Develop Bugs

[Q] Another unroot/s-off problem

Im hoping someone can point me in the right direction here.
Clearly I did something wrong. I could use a little direction here to get back
to factory state phone. I have a "factory phone" without root and stock apps but
S-OFF and I need to get back to S-ON
1) Rooted using Rage/Gfree method for temp root/s-off/perma root
2) Wanted to roll back(please don't ask why)
3) Tried to follow step 1a) on http://forum.xda-developers.com/showthread.php?t=835971
4) Receive following message
-- Installing: SDCARD:/stock_root.zip
E:Board does not support mtd utils.E:Failure at line 344:
write_raw_image PACKAGE:boot.img BOOT:
Installation aborted.
5) Recovered from clockwork backup
5) Went to step 1b successfully
6) Followed step 2 successfully
7) Phone patched itself OTA(step 3)
8) checked bootloader to find S -off
Steps I have taken
1) Regain temp root using rage
2) copied gfree back to phone
3) from terminal "# ./gfree -s on"
4) "#sync"
5) Reboot into bootloader to find S-OFF *sigh*
Bootloader items
VISION PVT SHIP S-OFF
HBOOT-0.82.0000
MICROP-0425
RADIO-26.03.02.26_M
eMMC-boot
**Amendment* I don't have the gfree partition backup that gets created the first time you root

brandonmcgrew said:
Steps I have taken
1) Regain temp root using rage
2) copied gfree back to phone
3) from terminal "# ./gfree -s on"
4) "#sync"
5) Reboot into bootloader to find S-OFF *sigh*
Bootloader items
VISION PVT SHIP S-OFF
HBOOT-0.82.0000
MICROP-0425
RADIO-26.03.02.26_M
eMMC-boot
**Amendment* I don't have the gfree partition backup that gets created the first time you root
Click to expand...
Click to collapse
You have the regular bootloader (not the eng one), so the fact you have S-OFF still means your "gfree -s on" didn't work. You need to try that again, and look for what error messages were produced at the time.

You have the regular bootloader (not the eng one), so the fact you have S-OFF still means your "gfree -s on" didn't work. You need to try that again, and look for what error messages were produced at the time.
Can you give me the steps for that. I got temp root with rage and ran the s-on and sync commands. do you want the output from that???

brandonmcgrew said:
Can you give me the steps for that. I got temp root with rage and ran the s-on and sync commands. do you want the output from that???
Click to expand...
Click to collapse
Yes, please post up the output from when you run "./gfree -s on", that's the bit that sounds like it's failing.

# export PATH=/data/local/bin:$PATH
# cd data
# cd local
# ./gfree -s on
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.17-g9ab3677
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
- Address: c029c72c, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc029c000
Kernel memory mapped to 0x40001000
Searching for brq filter...
- Address: 0xc029c72c + 0x34c
- 0x2a000012 -> 0xea000012
Patching and backing up partition 7...
Done.
#

Well that's odd, that looks liked it worked ok.
What about if you try the stuff at http://forum.xda-developers.com/wik...ion#3._.28OPTIONAL.29_Verify_you_did_it_right to verify that S-ON has been set ?

Ok at this point I decided to get back to a spot where I felt comfortable. So I permarooted using rage/Gfree. I have also installed Clockwork and done a nandriod. So at this point here is my status. Perhaps you can help me get back to factory
1) Factory Stock w/OTA
2) Root
3) gfree verify
gfree verify_cid returned:
@CID: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@SIMLOCK= 00
OK
At this point I can't do anymore today but if you could/would give me a little help getting back to factory stock no root s-on simlock on I would REALLY appreciate it.

I'll do my best not to derail, but I cannot even install the stock ROMs anymore, and I think it is because of the version of CWR I am running. Since I wanted CM7, I had to install CWR 3.x. Is it safe to assume that any Android 2.3 ROM needs CWR 3.x, and any Android 2.2 or previous required CWR 2.x?

