Im hoping someone can point me in the right direction here.
Clearly I did something wrong. I could use a little direction here to get back
to factory state phone. I have a "factory phone" without root and stock apps but
S-OFF and I need to get back to S-ON
1) Rooted using Rage/Gfree method for temp root/s-off/perma root
2) Wanted to roll back(please don't ask why)
3) Tried to follow step 1a) on http://forum.xda-developers.com/showthread.php?t=835971
4) Receive following message
-- Installing: SDCARD:/stock_root.zip
E:Board does not support mtd utils.E:Failure at line 344:
write_raw_image PACKAGE:boot.img BOOT:
Installation aborted.
5) Recovered from clockwork backup
5) Went to step 1b successfully
6) Followed step 2 successfully
7) Phone patched itself OTA(step 3)
8) checked bootloader to find S -off
Steps I have taken
1) Regain temp root using rage
2) copied gfree back to phone
3) from terminal "# ./gfree -s on"
4) "#sync"
5) Reboot into bootloader to find S-OFF *sigh*
Bootloader items
VISION PVT SHIP S-OFF
HBOOT-0.82.0000
MICROP-0425
RADIO-26.03.02.26_M
eMMC-boot
**Amendment* I don't have the gfree partition backup that gets created the first time you root
brandonmcgrew said:
Steps I have taken
1) Regain temp root using rage
2) copied gfree back to phone
3) from terminal "# ./gfree -s on"
4) "#sync"
5) Reboot into bootloader to find S-OFF *sigh*
Bootloader items
VISION PVT SHIP S-OFF
HBOOT-0.82.0000
MICROP-0425
RADIO-26.03.02.26_M
eMMC-boot
**Amendment* I don't have the gfree partition backup that gets created the first time you root
Click to expand...
Click to collapse
You have the regular bootloader (not the eng one), so the fact you have S-OFF still means your "gfree -s on" didn't work. You need to try that again, and look for what error messages were produced at the time.
You have the regular bootloader (not the eng one), so the fact you have S-OFF still means your "gfree -s on" didn't work. You need to try that again, and look for what error messages were produced at the time.
Can you give me the steps for that. I got temp root with rage and ran the s-on and sync commands. do you want the output from that???
brandonmcgrew said:
Can you give me the steps for that. I got temp root with rage and ran the s-on and sync commands. do you want the output from that???
Click to expand...
Click to collapse
Yes, please post up the output from when you run "./gfree -s on", that's the bit that sounds like it's failing.
# export PATH=/data/local/bin:$PATH
# cd data
# cd local
# ./gfree -s on
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.17-g9ab3677
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
- Address: c029c72c, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc029c000
Kernel memory mapped to 0x40001000
Searching for brq filter...
- Address: 0xc029c72c + 0x34c
- 0x2a000012 -> 0xea000012
Patching and backing up partition 7...
Done.
#
Well that's odd, that looks liked it worked ok.
What about if you try the stuff at http://forum.xda-developers.com/wik...ion#3._.28OPTIONAL.29_Verify_you_did_it_right to verify that S-ON has been set ?
Ok at this point I decided to get back to a spot where I felt comfortable. So I permarooted using rage/Gfree. I have also installed Clockwork and done a nandriod. So at this point here is my status. Perhaps you can help me get back to factory
1) Factory Stock w/OTA
2) Root
3) gfree verify
gfree verify_cid returned:
@CID: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@SIMLOCK= 00
OK
At this point I can't do anymore today but if you could/would give me a little help getting back to factory stock no root s-on simlock on I would REALLY appreciate it.
I'll do my best not to derail, but I cannot even install the stock ROMs anymore, and I think it is because of the version of CWR I am running. Since I wanted CM7, I had to install CWR 3.x. Is it safe to assume that any Android 2.3 ROM needs CWR 3.x, and any Android 2.2 or previous required CWR 2.x?
OK I finally got back to working on this and got a FIX!
