Related
YES YOU NEED TO READ THIS WHOLE POST, PROB MORE THEN ONCE TO MAKE SURE YOU GOT IT. YES I KNOW HOW LONG IT IS, I TYPED IT!
the reason i call it a semi-brick is because a true brick can bot be recovered with out opening the case.
first go here and read this for info: http://forum.xda-developers.com/showthread.php?t=838484
now since your here im going to assume that its too late.
*things you will need.
copy of cwm recovery. get it here (the manual install link): http://forum.xda-developers.com/showpost.php?p=9145724&postcount=28
adb installed and working.
a known good rom, or nandroid backup. here is one: http://forum.xda-developers.com/showthread.php?t=836042 (use odex one)
a wpthis.ko for YOUR specfic kernel (run (adb shell cat /proc/version) that will tell you what kernel you have)
*first thing we need to know is, are you s-off or s-on now?
if your s-off just boot into clockwork mod recovery, wipe the phone and flash a known good rom and be done with it. if you dont have cwm recovery installed. boot into fastboot (vol down+power) you must have the sdk/adb installed and working, and type fastboot flash recovery LocationOfRecovery.img (where LocationOfRecovery.img= where you have the recovery, ie c:\android\recovery.img). once thats installed follow instructions above.
*if you are s-on:
will the phone boot into android? if so your not bad off.
if you want to unroot to return the phone, follow the unroot thread here: http://forum.xda-developers.com/showthread.php?t=835971
if you dont want to unroot then you have a couple of different options. if you have cwm recovery still installed, just follow instructions above and flash a known good rom. ive been told that boot.img (kernel) wont flash if you are s-on. the way to fix this (temporarily) is boot into recovery, but before you flash run these commands:
(put wpthis.ko in sdk folder)
adb remount
adb push wpthis.ko /data/local/wpthis.ko (specific for your kernel)
adb shell
# insmod /data/local/wpthis.ko (should get same function not implemented error as when u rooted first time)
then proceed to flash the rom. once booted into android skip down to, "now to get back to s-off"
*if you have stock or eng-recovery installed.
will the phone attempt to boot android at all? where is it stuck at?
a good min after it starts to try to boot, type these commands:
adb remount
adb shell
if you can get in shell then theres still hope. back out shell for a second and start here:
put the cwm recovery.img and wpthis.ko in your sdk folder
adb remount
adb push wpthis.ko /data/local/wpthis.ko (specific for your kernel)
adb push recovery.img /data/local/recovery.img
adb shell
# insmod /data/local/wpthis.ko (should get same function not implemented error as when u rooted first time)
# dd if=/data/local/recovery.img of=/dev/block/mmcblk0p21 (now wait a min or 2 to give it time to finish)
#sync (give it another min or to just to be safe)
#reboot recovery
at this point you should be in cwm recovery. follow instructions above for flashing with s-on.
*if you cannot get into shell while booting, but have eng-recovery installed, there might be some options.(however this is all theory)
boot into recovery-
if you are on linux using adb, you can try taking sh from /system/bin folder of any custom rom, chmod 0755 it, then push it to /system/bin and adb shell might work.
windows-
boot into recovery.
a system.img compatible with your installed kernel pushed may work. put the system.img into the sdk folder.
adb push system.img /data/block/mmcblk0p25
then reboot and see where you are. if that dont work, grab the modified miscnew.img here: http://www.4shared.com/file/pUPfrGi-/mmcblk0p17.html
rename it misc.img put it in sdk folder and
adb push misc.img /dev/block/mmcblk0p17
then reboot into bootloader with PC10IMG.zip on root of sdcard and it should run though. if it does your fully stock and get to start all over again.
*if you cannot get into shell, and you have stock recovery, im sorry your pretty screwed. as of right now the only thing thats gonna bring it back is a full img/update signed from htc thats equal to or higher then the version currently on the phone. (well and jtag of course)
*well now you've done one of the steps above. your booted into android, you have perm root, and cwm recovery installed, just still s-on. dont worry your almost there!
first take that wpthis.ko for you kernel and push it, and the eng hboot.
adb push wpthis.ko /data/local/
adb push hboot-eng.img /data/local
then from adb shell, or terminal root prompt:
# insmod /data/local/wpthis.ko (again you should get the function not implemented error)
NOW REMEMBER THIS NEXT STEP COULD MEAN DEATH FOR YOU G2 IF TYPED WRONG, AND AFTER ALL THIS HARD WORK!
# dd if=/data/local/hboot-eng.img of=/dev/block/mmcblk0p18
wait a few mins to be sure its done.
# sync
wait a few more just cause.
reboot, you should now be s-off, cwm recovery installed, and free to do whatever you want. just dont go screwing it up again
* as new methods are discovered, or ones here are proven wrong, i will update as necessary. as of the writing post, 2 devices that i know of have been saved!
good luck!
wpthis.ko for bacon bits.03 kernel: http://www.4shared.com/file/OAcd1bix/wpthis-263221-cyanogenmod.html
coby kyros mid8048-8 stucks on start up logo screen after rom update can anyone tall me what to do o thing to make a sdcard boot but i dont know how pls helppppp.tnks
Ok guys, first of all Scotty2 gets all the credit for the program R&D. I used my device as a test bed and have tried a couple different kernels (Gr8Gorilla's O/C Kernel and the stock kernel).
Now for the boring stuff ...
This is a very invasive way of rooting your device but the benefit is TRUE S=Off and root privileges throughout the system. As such, you do this at your own risk and if you brick your device neither Scotty2 nor myself are responsible, YOU ARE!!! Do this at your own risk!!!
This is not for the faint of heart and if you have any reservations about doing things like this do not do it.
This process will do three things for your device. I will explain them here:
1. It will set up Super CID on your device allowing you to flash any carriers rom (not just tmobile). Giving you more freedom with your choice of software. The software still needs to be device specific to the glacier for compatability reasons though. Like vodafone glacier roms etc.
2. It will subsidy unlock your device. In other words, it will SIMUNLOCK your phone allowing you to use an AT&T sim card and so on in your device without needing the unlock code from HTC.
3. Most important of all it will turn the RADIO S=Off. This is the ultimate S=Off because the radio is what controls the security flag in the first place. Once you turn it off here it is off everywhere and will allow you pure unadulterated access to your device.
This process will not change your bootloader (unless your on 0.86.0000 and you follow the optional steps).
Now, you may be asking "Why do this? I already have root from your other guide and it has given me r/w access to system and recovery. I thought this meant we had permanent S=Off." This is only partially true. We have had an engineering bootloader and "Label" s=off not radio s=off. When you turn the security off in radio it is off permanently no matter what hboot you have installed engineering or otherwise. However, it is optional but you can still copy the engineering hboot over and it will allow you to flash whatever you like without (as much) fear of bricking your device.
This guide assumes you know how to use ADB. If you do not there are guides all over XDA to show you how. There is even a really good one in this forum. Also here is a video on how to setup adb discovered by topgun303: http://www.youtube.com/watch?v=1UF5w1dKe2U
*NOTE*
For some reason this process can bork your recovery. If you notice after following the steps below that in order to reboot from recovery you have to uninstall/reinstall the battery and hit the power button, just install/reinstall clockwork recovery through Rom Manager in the android market and it will fix your problem.
CONFIRMED: Guide does work for pre-OTA devices!!! Thanks xanz!
Here we go:
If you are already permarooted per the other guide just follow the first 11 steps.
Make sure you have visionary installed on your device. (If you were already permarooted w/s=off ignore this step.)
