If you would like your idea posted here, please PM me.
This thread's name has been changed from "S-OFF without XTC-Clip conclusions" to "S-OFF without XTC-Clip discussion/ideas/conclusions".
Request: Can moderators please sticky this thread? It is now very popular and we're starting to get somewhere.
Hi all!
After hours (well not that much) of research, I hereby give you some conclusions I made about the XTC Clip.
First of all, CDMA phones (A510C) have been cracked without the XTC Clip. And so has the Virgin WFS (with no SIM Slot).
This concludes that S-OFF is related to your phone's network functionality.
Another reason to back this up, is that the XTC Clip has a flex/ribbon cable that connect to your phones SIM slot. This is why the Virgin phone has been cracked.
When S-OFFing your phone with an XTC Clip, you run some XTC software tht creates a goldcard image, and loads the image onto the Micro-SD card you have inserted into the XTC Clip. If you have got hold of the XTC-Clip, can you please send me the software in a .zip folder, as I would like to look into it a bit more.
If you have any theories on how the XTC Clip works, please post them here and I might consider adding them.
On that note, the Bad-Wolf is now going to howl somewhere.
Theories/Ideas:
eoghan2t7 said:
What if you changed the network settings to WCDMA then try the virgin s-off trick?
Edit try
*#*#4636#*#* then goto phone infomation theres a setting in there to change it to cdma
Virgin S-OFF Trick Link:
http://forum.xda-developers.com/show...php?p=19448584
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Thanks Tera Tike for the download!
Click to expand...
Click to collapse
What the XTC-Clip does:
Step 1 - Create the Goldcard and put the PG76DIAG.nbh file on the microSD.
Step 2 - Mimic the HTC service SIM. (Thats why you hook it up to your phone thru the SIM card port)
Step 3 - Press Power and Volume Down to run the PG76DIAG.nbh file in the bootloader.
When I S-off my phone, I hook up the XTC-Clip to my phone using the battery clip (no computer).
Click to expand...
Click to collapse
Here is a link with the XTC-Clip software to update the device. This might be more helpful to you.
Here is the XTC file. Good luck!
Attached Files
XTC-Clip.zip
Click to expand...
Click to collapse
island3r said:
The S-off (or s-on for that matter) flag is stored inside the radio firmware as it is the only code that is executed right when you power on the device. What revolutionary does is to replace the hboot with a modified one so that it won't check the radio for the s-on flag.
The steps taken by revolutionary are:
Click to expand...
Click to collapse
island3r said:
1)Acquire temp-root while in android
2)Reboot to fastboot
3)Fastboot flash eng hboot
4)Fastboot flash custom recovery
I guess the part that's missing for the WFS is somewhere between steps 1 and 2.
Click to expand...
Click to collapse
ONeill123 said:
I know, where the eng hboot is posted
Here:
http://forum.xda-developers.com/showpost.php?p=20056976&postcount=212
Hope that helps to find a way to s-off!
Thanks!
Click to expand...
Click to collapse
Click to expand...
Click to collapse
island3r said:
So, has anyone with a wfs handy (and balls of steel) tried this method? (just the rooting part).
The guide is for the Glacier. But you can try using this hboot, and the latest clockwork image.
Click to expand...
Click to collapse
island3r said:
(Edit: preferrably someone that hasn't upgraded to the latest ota)
Click to expand...
Click to collapse
island3r said:
Ok, I got hold of my father's wfs for a bit and I tried it out myself. Some observations:
Click to expand...
Click to collapse
island3r said:
1) The psneuter returned the [1] illegal instruction error, so I used the zergrush method instead to get root.
2) Tried to get the first md5 reading but it turns out the wfs uses a different partition than the Glacier (dev/block/mmcblk0p18)
So I guess the next step is to find out which one.
Click to expand...
Click to collapse
OK. So maybe we're getting somewhere.........
Click to expand...
Click to collapse
Click to expand...
Click to collapse
matt5eo said:
We know that we can update system apps, without any problems, down and upgrade them, so why don't we try to rewrite a system app which give us the rights to read and write in the system folder. This would work, I think so..
Click to expand...
Click to collapse
no.human.being said:
The only way to really "brick" a device is to wear out the embedded NAND completely. NAND memory has limited write cycles per cell, probably around 10,000. When you write to it more often, the cells will "wear out" and cease to hold their state so the memory is really "dead" at some point and you can throw your phone into the trashcan.
Apart from this, the content of the NAND inside the controller can be saved and imaged back using JTAG. JTAG is a hardware feature, so you can write to the NAND via JTAG even when the firmware is completely messed up.
The reason is as follows: You can expect the MSM7227's NAND to be completely empty when the chip comes out of Qualcomm's fab. So there is no "firmware" method (bootloader, etc.) to get an operating system to the controller and there won't be a "radio" on it either. But obviously, HTC can program these chips. So there must be a method of programming them "in hardware" and this is the controller's JTAG interface. So if HTC can do it, then we can do it as well, provided we have the tools. What you need for this is a JTAG interface for ARM. If you followed my thread, you'd know that I'm planning to use JTAG to develop the exploit anyway.
So I'd create a complete image from the ROM of an operable phone via JTAG and if you mess up the radio/bootloader/everything, you can always flash it back over JTAG and have your entire phone restored to its previous state. I know of no method to brick a phone so that it's not recoverable over JTAG, apart from wearing the NAND cells out with excessive writing.
Click to expand...
Click to collapse
Good idea! Maybe you could try it if you're willing to. Only problem is that if you ever break your device (smash, etc) then HTC will know you broke the VOID seal. Unrooting wouldn't cover your tracks.
Although, there should be a system similar to JTAG because the XTC-Clip uses a flex cable to connect to the SIM slot.
Perhaps, somebody who currently owns an XTC-Clip can JTAG the Clip.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
SomeDudeOnTheNet said:
Okay, so I've heard from various sites that using the identifier token of the Desire [not Desire S or HD] on HTCDev, you can unlock the WFS bootloader.
So, anyone with an identifier token? I want to test it out.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
I've already tried using the HTCdev website to unlock my WFS, even though it isn't supported. When I got to the point where I have to give my Identifier Token, my Fastboot threw me an error. So it didn't work. perhaps if you get hold of a Desire Token, then you can modify it to work for WFS.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
no.human.being said:
I don't want to mount it. Mounting works, it is already mounted. I want to dump its raw contents via the device file, patch the dump to a ROM that's S-OFF, then put the dump back on the mtd device. I just put down some code for doing this.