See previous post(s) to get caught up......done ok GOOD
**THIS REQUIRED ADB TO BE WORKING**
**IF YOU TAKE THESE STEPS BELOW I TAKE NO RESPONSIBILTY IF SOMETHING GOES CRAZY AND YOU BRICK YOU PHONE. IM A NEWB TO THIS SO THIS IS JUST WHAT I DID**
Where I left off is I was Stock OTA rooted using the gfree/rage method. I had Clockwork installed and a nice nandroid backup(Such a good feeling). Copied backup to computer
1) Followed steps to a tee downgrade from OTA -->http://forum.xda-developers.com/showthread.php?t=831398
2) With a fresh preOTA phone I unmounted my sdcard
3) Formatted SDCard(no idea if this helped but made me happy)
4) Copied Visionary R14 to root of sdcard-->http://android.modaco.com/content/h...m/320722/19-nov-r14-visionary-one-click-root/
5) Enabled Unknown Sources install from Manage application
6) Installed File Manager from Market
7) Used File Manager to install Visionary
8) TempRoot using Visionary
9) Downloaded latest gFree from -->http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_02.zip
10) unzip gfree_02.zip
11) open command prompt
12) enter following commands to confirm you have root
adb shell
$ su
**on phone should see superuser prompt...press allow**
if you see a "#" you got temp root
# exit
$ exit
13) Push gfree to phone
c:\adb push gfree_02 /data/local
c:\adb shell
$ su
# cd /data/local
# chmod 777 gfree
14) Set S-On
# ./gfree -s on
15) Set CID
# ./gfree -c TMO010
# exit
$ exit
16) Power off
17) Boot phone to bootloader (Hold Power +Vol Down) and confirm
VISION PVT SHIP S-ON
HBOOT-0.82.0000
MICROP-0425
RADIO -26.02.01.15.M2
eMMC-boot
18) Reboot Device. ALL DONE!!!
**If you want you could temproot again and remove all files copied for gfree to /data/local or you could do a factory reset from the bootloader**
Related
I rooted my phone using the gfree method outlined in the wiki, but made a Nandroid backup of stock before I started anything. I restored the backup; is there anything else I need to do before sending it back?
I noticed that still have the Superuser app in my app drawer, and I wasn't able to follow the instructions for S-OFF here (http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Turning_S-On) as it said "Permission denied" when I type cd /data/local (I also noticed that I don't have the /data/local folder anymore on my sd card).
Gfree gives you an option to turn S-off or S-on, go back to the wiki and re-read it, the code below is copied from the Wiki and I highlighted the options in red for you, just run gfree again with the -s option
Code:
gfree usage:
gfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
-h | -? | --help: display this message
-v | --version: display program version
-s | --secu_flag[COLOR="red"] on|off[/COLOR]: turn secu_flag [COLOR="Red"]on[/COLOR] or [COLOR="red"]off[/COLOR]
-c | --cid <CID>: set the CID to the 8-char long CID
-S | --sim_unlock: remove the SIMLOCK
-f | --free_all: same as --secu_flag off --sim_unlock --cid 11111111
As far as superusers app, just go into the app manager and remove it.
Sorry, I should've clarified that I don't have gfree anymore. I tried again and this is the prompt I get:
$ su
su
# cd data/local
cd data/local
# chmod 777 gfree
chmod 777 gfree
Unable to chmod gfree: No such file or directory
# ./gfree
./gfree
./gfree: not found
#
Push the gfree file back to data/local and rerun the commands except with -s option read the wiki again and use the right commands.
Sent from my HTC Vision using XDA App
All right, got my phone back to stock unrooted and with S-ON. Here's what I did (note that my circumstances my be different than yours so try this at your own risk):
I rooted and S-OFFed using the rage (v 0.03-this will come into play later) method on the wiki (http://forum.xda-developers.com/wik...sion#Rooting_the_Vision_.28G2.2FDZ.29_and_DHD). I did this right when I got the phone, so no OTA update (I had 1.19). Downloaded ROM Manager and did a Nandroid backup at this point (in my above post I said I made a backup right at the beginning which I was mistaken on). Then I went ahead and flashed CyanMod.
