[Q] Obscure problem with rooting - Desire Q&A, Help & Troubleshooting

Hi everyone
The following summarises my quest to root my recently acquired HTC Desire/Bravo:
Key info:
Android 2.2
HBOOT 0.93
Build 2.12.110.4 CL274424 release-keys
Radio 32.49.00.32U_5.11.05.27
Kernel 2.6.32.15-gd96f2c0 - [email protected] #1
SIM Unlocked
T-Mobile branded
UK
I first try using Unrevoked. After a promising start, I get the 'Validation error: backup CID missing' message, for which I can find no solution for on the internet. I tried using a different computer booting a clean Slax image, wiping the phone, and using four different versions (3.32, 3.31, 3.21, 3.14) to no avail.
Next I try using the GoldCard method. I find a suitable memory card, and get cracking using this method: http://theunlockr.com/2010/03/10/how-to-create-a-goldcard/
I manage to get my CID: 0353445355303147804029a554007c08
However, it turns out that the website used to generate the goldcard boot sector is not working ('Page not found'). It appears to have been working until only recently.
No matter, I found a standalone solution here: http://www.mygsmforum.com/f15/all-htc-goldcard-generator-perl-script-free-standalone-unlimited-7255/
I grabbed the file, and I managed to get it working by compiling both of the perl modules it needs. I typed in the command:
perl ./goldcardgenerator.pl -d sd80.img -p magic=xxx -p cardid=0080c700455a9204087413035535443530
You might notice I haven't specified the security level or the key set, but I can assure you that not a byte of the output file changes when I use the defaults specified in the readme.
So I have a convincing looking header. I do as the instructions say and copy the first 0x170 bytes to the beginning of the card. It reads and writes to the FAT32 partition fine, so I assume the card's good. So I copy over a rom I got here: http://forum.xda-developers.com/showthread.php?t=741775
Rename it update.zip and boot into recovery. I try to flash, and I get the 'E:Signature verification failed' error, so obviously the goldcard's not working.
My contention is that when I made the image, I missed one or more vital parameters, keys, seclevel, cid etc. However I really have no idea where to start looking for them, since they're so obscure.
Help with anything to do with this (Including getting Unrevoked to work) would be much appreciated! Honestly, I've spent the entire day trying to get this to work.
Thanks,
Hamish Milne

screw unrevoked.
Go to www.revolutionary.io and follow the instructions
Go to my guide and flash recovery
Backup your ROM, and then push superuser with adb.
Done. Rooted.
All resources you need are there. Tutorials, links etc.

Yep, unrEVOked is obsolete. This should be mentioned in sticky thread.

Truly excellent! Thank you!
Flashed the Clockwork mod, and replaced the bootloader without breaking the OS.
However, I still don't have root. I know I could flash the ROM, but I'd rather not wipe my data again. How exactly would I go about 'flashing superuser with adb'? (I have the adb installed btw)
EDIT: Wait, found it

actually, i had hboot 1.06 on my stock cdma desire, and i had to use revolutionary's tool before running unrevoked. i tried 3 different desires with unrevoked before i discovered revolutionary, and after it unrevoked did its job just fine.

Related

Stuck at step2-windows.bat rooting my Desire

I'm attempting to root my HTC Desire, but having some problems.
I am following the guide here: theunlockr .com /2010/06/07/how-to-root-the-htc-desire/ but I haven't made a goldcard because my device is unbranded. Perhaps this is where I went wrong?
Everything seemed to be going fine until: 7. Now on the computer double click the “step2-windows.bat” file and wait for it to finish.
The command prompt flashes briefly, but I took a screenshot and the error was 'device not found'
I'm really not sure what to do at this point..
Thanks!
Flaphal said:
I'm attempting to root my HTC Desire, but having some problems.
I am following the guide here: theunlockr .com /2010/06/07/how-to-root-the-htc-desire/ but I haven't made a goldcard because my device is unbranded. Perhaps this is where I went wrong?
Everything seemed to be going fine until: 7. Now on the computer double click the “step2-windows.bat” file and wait for it to finish.
The command prompt flashes briefly, but I took a screenshot and the error was 'device not found'
I'm really not sure what to do at this point..
Thanks!
Click to expand...
Click to collapse
Have you got HTC Sync installed? This is not a goldcard error as that would be Custom ID Error
Did step 1 complete correctly?
There is no step 2 anymore on modaco's method
try following this guide as it is the original post by Paul and all others are just copy/paste's (or bad rewritten) guides
I do have HTC Sync installed, yes.
Step1 did appear to complete correctly, but at one point I spotted the word FAILED in command prompt, but they everything continued apparently at normal.
My phone is currently at the recovery screen with the ! is it safe to pull the battery? It isn't responding to the power button.
The FAILED error was something like.. 42 device id check fail
Yeah if you are at the red triangle then you can pull the battery..
I'd use the guide on modaco. It's foolproof and very easy to follow.
Yes, it's safe to pull out battery.
I had the same problem with step 2, then I've found out the modaco method without step 2, and it worked out fine.
I would do the rooting under Linux!I had enough trouble with it under windows (maybe because of x64).
Sent from my HTC Desire using XDA App
reason for "device not found" is missing drivers for bootloader mode.
believe me, its much more easier to root your device under Linux liveCD, than cheating with drivers for windows.
good luck
The riskfree method on modaco works perfectly. I unrooted by using a stock ruu earlier to remove unrevoked, and use the riskfree method to root again. It's easy and painless on win7 64bit.
I think the step one didn't complete properly for the OP anyway as he said he seen an error at that stage.
Ok, using the riskfree modaco method now. Everything fine until installing update from SD card. E: failed to verify whole-file signature. Esignature verification failed. Installation aborted.
Is this due to not using a goldcard? I tried to make one but it kept saying it the card was damaged and needed formatting each time.
Edit. also the email I get in the goldcard creation process has the subject 'Your generated G1 goldcard' I'm not sure why it says G1? but the gold card process doesn't work and says I need to format the disk for it to be usable.
In the first posts you said your device is unbranded. So why did you made a goldcard? It's not necessary
Also make sure to use the files as you can download in the Modaco thread I posted in post #5
I think I must have misunderstood what unbranded meant. Or maybe it was just a coincidence, but it worked once I used the goldcard.
The phone came from T Mobile, but lacks and T Mobile branding on the case or any T Mobile apps.
Then it's proberly branded, you can verify by the ROM version (search the forum for it). I don't think it can harm to use a goldcard with a non-branded device anyway (correct me if i'm wrong).
Also try to download the files from the Modaco forum again (and don't rename any files)
If that doesn't work, take a look at these search results. I can remember I had the same problem as you have, dunno exactly what solved it, but these search results def. helped me

[Q] Any chance of fixing USB Brick w/o root ?