Download this file:
http://www.mediafire.com/?s7afymwe2wb3x60 New version of gfree with more options! See below.
md5sum: b73c56ca0e21664c5756d4ad295063c5
1. Now unzip the file into your SDK tools directory.
2. Plug your device into your computer.
3. Now open explorer and hold down shift at same time you right mouse click on your SDK tools directory (platform-tools if you have the R8 version of the SDK). Select open command window here. If you are in linux (ubuntu) right mouse click on your SDK tools folder, choose actions, and choose open command window(or whatever it's called). Otherwise, open a command prompt and cd your way to your SDK tools directory.
4. Type "adb push gfree /data/local" and hit enter.
Optionally, you could dl the file to your phone use androzip or something like it to unzip the file and then use root explorer to move the file named gfree to /data/local. Not the gfree.h file. All the other files are source code inlcuded for the gnu license. This would skip the first 4 steps.
5. Now unplug your device from the computer.
6. Run visionary to gain temp root. (If you were already permarooted w/s=off ignore this step.)
7. Open terminal emulator on your device, type "su", and hit enter to gain root privileges.
8. Type "cd /data/local" and hit enter.
9. Now type "chmod 777 gfree" and hit enter to make the program executable.
10. Type "./gfree -f" and hit enter.
New features in gfree.
gfree usage:
gfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
-h | -? | --help: display this message
-v | --version: display program version
-s | --secu_flag on|off: turn secu_flag on or off
-c | --cid <CID>: set the CID to the 8-char long CID
-S | --sim_unlock: remove the SIMLOCK
With the new features you can turn off one thing at a time. You can also turn security back on and set the CID back to stock if you wish. To turn simlock back on you still have to follow the revert procedures on this page as the information that is patched to turn the lock off is encrypted and we can't write back to it other than restoring the entire image.
So, if you wanted to leave simlock on but turn security off and set super CID the command would be "./gfree --secu_flag off --cid 11111111" + enter. The -f switch after ./gfree that is now in the above step (./gfree -f) just tells gfree to patch everything.
11. Wait for the program to finish and then reboot into HBoot to see if S=Off. Also, check your bootloader version. If it says s=off and has bootloader version 0.86.0000 it worked.
If you already had hboot 0.85.2007 you can check it through the hboot menu. It gives you an option for "system info" in the hboot menu. Highlight it and hit power. It should say CID = 11111111 or something like that. If it does your golden.
Congratulations!
12. If this is the first time you have rooted your device you will need to run visionary again (temproot w/set system r/w after root checked and then attempt permroot) to make root privileges permanent and then reboot again. Now "su" should work properly for you.
Gfree writes a backup of the file that it patches named Part7backup-numbers.bin on your sdcard. I suggest putting this file in a safe place as it is the only way to revert if you need to.
[Optional] Steps to flash engineering bootloader.
1. Restart your phone and plug it back into your computer.
2. Download this file: http://www.megaupload.com/?d=NN5726Z8
md5sum: df4fd77f44993eb05a4732210d2eddc6
3. Copy the file to your SDK tools directory.
4. Open a command prompt again and cd into your SDK tools directoty (platform-tools if your on the new R8 SDK).
5. Type "adb push hboot_dhd.nb0 /data/local" and hit enter.
6. Now open terminal on your device and type "su" and enter to gain root priviliges.
7. Type "cd /data/local" and enter.
8. Now type "dd if=hboot_dhd.nb0 of=/dev/block/mmcblk0p18" and hit enter.
9. You should see something like: 2048 bytes in 2048 bytes out 1048576 bytes copied blah blah blah.
10. Now restart the device into hboot and check if your bootloader version is 0.85.2007. That is what you want to see.
Congratulations, you now have a TRUE root and engineering bootloader on your shiny MT4G!!!
Procedure to revert
1. Rename the part7backup file that you already have to something just so you know that it is the original backup.
2. Open up terminal emulator or adb shell and type "su" + enter to get root privileges.
3. Type "cd /data/local" and hit enter.
4. Now type "./gfree -f" + enter to run gfree again. It will disable wp on the emmc and remove the brq filter in the kernel. (as well as make another backup, which you can delete if you wish)
5. Now run the "dd if=/where/your/part7backup-numbers.bin of=/dev/block/mmcblk0p7" and it should show the output:
xxxx bytes in
xxxxbytes out
xxxxxxxxxx copied in blah blah blah
6. Run "sync" and then reboot. (I didn't do this and it worked fine but it won't hurt either. )
If you have the engineering hboot 0.85.2007 installed you will still be showing s=off when you do the above revert steps. Follow these steps to reflash the stock hboot and turn s=on:
Download this file and unzip it to /sdcard on your device.
unroot.rar
http://www.mediafire.com/?12oi5elu7v2y8og
md5sum: aad4e64126cf8d92d7e8b5abb48fdadd
Terminal Emulator Method
1. Open up terminal editor on your device.(I prefer this method b/c you can see the output.)
a. Type "su" + enter to gain root privileges.
b. Type "cd /sdcard/unroot" + enter.
c. Type "sh unroot.sh" + enter.
d. Follow the onscreen prompts.
File Explorer Method
2. Open root explorer, sufbs, or some other file browser with root access.
a. Navigate to /sdcard/unroot.
b. Click on unroot.sh and allow it to run. Some file browsers ask permission before they execute scripts.
c. Wait 18 to 20 seconds and reboot your phone into the bootloader to check if S=on.
You now have S=ON again.
Here is a pic of the stock HBoot 0.86.0000 with S=Off to prove it.
If already on ENG bootloader, S-OFF, and perm rooted via your other guide would we be able to just run gfree for the "radio/sim" unlock?
Genocaust said:
If already on ENG bootloader, S-OFF, and perm rooted via your other guide would we be able to just run gfree for the "radio/sim" unlock?
Click to expand...
Click to collapse
Yes, that's what I did. Good call btw! I wrote the guide in a hurry just before heading to work and knew I would miss something.
My MyGlacier 4G MINE!!!
u could use root explorer to place the gfree file in data local couldn't u?
Yes you could use root explorer. I am going to revise this as soon as I get time. I'm at work right now.
As for the optional steps, you wouldn't need to do them if you already followed the other permroot guides successfully b/c you should alread have hboot 0.85.2007 installed.
My MyGlacier 4G MINE!!!
so is the 0.85.2007 is the one we want to be on?
mrpanic7 said:
my bootloader is 0.85.2007 is this the sweet one i want or the stock one?
Click to expand...
Click to collapse
Good to go. You have the engineering hboot.
Should work from either one as long as you have some kind of root access.
But ... Keep that one.
My MyGlacier 4G MINE!!!
sweet thanks, and the whole talk about subsidy unlock and flashing other device roms, is that part of the hboot im running, or the gfree file ?
Hey grankin01 this is what i have on my screen. Bec i just got this phone from warranty claim.
GLACIER PVT ENG S -OFF
HBOOT-0.85.2007 (PD1510000)
MICROP-0429
RADIO-26.03.02.26_M
eMMC-boot
oct 11 2010, 12:44:14
@mrpanic7, no its part of the gfree patch.
@topgun303, what kernel version are you running? Stock?
My MyGlacier 4G MINE!!!
sweet thanks will test tonight and comment when everything is done! how do we know if hte gfile goes thru successfully? since im already permarooted
grankin01 said:
@mrpanic7, no its part of the gfree patch.
@topgun303, what kernel version are you running? Stock?
My MyGlacier 4G MINE!!!
Click to expand...
Click to collapse
Kernal version: I have not flashed anything other kernal yet. This is what came with my phone.