Phone earpiece broke, so I had to get the phone back to stock. First I restored my backup ROM (so back to 1.19 again). Used the unroot guide (http://forum.xda-developers.com/showthread.php?t=835971), and during step one, I got the following error:
E:Board does not support mtd utils.E:Failure at line 344:
write_raw_image PACKAGE:boot.img BOOT:
Installation aborted.
Failure at line 6:
install_zip SDCARD:/stock_root.zip​Some others seemed to get this error as well and it looked benign. Continued and rebooted the phone. Figured this would be a failure, so I followed the HexEditor steps. Turns out the misc.img file was already the right version, but I renamed it and ran dd if=/sdcard/miscnew.img of=/dev/block/mmcblk0p17 just in case.
Step 2 ran without any problems, so now I had a stock phone with S-OFF. To turn it back on, I temp rooted the phone (just follow the TEMP Root steps in the wiki). I then tried to follow the S-ON directions on the wiki (http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Turning_S-On), but the phone would automatically reboot after the dd line while not changing S-OFF.
Then I realized that I could use ./gfree -s on to turn S-ON since I was using 0.03, which worked perfectly. Rebooted to remove the temp root, and did a factory restore for good measure, and I believe I have a fairly pristine G2 ready for replacement.
Thanks to all the wikis and threads for their help!
I have a question about restoring to factory settings. Cant you just use the RUU from HTC (if you have a Desire Z that is) and just run that? Wont that just put it back to factory settings?
Ok. I want to know how can you test that your phone is rooted. When I'm doing the XDA method of rooting my G2, I push all the needed files to my phone, and do the thing where Terminal Force closes and you open again after you had ran rage. Now I have the root shell in Terminal.
When I run command:
$ su
not found
($) is my command line, and (blanks) is what came back. ^^
Is it suppose to say "not found"? or is it suppose to say something else? I did exactly what I was suppose to do. It wasn't all that hard. Before I did the rage command, it was
$ su
Permission Denied
That seems normal. But after I supposedly temporarily root my phone, if I open ROM manager, it tells me that I need to root my phone. What tha truck? Am I missing something?
I run:
$ /data/local/gfree -f
{export PATH=/data/local/bin:$PATH
# # /data/local/gfree -f
--secu_flag off set
--cid set. CID will be changed to: 11111111
--sim_unlock. SIMLOCK will be removed
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x00015398 (86936)
Section index for section name string table: 41
String table offset: 0x000151df (86495)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x000011cc (4556)
-- size: 0x000000c4 (196)
Kernel release: 2.6.32.17-g9ab3677
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Write protect was successfully disabled.
Searching for mmc_blk_issue_rq symbol...
- Address: c029c72c, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc029c000
Kernel memory mapped to 0x40002000
Searching for brq filter...
- Address: 0xc029c72c + 0x34c
- 0x2a000012 -> 0xea000012
Backing up current partition 7 and patching it...
patching secu_flag: 0
Done.}
I run command:
$sync
# {sync}
I run command:
$ /data/local/tmp/root
# {/data/local/tmp/root
mkdir failed for /system/xbin, File exists
cp: can't stat '/system/xbin/busybox': Not a directory
Unable to chmod /system/xbin/busybox: Not a directory
/data/local/tmp/root: /system/xbin/busybox: not found
cp: not found
cp: not found
Unable to chmod /system/bin/su: No such file or directory
#}
(mkdir failed for /system/xbin, File exists) This is where I think I'm messing up. The directions say it should state:
( mkdir: /system/xbin already exists)
See the difference? The directions doesn't say "Failed" while mines does.
In Hboot mode:
VISION PVT SHIP S-OFF
HBOOT-0.82.000
MICROP-0425
RADIO-26.03.02.26_M
eMMC-boot
Sep 2 2010, 17:59:38
HBOOT
(How to navigate)
FASTBOOT
RECOVERY
FACTORY RESET
SIMLOCK
IMAGE CRC
So what's going on? Is my phone rooted or not? Why when I go to recovery, there's this triangle thing there? LoL!! It's the picture of the phone with a red triangle.
