 bytes
So there's 58 bytes missing
This happens every time I do the transfer. Is there a normal reason for that?
I got the file from a different source. I transfered it using the Ubuntu interface rather than the terminal and the file on the phone ends up being the exact same size as the file on the computer.
Edit: Now it appears to be working......I'm in the middle of flashing the PD15IMG file now and it's doing a lot more this time than it did before.
Edit 2: Yup. That worked. I've got 2.2.1 now. That's REALLY weird. Why didn't the adb push command send the entire file? Oh well who cares? It works now. But I'll leave this up here in case someone else hits that snag.
Click to expand...
Click to collapse
What resource did you use to download the PD15IMG.zip file? I am having the same issues as you.
Is there is newer simplier method than this yet??
I just got my replacement MT4G last week and never really had chance to review the rooting process again.
It's the night before Thanksgiving. Now, I have free 4 day-weekend to check if I can root my MT4G. Then I found out about this 2.3.4 version issue which what my phone is. My previous MT4G was rooted then with 2.2.1.
Is there a better way yet for rooting MT4G with visionary mod? I had a lil' hard time rooting the last time and now, I guess I have to re-learn some of the new tricks of the trade again. >;/
StryKheR
strykher said:
I just got my replacement MT4G last week and never really had chance to review the rooting process again.
It's the night before Thanksgiving. Now, I have free 4 day-weekend to check if I can root my MT4G. Then I found out about this 2.3.4 version issue which what my phone is. My previous MT4G was rooted then with 2.2.1.
Is there a better way yet for rooting MT4G with visionary mod? I had a lil' hard time rooting the last time and now, I guess I have to re-learn some of the new tricks of the trade again. >;/
StryKheR
Click to expand...
Click to collapse
Follow this guide http://forum.xda-developers.com/showthread.php?t=1178912
Sent from my HTC Glacier using Tapatalk
strykher said:
I just got my replacement MT4G last week and never really had chance to review the rooting process again.
It's the night before Thanksgiving. Now, I have free 4 day-weekend to check if I can root my MT4G. Then I found out about this 2.3.4 version issue which what my phone is. My previous MT4G was rooted then with 2.2.1.
Is there a better way yet for rooting MT4G with visionary mod? I had a lil' hard time rooting the last time and now, I guess I have to re-learn some of the new tricks of the trade again. >;/
StryKheR
Click to expand...
Click to collapse
Use this guide to downgrade:
http://forum.xda-developers.com/showthread.php?t=1178912
If you don't already have adb use this easy guide to setup:
http://teamroyal.net/5minadb.html
Tip: If you use this method to install adb, whenever the guide says to place a file in the "platform-tools" directory, place it in the "adb" directory on your hard drive. That should be the only change.
I did this yesterday afternoon. It works.
If you run into issues copy/pasting lines into your command prompt, try dragging the mouse pointer waaay out to the right. The browsers i was using didn't display correctly, but allowed me to copy even the parts that were cut off from my view.
Good luck!
Sent from my HTC Glacier using XDA App
Does anyone have a link to the PD15IMG.zip file? Its dead in the link in the tutorial and I can't find another one. Trying to downgrade my buddies on 2.3.4 with 89.0005. Thanks
Disclaimer
License: Firewater S-Off is the result of many hours of hard work by beaups and fuses. The firewater binaries you download may not be shared, rehosted, bat’d, integrated into a one-click, repackaged, hotlinked, or otherwise distributed or reused. The source code and methods in firewater are closed and private.
Temproot is a hack-up build of android_run_root_shell which appears to be a work of hikezoe and fi01. Original source can be downloaded HERE, our modified mess will be made available on this website soon.
This software is provided free of charge for personal non-commercial use. For commercial use or redistribution a WRITTEN agreement with the authors is required.
Support: support for firewater s-off is available at #firewater on the freenode and andirc networks. Please make sure you meet all of the requirements before contacting support.
Official website: http://firewater-soff.com/
Welcome to Firewater
What firewater can do for you:
S-Off your HTC device
Unlock yout bootloader
There are two methods which can be used to achieve S-Off:
Method n.1: to be used with and HTCDev unlocked/rooted device;
Method n.2: temp-root method, to be used if you don't want to unlock your device through HTCDev (it may not work with all devices);
Prerequisites
Working adb on your PC (Windows, Linux, OSX, etc. are all supported);
HTC drivers installed and working
HTC sync removed (not closed - REMOVED)
All other phone software removed or disabled (Samsung Kies, PDANet, etc.)
A working internet connection on your device (Wifi, 3G, 4G, etc. are all supported). There is no way around this requirement, don’t ask;
USB debugging enabled on your device;
Your device must be HTCDEV unlocked/rooted or have a working temproot. A temproot that works with many modern (not all) HTC devices is provided below;
Do not attempt to run firewater from a terminal emulator on your device. You MUST use adb along with a PC;
A supported device. Firewater *should* work with most modern QUALCOMM based HTC devices, including (but not limited to) the HTC One, HTC Droid DNA, HTC One S, HTC One Max and many others.
