Develop Bugs

[Q] Any chance of fixing USB Brick w/o root ?

Well I USB bricked my Desire last night.
To make things worse I was only able to apply the SD Card workaround via fastboot.
After flashing the update.zip from the modaco fix I instantly went back to the stock rom using the fastboot RUU process, without actually checking if it solved all the problems...
I know I had it coming...
Before I ship the phone out for repairs - maybe someone here knows if there is a chance to unbrick without root (nor having HBOOT version that allows to use any other method of rooting other than Unrevoked)
Code:
HBOOT 0.93
European 2.10.405 OTA
Thanks in advance

a more detailed description would help:
does your phone boot?
do you have running clockworkmod recovery?
did you do a nandroid backup before touching the system?
what modaco fix? give a link.
did you use unrevoked? thats the default root tool nowadays.
can you go to hboot/fastboot when pressing vol down while pressing power on?

Use a goldcard, it will enable you to put an unrooted Rom there. It's always a good reset option.
Sent from my HTC Desire using XDA App

mad-murdock said:
a more detailed description would help:
does your phone boot?
do you have running clockworkmod recovery?
did you do a nandroid backup before touching the system?
what modaco fix? give a link.
did you use unrevoked? thats the default root tool nowadays.
can you go to hboot/fastboot when pressing vol down while pressing power on?
Click to expand...
Click to collapse
Hi,
- the phone boots ok - It has most of the symptoms from All you need to know about USB-Bricks thread, the SD card started to work after issuing:
Code:
fastboot oem enableqxdm 0
This is the output from the fastboot oem boot command
Code:
$ fastboot-mac oem boot
... INFOsetup_tag addr=0xA0000100 cmdline add=0x8E07F9F0
INFOTAG:Ramdisk OK
INFOTAG:smi ok, size = 0
INFOTAG:hwid 0x0
INFOTAG:skuid 0x21F04
INFOTAG:hero panel = 0x0
INFOTAG:engineerid = 0x0
INFOMCP dual-die
INFOMCP dual-die
INFOTAG:mono-die = 0x0
INFODevice CID is not super CID
INFOCID is HTC__032
INFOsetting->cid::HTC__032
INFOserial number: HT057PL01634
INFOcommandline from head: no_console_suspend=1
INFOcommand line length =430
INFOactive commandline: board_bravo.disable_uart3=1 board_bravo.
INFOusb_h2w_sw=1 board_bravo.disable_sdcard=0 diag.enabled=0 boa
INFOrd_bravo.debug_uart=0 smisize=0 userdata_sel=0 androidboot.e
INFOmmc=false androidboot.baseband=5.09.05.30_2 androidboot.cid
INFO=HTC__032 androidboot.carrier=HTC-EastEurope androidboot.mid
INFO=PB9920000 androidboot.keycaps=qwerty androidboot.mode=norma
INFOl androidboot.serialno=HT057PL01634 androidboot.bootloader=0
INFO.93.0001 no_console_suspend=1
INFOaARM_Partion[0].name=misc
INFOaARM_Partion[1].name=recovery
INFOaARM_Partion[2].name=boot
INFOaARM_Partion[3].name=system
INFOaARM_Partion[4].name=cache
INFOaARM_Partion[5].name=userdata
INFOpartition number=6
INFOValid partition num=6
INFOmpu_nand_acpu_rw A1E 1000
INFOjump_to_kernel: machine_id(2457), tags_addr(0x20000100), ker
INFOnel_addr(0x20008000)
INFO-------------------hboot boot time:697447 msec
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
- Sadly, I made a complete reflash using
Code:
fastboot rebootRUU;
fastboot flash zip rom.zip
... so no Clockwork recovery anymore
- Yes I have a nandroid backup but no means to put it back on the phone - the nandroid backup contains exactly the same rom I have now - just rooted
- As for the modaco fix I'm a new user I can't post external links, but it's the first link in this thread
- I did use the lastest Unrevoked3 (3.21) to root the phone
- I can use hboot / fastboot without problems but it's the stock 0.93.001 S-ON version.
Thanks