Thanks for any help. And sorry. I completely changed the question.
I think for some reason you are missing the su binary do you have the superuser
app installed? when you type su, superuser should ask you if you want to allow terminal to access root and after accepting it $ will change to # which means you can run a command as root .
and for the red triangle, it is the stock recovery if you want to install clockworkmod ,you can flash it true Rom manager
bahmanxda said:
I think for some reason you are missing the su binary do you have the superuser
app installed? when you type su, superuser should ask you if you want to allow terminal to access root and after accepting it $ will change to # which means you can run a command as root .
and for the red triangle, it is the stock recovery if you want to install clockworkmod ,you can flash it true Rom manager
Click to expand...
Click to collapse
I have the SuperUser app installed on my phone. But once I get the root shell (#) symbol in Terminal Emulator, if i type (su) I get the response " not found ". I don't know what it's saying. It sounds like you're right when you say the file (su) isn't moving to my phone.
Dugh!!
When you're in terminal and you get the root # symbol there's nothing more to do. Just open terminal, type 'su' and hit enter. The $ should change to a # and that means you are root. If you get anything but that then like the other guy said, your su binaries are probably messed up.
In that case you the search function on here and look for something like 'reinstall su binaries'. That should set you straight. Btw, make sure to use the binaries from the gfree method, their the most current as far as I know.
Sent from my HTC Vision using XDA App
Ok. Now I really don't know what's going on. When I reboot while holding Power, and Vol+Down, I can see that I have S-Off, but when I open ROM Manager or any other root app, it tells me I need to Root my phone. Am I missing something?
And yes, I did check the forums about when people had this same problem. They aren't helping. Somehow, people are getting their root after they find something out, but I don't know what's going on.
It seems that my phone isn't TempRooting.
I did notice that when I go to Super User app, it tells me that there is an update to the SU Binary, and it fails to update, so there is a zip file on my SD Card, and that I should start the phone in recovery mode and flash it.
Right now, it says Superuser v2.3.6.1 Is that the most current, or no?
The zip file name is su-2.3.1-bin-signed.zip
Thanks for any help. I don't know how I got S-Off, a Root Shell, and still don't have Temp Root to go to PermaRoot.
What instructions did you use to root? Sounds like you might have skipped a step. Also how did you temporarily root?
What do you have in /system/xbin ?
HTC Vision 1.8 OC, CM7 RC1==HAPPY!!
here are my phone specs
pvt ship s-off
hboot 0.82.0000
microp-0425
radio 26.03.02.26m
emmc-boot
sep 2 2010, 17:59:38
is there anything i should change?
only reason i ask is cause i have bricked a phone before and i think it was due to wrong hboot/radio combo (mt3g 1.0)
btw i rooted via rage root temp and gfree method
all help/tips is appreciated!
8. Install the engineering hboot (if you really want to)
8.1. download engineering hboot
Download the appropriate HBOOT for your phone:
T-Mobile G2: vision.hboot-0.76.2000.zip (md5sum 7669AE12DC2FAA10AE555A164980EFD0)
HTC Desire Z: vision.hboot-0.84.2000.zip (md5sum 2CE1BDD5E4C1119CCFCECB938710D742)
HTC Desire HD: ace_glacier.hboot-0.85.2007.zip (md5sum df4fd77f44993eb05a4732210d2eddc6)
Note that the md5sums are for the actual hboot img contained within the zip file, not the for the zip file itself. Note also that the dz, g2, and dhd each use their own version of the engineering boot, as the phones are partitioned differently. (If you have previously installed the wrong HBOOT for your phone, you may need to reflash everything after partition 18)
8.2. Copy the files to the phone
Connect the phone to the USB of your PC. The phone will stay connected during the complete procedure.
Make sure that you do NOT turn on USB storage. There has to be a sdcard in the phone and it has to be mounted to the phone!
Unpack the engineering hboot zip files to a directory on your PC.