Well I USB bricked my Desire last night.
To make things worse I was only able to apply the SD Card workaround via fastboot.
After flashing the update.zip from the modaco fix I instantly went back to the stock rom using the fastboot RUU process, without actually checking if it solved all the problems...
I know I had it coming...
Before I ship the phone out for repairs - maybe someone here knows if there is a chance to unbrick without root (nor having HBOOT version that allows to use any other method of rooting other than Unrevoked)
Code:
HBOOT 0.93
European 2.10.405 OTA
Thanks in advance
a more detailed description would help:
does your phone boot?
do you have running clockworkmod recovery?
did you do a nandroid backup before touching the system?
what modaco fix? give a link.
did you use unrevoked? thats the default root tool nowadays.
can you go to hboot/fastboot when pressing vol down while pressing power on?
Use a goldcard, it will enable you to put an unrooted Rom there. It's always a good reset option.
Sent from my HTC Desire using XDA App
mad-murdock said:
a more detailed description would help:
does your phone boot?
do you have running clockworkmod recovery?
did you do a nandroid backup before touching the system?
what modaco fix? give a link.
did you use unrevoked? thats the default root tool nowadays.
can you go to hboot/fastboot when pressing vol down while pressing power on?
Click to expand...
Click to collapse
Hi,
- the phone boots ok - It has most of the symptoms from All you need to know about USB-Bricks thread, the SD card started to work after issuing:
Code:
fastboot oem enableqxdm 0
This is the output from the fastboot oem boot command
Code:
$ fastboot-mac oem boot
... INFOsetup_tag addr=0xA0000100 cmdline add=0x8E07F9F0
INFOTAG:Ramdisk OK
INFOTAG:smi ok, size = 0
INFOTAG:hwid 0x0
INFOTAG:skuid 0x21F04
INFOTAG:hero panel = 0x0
INFOTAG:engineerid = 0x0
INFOMCP dual-die
INFOMCP dual-die
INFOTAG:mono-die = 0x0
INFODevice CID is not super CID
INFOCID is HTC__032
INFOsetting->cid::HTC__032
INFOserial number: HT057PL01634
INFOcommandline from head: no_console_suspend=1
INFOcommand line length =430
INFOactive commandline: board_bravo.disable_uart3=1 board_bravo.
INFOusb_h2w_sw=1 board_bravo.disable_sdcard=0 diag.enabled=0 boa
INFOrd_bravo.debug_uart=0 smisize=0 userdata_sel=0 androidboot.e
INFOmmc=false androidboot.baseband=5.09.05.30_2 androidboot.cid
INFO=HTC__032 androidboot.carrier=HTC-EastEurope androidboot.mid
INFO=PB9920000 androidboot.keycaps=qwerty androidboot.mode=norma
INFOl androidboot.serialno=HT057PL01634 androidboot.bootloader=0
INFO.93.0001 no_console_suspend=1
INFOaARM_Partion[0].name=misc
INFOaARM_Partion[1].name=recovery
INFOaARM_Partion[2].name=boot
INFOaARM_Partion[3].name=system
INFOaARM_Partion[4].name=cache
INFOaARM_Partion[5].name=userdata
INFOpartition number=6
INFOValid partition num=6
INFOmpu_nand_acpu_rw A1E 1000
INFOjump_to_kernel: machine_id(2457), tags_addr(0x20000100), ker
INFOnel_addr(0x20008000)
INFO-------------------hboot boot time:697447 msec
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
- Sadly, I made a complete reflash using
Code:
fastboot rebootRUU;
fastboot flash zip rom.zip
... so no Clockwork recovery anymore
- Yes I have a nandroid backup but no means to put it back on the phone - the nandroid backup contains exactly the same rom I have now - just rooted
- As for the modaco fix I'm a new user I can't post external links, but it's the first link in this thread
- I did use the lastest Unrevoked3 (3.21) to root the phone
- I can use hboot / fastboot without problems but it's the stock 0.93.001 S-ON version.
Thanks
geejayoh said:
Use a goldcard, it will enable you to put an unrooted Rom there. It's always a good reset option.
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
I have an unbranded Desire so no need to use a GoldCard if I'm not mistaken.
Anyway if memory serves me right using the GoldCard / HBOOT / PB99IMG flashing, won't allow me neither to downgrade, nor to flash an unsigned rom.
An unsigned rooted rom or HBOOT downgraded do 0.80 could help me fix my problem - but with HBOOT 0.93 - dowgrading doesn't seem to be an option. I get a "Main Version Older" error when trying to downgrade, and flashing an unsigned rom is a no-no for all stock bootloaders as far as I know (I tried both HBOOT and recovery, both as expected fail at signature verification).
But thanks anyway
Whats the exact problem now? You restored rom.zip via ruu. So you got a stock firmware with stock hboot and stock recovery which can be unrevoked again?
Seams i am missing a detail ^^
Sent from my HTC Desire using Tapatalk
mad-murdock said:
Whats the exact problem now? You restored rom.zip via ruu. So you got a stock firmware with stock hboot and stock recovery which can be unrevoked again?
Seams i am missing a detail ^^
Sent from my HTC Desire using Tapatalk
Click to expand...
Click to collapse
It seems to me you're missing the main issue not a detail
The main issue being a condition called "USB Brick" (well that's only half the truth, most of the main issue is me acting without thinking )
Please read the info thread on USB Bricks here, since you have a HTC Desire - it concerns you too. Good idea to backup the MISC partition if you plan to flash the phone again
Anyyyyway - as for my case:
I screwed up, flashed the stock firmware BEFORE checking if the applied USB brick fix solved my problems. So it's true I have stock firmware, stock hboot, stock recovery - but I also have no way to connect the phone to a computer via USB - because the flashing process updates the following partitions: system, recovery, boot but not the misc partition which is now corrupt, and its corruption is the cause of the USB brick...
USB Brick = no usb connection at all while booted to the Android OS
No usb connection = no usb debug mode
no usb debug mode = no unrevoked
The usb still works from HBOOT / FASTBOOT, so If you know of a way to start Unrevoked while the phone is in HBOOT / FASTBOOT - please enlighten me, because I couldn't do It.
Unrevoked only recognized the phone while it was in USB Debug mode, which it cannot enter now because of the USB Brick. When I connect the phone while in Fastboot USB mode or HBOOT USB mode Unrevoked just states "Waiting for device".
I don't think I am able to put this in any clearer way
Thanks
Ouch. Now i see. Didnt understand you at the start. Well, i had an usb brick myself after wiping the system. At least i had a modded hboot and recovery.
Now to your problem. Wierd situation, really. But if i remember right, flashing one of the ruu.Exe files should also fix misc. Then you have stock firmware with usb working. Cant link here in tapatalk, but those ruu file are a sticky in desire dev forum... tell me, if it worked...
Sent from my HTC Desire using Tapatalk
Solved!
I was able to successfully unbrick the phone