geejayoh said:
Use a goldcard, it will enable you to put an unrooted Rom there. It's always a good reset option.
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
I have an unbranded Desire so no need to use a GoldCard if I'm not mistaken.
Anyway if memory serves me right using the GoldCard / HBOOT / PB99IMG flashing, won't allow me neither to downgrade, nor to flash an unsigned rom.
An unsigned rooted rom or HBOOT downgraded do 0.80 could help me fix my problem - but with HBOOT 0.93 - dowgrading doesn't seem to be an option. I get a "Main Version Older" error when trying to downgrade, and flashing an unsigned rom is a no-no for all stock bootloaders as far as I know (I tried both HBOOT and recovery, both as expected fail at signature verification).
But thanks anyway

Whats the exact problem now? You restored rom.zip via ruu. So you got a stock firmware with stock hboot and stock recovery which can be unrevoked again?
Seams i am missing a detail ^^
Sent from my HTC Desire using Tapatalk

mad-murdock said:
Whats the exact problem now? You restored rom.zip via ruu. So you got a stock firmware with stock hboot and stock recovery which can be unrevoked again?
Seams i am missing a detail ^^
Sent from my HTC Desire using Tapatalk
Click to expand...
Click to collapse
It seems to me you're missing the main issue not a detail
The main issue being a condition called "USB Brick" (well that's only half the truth, most of the main issue is me acting without thinking )
Please read the info thread on USB Bricks here, since you have a HTC Desire - it concerns you too. Good idea to backup the MISC partition if you plan to flash the phone again
Anyyyyway - as for my case:
I screwed up, flashed the stock firmware BEFORE checking if the applied USB brick fix solved my problems. So it's true I have stock firmware, stock hboot, stock recovery - but I also have no way to connect the phone to a computer via USB - because the flashing process updates the following partitions: system, recovery, boot but not the misc partition which is now corrupt, and its corruption is the cause of the USB brick...
USB Brick = no usb connection at all while booted to the Android OS
No usb connection = no usb debug mode
no usb debug mode = no unrevoked
The usb still works from HBOOT / FASTBOOT, so If you know of a way to start Unrevoked while the phone is in HBOOT / FASTBOOT - please enlighten me, because I couldn't do It.
Unrevoked only recognized the phone while it was in USB Debug mode, which it cannot enter now because of the USB Brick. When I connect the phone while in Fastboot USB mode or HBOOT USB mode Unrevoked just states "Waiting for device".
I don't think I am able to put this in any clearer way
Thanks

Ouch. Now i see. Didnt understand you at the start. Well, i had an usb brick myself after wiping the system. At least i had a modded hboot and recovery.
Now to your problem. Wierd situation, really. But if i remember right, flashing one of the ruu.Exe files should also fix misc. Then you have stock firmware with usb working. Cant link here in tapatalk, but those ruu file are a sticky in desire dev forum... tell me, if it worked...
Sent from my HTC Desire using Tapatalk

Solved!
I was able to successfully unbrick the phone
It wouldn't be possible without rageagainstthecage, All the people writing the tutorials on USB unbricking, QuickSSHd and the Terminal Emulator app. Thanks to the authors.
I'll try to sum things up for anyone interested:
The problem
Because of acting without thinking I ended up with a stock unrooted rom and a partial USB brick. To make things worse I accepted the OTA update, installing the oh so loved HBOOT 0.93.100 S-ON.
The Solution
After some reading about rageagainstthecage, PoC code on which the Unrevoked rooting solution is based I tried to run the exploit directly on the phone.
Without having access to adb I wasn't able to find a place to put the executable, as the /data/ directory is writable only by the system user and the system group, and most tutorials suggest to place the exploit somewhere inside that directory. But all the tutorials I found mentioned using adb push to put the file on the phone, which probably operates on the phone as system:system as it is capable of writing to the /data dir. I wasn't able to write there as I had the id of the Terminal Application
Since apps storing data seem to store er... data in /data/data I had a little breakthru. Becaue I couldn't find a free telnet solution I purchased the QuickSSHd from Android Market.
This allowed me to have write access to /data/data/<package_name>/home where I created a world readable (755) directory. I scp'd the rageagaintthecage, modified misc partition image and flash_image binary to the phones filesystem, and made them executable. I could've used the Terminal Apps <data dir>/shared_prefs directory (which would be a $$$ free solution, as the ssh was not free, but not expensive either) but I'm lazy and doing stuff from a PC keyboard is easier than from a touch keyboard.
Running the exploit and flash_image from inside a ssh session seemed like a good idea but the sshd died after running the exploit, and didn't want to start untill the phone was rebooted. So next time I just started the sshd and done the rest of the stuff from a Terminal Emulator (After preparing scripts for ease of execution, and dropboxing the paths for copy paste ). After running the exploit the Terminal Emulator app stopted working correctly (as expected) but after force closing it and running it again I was greeted with a # prompt
I flashed the misc partition with an image modified with my phones CID, rebooted and voila! USB brick gone
Now I just have to beat one thing into my empty head (in the manner of "stop, drop, and roll" firedrill mantra). STOP, READ and THINK - before flashing
g'night