Code:
/*
* S-OFF for HTC Wildfire S
* To be applied after temprooting the device via zergRush exploit
*/
#include <stdio.h>
int main()
{
FILE* fdRead;
FILE* fdWrite;
char c;
unsigned long unOffset;
/*
* 1. Dump the "/system" partition from NAND to SD-Card
*/
fdRead = fopen("/dev/block/mtdblock3", "rb");
fdWrite = fopen("/sdcard/dump.img", "wb");
c = fgetc(fdRead);
do
{
fputc(c, fdWrite);
c = fgetc(fdRead);
}
while (!feof(fdRead));
fclose(fdRead);
fclose(fdWrite);
/*
* 2. Patch the dump with S-OFF, SUID set and SimLock unlocked
*/
fdRead = fopen("/sdcard/dump.img", "rb");
fdWrite = fopen("/sdcard/patch.img", "wb");
c = fgetc(fdRead);
unOffset = 0;
do
{
fputc(c, fdWrite);
c = fgetc(fdRead);
unOffset++;
/* Super CID */
if ((unOffset >= 0x00000200) && (unOffset <= 0x00000207))
c = 0x31;
/* S-OFF */
if (unOffset == 0x00000a00)
c ^= 0x01;
/* SIM lock */
if (unOffset == 0x00080000)
c = 0x78;
if (unOffset == 0x00080001)
c = 0x56;
if (unOffset == 0x00080002)
c = 0xf3;
if (unOffset == 0x00080003)
c = 0xc9;
if ((unOffset >= 0x00080004) && (unOffset <= 0x000807fb))
c = 0x00;
if (unOffset == 0x000807fc)
c = 0x49;
if (unOffset == 0x000807fd)
c = 0x53;
if (unOffset == 0x000807fe)
c = 0xf4;
if (unOffset == 0x000807ff)
c = 0x7d;
}
while (!feof(fdRead));
fclose(fdRead);
fclose(fdWrite);
/*
* 3. Write the patched dump back to NAND
*/
fdRead = fopen("/sdcard/patch.img", "rb");
fdWrite = fopen("/dev/block/mtdblock3", "wb");
c = fgetc(fdRead);
do
{
fputc(c, fdWrite);
c = fgetc(fdRead);
}
while (!feof(fdRead));
fclose(fdRead);
fclose(fdWrite);
return(0);
}
Please don't try this out yet. It is completely unverified and might brick your phone. I do not provide any warrenty for this one. Chances are it will simply not work as I expect the device cannot be opened. If the device can be opened, chances are it might S-OFF your phone, but like I said it's completely untested yet. In fact, I haven't even found a way to compile C code for Android yet.
What compiler do you use? I guess you need one of those that come with the Android NDK, right?
Click to expand...
Click to collapse
Cool! I wish I knew C!
Click to expand...
Click to collapse
Click to expand...
Click to collapse
no.human.being said:
Afaik HBOOT is only a bootloader. It's a very simple and stupid program. I don't even expect it to understand what a file system permission is, so how would it enforce them? It just loads the Android kernel and gives it control. When Android boots, the code of HBOOT is not executing any more. How would it interfere with Android writing to a memory device?
I think it's different. The security flag is located somewhere in the radio. HBOOT checks it and disables certain things (like flashing unsigned ROM images) when the flag is set. Android checks it and disables other things (like writing to "/system") when the flag is set. I don't expect HBOOT to excert any control over the handset as soon as the actual operating system is booted.
Android itself can definitely write to "/system" (or rather to "/dev/block/mtdblock3", which is the device where "/system" is located), even on an S-ON device. That's how over-the-air updates are performed. It's just that there's some protection inside Android preventing you from writing to "/system" on an S-ON device. But it would be very "weird" for a POSIX system when this protection was still in place for a UID 0 (root) process. That's why I'm so after the "temproot with zergRush, then escalate further to S-OFF"-approach. You also see that "/system" is mounted as "rw" after the zergRush exploit was run. It's just that this doesn't give you anything, as the file system is probably exactly aligned in memory and any writes to it will corrupt it. You can see files suddenly disappear from the directory listing when writing to "/system" on a temprooted device.
So writing to "/system" is not the way to install custom ROM, you have to install them via HBOOT and it will only let you do when the device is S-OFF. That's why I want to S-OFF by writing to "/dev/block/mtdblock3" (which is the block device "/system" is on). You will then have a fully S-OFF phone just like if you used xtc-clip on it and can use HBOOT to install custom recovery or however you continue after you got the device S-OFF.
Click to expand...
Click to collapse
Cool!
Click to expand...
Click to collapse
Click to expand...
Click to collapse
What if you changed the network settings to WCDMA then try the virgin s-off trick?
Edit try
*#*#4636#*#* then goto phone infomation theres a setting in there to change it to cdma
eoghan2t7 said:
What if you changed the network settings to WCDMA then try the virgin s-off trick?
Edit try
*#*#4636#*#* then goto phone infomation theres a setting in there to change it to cdma
Click to expand...
Click to collapse
Good idea! I'll try this when I got some time. Got any links for the Virgin trick?
http://forum.xda-developers.com/showthread.php?p=19448584
Bad-Wolf said:
If you have got hold of the XTC-Clip, can you please send me the software in a .zip folder, as I would like to look into it a bit more.
Click to expand...
Click to collapse
What the XTC-Clip does:
Step 1 - Create the Goldcard and put the PG76DIAG.nbh file on the microSD.
Step 2 - Mimic the HTC service SIM. (Thats why you hook it up to your phone thru the SIM card port)
Step 3 - Press Power and Volume Down to run the PG76DIAG.nbh file in the bootloader.
When I S-off my phone, I hook up the XTC-Clip to my phone using the battery clip (no computer).
Here is a link with the XTC-Clip software to update the device. This might be more helpful to you.
Here is the XTC file. Good luck!
why not try to flash a cdma rom, then s off the device then back to gsm rom. If it will not brick. dont blame me just an idea.
m1ndh4x8r said:
why not try to flash a cdma rom, then s off the device then back to gsm rom. If it will not brick. dont blame me just an idea.
Click to expand...
Click to collapse
It will brick cuz of different radio.img.
eoghan2t7 said:
What if you changed the network settings to WCDMA then try the virgin s-off trick?
Edit try
*#*#4636#*#* then goto phone infomation theres a setting in there to change it to cdma
Click to expand...
Click to collapse
EDIT:
Changed it, but stuck on JUMPING TO DIAG. Let me try with only the nbh file in the SD.
EDIT 2:
Still JUMPING TO DIAG.
eoghan2t7 said:
What if you changed the network settings to WCDMA then try the virgin s-off trick?
Edit try
*#*#4636#*#* then goto phone infomation theres a setting in there to change it to cdma
Click to expand...
Click to collapse
it automatically changes back to wcdma preffered....
Tera Tike said:
What the XTC-Clip does:
Step 1 - Create the Goldcard and put the PG76DIAG.nbh file on the microSD.
Step 2 - Mimic the HTC service SIM. (Thats why you hook it up to your phone thru the SIM card port)
Step 3 - Press Power and Volume Down to run the PG76DIAG.nbh file in the bootloader.
When I S-off my phone, I hook up the XTC-Clip to my phone using the battery clip (no computer).
Here is a link with the XTC-Clip software to update the device. This might be more helpful to you.
Here is the XTC file. Good luck!
Click to expand...
Click to collapse
is the file corrupted? my AVG antivirus was trigger off by this file.
Tera Tike said:
What the XTC-Clip does:
Step 1 - Create the Goldcard and put the PG76DIAG.nbh file on the microSD.
Step 2 - Mimic the HTC service SIM. (Thats why you hook it up to your phone thru the SIM card port)
Step 3 - Press Power and Volume Down to run the PG76DIAG.nbh file in the bootloader.
When I S-off my phone, I hook up the XTC-Clip to my phone using the battery clip (no computer).
Here is a link with the XTC-Clip software to update the device. This might be more helpful to you.
Here is the XTC file. Good luck!
Click to expand...
Click to collapse
Thanks mate!
More conclusions please!
Bad-Wolf said:
More conclusions please!
Click to expand...