2.6.32.21-g899d047
[email protected] #1
tue oct 26 16:10:01 CST 2010
Hey grankin01 I dont have adb steup, can you provide workaround for that. Meaning without adb.
Awesome man. Great job. Just to be clear. After unzipping the file, all of them need to go in the data/local folder yes?
So we can use root explorer to oaste the file, then the termunal steps?
Sent from my rooted w/s=off HTC Glacier on Iced Glacier Dark Froyo Themed 1.1.1 using XDA App
You should be able to use root explorer and yes put all files in /data/local including the hboot_dhd.nb0 file if you are going to do the optional steps.
Edit: Added mention of root explorer method between steps 4 and 5.
My MyGlacier 4G MINE!!!
hey grankin01 my phone is on engineer bootloader right now. what are the advantages of engineer bootloader vs bootloader version 0.86.0000?
Also if i flash bootloader version 0.86.0000, can i go back to engineer bootloader.
u r the maaan
after trying everything i got s=off thanx to you...but 1 lil isue the root did not stick for me after checking hboot to see if i got s=off
topgun303 said:
hey grankin01 my phone is on engineer bootloader right now. what are the advantages of engineer bootloader vs bootloader version 0.86.0000?
Also if i flash bootloader version 0.86.0000, can i go back to engineer bootloader.
Click to expand...
Click to collapse
Eng hboot will let you flash anything you want. Stock hboot will still limit your choices.
Yes you can just do the optional steps from the OP to go back to eng hboot. Actually having stock hboot will let you see if it worked without having to do anything special.
My MyGlacier 4G MINE!!!
wadie said:
after trying everything i got s=off thanx to you...but 1 lil isue the root did not stick for me after checking hboot to see if i got s=off
Click to expand...
Click to collapse
So this did work w/stock device and kernel?
Try running visionary r14 and doing permroot option. Being a stock rom you may still have to fiddle with it a little. Not quite an exact science.
My MyGlacier 4G MINE!!!
So the bootloader version 0.86.0000 provides simunlock correct? If i read correct from the first page of op. For now i think i will stay on engineer hbootloader.
Also one more thing op, I found a great video on how to setup adb. I have already got my adb setup using this. If u like you can post it in the op section. http://www.youtube.com/watch?v=1UF5w1dKe2U
My HTC Desire has no USB functionality at all, including USB Fastboot. It's also got no root access. There's no known reason why this occured.
Similar forum threads suggest that USB functions can be restored if I revert to the stock RUU image. It's possible that an update has been the cause of this problem.
I've tried to install the base ROM - RUU, but because I have Hboot 0.93 I have to downgrade, but can't do that because there is no existing root access and I don't have ClockWorksMod recovery installed to get around the signature verifications.
The device boots up and operates fine (even the SD Card). I have to charge the battery using my partner's phone and can't do any data transfers. I'm running Android 2.2, Radio 32.49.00.32U_5.11.05.27, Hboot 0.93
I'm beginning to think that the motherboard has somehow been fried and can no longer supprt the USB part of it.
Any ideas would be most helpful. Thanks heaps
As you are unrooted, you should have warranty and that is the first way to fix it.
The other is a bit more complicated but if you are cautions, you'll be fine. Use this guide:
quanchi said:
...
This is a specific situation - usb brick and totally stock rom, recovery and hboot. It's not required for people who have a modified recovery and a rooted rom. It's easy like 1-2-3.
Before doing anything else enable the Debug Mode in the Applications / Dev menu
1. Download the rageagainstthecage exploit from the authors site:
http://c-skills.blogspot.com/2010/08/please-hold-line.html
2. Download the flash_image and misc (mtd0.img) partition image from this thread.
http://forum.xda-developers.com/showthread.php?t=691639&highlight=usb+brick
Modify the mtd0.img according to your phones CID (how to get the CID also explained in the thread)
2. Download Android Terminal Emulator from the Market
3. Copy the exploit binary (rageagainstthecage-arm5.bin), the flash_image and modifed mtd0.img to the sdcard via an external card reader
4. Start the Terminal
5. Copy the files to the Terminal app data directory (the only place on the data partition you will have write access while running the Terminal), and make the binaries executable
Code:
cat /sdcard/rageagainstthecage-arm5.bin > /data/data/jackpal.androidterm/shared_prefs/rageagainstthecage-arm5.bin
cat /sdcard/flash_image > /data/data/jackpal.androidterm/shared_prefs/flash_image
cat /sdcard/mtd0.img > /data/data/jackpal.androidterm/shared_prefs/mtd0.img
cd /data/data/jackpal.androidterm/shared_prefs/
chmod 755 rageagainstthecage-arm5.bin flash_image
6. Run the exploit
Code:
/data/data/jackpal.androidterm/shared_prefs/rageagainstthecage-arm5.bin
After the exploit exits/finishes there should be a short system freeze, followed by inablity to issue any command from the terminal (don't worry). Exit the Terminal by long pressing HOME and force close the Terminal app from the Application Manager
7. Start the terminal again, a root prompt should be visible
8. Flash the misc partition
Code:
cd /data/data/jackpal.androidterm/shared_prefs
./flash_image misc mtd0.img
9. Reboot
...
Click to expand...
Click to collapse
No luck unfortunately, one of the steps requires the CID, and as you know I have not got USB to access fastboot mode.
Is there any other way to get the CID?
You should read the whole thread for the usb-fix
If I remember correctly you should use "cat /sys/class/mmc_host/mmc1/mmc1:*/cid" (without quotes) command from the terminal emulator.
The terminal emulator in your case will be the substitute for the fastboot, so everything is done via the former.
If you click the link to the quote, you'll see that there are number of people who got it sorted using this method. So just be patient and do the reading.
Ive got same problem, but have fastboot access.. Can I use regular terminal in windows then?
Well, you can use it to find the CID ("fastboot oem boot"), but the other commands in the guide quoted above are for a terminal emulator and are not the same as the ones used with fastboot. So in order not to get confused I recommend you to just use a terminal emulator, it's not harder than fastboot.
Well, i figured out that one on my own.. At least I learn something of this.. Anyway, when i try to execute first command in emulator I just get up "cannot create, directory nonexistent. Ive tripple checked the commandlines.. What could be wrong??
bump.........
Well I followed all the instructions, could get temp root access and flash a modified mtd0.img (which had the correct CID and Rom version) but still no USB. I tried it several times over and can't get anywhere. The hardware must be cactus! Time to throw it over a cliff !!
This guide is now obsolete. Please use this guide instead.
For Gingerbread Phones, Please use this guide.
Hey guys, this is probably the easiest guide to follow for rooting a branded desire Z. The reason why this can sometimes be hard is cause it uses a unique identifier (INFOCID) and the companies that brand the phones ONLY want roms from their company on them. This stops us from using a WWE rom like every else to downgrade and then root.
But ultimately, the reason I'm making this is because every other guide I've read constantly links you to other guides or other pages and it sorta annoyed me. So after I figured it all out I posted one concise guide that doesn't redirect you 50 times.
Now I’m gonna run you through EVERYTHING so you won’t get stuck anywhere.
This guide will work with:
Device: Desire Z or G2
Firmware Version: Any Firmware version will be fine (All you need to do is downgrade using step 1)
Android Version: Froyo or any previous variation of Android (Absolutely no gingerbread device will root with this method)
Btw, I take no responsibility for any damage taken by using these procedures. Sorry =P
Also if you don't have ADB and Fastboot set up then go ahead and follow the guides on the first two posts here. -Thanks nephron
g4b4g3 said:
If your INFOCID is NOT one of these you need to make a goldcard to downgrade!