OK I finally got back to working on this and got a FIX!
See previous post(s) to get caught up......done ok GOOD
**THIS REQUIRED ADB TO BE WORKING**
**IF YOU TAKE THESE STEPS BELOW I TAKE NO RESPONSIBILTY IF SOMETHING GOES CRAZY AND YOU BRICK YOU PHONE. IM A NEWB TO THIS SO THIS IS JUST WHAT I DID**
Where I left off is I was Stock OTA rooted using the gfree/rage method. I had Clockwork installed and a nice nandroid backup(Such a good feeling). Copied backup to computer
1) Followed steps to a tee downgrade from OTA -->http://forum.xda-developers.com/showthread.php?t=831398
2) With a fresh preOTA phone I unmounted my sdcard
3) Formatted SDCard(no idea if this helped but made me happy)
4) Copied Visionary R14 to root of sdcard-->http://android.modaco.com/content/h...m/320722/19-nov-r14-visionary-one-click-root/
5) Enabled Unknown Sources install from Manage application
6) Installed File Manager from Market
7) Used File Manager to install Visionary
8) TempRoot using Visionary
9) Downloaded latest gFree from -->http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_02.zip
10) unzip gfree_02.zip
11) open command prompt
12) enter following commands to confirm you have root
adb shell
$ su
**on phone should see superuser prompt...press allow**
if you see a "#" you got temp root
# exit
$ exit
13) Push gfree to phone
c:\adb push gfree_02 /data/local
c:\adb shell
$ su
# cd /data/local
# chmod 777 gfree
14) Set S-On
# ./gfree -s on
15) Set CID
# ./gfree -c TMO010
# exit
$ exit
16) Power off
17) Boot phone to bootloader (Hold Power +Vol Down) and confirm
VISION PVT SHIP S-ON
HBOOT-0.82.0000
MICROP-0425
RADIO -26.02.01.15.M2
eMMC-boot
18) Reboot Device. ALL DONE!!!
**If you want you could temproot again and remove all files copied for gfree to /data/local or you could do a factory reset from the bootloader**

[Q] Desire Z with 2.42.405.2 Able to downgrade? ( i'm able to temproot )

Hi all
I have a European HTC Desire Z with this info:
Android 2.3.3
Sense 2.1
Build 2.42.495.2
Vision PVT Ship S-ON
Hboot-0.85.0013
MicroP-0425
Radio 26.10.04.03_M
eMMC-boot
Apr 11 2011,23:36:27
I am able to temproot this phone with the method provided here:
http://forum.xda-developers.com/showpost.php?p=15851661&postcount=1
using the code:
Code:
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
However the downgrading part fails on me.
After entering the bootloader menu is scans the SDCARD and finds the PC10IMG.zip
telling me: loading...[PC10IMG.zip], after that it's saying: Checking..[PC10IMG.zip].
After checking it just goes back to the Menu without asking me to update etc.
I did however changed the misc_version and followed the guide precisely.
I searched and found some Threads saying this version isn't rootable yet. though they were couple months old, and I am able to get temp root. it should be do-able right?
Can someone please confirm this and tell me how to, or what i'm doing wrong and let this baby free.

I followed the guide to the letter, without changing misc_version or anything, and I managed to downgrade and root without problems on first try. Same version as you, Desire Z bought in Poland.
Just be sure to grab the file for Desire Z and not for T-Mobile G2 and it should work

costipl said:
Just be sure to grab the file for Desire Z and not for T-Mobile G2 and it should work
Click to expand...
Click to collapse
What file are you referring to here?
Also, how is it possible to downgrade without changing the misc_version, i thought it was all about changing that in order to make it work haha.