Click to collapse
We really have to get this S-OFF thing working!!!!!
Why can't the XTC-Clip people help us?!?!
Bad-Wolf said:
We really have to get this S-OFF thing working!!!!!
Why can't the XTC-Clip people help us?!?!
Click to expand...
Click to collapse
They live on people's misfortune!
One more thing. Can the mods sticky this so that people can look at and post their own conclusion/theories.
Bad-Wolf said:
Hi all,
after hours (well not that much) of research, I hereby give you some conclusions I made about the XTC Clip.
First of all, CDMA phones (A510C) have been cracked without the XTC Clip. And so has the Virgin WFS (with no SIM Slot).
This concludes that S-OFF is related to your phone's network functionality.
Another reason to back this up, is that the XTC Clip has a flex/ribbon cable that connect to your phones SIM slot. This is why the Virgin phone has been cracked.
When S-OFFing your phone with an XTC Clip, you run some XTC software tht creates a goldcard image, and loads the image onto the Micro-SD card you have inserted into the XTC Clip. If you have got hold of the XTC-Clip, can you please send me the software in a .zip folder, as I would like to look into it a bit more.
If you have any theories on how the XTC Clip works, please post them here and I might consider adding them.
On that note, the Bad-Wolf is now going to howl somewhere.
Relevant Stuff Edits:
Virgin S-OFF Trick Link:
http://forum.xda-developers.com/show...php?p=19448584
Click to expand...
Click to collapse
Please pay a little bit of attention to this thread!!!!
Repost from another thread...Now you have the whole package...
Below is a repost of my goldcard image and explanation from another thread.
Now you have the XTC Clip Plus software and a real deal XTC clip Gold card.
Hopefully you can do something between the two...
d33ps1x said:
Anyone have a place for me to put 334.3 MB file for you guys to play with?
It's a gzip compressed image from Clonedisk (available on Hirens BootCD) that is a raw exact copy of the HTC-Clip Goldcard for a 2 gig SD. It can be Clonedisk'ed back onto a 2 gig or anything larger.
Just load Clonedisk with your SD card in the reader slot, choose your PHYSICAL DRIVE NUMBER, not the drive lettered partition!....and hit restore.
Covers all Hboot versions.
Don't unzip the gz file. Clonedisk reads it just fine as is.
Was thinking having the actual goldcard image with the diagnostic image might get you guys closer to your goal as the goldcard might have something to do with having success.
Click to expand...
Click to collapse
Again.
This is a gzip compressed image file of the ENTIRE filesystem of a 2 gig SD used to make an XTC Clip gold card with the PG76IMG file that does the job of patching your phone to S-OFF.
It is usually used in combination with the Clip itself and an Mini SIM cable that goes into the sim slot.
So again this is JUST the XTC Goldcard itself. It is universal for ALL Wildfire S's and all Hboot versions.
DO NOT choose flash rom option after the GSM screen. Choose diagnostics. Clean S58 when you have the chance.
It's not really intended to be used as is but rather as a step towards figuring out how to S-OFF and unlock the sim without hardware involved.
This would be in the general section not developers if it was intended as a finished product.
Used Clonedisk on Hiren's boot CD to restore it to an empty SD card of 2 gig or greater. (2 was the smallest I had)
No other image software!
First make sure the destination card is empty of partions by using Mini Partition Wizard Home Edition (also on Hiren's) or available for free from their website.
Remove all partitions and apply the changes
Load up Clonedisk and choose the proper physical device, not the drive letter of the disk option.
Choose the gz file out of the rar's as your source and then hit restore.
Then you have a true Goldcard from XTC with the proper file for patching things.
The theory being that the goldcard itself may have some unique properties and indeed it's considered an unknown file system in Mini Partition Wizard although computers read it as a readable FAT32 disk and assign a drive letter so there is a curiosity there worth looking into.
Also the only files on the 1.8ish gig image compress with the gzip option to only 334.3 MB which is curious as well considering it only has 2 files on it. One being something like 10 MB and one being zero bytes.
The rest is for people on a much higher pay grade then me.
Good luck developers...
In a two part rar file from Dropbox...
XTC-Clip_V2_All_Hboot_Ver_HTC_Marvel_Wildfire_S_Goldcard_Clonedisk_Image.part1.rar
XTC-Clip_V2_All_Hboot_Ver_HTC_Marvel_Wildfire_S_Goldcard_Clonedisk_Image.part2.rar
The single gz image on 4shared:
XTC Clip Gold Card All Hboot Versions For HTC Marvel Wildfire S
d33ps1x said:
Below is a repost of my goldcard image and explanation from another thread.
Now you have the XTC Clip Plus software and a real deal XTC clip Gold card.
Hopefully you can do something between the two...
Again.
This is a gzip compressed image file of the ENTIRE filesystem of a 2 gig SD used to make an XTC Clip gold card with the PG76IMG file that does the job of patching your phone to S-OFF.
It is usually used in combination with the Clip itself and an Mini SIM cable that goes into the sim slot.
So again this is JUST the XTC Goldcard itself. It is universal for ALL Wildfire S's and all Hboot versions.
DO NOT choose flash rom option after the GSM screen. Choose diagnostics. Clean S58 when you have the chance.
It's not really intended to be used as is but rather as a step towards figuring out how to S-OFF and unlock the sim without hardware involved.
This would be in the general section not developers if it was intended as a finished product.
Used Clonedisk on Hiren's boot CD to restore it to an empty SD card of 2 gig or greater. (2 was the smallest I had)
No other image software!
First make sure the destination card is empty of partions by using Mini Partition Wizard Home Edition (also on Hiren's) or available for free from their website.
Remove all partitions and apply the changes
Load up Clonedisk and choose the proper physical device, not the drive letter of the disk option.
Choose the gz file out of the rar's as your source and then hit restore.
Then you have a true Goldcard from XTC with the proper file for patching things.
The theory being that the goldcard itself may have some unique properties and indeed it's considered an unknown file system in Mini Partition Wizard although computers read it as a readable FAT32 disk and assign a drive letter so there is a curiosity there worth looking into.
Also the only files on the 1.8ish gig image compress with the gzip option to only 334.3 MB which is curious as well considering it only has 2 files on it. One being something like 10 MB and one being zero bytes.
The rest is for people on a much higher pay grade then me.
Good luck developers...
In a two part rar file from Dropbox...
XTC-Clip_V2_All_Hboot_Ver_HTC_Marvel_Wildfire_S_Goldcard_Clonedisk_Image.part1.rar
XTC-Clip_V2_All_Hboot_Ver_HTC_Marvel_Wildfire_S_Goldcard_Clonedisk_Image.part2.rar
The single gz image on 4shared:
XTC Clip Gold Card All Hboot Versions For HTC Marvel Wildfire S
Click to expand...
Click to collapse
Although I have no idea what you are talking about. Nice post mate!!!
The S-off (or s-on for that matter) flag is stored inside the radio firmware as it is the only code that is executed right when you power on the device. What revolutionary does is to replace the hboot with a modified one so that it won't check the radio for the s-on flag.
The steps taken by revolutionary are:
1)Acquire temp-root while in android
2)Reboot to fastboot
3)Fastboot flash eng hboot
4)Fastboot flash custom recovery
I guess the part that's missing for the WFS is somewhere between steps 1 and 2.