HTC__001
HTC__032
HTC__E11
HTC__203
HTC__Y13
HTC__102
HTC__405
HTC__304
HTC__A07
HTC__N34
HTC__J15
Which can be checked by typing the following two commands:
adb reboot bootloader
fastboot oem boot
Click to expand...
Click to collapse
If your CID matches one of the CID's above then you can skip Step 1.
1. Creating a Goldcard:
Prerequisites:
ADB Set up and running fine (to check if it is working just connect your phone and have USB debugging enabled. Then type adb devices in your CMD Prompt)
HxD Hex Editor (see attachments of post 1)
USB Debugging enabled on your phone
1.Firstly we need to mount the memory card on a windows PC.
2. Format the memory card as FAT32 using all the default options.
3. Mount the memory card on your Phone. Then give it a couple of seconds.
4. Remount the memory card on your PC.
5. Find your CID by using the follow command in your cmd prompt (YOU NEED ADB)
Code:
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid
6. Use the excel sheet provided to reverse the CID (see Attachments)
7. Goto this website and send yourself a goldcard.img
http://psas.revskills.de/?q=goldcard
8. Run HxD hex editor AS AN ADMINISTRATOR! (I can’t stress how important having admin rights is)
9. Go to Extras > Open Disk Image. Then select your goldcard.img
10. Go to Extras > Open Disk. IMPORTANT: Select your memory card UNDER the Physical Drives category. DO NOT open the logical drive.
11. Switch to your goldcard.img tab. Go to Edit > Select All. Then Edit > Copy.
12. Go to the physical drive tab and select the lines 00000000 until you get to the one with 00000170.
13. Go To Edit > Paste Write.
14. You should have a huge block of red characters now. This is good btw.
15. Mount your SD card on your Phone and let it detect it. If it comes up with a corrupt SD card error you have done it wrong and you may have to start over.
16. You are done with the goldcard.
2. Downgrading and Debranding
Before you start this please do the following:
1a. Download the RUU I’ve linked (it should be a ~300mb exe file) -Thanks g4rb4g3
ii. If you are a BELL User. Please download this RUU instead.
1b. Run the setup until you get to the screen with the tick boxes (Some Users may have to run this as an Administrator)
1c. Leave the setup running and go to C:\Users\<your account name>\AppData\local\temp ( Or Try %AppData%\Local\Temp\ ). Then right click and Sort By Date Modified. Look for the most recently created folder which should look like {xxxxxxx-xxxxxx-xxxxxxxx}. Then navigate into it and its then into its one folder. Look for rom.zip and copy that to your goldcard/memory card.
1d. Rename the rom.zip on your memory card to PC10IMG.zip (Make sure it is exactly the same as the way I've typed it there)
1e. Mount your sd card back onto your phone.
2. Download the attachments (misc_version & psneuters) and extract them in a folder like C:\RootVision\
Now you are ready to begin:
1. Open a CMD prompt window
2. Navigate your way to the folder with psneuter & misc_version IN CMD PROMPT. (So the cmd prompt window should be something like this C:\RootVision> )
3. Now we will use the following 5 commands one after the other
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
4. After the last command you should have a # and a flashing line for you to enter text. This is good. (If you get a $ you have done it wrong and should try typing the commands out again)
5. Now you have the # type the following command in: (This will spoof the radio version)
Code:
/data/local/tmp/misc_version –s 1.33.405.5
Then go ahead and type:
Code:
exit
6. Type this command into your cmd prompt (btw you should be back with the normal C:\RootVision>)
Code:
adb reboot bootloader
7. Once on your white screen with colourful text you can go ahead and press the power button ONCE
8. Now just wait for the rom to install and verify. If you get INCORRECT CID your gold card doesn’t work or your CID doesn't match and you'll need a goldcard. (Go to Step 1. and make a goldcard for your phone)
9. Go ahead and install the rom when it asks you.
10. You are done downgrading and can now begin the Rooting process.
See Post 2 For Rooting
Assuming all as gone well and you now have a rom without superuser but you have a baseband version that is 1.34xxxx.
Alright, let’s begin.
Prerequisites:
Download psneuter
Download gfree 0.5
Download root_psn
Download flash_image
Download the Desire Z hboot
Download Clockwork Recovery
ALL of these are in the attachments section
They all should be extracted into the same folder. Use something simple like C:\RootVision\Root
3. Root your Desire Z!
Before you start:
Enable USB Debugging and Allow Unknown Market Installations again.
Also delete the PC10IMG.zip on your phone if you downgraded.
Okay lets go:
1. Now Assuming you succeeded at the last part you should have a stock-ish rom without superuser. What we want to do is start by pushing all the files across with the following adb commands (use in cmd prompt the same way you pushed files in 2.)
Code:
adb push psneuter /data/local/tmp/
adb push gfree /data/local/tmp/
adb push busybox /data/local/tmp/
adb push root_psn /data/local/tmp/
adb push flash_image /data/local/tmp/
adb push su /sdcard/
adb push hboot-eng.img /data/local/tmp/
adb push Superuser.apk /sdcard/
adb shell chmod 755 /data/local/tmp/*
2. Alright now we have all the files we need to root the phone. Input the following command. This is just putting our clockwork recovery in a convenient place with an easy name.
Code:
adb push recovery-clockwork-3.0.2.4-vision.img /data/local/tmp/recovery.img
3. Now we’re gonna temp root again by typing in the following:
Code:
adb shell /data/local/tmp/psneuter
adb shell
4. This should leave us with another #. Now enter the following commands:
Code:
cd /data/local/tmp
./gfree -f -b hboot-eng.img
./flash_image recovery recovery.img
./root_psn
sync
5. Type in: (thanks for the correction john_d1974)
Code:
reboot
6. You should have a rooted phone with superuser after the reboot. Also it will have clockworkmod, SuperCID, secu-flag off & an Unlocked HBOOT-ENG.
If gfree 0.5 doesnt work for you then this section is for you:
Prerequisites:
Download psneuter
Download gfree 0.2
Download root_psn
Download flash_image
Download the Desire Z hboot
Download Clockwork Recovery
ALL of these are in the attachments section
They all should be extracted into the same folder. Use something simple like C:\RootVision\Root
1. Now Assuming you succeeded at the last part you should have a stock-ish rom without superuser. What we want to do is start by pushing all the files across with the following adb commands (use in cmd prompt the same way you pushed files in 2.)
Code:
adb push psneuter /data/local/tmp/
adb push gfree /data/local/tmp/
adb push busybox /data/local/tmp/
adb push root_psn /data/local/tmp/
adb push flash_image /data/local/tmp/
adb push su /sdcard/
adb push hboot-eng.img /data/local/tmp/
adb push Superuser.apk /sdcard/
adb shell chmod 755 /data/local/tmp/*
2. Alright now we have all the files we need to root the phone. Input the following command. This is just putting our clockwork recovery in a convenient place with an easy name.
Code:
adb push recovery-clockwork-3.0.2.4-vision.img /data/local/tmp/recovery.img
3. Now we’re gonna temp root again by typing in the following:
Code:
adb shell /data/local/tmp/psneuter
adb shell
4. This should leave us with another #. Now enter the following commands:
Code:
cd /data/local/tmp
./gfree -f
./flash_image recovery recovery.img
./root_psn
sync
5. Type in: (thanks for the correction john_d1974)
Code:
reboot
6. You should have a rooted phone with superuser after the reboot. Also it will have clockworkmod, SuperCID and secu-flag off.