mad-murdock said:
Ouch. Now i see. Didnt understand you at the start. Well, i had an usb brick myself after wiping the system. At least i had a modded hboot and recovery.
Now to your problem. Wierd situation, really. But if i remember right, flashing one of the ruu.Exe files should also fix misc. Then you have stock firmware with usb working. Cant link here in tapatalk, but those ruu file are a sticky in desire dev forum... tell me, if it worked...
Sent from my HTC Desire using Tapatalk
Click to expand...
Click to collapse
Hi,
Just fyi because I was able to resolve my problem in the meantime.
Because I was foolish enough to install the OTA upgrade before it occured to me that the USB is not working, installing any RRU either in the official way (by running the exe) or by extracting the rom.zip from inside of the exe didn't work. The latest RRU was older then the firmware with OTA upgrade on my phone, and it didn't seem to allow me to downgrade.
ZIP way = Main Version Older error
EXE way = You have to install the correct firmware version or some other bla bla bla
Anyway I took a look inside the rom.zip extracted from the RRU.exe - there are img files of every partition, radio and hboot but no misc.
But thanks again anyway

How did you solve your tricky situation then?
Sent from my HTC Desire using Tapatalk

quanchi said:
I was able to successfully unbrick the phone
It wouldn't be possible without rageagainstthecage, All the people writing the tutorials on USB unbricking, QuickSSHd and the Terminal Emulator app. Thanks to the authors.
I'll try to sum things up for anyone interested:
The problem
Because of acting without thinking I ended up with a stock unrooted rom and a partial USB brick. To make things worse I accepted the OTA update, installing the oh so loved HBOOT 0.93.100 S-ON.
The Solution
After some reading about rageagainstthecage, PoC code on which the Unrevoked rooting solution is based I tried to run the exploit directly on the phone.
Without having access to adb I wasn't able to find a place to put the executable, as the /data/ directory is writable only by the system user and the system group, and most tutorials suggest to place the exploit somewhere inside that directory. But all the tutorials I found mentioned using adb push to put the file on the phone, which probably operates on the phone as system:system as it is capable of writing to the /data dir. I wasn't able to write there as I had the id of the Terminal Application
Since apps storing data seem to store er... data in /data/data I had a little breakthru. Becaue I couldn't find a free telnet solution I purchased the QuickSSHd from Android Market.
This allowed me to have write access to /data/data/<package_name>/home where I created a world readable (755) directory. I scp'd the rageagaintthecage, modified misc partition image and flash_image binary to the phones filesystem, and made them executable. I could've used the Terminal Apps <data dir>/shared_prefs directory (which would be a $$$ free solution, as the ssh was not free, but not expensive either) but I'm lazy and doing stuff from a PC keyboard is easier than from a touch keyboard.
Running the exploit and flash_image from inside a ssh session seemed like a good idea but the sshd died after running the exploit, and didn't want to start untill the phone was rebooted. So next time I just started the sshd and done the rest of the stuff from a Terminal Emulator (After preparing scripts for ease of execution, and dropboxing the paths for copy paste ). After running the exploit the Terminal Emulator app stopted working correctly (as expected) but after force closing it and running it again I was greeted with a # prompt
I flashed the misc partition with an image modified with my phones CID, rebooted and voila! USB brick gone
Now I just have to beat one thing into my empty head (in the manner of "stop, drop, and roll" firedrill mantra). STOP, READ and THINK - before flashing
g'night
Click to expand...
Click to collapse
Any chance of adding some links or actual information?
I've got exactly the same problem and you seem to have the solution.
Any chance of sharing?