Sorry, I think I misunderstood your post...
I did this to change misc_version:
Code:
$ adb push misc_version /data/local/tmp/misc_version
$ adb shell chmod 777 /data/local/tmp/misc_version
$ adb shell
# /data/local/tmp/misc_version -s 1.00.000.0
I assumed you changed the "1.00.000.0" to something else (while browsing the forum I found in some threads that people used a different value on DZ).
As for the file I was referring to, I meant the stock rom image - 1.34.405.5_PC10IMG.zip
Maybe you grabbed the file "PC10IMG_Vision_TMOUS_1.19.531.1_Radio_12.21.60.09 b_26.02.01.15_M2_release_149459_signed.zip", which is for G2?
Other than that, I'm not familiar enough with the bootloader to be of any help.

costipl said:
Sorry, I think I misunderstood your post...
I did this to change misc_version:
Code:
$ adb push misc_version /data/local/tmp/misc_version
$ adb shell chmod 777 /data/local/tmp/misc_version
$ adb shell
# /data/local/tmp/misc_version -s 1.00.000.0
I assumed you changed the "1.00.000.0" to something else (while browsing the forum I found in some threads that people used a different value on DZ).
As for the file I was referring to, I meant the stock rom image - 1.34.405.5_PC10IMG.zip
Maybe you grabbed the file "PC10IMG_Vision_TMOUS_1.19.531.1_Radio_12.21.60.09 b_26.02.01.15_M2_release_149459_signed.zip", which is for G2?
Other than that, I'm not familiar enough with the bootloader to be of any help.
Click to expand...
Click to collapse
I redownloaded the zip file and you just made my day i had a other zip from another thread. but with the exact same name.. maybe corrupted ? THANKS!

Radio's get flashed AFTER you flash your ROM, not before ;P
Remember to rename your PC10IMG.zip to something else after you're done rooting/installing a new ROM, cos if anything happens and your phone crashes and you need to enter recovery, having PC10IMG.zip on the root of your SD will ensure that you never get into recovery
Power + Vol Down boots into bootloader, and it automatically scans for updates, PC10IMG.zip being one of them. Only when there are no update files on SD root will it give you a choice of booting into Recovery to well, recover your phone

[Q] Errors in running "fixsu.sh"

Dear all,
I'm trying to root my G2. I was following the instructions described in the Strewmetal's PDF file. It went very smoothly until I hit this issue. I was in the section of "[OPTIONAL] TEMP-ROOTING TO BACKUP". It went fine until the last command which is:
adb shell /data/local/tmp/fixsu.sh
I had the following error:
/data/local/tmp/fixsu.sh: cannot create /system/etc/passwd: I/O error
Unable to chmod /system/etc/passwd: I/O error
/data/local/tmp/fixsu.sh: cannot create /system/etc/group: I/O error
Unable to chmod /system/etc/Group: I/O error
cp: can't create '/system/bin/su": Invalid argument
I tried the previous commands a few times just in case, but it seems there are no issues with the previous commands.
It would be great if someone can shed some light here.
Thank you very much!
- kazs

well for the most part you will probably never need your back up so you can definitely skip this part if youd like
but if you must id go to freenode #g2root
youll get real time help from people who have seen it all - when your done make sure you post the problem and the fix so the next person who reads this will learn

demkantor, thank you very much for the reply. I actually skipped the section and went ahead. Then, I just completed the entire process according to the PDF file. It went fine everything. But, I think I had an issue after I enter:
# reboot
My G2 automatically started the reboot process with the white screen with green "htc" logo, but it stuck there. I waited 10 minutes, but it doesn't change.
Did I screw up?

well not necessarily, if you have a g2 and flashed the dz hboot then your emmc partitions are different and your current rom wont start up. same thing if you have a dz and flashed the g2 hboot.
if you followed either the xda wiki or the cyanogen wiki then everything should be just fine.
pull battery and wait a few seconds... reinstall
boot while holding volume down and write down everything you see here
(you may have to take out sdcard or at least remove the pc10img.zip from your card at this point)
you should see something very similar to this:
VISION PVT ENG S-OFF
HBOOT-0.76.200 (PC1010000)
MICROP-0425
RADIO-26.02.01.15_M2
eMMC-boot
Aug 20 2010, 16:15:01
then some options,
write down your screen and well see if your good

Thanks again for the quick reply. I really appreciate it.
It says:
VISION PVT ENG S-OFF
HBOOT-0.84.2000 (PC1010000)
MICROP-0425
RADIO-26.02.01.15_M2
eMMC-boot
Sep 8 2010,15:56:38
Is it good? If so, what should I do next?
Thanks!