4. Installing your own custom ROM
This section is just in case you don't know how to install a custom ROM.
Note: Always make sure the ROM you are installing is FOR YOUR PHONE! If you install a ROM meant for another phone you could potentially damage it or brick the phone itself.
1. Download the ROM you want and copy it to your SD Card. (Try to keep it in a folder that is easy to get to)
2. Turn off your phone.
3. Hold down the volume down button and then press the Power Button. This should take you to a white screen with lots of colourful text. One of which says FASTBOOT or FASTBOOT_USB.
4. Press the power button ONCE when BOOTLOADER is selected(BLUE)
5. Navigate using the volume buttons until you get to RECOVERY and then press the Power Button again.
6. The HTC Logo will come up then you will get a black screen with text.
7. From here you should Always do a NANDROID Backup so you can restore a working ROM if something fails.
NANDROID Backup
7a. Navigate to 'backup and restore' and then select it by pressing the trackpad button.
7b. Select 'Backup' and then let it finish. Once done you have a backup of your android.
8. Now you want to do these before you start installing:
a. 'wipe data/factory reset
b. 'wipe cache partition'
c. Go into 'advanced' and select 'Wipe Dalvik Cache'
9. Now you can install the ROM itself. This is done by selecting 'install zip from sdcard' in the main menu. Now you can select 'choose zip from sdcard' and just go ahead and select the ROM you copid to your sd card earlier.
9a. If the phone says verification failed then just toggle the signature verification option.
FAQ - For Anyone with any issues.
1. My version is 1.7xxxx or higher. Can I use this method?
Yes you can. This method will downgrade your phone to 1.34 so your radio is no longer locked thereby allowing you remove the secu-flag, add superCID and allow you to install a custom recovery (like ClockWorkMod)
2. My CID is XXXXXXXX and isn't on that list, will this method still work?
Yes it will. The reason why it will work is because a goldcard is essentially a manufacturers way of bypassing the CID checks used by ROMs. Therefore, by creating our own unique goldcards we can also bypass the CID check.
3. My CID is on the list that you mentioned. Do I need this goldcard?
No, you can skip the 1st step because when the ROM checks your phones CID it will match up perfectly and the phone will install the older radio without issue.
4. What Benefits does rooting a phone grant you?
Simply, it allows you to install any ROM of your choosing onto the phone as well as use custom kernels and certain applications that access locked functions on the phone. This can ultimately lead to; a longer battery life; more stable roms and more frequently updated roms; and finally an overall faster Android experience.
5. What is root access?
Root access essentially gives you access anything locked by the manufacturer on the phone. This most importantly means that you can read and write to any system partitions on the phone that would normally be locked.
6. Whats psneuter?
psneuter is an application used to grant temporary root access. This is done through an exploit in the android system and will give us a window to further exploit the system and ultimately grant us Permanent Root Access.
7. How do I find my CID?
To find your CID you run two commands. Firstly, in your CMD prompt you type 'adb reboot bootloader' when your phone is connected and USB debugging is active. This will restart your phone into its bootloader. Then once you see the words FASTBOOT_USB you type 'fastboot oem boot'. Then look for the words CID and then just read the 8 character CID.
Also there is a post with a screenshot here.
8. My phone will not find PC10IMG.zip
You will need to double check that the PC10IMG.zip is the correct ZIP file from the RUU that has been linked. It should be roughly 250mb in size and should be placed in the root folder of your SD Card. Also your SD Card must be compatible with your device (able to be read/written to). If you cannot access your SD Card from your Desire Z or G2 then there is probably something wrong with your SD Card. It should probably be reformatted.
9. Can I use this on the Desire Z/G2 running Gingerbread?
So far no one has been able to root the gingerbread version of android on the Desire Z/G2. Unfortunately, this guide still cannot root gingerbread desire Zs or G2s.
If there are any more, feel free to post them and I'll add them
10.I'm Missing my AdbWinApi.dll? What now?
espentan[U said:
][/U]
I don't know if you've figured this one out yet, but here's the solution to a potential cause.
You need to add the directory containing the "AdbWinApi.dll" to Windows' path under Environment Variables, so Windows know where to look for the necessary files when you enter commands in the shell.
For this exercise I'm going to assume that you have installed the Android SDK in the directory called "android-sdk-windows" on your C: hard drive. If you have it installed somewhere else, change the path I'm mentioning below accordingly.
Go to the Windows "Control Panel".
Click on "System and Security".
Click on "System".
Click on "Advanced system settings" in the left column of the window you're in.
Find the button called "Environment Variables" in the window that opens (it's at the bottom on the first tab).
Scroll down in the "System variables" box until you find "Path".
Select "Path" and click the "Edit" button.
At the very beginning of the input field called "Variable value" enter the following:
"C:\android-sdk-windows\platform-tools;" (without the quotes).
Do not remove any of the other paths, and make sure you have a semi colon at the end of the new path you're adding.
Reboot.
Now the windows command shell knows where to find the necessary DLL's and whatnot.
Click to expand...
Click to collapse
will this work if i have 1.84.666.2?
anyone? thought?
Should work fine as long as you've got a Desire Z or G2 lol.
hi, manageage to root the DZ sucessfully, however on step 5 you say
"5. Type in:
Code:
Reboot"
i got an Reboot: error not found
i retried with with "reboot" and was sucessful
Hi, im sure this has been covered before in other posts, but, could someone tell me, if i were to use the above method to downgrade and root etc, would this prevent me from doing an official upgrade, to, say gingerbread in the near future? Also is there any real benefits to going to gingerbread? I ask as im sure ive read somewhere its only possible to flash to cooked roms, not official ones (once downgraded and rooted etc).. this would concern me as ive moved over from win mo to android, and in my experiance, EVERY cooked unoficial rom i ever flashed (xperia x1) was simply rubbish, and i tried alot of them. (Even though people would say the roms would be fine, bugs smoothed out etc), i went back to stock in the end after constant dissapointment.
Sorry for the rant, just need to know where i stand.. thanks people..
jmpcrx said:
Hi, im sure this has been covered before in other posts, but, could someone tell me, if i were to use the above method to downgrade and root etc, would this prevent me from doing an official upgrade, to, say gingerbread in the near future? Also is there any real benefits to going to gingerbread? I ask as im sure ive read somewhere its only possible to flash to cooked roms, not official ones (once downgraded and rooted etc).. this would concern me as ive moved over from win mo to android, and in my experiance, EVERY cooked unoficial rom i ever flashed (xperia x1) was simply rubbish, and i tried alot of them. (Even though people would say the roms would be fine, bugs smoothed out etc), i went back to stock in the end after constant dissapointment.
Sorry for the rant, just need to know where i stand.. thanks people..
Click to expand...
Click to collapse
It is pretty difficult to go back to stock updates from your carrier for example Vodafone. This is because of the unique CIDs used and the fact that it is extremely hard to find a stock ROM since no one can give you a NANDROID backup.
Anyways, there are numerous benefits to rooting your phone included with most ROMs. These benefits include longer battery life, faster ROMs & various other things depending on each chef.
Ok, thanks, but are the roms buggy at all, will some of the hardware not work properly, or will i have freezing probs etc, as i found this always to be the case with win mo roms?.. have you personally found a rom that works perfectly that includes htc sense? As i do like the UI..
My goal is to have all security off, full perm root, with a perfecly working sense rom that i can then overclock to a speed that works well with my particular phone, and to underclock when idle etc..
Thanks..
I need to verify that my Tmobile G2's INFOCID is compatible.