Open a terminal (or command window) on your PC and change the current directory to where the file is on your PC and execute these commands:
$ adb push hboot-eng.img /data/local/tmp/
8.3. Install the engineering hboot
Please make sure that you type or better copy/paste the following commands exactly, and in exactly this order. Especially the dd-command is very critical!
In the terminal (or command window) on your PC execute these commands:
$ adb shell
$ su
# dd if=/data/local/tmp/hboot-eng.img of=/dev/block/mmcblk0p18
# sync
8.3.1. Check the md5sums of the installed hboot
As it is very important that the hboot was installed correctly we recommend to check the md5sums of the partition. In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:
# /system/xbin/busybox md5sum /data/local/tmp/hboot-eng.img
# /system/xbin/busybox md5sum /dev/block/mmcblk0p18
We call these two md5_1 and md5_2 in the next section
If md5_2 does not match md5_1: First DON'T REBOOT and second run for help at the #G2ROOT IRC channel on freenode.
If md5_2 matches md5_1: You are fine, Reboot your phone by executing the following command in the root shell (indicated by the #):
# reboot
thats relavent section of wiki for you follow it .... although putting eng hboot puts you at risk of bricking your phone while flashing radio . stock hboot atleast doesnt let you to flash wrong radio
You don't need eng hboot to change the radio. Read this http://forum.xda-developers.com/showthread.php?t=970809
Is this method safe, or are there many problems with md5?
Dear all,
I'm trying to root my G2. I was following the instructions described in the Strewmetal's PDF file. It went very smoothly until I hit this issue. I was in the section of "[OPTIONAL] TEMP-ROOTING TO BACKUP". It went fine until the last command which is:
adb shell /data/local/tmp/fixsu.sh
I had the following error:
/data/local/tmp/fixsu.sh: cannot create /system/etc/passwd: I/O error
Unable to chmod /system/etc/passwd: I/O error
/data/local/tmp/fixsu.sh: cannot create /system/etc/group: I/O error
Unable to chmod /system/etc/Group: I/O error
cp: can't create '/system/bin/su": Invalid argument
I tried the previous commands a few times just in case, but it seems there are no issues with the previous commands.
It would be great if someone can shed some light here.
Thank you very much!
- kazs
well for the most part you will probably never need your back up so you can definitely skip this part if youd like
but if you must id go to freenode #g2root
youll get real time help from people who have seen it all - when your done make sure you post the problem and the fix so the next person who reads this will learn
demkantor, thank you very much for the reply. I actually skipped the section and went ahead. Then, I just completed the entire process according to the PDF file. It went fine everything. But, I think I had an issue after I enter:
# reboot
My G2 automatically started the reboot process with the white screen with green "htc" logo, but it stuck there. I waited 10 minutes, but it doesn't change.
Did I screw up?
well not necessarily, if you have a g2 and flashed the dz hboot then your emmc partitions are different and your current rom wont start up. same thing if you have a dz and flashed the g2 hboot.
if you followed either the xda wiki or the cyanogen wiki then everything should be just fine.
pull battery and wait a few seconds... reinstall
boot while holding volume down and write down everything you see here
(you may have to take out sdcard or at least remove the pc10img.zip from your card at this point)
you should see something very similar to this:
VISION PVT ENG S-OFF
HBOOT-0.76.200 (PC1010000)
MICROP-0425
RADIO-26.02.01.15_M2
eMMC-boot
Aug 20 2010, 16:15:01
then some options,
write down your screen and well see if your good
Thanks again for the quick reply. I really appreciate it.
It says:
VISION PVT ENG S-OFF
HBOOT-0.84.2000 (PC1010000)
MICROP-0425
RADIO-26.02.01.15_M2
eMMC-boot
Sep 8 2010,15:56:38
Is it good? If so, what should I do next?