you should be just fine, looks like you have the dz hboot.
next step would be to pick your rom, do something simple and known stable at first to make sure all is well and then move on and try a bunch
recommend elitemod cm7 (youll find this and many many others in the dev section, look for a compilation in the 2nd or 3rd post
boot into hboot holding volume and down
wait a second or two after image check completes (no pc10img.zip on sd card!)
now hit volume down and select recovery with the power button
(the guide you followed should have brought you to clockworkmod recovery)
in here toggle (with volume keys but select with trackpad) to mounts>usb mount
put your rom on sdcard ---- unmount
toggle to wipe options (wipe everything you can)
toggle to apply update from sd card (recommend to flash a superwipe script here)
flash rom
now reboot
in the future look into updating radio (lots of threads on this)
update to 4et touch recovery (my opinion way better)
try some roms
do full wipes and superwipes between flashes
always do a nandroid backup before you flash or wipe anything
most importantly have fun!
rooting a friends g2 as i am writing this (got it down to about 15mins!)
time to do all i recommend for myself now! - we are in the same boat!

Thank YOU very much! I just installed EliteMod & Kernel CM7 according to your recommendation and it's working just fine so far. I really appreciate your big help!
I will check for the radio update tomorrow (it's getting very late here...) and I will try other ROMs as well.
May I ask the last question at this time? So, my G2 is not rooted. Does it mean the phone is unlocked as well? I mean I have a plan to go to Asia in August and I would like to buy and use another SIM instead of my T-Mobile SIM over there. I'm sorry for the novice questions though...
Thanks!!!

i think you mean now that you are rooted...
anyway here is the best way to check your work:
5. Verify the success of gfree
You can verify the success of gfree by using gfree_verify.
Download gfree_verify.zip from gfree_verify_v01.zip (md5sum 8e3535fd720d19fa0aec4eb711b897c4)
Unzip gfree_verify_v01.zip to a place on your PC.
Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:
$ adb push gfree_verify /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/gfree_verify
$ adb shell
In this shell:
Remark: When you run su for the first time in the adb shell make sure the the screen of the phone is unlocked. Because when you enter the command the Superuser app will show up and ask you if you want to grant superuser access to app Unknown (2000).
Check the Remember check box and click allow.
$ su
# cd /data/local/tmp
# stop ril-daemon
# ./gfree_verify
You should see the following output:
gfree verify_cid returned:
@CID: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@SIMLOCK= 00
OK
Start the interface layer again (IN THE ADB SHELL ON YOUR PC):
# start ril-daemon
Did it work? Here's what you're looking for:
@CID: 11111111 <--- this response means you have superCID!
@SIMLOCK= 00 <--- this means your simlock is off.
@secu_flag: 0 <--- this means your radio is S-OFF.
if simlock =00 then you can put in any simcard and use anywhere that supports the proper cellular bands

Thank you very much! I have confirmed that the simlock is off on my phone.
PS Sorry for the typo and that I confused you. I wanted to type "now", but typed "not"...