I typed in the two commands:
adb reboot bootloader
fastboot oem boot
The first one worked. The second command is not recognized once I'm in the bootloader. Can someone suggest a solution?
Newbie question,
how to unroot if i rooting the phone using this metode?
and how to go back to original rom?
Vader™ said:
Newbie question,
how to unroot if i rooting the phone using this metode?
and how to go back to original rom?
Click to expand...
Click to collapse
Firstly, to root the phone just follow the steps and once you've finished them all you will be done.
Second, it should technically be possible once you've rooted the phone to simply do a NANDROID backup via ClockWorkMod Recovery before you start flashing new ROMs. If you have backed it up and later decide you want to unroot then all you would need to do from there is restore your nandroid backup and unroot the phone through this method.
forceOnature said:
I need to verify that my Tmobile G2's INFOCID is compatible.
I typed in the two commands:
adb reboot bootloader
fastboot oem boot
The first one worked. The second command is not recognized once I'm in the bootloader. Can someone suggest a solution?
Click to expand...
Click to collapse
Using this method you don't have to worry about your CID. If you make a goldcard it will completely bypass the need for one of the CID's listed in the first post. So to put it simply, you don't need to worry about your unique CID if you create and use a goldcard to downgrade.
Aegishua said:
It should technically be possible once you've rooted the phone to simply do a NANDROID backup via ClockWorkMod Recovery before you start flashing new ROMs. If you have backed it up and later decide you want to unroot then all you would need to do from there is restore your nandroid backup and unroot the phone through this method.
Click to expand...
Click to collapse
okay, but we need to root the device first right? before ClockWorkMod Recovery can run, the problem is, if I root the device first, the device must be downgrade to build 1.34.405.5, and now my Desire Z using build 1.82.xxx.x
is it if we backup via ClockWorkMod, the ROM that we backup is 1.34.405.5? not my current build?
please help bro, really confused here
Hi forceonature, im no expert, but when i was having a look myself, i found out it was simply my enviroment variables wernt set up for the directory fastboot was located.. an easy way round this was just to enter the directory fastboot was in (program files, 'some directory'.. do a quick search) within your command prompt, and type the second command from there.. hope that helps..
Everything goes fine until
mmap() failed. Operation not permitted
when I put in
adb shell /data/local/tmp/psneuter
Any help?
Also I can only put su and Superuser.apk on my sdcard if I manually transfer them.
Hi forceonature, im no expert, but when i was having a look myself, i found out it was simply my enviroment variables wernt set up for the directory fastboot was located.. an easy way round this was just to enter the directory fastboot was in (program files, 'some directory'.. do a quick search) within your command prompt, and type the second command from there.. hope that helps..
Click to expand...
Click to collapse
I need to verify that my Tmobile G2's INFOCID is compatible.
I typed in the two commands:
adb reboot bootloader
fastboot oem boot
The first one worked. The second command is not recognized once I'm in the bootloader. Can someone suggest a solution?
Click to expand...
Click to collapse
I tried the same thing to get my DZ phones CID and the first one worked and the second didn't. If I don't have to make a gold card all the better. How can I find out for sure if my CID is on the list or not? Also if I have to make a gold card do I need to have a micro SD card to make the gold card?
Thanks,
Chevy
chevy2410 said:
I tried the same thing to get my DZ phones CID and the first one worked and the second didn't. If I don't have to make a gold card all the better. How can I find out for sure if my CID is on the list or not? Also if I have to make a gold card do I need to have a micro SD card to make the gold card?
Thanks,
Chevy
Click to expand...
Click to collapse
You should get a line that says INFOt.cid=XXXXXXXX or any of the lines that say your 8 Digit CID. However, as you can see there are multiple lines that say it and they should all be the same.
If your CID does match one on that list then you will not need a goldcard.
I've attached a screenshot to make things easier.
forceOnature said:
okay, but we need to root the device first right? before ClockWorkMod Recovery can run, the problem is, if I root the device first, the device must be downgrade to build 1.34.405.5, and now my Desire Z using build 1.82.xxx.x
is it if we backup via ClockWorkMod, the ROM that we backup is 1.34.405.5? not my current build?
please help bro, really confused here
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Click to expand...
Click to collapse
Yeah, you can only have a NANDroid backup of 1.34.xxx because there is no way to get clockwork onto a 1.72+ rom.
Hi, I'm new to rooting the G2. Iv'e been trying to follow this tutorial, but I'm having some trouble. After renaming Rom.zip to PC10IMG.zip I booted into the bootloader and it says 'no image found' or something like that. What am I doing wrong? Am I not supposed to put the zip file on the root of the SD card? Is it possible to just use the RUU to downgrade?
And regarding the downgrade, the build number on my G2 shows 1.22 . Isn't that lower than 1.34?
Any help is appreciated!
I followed the instructions twice and both times I get to
"/data/local/tmp/misc_version –s 1.33.405.5"
I get
/
Patching and backing up partition 17
Error opening backup file.
#
The first time around I iqnored it and went through hboot, the rom PC10IMG.zip was checked and verified and finally failed prompting "the main version is older"
what am I missing?
EDIT: checked SD card, unmount and remounted phone/sdcard no avail.
Will try 1.33 Bell rom next.
EDIT2: Patching and backing up sucessful, problem was I couldn't get my phone to stay in debugged mode without being in DISK DRIVE, had to start HTC Sync to mount the phone in that way to relieve the sd card, allowing adb to patch the file. Now running through PC10IMG.zip with fingers crossed.
EDIT3: Everything went smooth after that! Thanks. Now I will attempt to update to 2.3 and Sense 3.0
EDIT4: Now running on 2.3.3 and Sense 3.0 Virtuous port. Testing...probably going back to more stable gingerbread and sense 2.1
Please do not PM me with questions about this guide! I don't have time to help everyone through it, create a thread in Q&A if you don't have 10 posts or post here, there are other people who have done this and can help you, and I will get to it if I can. PMs asking questions about this guide will be ignored. Thank you.
Fully stable root methods for all firmware versions (no bootloops on 6.01.605.05 firmware!)
Table of Contents
To quickly find a section, hit CTRL+F and type the letters in parentheses, then click "Next"
(IRO) Intro: Read first!
(HDV) HTCDEV Unlock
(TCR) Tacoroot
(DWG) Downgrade tool
(RVL) Revolutionary
(HSO) S-OFF with HTCDev unlock (second post)
(ASO) After S-OFF (second post)
INTRO(IRO)DISCLAIMER: I am not responsible for anything that happens to your device while following these instructions. I will try to help you through problems as much as I can, but I can't guarantee success, especially if you do not carefully read the instructions.
This is a comprehensive guide of all known and fully stable root/s-off methods, at this time, it covers just about all firmware versions out there. Most of these methods will require the Android SDK, so download that (Google it. A link for this really isn't necessary, and I'm sure many people could use practice googling things. ) and set it up (again, just google "android sdk," the download page even has tutorials). The downgrade methods no longer require the sdk, but it is still reccomended that you download it as it is a very useful tool. Don't forget to download the device drivers here (only neccessary on Windows) and set the PATH variable.
So, which downgrade method should you use? Most likely you will either have firmware version 5.x or 6.x, you can find out under Settings>About phone. If you are using 5.x, go to the Downgrade Tool section; if you have 6.x, go to the Tacoroot section. Both methods eventually lead to the Revolutionary section, HTCDev unlock is not reccomended and, honestly, completely pointless (read more below).