SomeDudeOnTheNet said:
eoghan2t7 said:
What if you changed the network settings to WCDMA then try the virgin s-off trick?
Edit try
*#*#4636#*#* then goto phone infomation theres a setting in there to change it to cdma
Click to expand...
Click to collapse
EDIT:
Changed it, but stuck on JUMPING TO DIAG. Let me try with only the nbh file in the SD.
EDIT 2:
Still JUMPING TO DIAG.
Click to expand...
Click to collapse
eoghan2t7 said:
m1ndh4x8r said:
why not try to flash a cdma rom, then s off the device then back to gsm rom.
Click to expand...
Click to collapse
It will brick cuz of different radio.img.
Click to expand...
Click to collapse
island3r said:
The S-off (or s-on for that matter) flag is stored inside the radio firmware as it is the only code that is executed right when you power on the device.
Click to expand...
Click to collapse
A little 2+2=4 here: So this is why simply changing the network settings to WCDMA in the test menu (*#*#4636#*#*) won’t work and why the radio.img is different so that flashing a CDMA ROM will brick the phone.
Thanks for the info, islan3r!
Related
Because of my stupid mistakes of making my SD card failed the first time, I found a way to actually downgrade the system using HBoot mode even if you have a new HBoot system (i.e. Official Chinese version, Carrier Locked version, etc).
First thing to do, is to download the 2.73.405.5 official WWE RUU package (the exe);
Then, run that wizard, and while the wizard's program is running, search in your PC's %userprofile% folder, and look for "rom.zip"
Rename that rom.zip to HEROIMG.zip.
Put that file into your MicroSD card's root folder. Do not modify its contents.
put that SD card into your phone.
While the card is in, hboot the device (vol down + power).
it will pop up the HBOOT mode of the device. It will now check for a few files if they exist on your SD card. (HERODIAG.zip, etc)
in the last check, it will look for HEROIMG.zip, and tries to load it. Once the loading bar is complete on the top right side of the device, it will ask you to press home to continue the upgrade, or press other key to escape it. (i am not 100% sure if those are the keys, but you can read english so figure that part out).
Once the flashing is done (remember, this method will wipe everything. including radio, recovery, system, data, cache), you will now have a complete original ROM on your system. From there, use InstantRoot or any other rooting exploit, to root your device, put Cyanogen's recovery there, and start upgrading into custom roms!
Let me know if this method works or not. it worked on 3 of my friend's HTCs.
/* p.s. however i still have my unresolved issue about the SD card slot and USB device not recognized issue. */
Nope, I tried that before and it fails the CID check.
Guiness in a can? BRILLIANT!
yea, everyone has been jumping through their butts trying to figure out how to make goldcards and bypasses... why not just use hboot like htc probally uses it? Duh! Thanks for this!
edit..... oh snap....
does not work for me!
Once the loading bar is complete on the top right side of the device
go back to hboot...
and nothing to do
this won't work because the SPL is still checking the CID of the rom.zip you renamed to HEROIMG
for some people the flash will work, but thats because they have a hero with a CID thats in the range of the cid numbers (open the .zip file and check the android-info.txt to see the list.
changing topic is this is confusing people
nice try though
Otiginal IMG
Confirm ...works for me.After rooting...... and flashing couple images i try reflash back original rom - official ruu not want work ...stop on bootloader .....extracted rom not be a flashable trough sd card and amon ra loader....this way work like charm.Thnx.
Original IMG
Confirm ...works for me.After rooting...... and flashing couple images i try reflash back original rom - official ruu not want work ...stop on bootloader .....extracted rom not be a flashable trough sd card and amon ra loader....this way work like charm.Thnx.
Thank you, you are the man!
Thank you so much, i was about to eat my phone. it is htc hero and it worked. thank you so much...
since we have this thread i can ask as well...
is HEROIMG.ZIP signed, or why wouldn't one just alter the CID values in android-info.txt?
kendong2 said:
since we have this thread i can ask as well...
is HEROIMG.ZIP signed, or why wouldn't one just alter the CID values in android-info.txt?
Click to expand...
Click to collapse
I believe it is signed using HTC's own personal keys, preventing us changing the RUU extract.
anon2122 said:
I believe it is signed using HTC's own personal keys, preventing us changing the RUU extract.
Click to expand...
Click to collapse
Might be worth a test to do self signed ?
Jesterz said:
this won't work because the SPL is still checking the CID of the rom.zip you renamed to HEROIMG
for some people the flash will work, but thats because they have a hero with a CID thats in the range of the cid numbers (open the .zip file and check the android-info.txt to see the list.
changing topic is this is confusing people
nice try though
Click to expand...
Click to collapse
hi, i have the same problem and my cid is in in the list.
what could be the problem?
How the hell did you came up with that?
It worked perfectly! Cannot thank you enough.
You're the man.
been looking for this for nearly a week.
got my wife a new phone and want to store it original, but couldnt get back to stock,all cid fails.
with this version no cid fail and stock htc hero again.
thanks, you tha man.
Is there any guide or instructions how to root and flash the Desire with a new custom ROM?
Im so confused right now, rooted my Hero and flashed it dozen times but now its different with Desire. Plz someone help?
Take this guide
http://forum.xda-developers.com/showthread.php?t=672770
Do i have to make a goldcard if i have a unlocked and unbranded Desire in sweden? 0.80 bootloader...
I think you have to.
I've done it with a goldcard, have also a unclocked device.
Unbranded devices generally don't need gold cards.
cedeel said:
Unbranded devices generally don't need gold cards.
Click to expand...
Click to collapse
Yep totally correct! If the handset was unbranded when new then no goldcard is needed. I didn't need one on mine.
socktug said:
Yep totally correct! If the handset was unbranded when new then no goldcard is needed. I didn't need one on mine.
Click to expand...
Click to collapse
thx for the info, didn't know that
cedeel said:
Unbranded devices generally don't need gold cards.
Click to expand...
Click to collapse
Thank you
So practicly what i have to do is this:
if you have a bootloader version 0.80.xxxx or below AND a current ROM of 1.21.xxx.x or below -
Part 1
Part 2
*- Copy the 'rooted update' you downloaded above to the root of your SD card, before replacing it into your device
*- Turn off your HTC desire, then turn it back on with the 'back' button held down. You'll see 'FASTBOOT' written on the screen in a red box.
*- Connect the phone to your computer, then run the 'test ruu' that you downloaded above (it may take a short while to start). Let the update complete and turn your device off as soon as it reaches the configuration wizard. If you need USB drivers, you can find them as part of the HTC Sync install.
*- Your device should now be off. Unplug the device from your computer. Turn it on again while holding down the 'volume down' button this time. The screen will look similar to before, but will say 'HBOOT' instead of 'FASTBOOT'. Use the volume buttons and the power button to select the 'RECOVERY' option. You should then see a screen with a red triangle - at this point, plug it into your Linux or OSX computer.
*- Now you need to unzip the 'push files' zip that you downloaded above. When you have done so, you'll see a file called 'recovery-linux.sh' or 'recovery-mac.sh'. Run the one appropriate to your operating system and the screen of your device should change to display the green recovery image menu.
*- In the recovery image (moving around using the optical trackball), select 'Wipe -> Wipe data /factory reset' then 'Flash zip from sdcard' and choose the rooted update. Confirm with the trackball and the update process will begin. It'll take a little while, so go make a nice cup of tea.