It wouldn't be possible without rageagainstthecage, All the people writing the tutorials on USB unbricking, QuickSSHd and the Terminal Emulator app. Thanks to the authors.
I'll try to sum things up for anyone interested:
The problem
Because of acting without thinking I ended up with a stock unrooted rom and a partial USB brick. To make things worse I accepted the OTA update, installing the oh so loved HBOOT 0.93.100 S-ON.
The Solution
After some reading about rageagainstthecage, PoC code on which the Unrevoked rooting solution is based I tried to run the exploit directly on the phone.
Without having access to adb I wasn't able to find a place to put the executable, as the /data/ directory is writable only by the system user and the system group, and most tutorials suggest to place the exploit somewhere inside that directory. But all the tutorials I found mentioned using adb push to put the file on the phone, which probably operates on the phone as system:system as it is capable of writing to the /data dir. I wasn't able to write there as I had the id of the Terminal Application
Since apps storing data seem to store er... data in /data/data I had a little breakthru. Becaue I couldn't find a free telnet solution I purchased the QuickSSHd from Android Market.
This allowed me to have write access to /data/data/<package_name>/home where I created a world readable (755) directory. I scp'd the rageagaintthecage, modified misc partition image and flash_image binary to the phones filesystem, and made them executable. I could've used the Terminal Apps <data dir>/shared_prefs directory (which would be a $$$ free solution, as the ssh was not free, but not expensive either) but I'm lazy and doing stuff from a PC keyboard is easier than from a touch keyboard.
Running the exploit and flash_image from inside a ssh session seemed like a good idea but the sshd died after running the exploit, and didn't want to start untill the phone was rebooted. So next time I just started the sshd and done the rest of the stuff from a Terminal Emulator (After preparing scripts for ease of execution, and dropboxing the paths for copy paste ). After running the exploit the Terminal Emulator app stopted working correctly (as expected) but after force closing it and running it again I was greeted with a # prompt
I flashed the misc partition with an image modified with my phones CID, rebooted and voila! USB brick gone
Now I just have to beat one thing into my empty head (in the manner of "stop, drop, and roll" firedrill mantra). STOP, READ and THINK - before flashing
g'night
mad-murdock said:
Ouch. Now i see. Didnt understand you at the start. Well, i had an usb brick myself after wiping the system. At least i had a modded hboot and recovery.
Now to your problem. Wierd situation, really. But if i remember right, flashing one of the ruu.Exe files should also fix misc. Then you have stock firmware with usb working. Cant link here in tapatalk, but those ruu file are a sticky in desire dev forum... tell me, if it worked...
Sent from my HTC Desire using Tapatalk
Click to expand...
Click to collapse
Hi,
Just fyi because I was able to resolve my problem in the meantime.
Because I was foolish enough to install the OTA upgrade before it occured to me that the USB is not working, installing any RRU either in the official way (by running the exe) or by extracting the rom.zip from inside of the exe didn't work. The latest RRU was older then the firmware with OTA upgrade on my phone, and it didn't seem to allow me to downgrade.
ZIP way = Main Version Older error
EXE way = You have to install the correct firmware version or some other bla bla bla
Anyway I took a look inside the rom.zip extracted from the RRU.exe - there are img files of every partition, radio and hboot but no misc.
But thanks again anyway
How did you solve your tricky situation then?
Sent from my HTC Desire using Tapatalk
quanchi said:
I was able to successfully unbrick the phone
It wouldn't be possible without rageagainstthecage, All the people writing the tutorials on USB unbricking, QuickSSHd and the Terminal Emulator app. Thanks to the authors.
I'll try to sum things up for anyone interested:
The problem
Because of acting without thinking I ended up with a stock unrooted rom and a partial USB brick. To make things worse I accepted the OTA update, installing the oh so loved HBOOT 0.93.100 S-ON.
The Solution
After some reading about rageagainstthecage, PoC code on which the Unrevoked rooting solution is based I tried to run the exploit directly on the phone.
Without having access to adb I wasn't able to find a place to put the executable, as the /data/ directory is writable only by the system user and the system group, and most tutorials suggest to place the exploit somewhere inside that directory. But all the tutorials I found mentioned using adb push to put the file on the phone, which probably operates on the phone as system:system as it is capable of writing to the /data dir. I wasn't able to write there as I had the id of the Terminal Application
Since apps storing data seem to store er... data in /data/data I had a little breakthru. Becaue I couldn't find a free telnet solution I purchased the QuickSSHd from Android Market.
This allowed me to have write access to /data/data/<package_name>/home where I created a world readable (755) directory. I scp'd the rageagaintthecage, modified misc partition image and flash_image binary to the phones filesystem, and made them executable. I could've used the Terminal Apps <data dir>/shared_prefs directory (which would be a $$$ free solution, as the ssh was not free, but not expensive either) but I'm lazy and doing stuff from a PC keyboard is easier than from a touch keyboard.
Running the exploit and flash_image from inside a ssh session seemed like a good idea but the sshd died after running the exploit, and didn't want to start untill the phone was rebooted. So next time I just started the sshd and done the rest of the stuff from a Terminal Emulator (After preparing scripts for ease of execution, and dropboxing the paths for copy paste ). After running the exploit the Terminal Emulator app stopted working correctly (as expected) but after force closing it and running it again I was greeted with a # prompt
I flashed the misc partition with an image modified with my phones CID, rebooted and voila! USB brick gone
Now I just have to beat one thing into my empty head (in the manner of "stop, drop, and roll" firedrill mantra). STOP, READ and THINK - before flashing
g'night
Click to expand...
Click to collapse
Any chance of adding some links or actual information?
I've got exactly the same problem and you seem to have the solution.
Any chance of sharing?
Usb Brick !? This is an OLD thing I have this some Months ago. Never heard of someone who got it again! YOU did something wrong ;-)
Sure, he did something wrong.I managed this, too, when playing with a partition tool not designed for my system. Misc partition damaged, so a nice usb brick...