HTCDEV UNLOCK(HDV)Versions: All
HTCDev is HTC's "official" unlock, it will unlock the bootloader but leave S-ON. Don't do it. Seriously. It's a guaranteed voided warranty and pretty much a huge PITA (you can't flash radios and need to extract and separately flash ROM kernels), and s-off methods are completely stable and even relockable. That said, if for whatever reason you do wish to do this, just go to http://htcdev.com/bootloader/. If you want to obtain S-OFF at any time after using HTCDev unlock, see the second post.
Note: to flash ROMs when HTCDev unlocked, flash the ROM normally, then extract the boot.img from the rom.zip and boot into fastboot, then use the command "fastboot flash boot boot.img."
TACOROOT(TCR)Versions: 6.01.605.05 firmware
Tacoroot is a temp root method discovered by Justin Case that will allow those on the newer firmware to flash an older version and root with Revolutionary. Before you begin, download this zip containing all the files you'll need:
EDIT: Looking for the files? See this post.
Extract this zip to C:/Android. You can extract it somewhere else, just replace C:/Android with the path to the wherever you extracted it wherever it comes up. Now, connect your device to your computer with a USB cable, turn on USB Debugging under Settings>Apps>Development, and disable fastboot under Settings>Power. Make sure your phone is fully charged. Open a command prompt by opening the start menu, typing "cmd" and hitting enter. Type in everything that is in black text. Notes and extra instructions will be written in blue. It is reccomended that you copy/paste the code to avoid typos, to do this, copy by highlighting the line and hitting Ctrl+C as usual; to paste, go to your command prompt and click the small black icon in the upper left corner. A menu will pop up, go to Edit>Paste. Make sure you have not highlighted any spaces before or after the line or any of the blue text. Now, begin copying the code:
cd C:/Android
md5sums RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip Remove the space in the middle of the word radio before hitting enter, I don't know why it won't let me remove it. Result should be cea499f51b40055ffd118960e1e73255, if it isn't, redownload the miniadb zip.
md5sums 1.09.01.0312_vivow_Radio_PG32IMG.zip Result should be ea6b98be48210d7797e62362f49ff751
md5sums tacoroot.sh Result should be 6ec06d776feb212d8b2a55817eddf76d
md5sums misc_version Result should be 050f55d34ddbcc860efa5982491437de
adb devices Result should be your phone's serial number. If it isn't make sure drivers are properly installed and USB Debugging is enabled.
adb push tacoroot.sh /data/local/
adb shell chmod 755 /data/local/tacoroot.sh
adb shell /data/local/tacoroot.sh --setup This will reboot your phone. When you get to a screen with a red exclamation mark, press VolUp+Power until you get to a menu, then press VolUp+VolDown+Power until the phone turns off. Once it is rebooted, continue.
adb shell /data/local/tacoroot.sh --root
adb wait-for-device Running the step before this will reboot your phone again, this time it will be bootlooping, meaning it will not boot fully and get stuck on the boot animation. Once your prompt comes back after this step, you're good to continue even though the phone isn't fully booted.
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 2.18.605.3
adb shell /data/local/tacoroot.sh --undo This will reboot your phone one more time, this time fully stable and will boot completely. Continue once fully booted.
adb reboot bootloader This will reboot your phone to a white screen with a few options. Once you are at this screen, continue with the instructions.
fastboot devices Result should be your phone's serial number, again.
fastboot getvar mainver The result should be 2.18.605.3. If it is not, something was not done correctly, you'll need to restart from the beginning.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a bit of time without giving any indication as to when it will be done, be patient and do not interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip 1.09.01.0312_vivow_Radio_PG32IMG.zip Same as the above, do not interrupt under any circumstances (unless you really wanted a phone-shaped paperweight )
fastboot reboot
That's the end of the codes, you should be fully booted into the now downgraded version. Re-enable USB debugging, then continue to the Revolutionary section and follow instructions there.
DOWNGRADE TOOL
Versions: HBOOT .98, firmware below 6.01.605.05
This will not work with firmware version 6.01.605.05! Use the tacoroot method!
This tool will downgrade you to 2.3.3, which will allow you to use Revolutionary to gain S-OFF.
Download the tool here, and extract it to a folder where you can easily get to it in a command prompt/terminal.
Now, connect your device to your computer with a USB cable, and turn on USB Debugging in settings. To ensure you are connected, open a command prompt/terminal and type "adb devices". If you see a bunch of letters and numbers followed by "device," you're good to go.
Navigate to the files you extracted in a command prompt/terminal ("cd /path/to/folder," replacing /path/to/folder with the actual filepath), type "hack-vivow.cmd" and let it run. It may take a while and seem to get stuck on some commands, just leave it alone. After it's done, continue to the Revolutionary section. Yep, it really is that easy.
REVOLUTIONARY
Versions: GB 2.3.3, any others after downgrade methods
This is the final step that will actually get you S-OFF.
Go to the revolutionary website, click on the download link for your OS, you'll get a download right away. While it's downloading, fill out the form that pops up (if you don't know your serial number and have the sdk installed, open up a command prompt/terminal and type "adb devices," the letters/numbers before "device" is your serial. Extract the files and run either revolutionary or revolutionary.exe depending on your OS, enter your beta key and say yes when it asks to install CWM recovery. Let it run, and you'll be S-OFF and ready to go!
If you have any questions/comments or found something that isn't right, go ahead and post, I would greatly appreciate any positive or negative feedback, as long as it's constructive.
Credits:
attn1 for Downgrade tool
Revolutionary team
Guhl for misc_version
jcase for Tacoroot
PalmerCurling for Tacoroot downgrade guide
MIVLives for bootloop fix
scotty85 for better Tacoroot downgrade and HTCDev S-OFF method
If you find anything I didn't give credits for and should have, let me know and I'll add it.
Get S-OFF after using HTCDev Unlock
(HSO)If you used HTCDev unlock and want to get S-OFF, follow this guide. What you get from going from HTCDev unlocked to full S-OFF is a full unlock instead of HTC's restricted unlock. This way, you can flash custom radios and flash ROMs without needing to extract and separately flash the boot.img. (Note: If you already installed a custom recovery and a custom ROM, flash this ROM and start at "adb push misc_version /data/local/tmp/misc_version" in the code.) To do this, first download this zip and extract it to C:/Android. You can extract it somewhere else, just replace C:/Android with the path to where you extracted it wherever it comes up. Next, download this zip and extract it to C:/Android. Download this zip as well and put it in your C:/Android folder, but do not extract it. Now, connect your device to your computer with a USB cable, turn on USB Debugging under Settings>Apps>Development, and disable fastboot under Settings>Power. Make sure your phone is fully charged. Open a command prompt by opening the start menu, typing "cmd" and hitting enter. Type in everything that is in black text. Notes and extra instructions will be written in blue. It is recommended that you copy/paste the code to avoid typos, to do this, copy by highlighting the line and hitting Ctrl+C as usual; to paste, go to your command prompt and click the small black icon in the upper left corner. A menu will pop up, go to Edit>Paste. Make sure you have not highlighted any spaces before or after the line or any of the blue text. Now, begin copying the code:
cd C:/Android
md5sums RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip Result should be cea499f51b40055ffd118960e1e73255, if it isn't, redownload the miniadb zip.
md5sums 1.09.01.0312_vivow_Radio_PG32IMG.zip Result should be ea6b98be48210d7797e62362f49ff751
md5sums misc_version Result should be 050f55d34ddbcc860efa5982491437de
adb devicesResult should be your phone's serial number.
adb push CWM-SuperSU-v0.94.zip /sdcard This might take a minute or so. If it gives an error, try "adb push CWM-SuperSU-v0.94.zip /mnt/sdcard"
adb reboot bootloader This should reboot your phone to a white menu, once it is there, continue.
fastboot devices This should return your phone's serial number.
fastboot flash recovery recovery.img This might take a while, be patient and do not interrupt it. Once it is done, use the volume buttons on your phone to navigate through the menu until RECOVERY is highlighted, then press Power to select it. Your phone will reboot into another menu, once it shows up, select "install from sdcard" then "choose zip from sdcard," then scroll down and select CWM-SuperSU-v0.94.zip, and accept it. Once it is finished, press power then select reboot. Once you are fully booted, continue with the instructions.