Thanks!
you should be just fine, looks like you have the dz hboot.
next step would be to pick your rom, do something simple and known stable at first to make sure all is well and then move on and try a bunch
recommend elitemod cm7 (youll find this and many many others in the dev section, look for a compilation in the 2nd or 3rd post
boot into hboot holding volume and down
wait a second or two after image check completes (no pc10img.zip on sd card!)
now hit volume down and select recovery with the power button
(the guide you followed should have brought you to clockworkmod recovery)
in here toggle (with volume keys but select with trackpad) to mounts>usb mount
put your rom on sdcard ---- unmount
toggle to wipe options (wipe everything you can)
toggle to apply update from sd card (recommend to flash a superwipe script here)
flash rom
now reboot
in the future look into updating radio (lots of threads on this)
update to 4et touch recovery (my opinion way better)
try some roms
do full wipes and superwipes between flashes
always do a nandroid backup before you flash or wipe anything
most importantly have fun!
rooting a friends g2 as i am writing this (got it down to about 15mins!)
time to do all i recommend for myself now! - we are in the same boat!
Thank YOU very much! I just installed EliteMod & Kernel CM7 according to your recommendation and it's working just fine so far. I really appreciate your big help!
I will check for the radio update tomorrow (it's getting very late here...) and I will try other ROMs as well.
May I ask the last question at this time? So, my G2 is not rooted. Does it mean the phone is unlocked as well? I mean I have a plan to go to Asia in August and I would like to buy and use another SIM instead of my T-Mobile SIM over there. I'm sorry for the novice questions though...
Thanks!!!
i think you mean now that you are rooted...
anyway here is the best way to check your work:
5. Verify the success of gfree
You can verify the success of gfree by using gfree_verify.
Download gfree_verify.zip from gfree_verify_v01.zip (md5sum 8e3535fd720d19fa0aec4eb711b897c4)
Unzip gfree_verify_v01.zip to a place on your PC.
Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:
$ adb push gfree_verify /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/gfree_verify
$ adb shell
In this shell:
Remark: When you run su for the first time in the adb shell make sure the the screen of the phone is unlocked. Because when you enter the command the Superuser app will show up and ask you if you want to grant superuser access to app Unknown (2000).
Check the Remember check box and click allow.
$ su
# cd /data/local/tmp
# stop ril-daemon
# ./gfree_verify
You should see the following output:
gfree verify_cid returned:
@CID: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@SIMLOCK= 00
OK
Start the interface layer again (IN THE ADB SHELL ON YOUR PC):
# start ril-daemon
Did it work? Here's what you're looking for:
@CID: 11111111 <--- this response means you have superCID!
@SIMLOCK= 00 <--- this means your simlock is off.
@secu_flag: 0 <--- this means your radio is S-OFF.
if simlock =00 then you can put in any simcard and use anywhere that supports the proper cellular bands
Thank you very much! I have confirmed that the simlock is off on my phone.
PS Sorry for the typo and that I confused you. I wanted to type "now", but typed "not"...
Hi. I did a factory reset and now I cannot get past the white HTC welcome screen. I don't have the phone rooted, hboot says S-ON. I had USB debugging disabled when doing the reset, so now I can't turn it on (since I won't get anywhere near the actual system).
Also, I don't know if this is the cause of not having USB debugging on - adb can't seem to find my device. When connected, it shows HBOOT USB PLUG, but adb devices returns an empty list..
Is there a way I can root/unlock the phone, without having debugging on, so that I can flash a recovery and a new system?
Thanks
Not too likely, adb will never work in bootloader mode but fastboot should. adb only works in os and recovery.
What you'll need to do is flash an RUU through bootloader or fastboot to get things working again. Check the development section here for a list of the latest RUUs for the vision
Sent from my Nexus 4 using XDA Premium 4 mobile app
I was swamped and got back to it by now. Thank you for your suggestion. It doesn't work though.
I downloaded the newest RUU from htcdev.com, the phone did get recognized by fastboot and the RUU installer seemed happy. However, when the actual update started, it got stuck on "Rebooting bootloader" or similar for over half an hour. That's when I decided to cancel it.
Next on, I tried steps shown here: androidforums .c o m/htc-desire-s/678126-desire-s-stuck-bootloader.html
fastboot erase cache - this got stuck on 'erasing cache', nothing happened afterwards
fastboot oem rebootRUU - this wrote "..." and nothing else happened
Is there anything else I can try?