About the requested links : just use forum search for usb brick. First hit is your sticky solution
Sent from my S-OFF'd brain using teh internetz
CyberTech71 said:
Any chance of adding some links or actual information?
I've got exactly the same problem and you seem to have the solution.
Any chance of sharing?
Click to expand...
Click to collapse
I couldn't post external links, forum limitation for new users... Now I see I can so:
This is a specific situation - usb brick and totally stock rom, recovery and hboot. It's not required for people who have a modified recovery and a rooted rom. It's easy like 1-2-3.
Before doing anything else enable the Debug Mode in the Applications / Dev menu
1. Download the rageagainstthecage exploit from the authors site:
http://c-skills.blogspot.com/2010/08/please-hold-line.html
2. Download the flash_image and misc (mtd0.img) partition image from this thread.
http://forum.xda-developers.com/showthread.php?t=691639&highlight=usb+brick
Modify the mtd0.img according to your phones CID (how to get the CID also explained in the thread)
2. Download Android Terminal Emulator from the Market
3. Copy the exploit binary (rageagainstthecage-arm5.bin), the flash_image and modifed mtd0.img to the sdcard via an external card reader
4. Start the Terminal
5. Copy the files to the Terminal app data directory (the only place on the data partition you will have write access while running the Terminal), and make the binaries executable
Code:
cat /sdcard/rageagainstthecage-arm5.bin > /data/data/jackpal.androidterm/shared_prefs/rageagainstthecage-arm5.bin
cat /sdcard/flash_image > /data/data/jackpal.androidterm/shared_prefs/flash_image
cat /sdcard/mtd0.img > /data/data/jackpal.androidterm/shared_prefs/mtd0.img
cd /data/data/jackpal.androidterm/shared_prefs/
chmod 755 rageagainstthecage-arm5.bin flash_image
6. Run the exploit
Code:
/data/data/jackpal.androidterm/shared_prefs/rageagainstthecage-arm5.bin
After the exploit exits/finishes there should be a short system freeze, followed by inablity to issue any command from the terminal (don't worry). Exit the Terminal by long pressing HOME and force close the Terminal app from the Application Manager
7. Start the terminal again, a root prompt should be visible
8. Flash the misc partition
Code:
cd /data/data/jackpal.androidterm/shared_prefs
./flash_image misc mtd0.img
9. Reboot
Done and done
Enjoy
PS. I suck at writing tutorials, but if the details are still hazy for you after reading this - better to service the phone, because you might end up bricking the device totally - cheers
quanchi said:
I was able to successfully unbrick the phone
It wouldn't be possible without rageagainstthecage, All the people writing the tutorials on USB unbricking, QuickSSHd and the Terminal Emulator app. Thanks to the authors.
I'll try to sum things up for anyone interested:
The problem
Because of acting without thinking I ended up with a stock unrooted rom and a partial USB brick. To make things worse I accepted the OTA update, installing the oh so loved HBOOT 0.93.100 S-ON.
The Solution
After some reading about rageagainstthecage, PoC code on which the Unrevoked rooting solution is based I tried to run the exploit directly on the phone.
Without having access to adb I wasn't able to find a place to put the executable, as the /data/ directory is writable only by the system user and the system group, and most tutorials suggest to place the exploit somewhere inside that directory. But all the tutorials I found mentioned using adb push to put the file on the phone, which probably operates on the phone as system:system as it is capable of writing to the /data dir. I wasn't able to write there as I had the id of the Terminal Application
Since apps storing data seem to store er... data in /data/data I had a little breakthru. Becaue I couldn't find a free telnet solution I purchased the QuickSSHd from Android Market.
This allowed me to have write access to /data/data/<package_name>/home where I created a world readable (755) directory. I scp'd the rageagaintthecage, modified misc partition image and flash_image binary to the phones filesystem, and made them executable. I could've used the Terminal Apps <data dir>/shared_prefs directory (which would be a $$$ free solution, as the ssh was not free, but not expensive either) but I'm lazy and doing stuff from a PC keyboard is easier than from a touch keyboard.
Running the exploit and flash_image from inside a ssh session seemed like a good idea but the sshd died after running the exploit, and didn't want to start untill the phone was rebooted. So next time I just started the sshd and done the rest of the stuff from a Terminal Emulator (After preparing scripts for ease of execution, and dropboxing the paths for copy paste ). After running the exploit the Terminal Emulator app stopted working correctly (as expected) but after force closing it and running it again I was greeted with a # prompt
I flashed the misc partition with an image modified with my phones CID, rebooted and voila! USB brick gone
Now I just have to beat one thing into my empty head (in the manner of "stop, drop, and roll" firedrill mantra). STOP, READ and THINK - before flashing
g'night
Click to expand...
Click to collapse
Hello
in you problem with USB bricks for unrooted HTC desire
I have the seam problem
please explain it to me
I copy the flash_image and mtd0.img to
\data\data in my device I only need to flash them to restore my device
when I try this command in terminal Eliminator
/data/data/flash_image misc /data/data/mtd0.img
It show me
error writing misc permission denied
help me please
I can't believe it, mate, finally this tutorial solved my usb (and bluetooth, and fm radio, and...) problem!!!!!
My Desire is unrooted, I've tried so many solution in the last 3 months but they all were useless.
I was starting to pack my phone for sending it to HTC Service when... tataaaa, I found your topic. Is on your if my wonderful Android powered phone got back fully functional.
Really, thank you for sharing your solution with us.
===========;-D
Francalberto
francalberto said:
I can't believe it, mate, finally this tutorial solved my usb (and bluetooth, and fm radio, and...) problem!!!!!
My Desire is unrooted, I've tried so many solution in the last 3 months but they all were useless.
I was starting to pack my phone for sending it to HTC Service when... tataaaa, I found your topic. Is on your if my wonderful Android powered phone got back fully functional.
Really, thank you for sharing your solution with us.
===========;-D
Francalberto
Click to expand...
Click to collapse
Good for you
All the credit goes to the people responsible for the tools used, I just put some things together.
Cheers
thank you very much
I really appreciate you effort you helped me so much
you are a brilliant man
thank you
Flashb, is your problem solved now?
Swyped with my S-OFF'd brain using teh internetz