[Q] Desire Z - Upgrade to Android 4

Hi Everybody,
I know, that there are a lot of threats about this fact in the forum. But nothing will work for me, aspessially important links will not work anymore. Could anybody help me?
If I go to the bootloader (noise - and Power-On) there are the following informations written:
VISION PVT SHIP S-ON
HBOOT-0.85.0013
MICROP-0425
RADIO-26.10.04.03_MeMMC-boot
Apr 11 2ß11,23:36:27
HBOOT
OK, on my cell is working a Android 2.3.3, so I have to root my cell and downgrade.
I tryed to do this with the following threat: http://forum.xda-developers.com/showthread.php?t=905261
1. I Tryed to create a GOLDCARD. I read this threat, got the CID of my cell with the the code
Code:
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid
. Now I should type this CID in a webformular at this link to reverse it. This formular is still working, but there is also a Excel-Tool on this page for downloading, which should do the same. So my CID like "035344534d49202010000073b900d494" was reversed to "00d400b9730000102020494d53445303".
This code I should input to this formular for creating a GOLDCARD, but it doesn't work anymore.
So I looked around and found this threat, where a goldcardcreator is downloadable.
In this zip-file is included a program named "SimpleGoldCard", which read a reversed CID from the cell. On a command-Line I typed in
Code:
gcard -c 00d400b9730000102020494d53445303 -r -o "GoldCard.img"
Than I putted in the sd-Card into the Card-Reader of my Desktop, formatted it, used the tool "HeX Editor", copyed (line) 00000000 to offset (line) 00000170 (including the 00000170 line) and pasted it to the SD-Card.
After that I hope to created a correct GoldCard.
2. After that I downloaded the files psneuter, PC10IMG.zip and root. But in this threat is written, that I have to extract "misc_version_01.zip". Where is this file? I searched in this forum and downloaded a file named like this. Are there Differences or is a special version needed? I copyed the PC10IMG.zip to the SD-Card and put this to the cell.
3. then I booted the cell again, connected it to the desktop and used the following commands to put the downloaded files to the cell
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
After that I should get the # - symbol instead of the $ - symbol which means, that I rooted the phone. But here is my first problem, I didn't get the # - symbol, so I don't have the permission to start the next programms.
4. Normally I would do next the following commands and then to reboot and flash the older Firmware.
Code:
/data/local/tmp/misc_version -s 1.33.405.5
exit
adb reboot bootloader
But when I reboot, the bootloader is looking for the PC10IMG.zip, is loading and checking this ... and gives me the information
CID incorrect!
Update Fail!
Press <POWER> to reboot.
Well, this is the next big problem.
Cold anybody tell me, where my mistakes are? I read 2 days in the forum, tryed a lot to get the final result, but now I don't have the time anymore to continue in this way.
THanks a lot. with best regards, Speedy8

Mods please move to q&a
Always check the stickies
http://forum.xda-developers.com/showthread.php?p=43195539
Follow the threads linked here, don't use any other to root your phone, they will either be outdated or cause you trouble.
After following these threads if you still have issues post back and I'll try to help ya
Best of luck!
Sent from my Nexus 4 using xda premium

well ... I searched again today ... and found the following threat, which was working on my cell-phone.
And also at the cyanogenmod-page you can find the relevant things to root the Desire Z. You can find it here.
Now I will first install the latest cyanogenmod, which is for the Desire Z not the Android 4, but at the moment newer than 2.3.3.
Thanks for answering, my Questions are answered.
With best regards.

[Q] How to root Desire Z without USB debugging

Hi. I did a factory reset and now I cannot get past the white HTC welcome screen. I don't have the phone rooted, hboot says S-ON. I had USB debugging disabled when doing the reset, so now I can't turn it on (since I won't get anywhere near the actual system).
Also, I don't know if this is the cause of not having USB debugging on - adb can't seem to find my device. When connected, it shows HBOOT USB PLUG, but adb devices returns an empty list..
Is there a way I can root/unlock the phone, without having debugging on, so that I can flash a recovery and a new system?
Thanks

Not too likely, adb will never work in bootloader mode but fastboot should. adb only works in os and recovery.
What you'll need to do is flash an RUU through bootloader or fastboot to get things working again. Check the development section here for a list of the latest RUUs for the vision
Sent from my Nexus 4 using XDA Premium 4 mobile app

I was swamped and got back to it by now. Thank you for your suggestion. It doesn't work though.
I downloaded the newest RUU from htcdev.com, the phone did get recognized by fastboot and the RUU installer seemed happy. However, when the actual update started, it got stuck on "Rebooting bootloader" or similar for over half an hour. That's when I decided to cancel it.
Next on, I tried steps shown here: androidforums .c o m/htc-desire-s/678126-desire-s-stuck-bootloader.html
fastboot erase cache - this got stuck on 'erasing cache', nothing happened afterwards
fastboot oem rebootRUU - this wrote "..." and nothing else happened
Is there anything else I can try?