---------------------------------------------------
I hope i havent forgot anything? Im pretty nervous right now :/
I don't want to confuse issues, but that one looks a bit out of date. it will work fine, but there is a newer slightly easier method now.
Are you confident in following basic instructions on using linux? I wasn't but it is so easy that anyone can do it!
Take a look here and see which one you prefer.
http://android.modaco.com/content/htc-desire-desire-modaco-com/308542/r4-htc-desire-easy-rooting-guide-with-tiny-core-linux/
All you need to do with this one is download the appropriate file, burn it to disc and type 4 commands in linux.
Or just use r5. The scripts are good and shouldn't cause any trouble. If you are on linux/mac you might need to change permissions on some files though.
socktug said:
I don't want to confuse issues, but that one looks a bit out of date. it will work fine, but there is a newer slightly easier method now.
Are you confident in following basic instructions on using linux? I wasn't but it is so easy that anyone can do it!
Take a look here and see which one you prefer.
http://android.modaco.com/content/htc-desire-desire-modaco-com/308542/r4-htc-desire-easy-rooting-guide-with-tiny-core-linux/
All you need to do with this one is download the appropriate file, burn it to disc and type 4 commands in linux.
Click to expand...
Click to collapse
Without a doubt that seems easy, i just wonder if i can do it the same way with Ubuntu 9.10 ? Its because i have a livecd with Ubuntu but no empty cd to burn on
infexis said:
Without a doubt that seems easy, i just wonder if i can do it the same way with Ubuntu 9.10 ? Its because i have a livecd with Ubuntu but no empty cd to burn on
Click to expand...
Click to collapse
Try this one then! http://android.modaco.com/content/htc-desire-desire-modaco-com/307365/24-may-r5-htc-desire-rooting-guide-now-with-hboot-0-80-and-os-to-1-21-support/
socktug said:
Try this one then! http://android.modaco.com/content/htc-desire-desire-modaco-com/307365/24-may-r5-htc-desire-rooting-guide-now-with-hboot-0-80-and-os-to-1-21-support/
Click to expand...
Click to collapse
That is the guide i read first, but now it seems there is a better solution with linux.
I'm not sure what newer method you mean?
At the end of the day, any of the methods posted here will work for you. The first one I pointed to with tiny core linux was for me the easiest.
Just give one of them a try and post back if you encounter any problems, if the worst happens and you make a mistake and cause the usb to be bricked, it can now be easilly fixed.
As far as I am aware there are no other issued you can run into if you follow the guides.
Yeay, i just found a cd-rw at home
I will now erase the disc, burn the .iso file on it and start rooting
Wish me luck!
Lol. Good luck. Once you start flashing custom roms, you will never be happy and want to keep trying more!
socktug said:
Lol. Good luck. Once you start flashing custom roms, you will never be happy and want to keep trying more!
Click to expand...
Click to collapse
I know Ive had a Hero for about a year now
you dont need to use linux anymore there is a windows method
all you need is to download the pushfiles and extract them in the desire root files click on recovery windows.bat when you get to the triangle on the desire it will take you to the recovery options
also ur device has to be connected with usb and dont remove the usb when you updating the rom
tori007 said:
you dont need to use linux anymore there is a windows method
all you need is to download the pushfiles and extract them in the desire root files click on recovery windows.bat when you get to the triangle on the desire it will take you to the recovery options
also ur device has to be connected with usb and dont remove the usb when you updating the rom
Click to expand...
Click to collapse
That is the method to go to recovery after rooting. You still need to root first. Also, the windows method may be easier, but a lot of people are commenting on driver problems. The linux method is by far the least problematic.
Just my opinon of course!
i did not have any issue while rooting go to the hero section and use those drivers they worked fine for me
Update 12-29-10: Due to problems reported with v03, we now link to v02.
Update 12-23-10: A new version of gfree, v02, has just been released by Guhl. Links have been updated to the new version, which allows you to set Sim Unlock, CID, and Radio S-ON/OFF independently. If you have previously run gfree, you will receive no additional benefit from running gfree v2, unless you want to change one of the settings.
Notice: gfree is known not to work for radio firmwares with higher versions then 26.03.02.xx -- the reason for this is that HTC patched the hole that allowed scotty2 to power cycle the emmc chip to drop its write protection. So if you installed a radio version with a higher version number, downgrade the radio firmware before using gfree.
Guhl also released gfree_verify, which allows you to verify your phone's settings (regardless of which gfree you used). See the wiki for more on that.
The wiki is usually up to date on the latest of everything, so be sure to check it frequently.
---------------
scotty2 delivers again!
His "gfree" program should do the following for your g2, dz, or dhd:
* Radio S-OFF -- the real deal. This means the g2 will permit permanent root.
* Subsidy Unlock -- AKA "Sim Unlock" AKA "Network Unlock" AKA "Use a foreign SIM Card"
* SuperCID - enables the flashing of any carrier's firmware for the phone.
If you don't know what this means or why you might want it, check the wiki.
INSTRUCTIONS:
NOTE: If you have NOT permarooted your phone previously with the HBOOT/wpthis method, doing so using the new "gfree" method should have the added effect of sim-unlocking the phone, setting superCID and turning Radio S-OFF. In fact, it's the new method for permarooting for G2/DZ and DHD. So if you haven't yet permarooted, look at those instructions.
Again, the instructions below are for people only who have already previously "permarooted" through the earlier hacked-HBOOT method. See the wiki if you are starting from scratch with a new G2/DZ/DHD and have not yet done anything "root-ish".
WARNING: Be aware that by following these instructions you are messing with your phone with potential for screwing things up. Do so at your own risk. The many authors of this guide assume no responsibility for any damage to your phone, health, general well-being, or anything else untoward with respect to these instructions or you following them.
gfree uses a dynamic in-memory patch of the kernel to remove the kernel's write protection of the radio partition.
So, for those of you who have permarooted the old HBOOT way and put on new kernels --The following kernel versions that are known NOT to work yet with gfree. If you have one of the following kernel versions on your phone install a different (stock, OTA or cyanogen) kernel before starting this procedure:
| pershoots 11/30 build
| pershoot's 2.6.32.26 – OC-UV-NEON_FP (1.516GHZ) – G2 - 12/3
| Cyanogen Kernel / release 6.1.1
| 2.6.32.26-cm-virtuous-v1.0 [email protected]#1
Other newer kernels may also not work with gfree. So if you experience problems with this procedure (either the phone reboots during the process or the procedure completes correctly but the verify still shows that the phone is locked) then you may think about downgrading the kernel to an original stock kernel or even better to this kernel.
Okay. So we're assuming you've permarooted already and usb debugging is on (Applications > Development, then enable USB debugging). You'll also need about 5MB free on your sdcard.
You might want to back up your phone with nandroid on the Clockwork recovery image first, just in case.
Note: If you hanker to do it the longer, manual, harder, and more dangerous way, or are just curious what gfree does, see the wiki history for the old instructions.
No? Then let's begin.
==== 1. Download gfree and verify sdcard is not mounted by your computer ====
You will need to download a program called gfree (v02) that will first copy partition 7 of the phone, then patch it, then reflash back to your phone. (verified to work with the g2 and desire z as well as the desire hd). (You will also need adb, which you can download as part of the Android SDK.)
Unzip gfree_02.zip to your computer.
Make sure your computer is not mounting your phone's sdcard.