[Guide] Subsidy Unlock, SuperCID, and Radio S-OFF

Update 12-29-10: Due to problems reported with v03, we now link to v02.
Update 12-23-10: A new version of gfree, v02, has just been released by Guhl. Links have been updated to the new version, which allows you to set Sim Unlock, CID, and Radio S-ON/OFF independently. If you have previously run gfree, you will receive no additional benefit from running gfree v2, unless you want to change one of the settings.
Notice: gfree is known not to work for radio firmwares with higher versions then 26.03.02.xx -- the reason for this is that HTC patched the hole that allowed scotty2 to power cycle the emmc chip to drop its write protection. So if you installed a radio version with a higher version number, downgrade the radio firmware before using gfree.
Guhl also released gfree_verify, which allows you to verify your phone's settings (regardless of which gfree you used). See the wiki for more on that.
The wiki is usually up to date on the latest of everything, so be sure to check it frequently.
---------------
scotty2 delivers again!
His "gfree" program should do the following for your g2, dz, or dhd:
* Radio S-OFF -- the real deal. This means the g2 will permit permanent root.
* Subsidy Unlock -- AKA "Sim Unlock" AKA "Network Unlock" AKA "Use a foreign SIM Card"
* SuperCID - enables the flashing of any carrier's firmware for the phone.
If you don't know what this means or why you might want it, check the wiki.
INSTRUCTIONS:
NOTE: If you have NOT permarooted your phone previously with the HBOOT/wpthis method, doing so using the new "gfree" method should have the added effect of sim-unlocking the phone, setting superCID and turning Radio S-OFF. In fact, it's the new method for permarooting for G2/DZ and DHD. So if you haven't yet permarooted, look at those instructions.
Again, the instructions below are for people only who have already previously "permarooted" through the earlier hacked-HBOOT method. See the wiki if you are starting from scratch with a new G2/DZ/DHD and have not yet done anything "root-ish".
WARNING: Be aware that by following these instructions you are messing with your phone with potential for screwing things up. Do so at your own risk. The many authors of this guide assume no responsibility for any damage to your phone, health, general well-being, or anything else untoward with respect to these instructions or you following them.
gfree uses a dynamic in-memory patch of the kernel to remove the kernel's write protection of the radio partition.
So, for those of you who have permarooted the old HBOOT way and put on new kernels --The following kernel versions that are known NOT to work yet with gfree. If you have one of the following kernel versions on your phone install a different (stock, OTA or cyanogen) kernel before starting this procedure:
| pershoots 11/30 build
| pershoot's 2.6.32.26 – OC-UV-NEON_FP (1.516GHZ) – G2 - 12/3
| Cyanogen Kernel / release 6.1.1
| 2.6.32.26-cm-virtuous-v1.0 [email protected]#1
Other newer kernels may also not work with gfree. So if you experience problems with this procedure (either the phone reboots during the process or the procedure completes correctly but the verify still shows that the phone is locked) then you may think about downgrading the kernel to an original stock kernel or even better to this kernel.
Okay. So we're assuming you've permarooted already and usb debugging is on (Applications > Development, then enable USB debugging). You'll also need about 5MB free on your sdcard.
You might want to back up your phone with nandroid on the Clockwork recovery image first, just in case.
Note: If you hanker to do it the longer, manual, harder, and more dangerous way, or are just curious what gfree does, see the wiki history for the old instructions.
No? Then let's begin.
==== 1. Download gfree and verify sdcard is not mounted by your computer ====
You will need to download a program called gfree (v02) that will first copy partition 7 of the phone, then patch it, then reflash back to your phone. (verified to work with the g2 and desire z as well as the desire hd). (You will also need adb, which you can download as part of the Android SDK.)
Unzip gfree_02.zip to your computer.
Make sure your computer is not mounting your phone's sdcard.
==== 2. Run gfree on the phone ====
On your computer's terminal/command line, navigate to where the gfree file is, and then...
Code:
adb push gfree /data/local
adb shell
This copies gfree to your phone, then puts you in your phone's terminal. Then do this:
Code:
su
cd /data/local
chmod 777 gfree
./gfree -f
sync
Wait a few moments for the sync to "take". Then reboot your phone. That's it!
gfree created a backup of your original partition 7 at /sdcard/part7backup-<time>.bin you might consider copying this to a safe location on your computer.
Now you can try using a new SIM card to verifiy that it worked. Also, if you had to flash a different kernel before running gfree, you may now reflash the kernel you originally had.
Thanks to the gang at #g2root, including IntuitiveNipple, scotty2, tmzt, rhcp, ciwrl, and guhl... among many others.
Wiki: How to enable Radio S-OFF, SuperCID, and SIM-unlock (with some informational background)
File: gfree_02.zip
File: gfree_verify_v01.zip
Feel free to use the "Thanks" button below. Also, Scotty2's paypal email is walker.scott AT gmail.com if you want to make a contribution.
Finally, Americans might consider making a donation to the Electronic Frontier Foundation who fight to defend your legal right to root or unlock your own phone when the carriers and phone manufacturers may lobby or otherwise try to stop you. The EFF can always use your tax-deductible support.
Hey thanks for posting this!
So I guess this is like perm-perm-root.
Giving it a shot now.
Sent from my HTC Vision using XDA App
thenefield said:
Hey thanks for posting this!
So I guess this is like perm-perm-root.
Giving it a shot now.
Sent from my HTC Vision using XDA App
Click to expand...
Click to collapse
Yeah it's sim-unlock too. Which is nice.
Nice thanks going to try it to.
Sent from my HTC Vision using Tapatalk
shouldnt one image work for every phone
Word up scotty2. You the man.
EDIT: And you too fattire for writing up what no one else wants to
thatruth132 said:
shouldnt one image work for every phone
Click to expand...
Click to collapse
No. If it did, then this would be a lot easier, huh?
I cant wait until some juicy stuff comes out of this.
Now, what does this mean
"make everything better."
This is freaking awesome.
andrewklau said:
Now, what does this mean
"make everything better."
Click to expand...
Click to collapse
You know.... everything.
...
I just bricked my phone LMAO!!!
I did the perm root that was easy... this jeez... followed the [Guide] How to recover your semi-brick (OMFG Thank you guys over there!) BUT I'm back... I literally almost **** my pants. Well... Gonna try this again maybe after finals LOL
Question though (going to try it later tonight LOL =P) the guide says I need a "custom cyanogenmod based kernel and provides the boot image that contains it.. I am using the nightlies do they contain that same function or no? also when I did flash that boot image and ran "insmod /sdcard/wpthis-cyanogen.ko" it said error function not implemented? Anyone not run into this issue? or have any ideas?
nycjv321 said:
Question though (going to try it later tonight LOL =P) the guide says I need a "custom cyanogenmod based kernel and provides the boot image that contains it.. I am using the nightlies do they contain that same function or no?
Click to expand...
Click to collapse
Nope.
nycjv321 said:
also when I did flash that boot image and ran "insmod /sdcard/wpthis-cyanogen.ko" it said error function not implemented? Anyone not run into this issue? or have any ideas?
Click to expand...
Click to collapse
"Error function not implemented" means it worked.
well this time it didn't brick... I think I got it time to verify it
Ok I ran it all again and worked but when I was verifying it I got all the supposed feedback except at "echo -e 'AT$QCPWRDN\r' > /dev/smd0" I got AT$QCPWRDN and then +CME Error: 0.... (No OK as said in the guide? ) and then it rebooted? what didn't work?
Got it to work!
SuperCID, Radio S-OFF, Subsidy Unlock is a reality!
Thanks to scotty2.
Thanks also to guhl (guhl99).
Read my post for more details: http://forum.xda-developers.com/showpost.php?p=9495073&postcount=363
Thread: http://forum.xda-developers.com/showthread.php?p=9495073#post9495073
This may be a stupid question but doesn't 0 also equate to no error? (In my older post) (Its just not stated in the guide, I don't want to overlook something which is why I asked ) You guys are AWESOME!!!
nycjv321 said:
This may be a stupid question but doesn't 0 also equate to no error? (In my older post) (Its just not stated in the guide, I don't want to overlook something which is why I asked ) You guys are AWESOME!!!
Click to expand...
Click to collapse
After entering the following into ADB Shell command prompt:
# echo -e 'AT$QCPWRDN\r' > /dev/smd0
The reply I got was a bunch of numbers (which filled the screen and wrapped to a new line) from what I can recall and then the phone rebooted. I didn't save the command window so I don't have the full details.
When the phone re-booted, I get signal from the local Thailand carrier AIS using a pre-paid SIM card.
The first time I went through the process I made a mistake setting the following using the Hex Editor:
"...set the 4 bytes at 0x807fc to 49 53 F4 7D"
The second time around I figured out what the "c" in "0x807fc" meant in terms of location on the Hex Editor. That was it.
:O i cant believe how awesome scotty2 is...