Instructions: method n.1 (normal, rooted device method)
Once you confirm you meet the above pre-requisites, it’s time to get started.
Ensure device is booted to android with usb debugging enabled
USB 2.0 ports are preferred. You should not be connected using any hubs which may cause connectivity issues;
Ensure that lock screen security is disabled on your device (no passcode lock, no pattern lock, no face lock);
Download Firewater Search the download from the official site;
Push, prepare and execute Firewater:
Code:
adb reboot (<--- important!!!!)
adb wait-for-device push firewater /data/local/tmp
adb shell
su
chmod 755 /data/local/tmp/firewater
/data/local/tmp/firewater
Agree to the terms and conditions you are prompted with;
Allow the exploit to do its work;
Profit.
Instructions: method n.2 (temp-root method)
This method may allow firewater to work on a fully stock/HTCDev locked device. This method is being provided as a convenience. Do NOT seek support if this temproot does not work for you.
Ensure device is booted to android with usb debugging enabled.
USB 2.0 ports are preferred. You should not be connected using any hubs which may cause connectivity issues;
Ensure that lock screen security is disabled on your device (no passcode lock, no pattern lock, no face lock);
Download firewater Search the download from the official site;
Download temproot Search the download from the official site;
Push, prepare and execute temproot and Firewater:
Code:
adb reboot (<--- important!!!!)
adb wait-for-device push firewater /data/local/tmp
adb push temproot /data/local/tmp
adb shell
chmod 755 /data/local/tmp/temproot
chmod 755 /data/local/tmp/firewater
/data/local/tmp/temproot
/data/local/tmp/firewater
Agree to the terms and conditions you are prompted with;
Allow the exploit to do its work;
Profit.
Donate
Donate to Firewater developers
Donate to me (if you appreciate the guide; thank you!)
How is this different from rumrunner?
Sent from my iPod touch using Tapatalk
I tried to use Firewater S-Off on my HTC One (M7-UL, S-On, CID T-Mob101, Android 4.3 and Hboot 1.55; locked bootloader, never unlocked through HTCDev). It worked very well: after 5-10 minutes, it had S-Off and an unlocked bootloader.
Positive experiences from other users
russel5: "On 4.19.401.8 and HBOOT 1.56, 30 seconds and ---> S-OFF!";
ronnbon: "Used this yesterday with a German 02___102 device and hboot 1.55. Worked smooth and without any problems. Thank you.";
samflorin: "Worked for me on stock J15 4.2.2. No issues, used a mac in the process.";
backfromthestorm: "This is amazing. Couldn't unlock bootloader due to a partition issue and device locked and s-on. Thanks to this, unlocked and s-off. Didn't think this phone would get rooted again. Super job."
Maduro78: "4.3 hboot 1.55 firewater unlocked bootloader and s-off via mac. Installed twrp su and now running custom ROM. Thank you firewater was starting to think this phone would never run a custom rom."
bamps: "Amazing. Works like a charm. Was already unlocked with HTCdev and on ARHD 51.0. 30sec and S-off."
nobbysheep: "That seems to be the case - dev unlocked + 4.4.2 + 1.56 hboot + firewater = s-off. Many thanks."
Docarut: "Thank You! Worked like a charm under a minute!"
KiraYahiroz: "Worked very well, the temproot did take the whole 10 minutes, but after that firewater S-OFF'd on the first bottle (was on Android 4.3). Thanks!"
killerbie: "Just tried it with my dev unlocked phone, was on the latest elegancia. It worked great!!"
Pinak.ahuja: "Used the temp root method on my stock htc one with 4.3 and hboot 1.55. Worked like a charm."
n1234d said:
How is this different from rumrunner?
Click to expand...
Click to collapse
I don't really know, but I think Firewater should work for those who couldn't achieve S-Off using Rumrunner. It also provides instructions to gain S-Off using a temp-root method (which worked for me), while I've never found that with Rumrunner.
Rumrunner couldn't provide s-off for firmwares 1.54 and 1.55 on the HTC one. Firewater can
Sent from my One using xda app-developers app
Temp root seems to work..... but firewater exits after 12 bottels....i have to reboot and try again
Everytime the same
Any Idea?
By the looks of the instructions it seems its similar to revone. The binary is pushed onto the device and run from there via adb shell. A good alternative imo especially for people that have problems using rumrunner on their pc's
Sent from my HTC One using Tapatalk
okay i didn't sucseed....
tried it with windows 8.1 and windows xp....
still the same....
stock htc one cid 102 Android 4.3
Hboot 1.55 never unlocked
this is what i get
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\one>adb reboot
C:\one>adb wait-for-device push firewater /data/local/tmp
protocol failure
C:\one>adb wait-for-device push firewater /data/local/tmp
2027 KB/s (4347896 bytes in 2.093s)
C:\one>adb push temproot /data/local/tmp
535 KB/s (68576 bytes in 0.125s)
C:\one>adb shell
[email protected]:/ $ chmod 755 /data/local/tmp/temproot
chmod 755 /data/local/tmp/temproot
[email protected]:/ $ chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]:/ $ /data/local/tmp/temproot
/data/local/tmp/temproot
run_root_shell, thanks fi01 - https://github.com/android-rooting-tools/android_r
un_root_shell
[*] Attempting to acquire root. This will take 5-10 minutes, be patient
[*] Root acquired.