==== 2. Run gfree on the phone ====
On your computer's terminal/command line, navigate to where the gfree file is, and then...
Code:
adb push gfree /data/local
adb shell
This copies gfree to your phone, then puts you in your phone's terminal. Then do this:
Code:
su
cd /data/local
chmod 777 gfree
./gfree -f
sync
Wait a few moments for the sync to "take". Then reboot your phone. That's it!
gfree created a backup of your original partition 7 at /sdcard/part7backup-<time>.bin you might consider copying this to a safe location on your computer.
Now you can try using a new SIM card to verifiy that it worked. Also, if you had to flash a different kernel before running gfree, you may now reflash the kernel you originally had.
Thanks to the gang at #g2root, including IntuitiveNipple, scotty2, tmzt, rhcp, ciwrl, and guhl... among many others.
Wiki: How to enable Radio S-OFF, SuperCID, and SIM-unlock (with some informational background)
File: gfree_02.zip
File: gfree_verify_v01.zip
Feel free to use the "Thanks" button below. Also, Scotty2's paypal email is walker.scott AT gmail.com if you want to make a contribution.
Finally, Americans might consider making a donation to the Electronic Frontier Foundation who fight to defend your legal right to root or unlock your own phone when the carriers and phone manufacturers may lobby or otherwise try to stop you. The EFF can always use your tax-deductible support.
Hey thanks for posting this!
So I guess this is like perm-perm-root.
Giving it a shot now.
Sent from my HTC Vision using XDA App
thenefield said:
Hey thanks for posting this!
So I guess this is like perm-perm-root.
Giving it a shot now.
Sent from my HTC Vision using XDA App
Click to expand...
Click to collapse
Yeah it's sim-unlock too. Which is nice.
Nice thanks going to try it to.
Sent from my HTC Vision using Tapatalk
shouldnt one image work for every phone
Word up scotty2. You the man.
EDIT: And you too fattire for writing up what no one else wants to
thatruth132 said:
shouldnt one image work for every phone
Click to expand...
Click to collapse
No. If it did, then this would be a lot easier, huh?
I cant wait until some juicy stuff comes out of this.
Now, what does this mean
"make everything better."
This is freaking awesome.
andrewklau said:
Now, what does this mean
"make everything better."
Click to expand...
Click to collapse
You know.... everything.
...
I just bricked my phone LMAO!!!
I did the perm root that was easy... this jeez... followed the [Guide] How to recover your semi-brick (OMFG Thank you guys over there!) BUT I'm back... I literally almost **** my pants. Well... Gonna try this again maybe after finals LOL
Question though (going to try it later tonight LOL =P) the guide says I need a "custom cyanogenmod based kernel and provides the boot image that contains it.. I am using the nightlies do they contain that same function or no? also when I did flash that boot image and ran "insmod /sdcard/wpthis-cyanogen.ko" it said error function not implemented? Anyone not run into this issue? or have any ideas?
nycjv321 said:
Question though (going to try it later tonight LOL =P) the guide says I need a "custom cyanogenmod based kernel and provides the boot image that contains it.. I am using the nightlies do they contain that same function or no?
Click to expand...
Click to collapse
Nope.
nycjv321 said:
also when I did flash that boot image and ran "insmod /sdcard/wpthis-cyanogen.ko" it said error function not implemented? Anyone not run into this issue? or have any ideas?
Click to expand...
Click to collapse
"Error function not implemented" means it worked.
well this time it didn't brick... I think I got it time to verify it
Ok I ran it all again and worked but when I was verifying it I got all the supposed feedback except at "echo -e 'AT$QCPWRDN\r' > /dev/smd0" I got AT$QCPWRDN and then +CME Error: 0.... (No OK as said in the guide? ) and then it rebooted? what didn't work?
Got it to work!
SuperCID, Radio S-OFF, Subsidy Unlock is a reality!
Thanks to scotty2.
Thanks also to guhl (guhl99).
Read my post for more details: http://forum.xda-developers.com/showpost.php?p=9495073&postcount=363
Thread: http://forum.xda-developers.com/showthread.php?p=9495073#post9495073
This may be a stupid question but doesn't 0 also equate to no error? (In my older post) (Its just not stated in the guide, I don't want to overlook something which is why I asked ) You guys are AWESOME!!!
nycjv321 said:
This may be a stupid question but doesn't 0 also equate to no error? (In my older post) (Its just not stated in the guide, I don't want to overlook something which is why I asked ) You guys are AWESOME!!!
Click to expand...
Click to collapse
After entering the following into ADB Shell command prompt:
# echo -e 'AT$QCPWRDN\r' > /dev/smd0
The reply I got was a bunch of numbers (which filled the screen and wrapped to a new line) from what I can recall and then the phone rebooted. I didn't save the command window so I don't have the full details.
When the phone re-booted, I get signal from the local Thailand carrier AIS using a pre-paid SIM card.
The first time I went through the process I made a mistake setting the following using the Hex Editor:
"...set the 4 bytes at 0x807fc to 49 53 F4 7D"
The second time around I figured out what the "c" in "0x807fc" meant in terms of location on the Hex Editor. That was it.
:O i cant believe how awesome scotty2 is...
hey guys was on stock 2.50 ( have installed the official ruu ) and was not able to root.
so i have tryed to install the ruu from 1.32 -> it works
now im back to 1.32 -> rooted -> eng hboot -> installed cmw -> now im installing a custom rom.
dont know why it works but for me it worked.
ngt1337 said:
hey guys was on stock 2.50 ( have installed the official ruu ) and was not able to root.
so i have tryed to install the ruu from 1.32 -> it works
now im back to 1.32 -> rooted -> eng hboot -> installed cmw -> now im installing a custom rom.
dont know why it works but for me it worked.
Click to expand...
Click to collapse
Thanks for sharing but thats because you already have s-off. Please post in the general section next time.
Sent from my Desire HD using XDA Premium App
ok i will do that. my mistake dont know that when im on s-off can flash older ruu*s.
think i must have super cid to flash them, but this i dont have.
how did u do it i have s-on will this work thanks alot
mehoob12 said:
how did u do it i have s-on will this work thanks alot
Click to expand...
Click to collapse
A bunch of threads pretty much say s-on users with 2.37+ cannot downgrade
Sent from my Desire HD using XDA Premium App
Originally Posted by mehoob12
how did u do it i have s-on will this work thanks alot
A bunch of threads pretty much say s-on users with 2.37+ cannot downgrade
Sent from my Desire HD using XDA Premium App
__________________
HTC Desire HD
you think it is going to solve soon to downgrde from 2.50 what think about xtc clip
None of the known exploits currently work on 2.37+ so we have to wait for someone to figure out a new one. You MUST get temproot to modify the version partition so the phone will accept a downgrade ROM. Unless you're S-OFF, the hboot will reject any RUU that is older than what it thinks the current version is.
XTC clips still work though.
None of the known exploits currently work on 2.37+ so we have to wait for someone to figure out a new one. You MUST get temproot to modify the version partition so the phone will accept a downgrade ROM. Unless you're S-OFF, the hboot will reject any RUU that is older than what it thinks the current version is.
XTC clips still work though.
there is any way to get s-off or temproot
i am sick of waiting this the reason i boughat desire hd to have custom roms on it
anyway thanks alot
newbie asking for an FAQ
Hi,
I've bought an second hand Desire HD and it's updated to 2.50...