[Q] Goldcard + Downgrade + Root Generic Desire Z (Asian version - Indonesian)

Hi all,
First of all I have an Asian version Generic HTC Desire Z (Asian version but not under a provider) with the following software information:
Android version 2.2.1
Baseband: 12.28e.60.140fU_26.04.02.17_M2
Kernel: 2.6.32.21-g6e170e7....
Build: 1.82.707.1 CL317545 release-keys
Software: 1.82.707.1
My CID is HTC_044
From what I read, in order to root, we have to downgrade the software version to 1.34..... , right?
SO thats what I did.
I have followed the steps to downgrade in ( http://forum.xda-developers.com/showthread.php?t=905261 )
and creating a goldcard ( http://forum.xda-developers.com/showthread.php?t=832503 )
I tried both (2 different attempts) the PC10IMG.zip file and exe/RUU file, and have copied the whole zip file onto the SDCard (not in any folder), without extracting the files.
When I get to step 9-10 (phone in bootloader mode), I receive an error message like user "waqypaqy" got.
When I reboot into the bootloader, the phone scans the SD card, then I get this:
SD Checking...
Loading...[PC10DIAG.nbh]
No image or wrong image!
Loading...[PC10IMG.zip]
No Image!
Then after a few minutes, comes to another screen and says:
"CID incorrect! Update Fail! Press <POWER> to reboot."
From the bootscreen, here's the info:
VISION PVT SHIP S-ON
HBOOT -0.85.0009
RADIO-26.04.02.17_M2
eMMC-boot
CID Incorrect!
Update Fail!
Press <POWER> to reboot
Does anyone know what's wrong with this?
It'd be great if anyone could help me.
THANKS in advance =)
PS: I can't post under the "Development" forum because I'm still a newbie and doesn't have enough postcount yet.
The goldcard bypasses the CID check, so you can try looking at that first. Can you confirm that you've correctly written the image from the PSAS site to your sdcard?
theSpam said:
The goldcard bypasses the CID check, so you can try looking at that first. Can you confirm that you've correctly written the image from the PSAS site to your sdcard?
Click to expand...
Click to collapse
Hey theSpam,
I have tried creating the goldcard before, and have received the goldcard image through the email and have updated img through HxD editor (as per the instructions). But like what I said before, it gave me that CID incorrect message.
I'm sorry this might be a stupid question, but how do I check whether I've written the image from the PSAS site? What is the PSAS site?
Thank You for your help =)
I was just asking you to doublecheck that you've correctly written goldcard.img to your sdcard. Most people have issues during this step of the goldcard creation process.
Just open up your sdcard in HxD and see if it's there
Are you using the Asian RUU to get the PC10IMG.zip file? I found this made a difference.
theSpam said:
I was just asking you to doublecheck that you've correctly written goldcard.img to your sdcard. Most people have issues during this step of the goldcard creation process.
Just open up your sdcard in HxD and see if it's there
Click to expand...
Click to collapse
haha!
Oh yeah, I have followed all of the instructions in http://forum.xda-developers.com/showthread.php?t=832503 for part 1.
I have copied the contents of goldcard.img into the removable disk image and saved the file.
Then I went back to http://forum.xda-developers.com/showthread.php?t=905261, and followed the steps in that guide.
I only managed to get upto step 10.
Then it showed the error I mentioned above.
The RUU exe file I got was from here:
http://www.shipped-roms.com/shipped/Vision/
I downloaded the file with this name "RUU_Vision_HTC_WWE_1.34.405.5_Radio_12.28b.60.140e_26.03.02.26_M_release_155556_signed.exe"
This is the asian version, right?
I got the rom.zip file by following Part 2 steps in the link above.
Kangburra said:
Are you using the Asian RUU to get the PC10IMG.zip file? I found this made a difference.
Click to expand...
Click to collapse
Yeah, I think I did.
The RUU exe file I got was from here --> See the above post for the link
I downloaded the file with this name "RUU_Vision_HTC_WWE_1.34.405.5_Radio_12.28b.60.140e_26.03.02.26_M_release_155556_signed.exe" -- 290 MB
I got the rom.zip file by following Part 2 steps in the link above.
Do you know what I'm doing wrong?
That's WWE version, you need RUU_Vision_hTC_Asia_HK_CHT_1.34.708.3_Radio_12.28b .60.140e_26.03.02.18_M2_release_154602_signed.exe
Kangburra said:
That's WWE version, you need RUU_Vision_hTC_Asia_HK_CHT_1.34.708.3_Radio_12.28b .60.140e_26.03.02.18_M2_release_154602_signed.exe
Click to expand...
Click to collapse
By using this one, it wont turn the language into chinese right?
=) =)
I was told by someone that it would, thats why I didn't try this one..hihi
Oh, and will the steps I have to follow change because of this different filename?
I would also recommend going back and double-checking all those steps for creating the goldcard, because it sounds like it's not recognising a goldcard.
steviewevie said:
I would also recommend going back and double-checking all those steps for creating the goldcard, because it sounds like it's not recognising a goldcard.
Click to expand...
Click to collapse
Hi steviewevie,