[*] Thanks, HTC, for leaving this exploit open for such a ridiculously long time
!
[email protected]:/ # /data/local/tmp/firewater
/data/local/tmp/firewater
==================== firewater S-OFF 0.2.0 ==============================
firewater S-OFF comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running firewater S-OFF lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
firewater S-OFF may not be rehosted, repackaged, one-clicked, etc.
support is available @ #firewater on the freenode and andirc networks
support is much faster there vs.posting helpme threads on xda etc
Do not operate a motor vehicle after interacting with firewater
Do not inhale firewater or allow firewater to come in contact with eyes
firewater is best served at extremely cold temperatures
firewater has been known to cause temporary lapses in judgement
DO NOT TAUNT FIREWATER, YOU'VE BEEN WARNED
=========================================================================
Do you understand the implications of these warnings?
(Yes/No)
Yes
Yes
!!If firewater hangs for more than 2 minutes or device enters qhusb mode, ho
!!If firewater hangs for more than 2 minutes or device enters qhusb mode, ho
!!If firewater hangs for more than 2 minutes or device enters qhusb mode, ho
ld power for 60 seconds !!
=========================================================================
preparing, one moment
The first bottle is open
chugging..........
whelp, that bottle is empty, opening bottle 2
chugging..........
whelp, that bottle is empty, opening bottle 3
chugging..........
whelp, that bottle is empty, opening bottle 4
chugging..........
whelp, that bottle is empty, opening bottle 5
chugging..........
whelp, that bottle is empty, opening bottle 6
chugging..........
whelp, that bottle is empty, opening bottle 7
chugging..........
whelp, that bottle is empty, opening bottle 8
chugging..........
whelp, that bottle is empty, opening bottle 9
chugging..........
whelp, that bottle is empty, opening bottle 10
chugging..........
whelp, that bottle is empty, opening bottle 11
chugging..........
whelp, that bottle is empty, opening bottle 12
all out of bottles and still no buzz reboot device by holding power and
try again
[email protected]:/ #
Click to expand...
Click to collapse
On 4.19.401.8 and HBOOT 1.56, 30 seconds and ---> S-OFF!
But with method 1 and HTC dev?
Gesendet von meinem HTC One mit Tapatalk
no luck on my device, same reult as juergenn
International/German HTC One 102 device with Android 4.3 (3.62.401.1) and HBOOT 1.55
Used this yesterday with a German 02___102 device and hboot 1.55. Worked smooth and without any problems.Thank you.
Tried this and didn't work on HTC Desire 600
and I already S-OFFed my HTC One Dual SIM using rumrunner
Hey guys!
On my device (4.19.401.8 and HBOOT 1.56) not working. Untouched, no root, no unlock htcdev and anything else.
Try methode 2, but in the shell failed the temproot process.
Win8.1 x64, HTC drivers, ADB drivers installed. Which system using and whats the problem with the temproot? I think we mess up anything, not the methode is wrong.
Worked for me on stock J15 4.2.2. No issues, used a mac in the process.
Sent from my Nexus 5 using Tapatalk
Htc One stock locked 4.4.2 cid htc_032 failed to get temproot.
[email protected]:/ $ chmod 755 /data/local/tmp/temproot
chmod 755 /data/local/tmp/temproot
[email protected]:/ $ chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]:/ $ /data/local/tmp/temproot
/data/local/tmp/temproot
run_root_shell, thanks fi01 - https://github.com/android-rooting-tools/android_
un_root_shell
[*] Attempting to acquire root. This will take 5-10 minutes, be patient
error in setsockopt().
Failed to get prepare_kernel_cred address.
Failed to get commit_creds address.
Failed to get ptmx_fops address.
Failed to setup variables.
1|[email protected]:/ $ /data/local/tmp/firewater
/data/local/tmp/firewater
error, run firewater as root. su or FU!!!!!!
1|[email protected]:/ $
sorry for the nooby question but what does Push, Prepare, and Execute firewater mean
Nothing important.
xxDeathSlicer7xx said:
sorry for the nooby question but what does Push, Prepare, and Execute firewater mean
Click to expand...
Click to collapse
I am already S-OFF and an not using firewater, but in Android parlance, push means to copy the program to your device, prepare means to set permissions on the executable file, and execute means to run the program.
So it seems the root exploit was fixed in 4.4.2. Only option i see is be htc dev unlocked and rooted so that you can use option 1.