Is there an thread or section about downgrading?
If I get it right then it's nog possible at this moment (yet).
Please show me the way....
THANKS!
Hi,
I've bought an second hand Desire HD and it's updated to 2.50...
Is there an thread or section about downgrading?
If I get it right then it's nog possible at this moment (yet).
Please show me the way....
THANKS!
i think me and you we have to buy xtc clip
http://shop.ebay.co.uk/i.html?LH_BIN=1&_kw=xtc&_kw=clip
mehoob12 said:
None of the known exploits currently work on 2.37+ so we have to wait for someone to figure out a new one. You MUST get temproot to modify the version partition so the phone will accept a downgrade ROM. Unless you're S-OFF, the hboot will reject any RUU that is older than what it thinks the current version is.
XTC clips still work though.
there is any way to get s-off or temproot
i am sick of waiting this the reason i boughat desire hd to have custom roms on it
anyway thanks alot
Click to expand...
Click to collapse
Have you tried with Gold Card ?
Create a Gold Card:
Install GoldCard Helper from the Android Market,
Run it and make note of the value listed after Card:mmc2, Reverse CID. It should be a long series of numbers and letters. (make sure to use mmc2, the default copy to clipboard copies mmc1 ..)
Visit this page (http://psas.revskills.de/?q=goldcard), enter the new copied number and create your goldcard image, which will be e-mailed to you.
Save the file attached in the email to your PC.
Install HxD Hex Editor on your computer, from the "Step 4 - Gold Card" folder.
Run HxD Hex Editor. ("Run as Administrator" under Vista and Windows 7).
Go to the Extra menu and select Open Disk. Under physical disk, select Removable Disk (your microSD card), uncheck Open as Read only and click OK. Note that you should select physical disk NOT the logical disk. This is important!
Go to the Extra menu again and select Open Disk Image. Open the goldcard image that you received by email.
Press OK when prompted for Sector Size (selecting 512 (Hard disks/Floppy disks)) and click OK.
You should now have two tabs - one is your removable disk, the other is your goldcard image.
Click on the goldcard image tab. Go to the Edit menu, choose Select All then select the Edit menu again and select Copy.
Click on the Removable Disk tab. Highlight offset (line) 00000000 to offset (line) 00000170 (including the 00000170 line), then click on the Edit menu and select Paste Write.
Click on the File menu and select Save, accepting the warning.
Your Gold Card SD card is completed.
Or even easier use the attached application after getting the CID using GoldCard Helper from the Android Market
Have you tried with Gold Card ?
Create a Gold Card:
Install GoldCard Helper from the Android Market,
Run it and make note of the value listed after Card:mmc2, Reverse CID. It should be a long series of numbers and letters. (make sure to use mmc2, the default copy to clipboard copies mmc1 ..)
Visit this page (http://psas.revskills.de/?q=goldcard), enter the new copied number and create your goldcard image, which will be e-mailed to you.
Save the file attached in the email to your PC.
Install HxD Hex Editor on your computer, from the "Step 4 - Gold Card" folder.
Run HxD Hex Editor. ("Run as Administrator" under Vista and Windows 7).
Go to the Extra menu and select Open Disk. Under physical disk, select Removable Disk (your microSD card), uncheck Open as Read only and click OK. Note that you should select physical disk NOT the logical disk. This is important!
Go to the Extra menu again and select Open Disk Image. Open the goldcard image that you received by email.
Press OK when prompted for Sector Size (selecting 512 (Hard disks/Floppy disks)) and click OK.
You should now have two tabs - one is your removable disk, the other is your goldcard image.
Click on the goldcard image tab. Go to the Edit menu, choose Select All then select the Edit menu again and select Copy.
Click on the Removable Disk tab. Highlight offset (line) 00000000 to offset (line) 00000170 (including the 00000170 line), then click on the Edit menu and select Paste Write.
Click on the File menu and select Save, accepting the warning.
Your Gold Card SD card is completed.
Or even easier use the attached application after getting the CID using GoldCard Helper from the Android Market
--------------------------------------------------------------------------------
i did try it donst work thank alot
mehoob12 said:
Have you tried with Gold Card ?
i did try it donst work thank alot
Click to expand...
Click to collapse
Have you tried with the application i have attached ?
Have you tried with the application i have attached ?
yes try befor don't work i have glodcrad when i boughat this phone it was on it 2.50.402
and i have s-on
anyway thank for u help
mehoob12 said:
Have you tried with the application i have attached ?
yes try befor don't work i have glodcrad when i boughat this phone it was on it 2.50.402
and i have s-on
anyway thank for u help
Click to expand...
Click to collapse
I had downgraded 2 HD branded (with CID lock and S-ON) using a gold card made with the above attached application. I would think it should also work to allow you to downgrade a 2.50 HD Rom
Once you get the CID unlocked, you should be able to flash any Official HTC Rom and as such 1.32. Once you flash 1.32 just follow one guide in Dev threads to S-OFF
Steve0007 said:
Have you tried with Gold Card ?
Click to expand...
Click to collapse
A gold-card will allow you to install a RUU that is not specifically meant for your device but it won't allow you to install a version that is OLDER than the current version.
Gene Poole said:
A gold-card will allow you to install a RUU that is not specifically meant for your device but it won't allow you to install a version that is OLDER than the current version.
Click to expand...
Click to collapse
My gold card allow me to install 1.32 Rom on a 2.36 Rom on a branded, CID lock and S-ON HD devices. So it allows me to install a version that is OLDER
I would think it should also work to downgrade 2.50 Rom
I had downgraded 2 HD branded (with CID lock and S-ON) using a gold card made with the above attached application. I would think it should also work to allow you to downgrade a 2.50 HD Rom
Once you get the CID unlocked, you should be able to flash any Official HTC Rom and as such 1.32. Once you flash 1.32 just follow one guide in Dev threads to S-OFF
i did what you say corrictly what you do next thanks
Steve0007 said:
My gold card allow me to install 1.32 Rom on a 2.36 Rom on a branded, CID lock and S-ON HD devices. So it allows me to install a version that is OLDER
I would think it should also work to downgrade 2.50 Rom
Click to expand...
Click to collapse
Unfortunately this method only works for 2.37. For anything greater, it's impossible at the moment. Yes, even with a gold card. Thanks for your efforts though, hopefully we'll find a solution one day.
mehoob12 said:
I had downgraded 2 HD branded (with CID lock and S-ON) using a gold card made with the above attached application. I would think it should also work to allow you to downgrade a 2.50 HD Rom
Once you get the CID unlocked, you should be able to flash any Official HTC Rom and as such 1.32. Once you flash 1.32 just follow one guide in Dev threads to S-OFF
i did what you say corrictly what you do next thanks
Click to expand...
Click to collapse
Have you patched your SD card with the img you got and apply the patch using the application i just posted ?
If yes, just follow this thread or any other thread related to downgrade to 1.32: HERE
Or for me i just had to run the 1.32 RUU attached here, once downloaded, sync your HD with computer and run the RUU.exe file...and follow the guide
Hello as suggested by ''Sawdoctor" (scary name btw.) I post my original from XDA Assist right here.
Okay guys I know this title isn't the best. But I don't want you to delete me because it has been already made. Because I DON'T EVEN KNOW WHAT THE HECK THE PROBLEM IS.