I just want to make sure whether i've followed the steps correctly or not.
Making the goldcard:
During step 4, "Enter 'adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid' and press enter. You should get a very long number copy it."
This is the number that I get: 479a002f86c320087483035535443530
Step 5 "Visit this page, paste in your number and reverse it."
When I opened the link for that step, there isn't any textfield where I can paste in my number.
So what I did was reverse the number manually into 035344535530384780023c68f200a974
Step 6. I entered the reversed number into the SD Card Serial (CID) text field.
Question: Can I reverse it manually?
Thank you mate (and to anyone who is kind enough to help) =)
akhoman said:
Hi steviewevie,
I just want to make sure whether i've followed the steps correctly or not.
Making the goldcard:
During step 4, "Enter 'adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid' and press enter. You should get a very long number copy it."
This is the number that I get: 479a002f86c320087483035535443530
Step 5 "Visit this page, paste in your number and reverse it."
When I opened the link for that step, there isn't any textfield where I can paste in my number.
So what I did was reverse the number manually into 035344535530384780023c68f200a974
Step 6. I entered the reversed number into the SD Card Serial (CID) text field.
Question: Can I reverse it manually?
Thank you mate (and to anyone who is kind enough to help) =)
Click to expand...
Click to collapse
Check this out: http://forum.xda-developers.com/showthread.php?t=1029516
It's from the DHD forum but the goldcard process is the same across most HTC Android devices.
theSpam said:
Check this out: http://forum.xda-developers.com/showthread.php?t=1029516
It's from the DHD forum but the goldcard process is the same across most HTC Android devices.
Click to expand...
Click to collapse
THANKS mate, I'll check it out
Much appreciated
theSpam said:
Check this out: http://forum.xda-developers.com/showthread.php?t=1029516
It's from the DHD forum but the goldcard process is the same across most HTC Android devices.
Click to expand...
Click to collapse
It finally worked man!!!!
Super happy now!
So, this means I have downgraded my phone, and have obtained permanent root as well???
My next question is, whats next?
I think I need to install a 'radio' right? Which version do I choose?
http://wiki.cyanogenmod.com/index.php?title=Support_Downloads#HTC_Vision
WHat do I need to do next to install cyanogen MOD ?
akhoman said:
It finally worked man!!!!
Super happy now!
So, this means I have downgraded my phone, and have obtained permanent root as well???
My next question is, whats next?
I think I need to install a 'radio' right? Which version do I choose?
http://wiki.cyanogenmod.com/index.php?title=Support_Downloads#HTC_Vision
WHat do I need to do next to install cyanogen MOD ?
Click to expand...
Click to collapse
As you have downgraded, you can follow the guide found here http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision to achieve permanent root.
Once you have ClockwordMod Recovery installed (per the above guide), you can flash Cyanogen.
As for the radio, I personally don't recommend changing anything due to the brick risk (however, many others share opposite opinions).
theSpam said:
As you have downgraded, you can follow the guide found here http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision to achieve permanent root.
Once you have ClockwordMod Recovery installed (per the above guide), you can flash Cyanogen.
As for the radio, I personally don't recommend changing anything due to the brick risk (however, many others share opposite opinions).
Click to expand...
Click to collapse
Hi,
I have just finished installing and flashing CM 7 + googleaps zip file.
But I found several problems:
1. Google Maps not installed
2. Calendar is missing
3. Stock email app somehow doesnt work
4. Numbers: I can only see several digits on the letters, they are 1 2 4 5 0
5. And most of all I just found out that HTC Sync does not work with CM =( (can't sync my contacts n calendar anymore through outlook 2010)
Would you have any ideas why this is happening?
THanks very much theSpam!
Same problem!!!
Hey akhoman, happy for you in rooting your desire z successfully! Man, can you give me all the steps you did (one by one)? I have tried so many ways and nothing helped, I also got the CID wrong, I tried to make the goldcard but still having that problem all the errors and information are exactly like yours... BIG THANK, dude!
akhoman said:
Hi,
I have just finished installing and flashing CM 7 + googleaps zip file.
But I found several problems:
1. Google Maps not installed
2. Calendar is missing
3. Stock email app somehow doesnt work
4. Numbers: I can only see several digits on the letters, they are 1 2 4 5 0
5. And most of all I just found out that HTC Sync does not work with CM =( (can't sync my contacts n calendar anymore through outlook 2010)
Would you have any ideas why this is happening?
THanks very much theSpam!
Click to expand...
Click to collapse
Need to flash gapps after you flash cm Rom