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 2.18.605.3
adb reboot bootloader This will reboot you to the white menu again.
fastboot devices Result should be your phone's serial number.
fastboot getvar mainver Result should be 2.18.605.3. If it isn't, make sure you didn't get any errors in the above code and everything was copied correctly.
fastboot oem lock
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a while, be patient and do not under any circumstances interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip 1.09.01.0312_vivow_Radio_PG32IMG.zip This will also take a bit, again, do not interrupt it.
fastboot reboot
That's the end of the code, you should be downgraded and can now get S-OFF by following the Revolutionary guide in the first post.
After S-OFF(ASO)So, now you have S-OFF. Congratulations! The next step would be to flash a custom recovery, then either an su zip or a custom, rooted ROM. For recoveries, the choices are ClockworkMod, 4EXT or TWRP. I personally prefer 4EXT, but TWRP is also great and has many great features. ClockworkMod is a little slower, but still stable. All ROMs and recoveries for the Dinc2 can be found in the development forums (where you found this guide), and there are many different ROMs to choose from, so check them out! If you want something rock solid and completely stable, try out CondemnedSoul's CM7 or one of the Gingerbread Sense ROMs, or if you want something newer, a bit faster, but maybe has a few minor bugs, check out one of the many ICS ROMs. If you want the latest and greatest, with a few slight bugs, go Jelly Bean with aeroevan's CM10. If you were looking to just root, download and flash the zip found here: http://forum.xda-developers.com/showthread.php?t=1538053, however, I would recommend that you try one of the Gingerbread Sense ROMs such as Skyraider Zeus if you wanted something a bit different with extra features, or andybonestock for a faster, debloated ROM that looks and feels exactly like what you're used to, but rooted.
Nice guide. I have to use the tacoroot method for a buddy of mine.
Awesome post!
This should be stickied...
sk842018 said:
This should be stickied...
Click to expand...
Click to collapse
+1 ^^
Sent from my Kang Banged Dinc2
Consider it done, excellent resource :good:
Also added to roll-up.
Bad links for Tacoroot.sh and .0312 radio. Great wright up though and cant wait to get my replacement unlocked.
Edit: Ok so I am almost there but have run into some issues. I cant get the 2.3.3 RUU to flash. It will get so far and stop saying bad signature verification. The one thing I noticed is that at the end of the file name it has si and not signed. I tried to change it but kinda knew that would not work and it didn't. Hope this can be fixed soon.
Edit of the edit. Ok so I followed dets34's wright up as I could not get the commands posted here to work. I put the files in the proper SDK folders and went through the commands and when I got to the RUU I hit tab after starting the name to make sure the end was si.zip. Flashed went into boot loop, boot recovery, flash newest radio, and bam no more loop with S off. Thanks to everyone who keeps us sorted out and flashing strong.
zackspeed said:
Bad links for Tacoroot.sh and .0312 radio. Great wright up though and cant wait to get my replacement unlocked.
Edit: Ok so I am almost there but have run into some issues. I cant get the 2.3.3 RUU to flash. It will get so far and stop saying bad signature verification. The one thing I noticed is that at the end of the file name it has si and not signed. I tried to change it but kinda knew that would not work and it didn't. Hope this can be fixed soon.
Edit of the edit. Ok so I followed dets34's wright up as I could not get the commands posted here to work. I put the files in the proper SDK folders and went through the commands and when I got to the RUU I hit tab after starting the name to make sure the end was si.zip. Flashed went into boot loop, boot recovery, flash newest radio, and bam no more loop with S off. Thanks to everyone who keeps us sorted out and flashing strong.
Click to expand...
Click to collapse
Links work fine for me. What did you do differently with dets34's tutorial?
The only thing that was different was I put misc and taco files in AndroidSDK\platforms. Then I put the RUU in the tools folder. Ran the commands and it went through first try. For the first part I cd c:\ to my platforms folder and ran the first part then cd c:\ to my tools folder and installed the RUU. Once it booted as soon as I messed with it boot loop. So flashed the radio and all seems to be fine.
zackspeed said:
The only thing that was different was I put misc and taco files in AndroidSDK\platforms. Then I put the RUU in the tools folder. Ran the commands and it went through first try. For the first part I cd c:\ to my platforms folder and ran the first part then cd c:\ to my tools folder and installed the RUU. Once it booted as soon as I messed with it boot loop. So flashed the radio and all seems to be fine.
Click to expand...
Click to collapse
Shouldn't make a difference if you added those folders to your PATH variable, that way you can use adb/fastboot commands without having to cd in.
Yea that's kinda what I thought but some how I messed it up or something because it never would flash the RUU. I am no expert at this by any means. Either way you helped out and its nice to see we don't have to worry about loops any more. :good:
Great guide, thanks! My couple of things I had to add in to make everything work:
Code:
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip
I had to add the path to this file for it to work and then afterward do a
Code:
adb reboot
to get ready for the Revolutionary process. At first Revolutionary wouldn't recognize the device when it booted. I quickly realized I needed to re-enable USB Debug.
Then I used adb to do the rebooting necessary to flash the .0312 radio.
Thanks again! Great stuff.
techspecs said:
Great guide, thanks! My couple of things I had to add in to make everything work:
Code:
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip
I had to add the path to this file for it to work and then afterward do a
Code:
adb reboot
to get ready for the Revolutionary process. At first Revolutionary wouldn't recognize the device when it booted. I quickly realized I needed to re-enable USB Debug.
Then I used adb to do the rebooting necessary to flash the .0312 radio.
Thanks again! Great stuff.
Click to expand...
Click to collapse
Updated, thanks.
Thanks for your guide. Will this guide work with the newest firmware 5.10.605.9? Just use TACOROOT?
leshan said:
Thanks for your guide. Will this guide work with the newest firmware 5.10.605.9? Just use TACOROOT?
Click to expand...
Click to collapse
Use the downgrade tool.
Sent from my vivow using Tapatalk 2 Beta-5
leshan said:
Thanks for your guide. Will this guide work with the newest firmware 5.10.605.9? Just use TACOROOT?
Click to expand...
Click to collapse
The latest firmware is 6.01.605.05. You don't have to use tacoroot.
Thanks. worked perfectly.
prototype7 said:
Use the downgrade tool.
Sent from my vivow using Tapatalk 2 Beta-5
Click to expand...
Click to collapse
unroot to re-root correctly
Does anyone know a method to go back to stock on one of refurbed phones in order to re root correctly and not get the Sense bootloop? I found a few methods but they are all four hboot .97 and I have a feeling won't fix the problem.
mccarrel said:
Does anyone know a method to go back to stock on one of refurbed phones in order to re root correctly and not get the Sense bootloop? I found a few methods but they are all four hboot .97 and I have a feeling won't fix the problem.
Click to expand...
Click to collapse
Flash the latest firmware, or just flash whatever RUU then the .0312 radio, then follow the guide to go back to s-on.
Sent from my Incredible 2 using Tapatalk 2 Beta-5