ROOT
http://forum.xda-developers.com/showthread.php?t=2348266
http://forum.xda-developers.com/showthread.php?t=1178912
http://forum.xda-developers.com/wiki/HTC_Vision
How To Get R/W Access (Permanent Root / "Permaroot") using gfree v1.0[edit]
Prerequisites
Having the proper USB drivers installed - HTC Sync including Windows USB Drivers for the Vision
Disable auto-run or uninstall Visionary if you have it (It's important!)
adb (installed as part of the Android SDK.) See this guide on how to install/setup adb on your PC.
The HTC Desire Z with a firmware version higher than 1.34, T-Mobile G2 with a firmware version higher than 1.22 and the Desire HD with a firmware version higher then 1.32 have to be downgraded before proceeding.
Downgrading HTC Desire Z, T-Mobile G2 and Desire HD
For the 1.XX firmware HTC Desire Z follow this guide Downgrade DZ till step 12 and then come back.
For the 1.XX firmware HTC Desire HD follow this guide Downgrade HD and then come back.
For the 2.XX firmware HTC Desire Z/Desire HD and T-Mobile G2 follow this guide GUIDE Downgrade G2 2.13.531.8 (2.3.3 T-Mobile Rom w/ S-ON) & DZ 2.3.3 w/ S-ON" and come back. The history can be found in this thread New exploit works with Gingerbread! and Desire Z users see this posting of the thread Desire Z explanation.
Please use your brain when following these postings / guides. Especially make sure that you use a PC10IMG.zip for your device!
1. Necessary files
psneuter psneuter.zip (md5sum 89c2dec8d72d87b4c669f44dd31c8d17)
gfree v1.0 gfree_10.zip (md5sum 0bc9fc22bda897c765b02066f8a3c83b)
root_psn root_psn.zip (md5sum c8fe38ef55eb8951def9ff17b2eb99c1)
Superuser package su-2.3.6.2-efgh.zip (md5sum 43d9a40b63e916635d5ad7ca32433fab)
1.1. engineering hboot
Download the appropriate HBOOT for your phone:
T-Mobile G2: vision.hboot-0.76.2000.zip / Mirror (md5sum 7669AE12DC2FAA10AE555A164980EFD0)
HTC Desire Z: vision.hboot-0.84.2000.zip / Mirrors in this thread (md5sum 2CE1BDD5E4C1119CCFCECB938710D742)
HTC Desire HD: ace_glacier.hboot-0.85.2007.zip (md5sum df4fd77f44993eb05a4732210d2eddc6)
Note that the md5sums are for the actual hboot img contained within the zip file, not the for the zip file itself. Note also that the dz, g2, and dhd each use their own version of the engineering boot, as the phones are partitioned differently. (If you have previously installed the wrong HBOOT for your phone, you may need to reflash everything after partition 18)
1.2. clockwork recovery
Download the appropriate clockwork recovery for your phone:
ClockworkMod Recovery 5.0:
T-Mobile G2 and HTC Desire Z: recovery-clockwork-5.0.2.7-vision.img (md5sum 87a428549440894dbe2f96dd5efc4fb5)
HTC Desire HD: recovery-clockwork-5.0.2.0-ace.img (md5sum b8d77b9352dcbb41839e45342ea35658)
ClockworkMod Recovery 5.8 (touch):
T-Mobile G2 and HTC Desire Z: recovery-clockwork-touch-5.8.1.0-vision.img (md5sum b21aa5a0d593b6ebce880be3316ff64a)
HTC Desire HD: recovery-clockwork-touch-5.8.1.5-ace.img (md5sum fd6abfbc459663455a25b88ca7d77442)
Rename the file to 'recovery-clockwork.img'.
2. Copy the files to the phone
Before you can adb as described below you need to enable debugging in the settings on the phone. In Settings go to "Applications -> Development" and check the "USB debugging" option.
Connect the phone to the USB of your PC. The phone will stay connected during the complete procedure.
Make sure that you do NOT turn on USB storage. There has to be a sdcard in the phone and it has to be mounted to the phone!
In the commands to run below, $ or # represent the prompt and should NOT be entered as part of the commands (in Windows this will be something like C:\> instead).
Unpack all the zip files to a directory on your PC. Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:
$ adb push psneuter /data/local/tmp/
$ adb push gfree /data/local/tmp/
$ adb push busybox /data/local/tmp/
$ adb push hboot-eng.img /data/local/tmp/
$ adb push root_psn /data/local/tmp/
$ adb push su /sdcard/