[Q] DHD rooting/flashing issues

Hi folks,
Have been going round in circles trying to root and flash my mate's DHD. I've been reading various threads and trying various methods but to no avail.
His DHD was originally on Froyo 2.2 and he took the T-Mobile OTA update to 2.3 w/Sense 3.0 when it was rolled out. As I understand it, it must be downgraded back to 2.2 before we can get full root access?
I've installed SDK on my PC and have been able to push tacoroot and misc_version to the phone. However, when running tacoroot, it reboots to go into recovery and I get the red triangle with the exclamation mark. The phone won't boot into recovery manually either. I've already done a factory reset to see if that helped, but no joy.
What am I doing wrong? Should the phone be able to access recovery completely stock? I never had this much hassle with my Desire - can't believe the DHD is such a pain in the backside. He has the phone with him now (he needs it tomorrow) but we're going to re-attempt tomorrow afternoon.
Am I doing things in the right order? Why do I keep getting the red triangle when trying to go into recovery?
Your help would be much appreciated!
well, as far as i remember you need to downgrade to 1.32 specifically.
and another thing, have you tried using advanced hack kit? it is pretty much one click solution, but can be tricky if the pc it runs from is not compleatly clean.
Try this on an Ubuntoo live CD, http://forum.xda-developers.com/showthread.php?t=1259821
worked like a charm for me..
I'm running Windows and followed the Hack Kit instructions to the letter. We're making more progress than before, but have run into the following problem:
[Would you like to downgrade? y/n]y
a67daa6baa7ef085307593fef6329d14 *PD98IMG/PD98IMG-GB2.zip
Flash the downgrade RUU? [y,n]y
pushing rom to sdcard - this takes time please be patient.
1690 KB/s (259503624 bytes in 149.887s)
Setting up to temproot....
cannot open 'tools/bin/zergRush': No such file or directory
1707 KB/s (572752 bytes in 0.327s)
1204 KB/s (19240 bytes in 0.015s)
going for temproot using zergRush....
setting mainver lower for downgrade...
--set_version set. VERSION will be changed to: 1.31.405.6
Misc partition is "/dev/block/mmcblk0p17"
Patching and backing up misc partition...
Error opening input file.
Creating goldcard....
HTC android goldcard tool Copyright (C) 2011, Wayne D. Hoxsie Jr.
Original code by B. Kerler. Special thanks to ATTN1 and the XDA team.
/dev/block/mmcblk1: cannot open for write: Permission denied
starting downgrade...
** The phone will now reboot into HBOOT.
** It will then check the file just sent.
** If everything is okay, the phone will
** prompt you to continue by pressing
** VOLUME UP. It will reboot, flashing twice.
**** PUSH POWER WHEN THIS STEP COMPLETES ****
If downgrade is successful, you may set up the phone and try to hack it again.
Once the downgrade is successful, press a key to return to the menu......
Otherwise, cut and paste the output to the screen into a text file for evaluatio
n.... then press a key.
Press any key to continue . . .
The phone checks in HBoot and then comes up with:
"Main Version is older!
Update Fail!
Press <power> to reboot"
Any ideas? I'm drawing a blank.
Edit: Although I don't think it's a Windows issue, I'm downloading the Ubuntu live disc and will try it with that.
You have a couple of issues from the output you posted. In the beginning it couldn't find the zergrush files to temp root. This leads me to believe it was a bad download of kit. Did you verify the md5 for file integrity? And the second was an error with the SD card. You might want to try a different one
Sent from my Inspire 4G using XDA
Checked the MD5 - came back fine. Have swapped the SD card for another one - formatted to FAT32 with nothing else on it.
Will re-run.
Still downloading the Ubuntu disc (!) so will try that in a mo if a re-run with a new SD card doesn't work.
Thanks for the input, much appreciated!
Edit: Exactly the same issue again. Will try it under Ubuntu.
Funkmeisterdude said:
Checked the MD5 - came back fine. Have swapped the SD card for another one - formatted to FAT32 with nothing else on it.
Will re-run.
Still downloading the Ubuntu disc (!) so will try that in a mo if a re-run with a new SD card doesn't work.
Thanks for the input, much appreciated!
Edit: Exactly the same issue again. Will try it under Ubuntu.
Click to expand...
Click to collapse
That doesn´t seem to be an sdcard issue. Download the Kit again and extract it all in the same folder...The cases experiencing your issue are mostly for missing files in the hack kit.
Look this in the code you pasted: "...cannot open 'tools/bin/zergRush': No such file or directory..."
glevitan said:
That doesn´t seem to be an sdcard issue. Download the Kit again and extract it all in the same folder...The cases experiencing your issue are mostly for missing files in the hack kit.
Look this in the code you pasted: "...cannot open 'tools/bin/zergRush': No such file or directory..."
Click to expand...
Click to collapse
I guessed the issue with the missing files but he said the md5 check out.
I mention the SD card because of the line of error writing to mmcblk1. After the line creating goldcard, but you spend more time helping out in the irc to know better than me
Sent from my Inspire 4G using XDA
marsdta said:
I guessed the issue with the missing files but he said the md5 check out.
I mention the SD card because of the line of error writing to mmcblk1. After the line creating goldcard, but you spend more time helping out in the irc to know better than me
Sent from my Inspire 4G using XDA
Click to expand...
Click to collapse
Yeah, those are the cases I have seem, but maybe something different comes out....it is hard to know without the whole information...
Thanks to everyone who offered ideas and support; I've finally managed to do it.
<hugesighofrelief>
Thanks again, also to the chaps and chappettes in the IRC support channel.
F

Categories

Resources