ROOT
http://forum.xda-developers.com/showthread.php?t=2348266
http://forum.xda-developers.com/showthread.php?t=1178912
http://forum.xda-developers.com/wiki/HTC_Vision
How To Get R/W Access (Permanent Root / "Permaroot") using gfree v1.0[edit]
Prerequisites
Having the proper USB drivers installed - HTC Sync including Windows USB Drivers for the Vision
Disable auto-run or uninstall Visionary if you have it (It's important!)
adb (installed as part of the Android SDK.) See this guide on how to install/setup adb on your PC.
The HTC Desire Z with a firmware version higher than 1.34, T-Mobile G2 with a firmware version higher than 1.22 and the Desire HD with a firmware version higher then 1.32 have to be downgraded before proceeding.
Downgrading HTC Desire Z, T-Mobile G2 and Desire HD
For the 1.XX firmware HTC Desire Z follow this guide Downgrade DZ till step 12 and then come back.
For the 1.XX firmware HTC Desire HD follow this guide Downgrade HD and then come back.
For the 2.XX firmware HTC Desire Z/Desire HD and T-Mobile G2 follow this guide GUIDE Downgrade G2 2.13.531.8 (2.3.3 T-Mobile Rom w/ S-ON) & DZ 2.3.3 w/ S-ON" and come back. The history can be found in this thread New exploit works with Gingerbread! and Desire Z users see this posting of the thread Desire Z explanation.
Please use your brain when following these postings / guides. Especially make sure that you use a PC10IMG.zip for your device!
1. Necessary files
psneuter psneuter.zip (md5sum 89c2dec8d72d87b4c669f44dd31c8d17)
gfree v1.0 gfree_10.zip (md5sum 0bc9fc22bda897c765b02066f8a3c83b)
root_psn root_psn.zip (md5sum c8fe38ef55eb8951def9ff17b2eb99c1)
Superuser package su-2.3.6.2-efgh.zip (md5sum 43d9a40b63e916635d5ad7ca32433fab)
1.1. engineering hboot
Download the appropriate HBOOT for your phone:
T-Mobile G2: vision.hboot-0.76.2000.zip / Mirror (md5sum 7669AE12DC2FAA10AE555A164980EFD0)
HTC Desire Z: vision.hboot-0.84.2000.zip / Mirrors in this thread (md5sum 2CE1BDD5E4C1119CCFCECB938710D742)
HTC Desire HD: ace_glacier.hboot-0.85.2007.zip (md5sum df4fd77f44993eb05a4732210d2eddc6)
Note that the md5sums are for the actual hboot img contained within the zip file, not the for the zip file itself. Note also that the dz, g2, and dhd each use their own version of the engineering boot, as the phones are partitioned differently. (If you have previously installed the wrong HBOOT for your phone, you may need to reflash everything after partition 18)
1.2. clockwork recovery
Download the appropriate clockwork recovery for your phone:
ClockworkMod Recovery 5.0:
T-Mobile G2 and HTC Desire Z: recovery-clockwork-5.0.2.7-vision.img (md5sum 87a428549440894dbe2f96dd5efc4fb5)
HTC Desire HD: recovery-clockwork-5.0.2.0-ace.img (md5sum b8d77b9352dcbb41839e45342ea35658)
ClockworkMod Recovery 5.8 (touch):
T-Mobile G2 and HTC Desire Z: recovery-clockwork-touch-5.8.1.0-vision.img (md5sum b21aa5a0d593b6ebce880be3316ff64a)
HTC Desire HD: recovery-clockwork-touch-5.8.1.5-ace.img (md5sum fd6abfbc459663455a25b88ca7d77442)
Rename the file to 'recovery-clockwork.img'.
2. Copy the files to the phone
Before you can adb as described below you need to enable debugging in the settings on the phone. In Settings go to "Applications -> Development" and check the "USB debugging" option.
Connect the phone to the USB of your PC. The phone will stay connected during the complete procedure.
Make sure that you do NOT turn on USB storage. There has to be a sdcard in the phone and it has to be mounted to the phone!