$ adb push Superuser.apk /sdcard/
$ adb shell chmod 755 /data/local/tmp/*
2. clockwork recovery for T-Mobile G2 and HTC Desire Z
To copy your clockwork recovery execute the following command in the terminal or command window
$ adb push recovery-clockwork.img /data/local/tmp/recovery.img
3. Temporary root
In the terminal (or command window) execute these commands:
$ adb shell /data/local/tmp/psneuter
$ adb shell
after the last command you should have a root shell in adb (this is indicated by a # prompt). Leave this terminal (or command window) that contains the root shell open.
4 S-OFF, root and its friends Super-CID, SIM-unlock, engineering hboot, clockwork recovery and root
In the following section we are trying to gain write access to the emmc by power cycling it.
We recommend to install the engineering hboot as part of the gfree procedure.
In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:
# cd /data/local/tmp
# ./gfree -f -b hboot-eng.img -y recovery.img
# ./root_psn
# sync
Wait a few seconds for the changes to "take".
4.1. Automatic gfree hboot verification
As it is very important that the hboot was installed correctly gfree calculates md5sums of the partition. It will calculate the following 3 checksums
md5sum #1 - checksum of partition 18 before the installation
md5sum #2 - checksum of the hboot image that should be installed
md5sum #3 - checksum of partition 18 after the installation
gfree will check the md5sums and give you a proper success or error message. The messages are explained in detail at gfree-wiki
The messages that you want to see are either:
md5sum #1 == md5sum #2 - the hboot image is already installed -> skipping installation
or
md5sum #3 == md5sum #2 - the hboot image was successfully installed -> OK!
If you get a different error message you should run for help at #G2ROOT on Freenode.
If you got one of the two success messages described above -> You are fine, Reboot your phone by executing the following command in the root shell (indicated by the #):
# reboot
5. Verify the success of gfree
You can verify the success of gfree by using gfree_verify.
Download gfree_verify.zip from gfree_verify_v01.zip (md5sum 8e3535fd720d19fa0aec4eb711b897c4)
Unzip gfree_verify_v01.zip to a place on your PC.
Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:
$ adb push gfree_verify /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/gfree_verify
$ adb shell
In this shell:
Remark: When you run su for the first time in the adb shell make sure the the screen of the phone is unlocked. Because when you enter the command the Superuser app will show up and ask you if you want to grant superuser access to app Unknown (2000).
Check the Remember check box and click allow.
$ su
# cd /data/local/tmp
# stop ril-daemon
# ./gfree_verify
You should see the following output:
gfree verify_cid returned:
@cid: 11111111
OK
gfree verify_secu_flag returned:
@secu_flag: 0
OK
gfree verify_simlock returned:
@simlock= 00
OK
Start the interface layer again (IN THE ADB SHELL ON YOUR PC):
# start ril-daemon
Did it work? Here's what you're looking for:
@cid: 11111111 <--- this response means you have superCID!
@simlock= 00 <--- this means your simlock is off.
@secu_flag: 0 <--- this means your radio is S-OFF.
6. Backup and cleanup
During the process gfree created backups of the partitions that it changed on your sdcard in /sdcard/
The files are called /sdcard/part7backup-.bin, part18backup-<time>.bin (if you installed hboot) and part21backup-<time>.bin. It is highly recommended that you copy these files to a save location on your PC and keep them!
You can delete the files in /data/local/tmp they are not needed anymore.
7. Next steps
Find a custom rom that you would like to install and install it using the clockwork recovery.
Enjoy the freedom of your phone.
If you like free phones and our work we would like to ask you to support the EFF.
Support the EFF[edit]
or
http://forum.xda-developers.com/showthread.php?t=1097977