Alright Phone : HTC One M9 (1,5 years old)
After downloading an app from google play ''Spy Camera OS 3 (SC-OS3)'' , I guess someone from you guys developed it. No idea. I don't even know if it was this app that caused it. BUT - after I downloaded it and used for a while other apps started crashing ( for example : Facebook, Instagram). So I thought oh wow. I reset my phone and it will fix everything( dummy me) . Ye I did restart it and ended up in this funny screen ( maybe you would call it BOOTLOADER ? no idea)
It says tho :
***Software status : Modified***
*** LOCKED ***
*** S-ON ***
*** SECURITY WARNING***
/*<VOL UP> to previous item <VOL DOWN> to next item<POWER> to select item */
REBOOT
REBOOT TO BOOTLOADER
BOOT TO DOWNLOAD MODE
BOOT TO RECOVERY MODE
POWER DOWN
I have only tried those that are green colored and ended up back there where I started. Any ideas ? I am rookie. I have never done a root on my phones. No idea how to do it. So explain to me like to a kid. Thanks a lot.
Unfortunately just after 10 posts I can add pics. Hope you can help without seeing what I see.
Either a failed root attempt or a borked nand. The app didn't cause it.
Beamed in by telepathy.
shivadow said:
Either a failed root attempt or a borked nand. The app didn't cause it.
Beamed in by telepathy.
Click to expand...
Click to collapse
Alright man, I am telling you I have never done root on my devices !! Because I know you can **** your phone up and I never wanted that.
I simply restarted phone. Turned on. This came up. Don't even know how to root.
I think (hopefully) the problem can be solved by re-flashing stock ROM. You just need to find correct RUU.zip file for your device. Rename this zip file as 0PJAIMG.zip and put zip file in your microSD card. Power off your phone. Put microSD card. Press and hold vol- and power button simultaneously (it will boot to download mode and try to install zip file in SD card). Let me know the result
oscar_ferreiro said:
I think (hopefully) the problem can be solved by re-flashing stock ROM. You just need to find correct RUU.zip file for your device. Rename this zip file as 0PJAIMG.zip and put zip file in your microSD card. Power off your phone. Put microSD card. Press and hold vol- and power button simultaneously (it will boot to download mode and try to install zip file in SD card). Let me know the result
Click to expand...
Click to collapse
Hello, great suggestion. I am going to try it. One more question to it. Do I place it in specific folder in SD card so the phones reads the .zip file first ??
Let's try this ! Hopefully it works.
Btw. is there a difference restoring it from RUU.zip file and RUU.exe file ??
EDIT: Well I just realized, I don't have any USB connector for SD cards nor available android phone to put the file via that (only iPhones at home right now) . I am going to try it tommorow and hopefull it works.
YoYiXxX said:
Hello, great suggestion. I am going to try it. One more question to it. Do I place it in specific folder in SD card so the phones reads the .zip file first ??
Let's try this ! Hopefully it works.
Btw. is there a difference restoring it from RUU.zip file and RUU.exe file ??
Click to expand...
Click to collapse
Well, place it on root folder. And better to have empty SD card. So there will be only that file
About second question, I think there is no difference. Have not found proper RUU.exe for mine, so have not experienced restoring from it
oscar_ferreiro said:
Well, place it on root folder. And better to have empty SD card. So there will be only that file
About second question, I think there is no difference. Have not found proper RUU.exe for mine, so have not experienced restoring from it
Click to expand...
Click to collapse
Last question what exactly am I looking for in .ZIP file ? When my release date was Dec 17 2015, 0:40:10, can I use another ? With the same OS ( 3.35.161.12) and RADIO(01.01_U11440792_96.00.51201G_F) info, which I think is more important. I don't know what exactly has to be the same in the RUU file and what can difffer and is not that important. Thanks in advance
YoYiXxX said:
Last question what exactly am I looking for in .exe file ? When my release date was Dec 17 2015, 0:40:10, can I use another ? With the same OS ( 3.35.161.12) and RADIO(01.01_U11440792_96.00.51201G_F) info, which I think is more important. I don't know what exactly has to be the same in the RUU file and what can difffer and is not that important. Thanks in advance
Click to expand...
Click to collapse
In order to succeed, you should chose by following criteria:
- RUU software version equal or higher than what's on the phone (as it is S-On in your condition)
- MID should match
- CID should match
- HTC Syncmanager (for drivers if you are going to use exe file)
- Some other miscellaneous things that are most of PC already have pre-installed (again for exe file)
oscar_ferreiro said:
In order to succeed, you should chose by following criteria:
- RUU software version equal or higher than what's on the phone (as it is S-On in your condition)
- MID should match
- CID should match
- HTC Syncmanager (for drivers if you are going to use exe file)
- Some other miscellaneous things that are most of PC already have pre-installed (again for exe file)
Click to expand...
Click to collapse
my phone says following :
***LOCKED***
htc_himauhl PVT S-ON
LK-1.0.0.0000
RADIO-01.01_U11440792_96.00.51201G_F
OpenDSP-15.6.1.00522.8994_1026
OS-3.35.161.12
Dec 17 2015, 00:40:10(671447)
The matching file I downloaded says :
0PJAIMG_HIMA_UHL_M60_SENSE70_MR_Vodafone_UK_3.35.161.12_Radio_01.01_U11440792_96.00.51201G_F_release_464298_signed.zip
Cyan colored I see matches. Only release date, UK( I have the phone from Germany Vodafone) don't match. M60 I don't really understand, what that stands for.
IT WORKED
Big thanks to user : oscar_ferreiro
Your suggestion worked. I am back in my phone. You're boss. Hopefully it won't stop working in following days.
Thanks a lot. Have a nice day. XDA forever.
-YoYiXxX
Very glad that could help you. Please don't forget to hit the "Thanks!" button under my post. Good luck and hope your phone will last long
YoYiXxX said:
Alright man, I am telling you I have never done root on my devices !! Because I know you can **** your phone up and I never wanted that.
I simply restarted phone. Turned on. This came up. Don't even know how to root.
Click to expand...
Click to collapse
Then it's a borked nand. Before you flash anything blindly I suggest you spend a day or two reading about possible errors you may encounter and how to resolve them.
Good luck!.
Beamed in by telepathy.
F*ck this...
Alright listen, here we are 4 days later ... again out of nowhere !! my phone started crashing every single app.. EVERY single app, no app would work for me... I knew that if I do turn off my phone the same screen pops up with that ''Reboot'' stuff.. so I did turn the phone off ( IT DID VIBRATE BEFORE THE SCREEN COMPLETELY WENT OFF, if that's a trigger to someone) and the ''Reboot' white screen popped up as expected. WHAT THE F*CK ANDROID. I HAVE NEVER EXPERIENCED SOMETHING LIKE THIS.
I don't know what kind of virus can that be or whatever. I know that if I use the file I used before to reload the Stock ROM it will somehow work, but as you can see only for couple days. I didn't do anything to cause it in terms of trying to root my phone. Trust me.
Anyone willing to help ?
shivadow said:
Then it's a borked nand. Before you flash anything blindly I suggest you spend a day or two reading about possible errors you may encounter and how to resolve them.
Good luck!.
Beamed in by telepathy.
Click to expand...
Click to collapse
Yes I will do the research. Thought you just threw nonsense words with that ''borked nand".