In the commands to run below, $ or # represent the prompt and should NOT be entered as part of the commands (in Windows this will be something like C:\> instead).
Unpack all the zip files to a directory on your PC. Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:
$ adb push psneuter /data/local/tmp/
$ adb push gfree /data/local/tmp/
$ adb push busybox /data/local/tmp/
$ adb push hboot-eng.img /data/local/tmp/
$ adb push root_psn /data/local/tmp/
$ adb push su /sdcard/
$ adb push Superuser.apk /sdcard/
$ adb shell chmod 755 /data/local/tmp/*
2. clockwork recovery for T-Mobile G2 and HTC Desire Z
To copy your clockwork recovery execute the following command in the terminal or command window
$ adb push recovery-clockwork.img /data/local/tmp/recovery.img
3. Temporary root
In the terminal (or command window) execute these commands:
$ adb shell /data/local/tmp/psneuter
$ adb shell
after the last command you should have a root shell in adb (this is indicated by a # prompt). Leave this terminal (or command window) that contains the root shell open.
4 S-OFF, root and its friends Super-CID, SIM-unlock, engineering hboot, clockwork recovery and root
In the following section we are trying to gain write access to the emmc by power cycling it.
We recommend to install the engineering hboot as part of the gfree procedure.
In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:
# cd /data/local/tmp
# ./gfree -f -b hboot-eng.img -y recovery.img
# ./root_psn
# sync
Wait a few seconds for the changes to "take".
4.1. Automatic gfree hboot verification
As it is very important that the hboot was installed correctly gfree calculates md5sums of the partition. It will calculate the following 3 checksums
md5sum #1 - checksum of partition 18 before the installation
md5sum #2 - checksum of the hboot image that should be installed
md5sum #3 - checksum of partition 18 after the installation
gfree will check the md5sums and give you a proper success or error message. The messages are explained in detail at gfree-wiki
The messages that you want to see are either:
md5sum #1 == md5sum #2 - the hboot image is already installed -> skipping installation
or
md5sum #3 == md5sum #2 - the hboot image was successfully installed -> OK!
If you get a different error message you should run for help at #G2ROOT on Freenode.
If you got one of the two success messages described above -> You are fine, Reboot your phone by executing the following command in the root shell (indicated by the #):
# reboot
5. Verify the success of gfree
You can verify the success of gfree by using gfree_verify.
Download gfree_verify.zip from gfree_verify_v01.zip (md5sum 8e3535fd720d19fa0aec4eb711b897c4)
Unzip gfree_verify_v01.zip to a place on your PC.
Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:
$ adb push gfree_verify /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/gfree_verify
$ adb shell
In this shell:
Remark: When you run su for the first time in the adb shell make sure the the screen of the phone is unlocked. Because when you enter the command the Superuser app will show up and ask you if you want to grant superuser access to app Unknown (2000).
Check the Remember check box and click allow.
$ su
# cd /data/local/tmp
# stop ril-daemon
# ./gfree_verify
You should see the following output:
gfree verify_cid returned:
@cid: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@simlock= 00
OK
Start the interface layer again (IN THE ADB SHELL ON YOUR PC):
# start ril-daemon
Did it work? Here's what you're looking for:
@cid: 11111111 <--- this response means you have superCID!
@simlock= 00 <--- this means your simlock is off.
@secu_flag: 0 <--- this means your radio is S-OFF.
6. Backup and cleanup
During the process gfree created backups of the partitions that it changed on your sdcard in /sdcard/
The files are called /sdcard/part7backup-.bin, part18backup-<time>.bin (if you installed hboot) and part21backup-<time>.bin. It is highly recommended that you copy these files to a save location on your PC and keep them!
You can delete the files in /data/local/tmp they are not needed anymore.
7. Next steps
Find a custom rom that you would like to install and install it using the clockwork recovery.
Enjoy the freedom of your phone.
If you like free phones and our work we would like to ask you to support the EFF.
Support the EFF[edit]
or
http://forum.xda-developers.com/showthread.php?t=1097977