Usb Brick !? This is an OLD thing I have this some Months ago. Never heard of someone who got it again! YOU did something wrong ;-)

Sure, he did something wrong.I managed this, too, when playing with a partition tool not designed for my system. Misc partition damaged, so a nice usb brick...
About the requested links : just use forum search for usb brick. First hit is your sticky solution
Sent from my S-OFF'd brain using teh internetz

CyberTech71 said:
Any chance of adding some links or actual information?
I've got exactly the same problem and you seem to have the solution.
Any chance of sharing?
Click to expand...
Click to collapse
I couldn't post external links, forum limitation for new users... Now I see I can so:
This is a specific situation - usb brick and totally stock rom, recovery and hboot. It's not required for people who have a modified recovery and a rooted rom. It's easy like 1-2-3.
Before doing anything else enable the Debug Mode in the Applications / Dev menu
1. Download the rageagainstthecage exploit from the authors site:
http://c-skills.blogspot.com/2010/08/please-hold-line.html
2. Download the flash_image and misc (mtd0.img) partition image from this thread.
http://forum.xda-developers.com/showthread.php?t=691639&highlight=usb+brick
Modify the mtd0.img according to your phones CID (how to get the CID also explained in the thread)
2. Download Android Terminal Emulator from the Market
3. Copy the exploit binary (rageagainstthecage-arm5.bin), the flash_image and modifed mtd0.img to the sdcard via an external card reader
4. Start the Terminal
5. Copy the files to the Terminal app data directory (the only place on the data partition you will have write access while running the Terminal), and make the binaries executable
Code:
cat /sdcard/rageagainstthecage-arm5.bin > /data/data/jackpal.androidterm/shared_prefs/rageagainstthecage-arm5.bin
cat /sdcard/flash_image > /data/data/jackpal.androidterm/shared_prefs/flash_image
cat /sdcard/mtd0.img > /data/data/jackpal.androidterm/shared_prefs/mtd0.img
cd /data/data/jackpal.androidterm/shared_prefs/
chmod 755 rageagainstthecage-arm5.bin flash_image
6. Run the exploit
Code:
/data/data/jackpal.androidterm/shared_prefs/rageagainstthecage-arm5.bin
After the exploit exits/finishes there should be a short system freeze, followed by inablity to issue any command from the terminal (don't worry). Exit the Terminal by long pressing HOME and force close the Terminal app from the Application Manager
7. Start the terminal again, a root prompt should be visible
8. Flash the misc partition
Code:
cd /data/data/jackpal.androidterm/shared_prefs
./flash_image misc mtd0.img
9. Reboot
Done and done
Enjoy
PS. I suck at writing tutorials, but if the details are still hazy for you after reading this - better to service the phone, because you might end up bricking the device totally - cheers

quanchi said:
I was able to successfully unbrick the phone
It wouldn't be possible without rageagainstthecage, All the people writing the tutorials on USB unbricking, QuickSSHd and the Terminal Emulator app. Thanks to the authors.
I'll try to sum things up for anyone interested:
The problem
Because of acting without thinking I ended up with a stock unrooted rom and a partial USB brick. To make things worse I accepted the OTA update, installing the oh so loved HBOOT 0.93.100 S-ON.
The Solution
After some reading about rageagainstthecage, PoC code on which the Unrevoked rooting solution is based I tried to run the exploit directly on the phone.
Without having access to adb I wasn't able to find a place to put the executable, as the /data/ directory is writable only by the system user and the system group, and most tutorials suggest to place the exploit somewhere inside that directory. But all the tutorials I found mentioned using adb push to put the file on the phone, which probably operates on the phone as system:system as it is capable of writing to the /data dir. I wasn't able to write there as I had the id of the Terminal Application
Since apps storing data seem to store er... data in /data/data I had a little breakthru. Becaue I couldn't find a free telnet solution I purchased the QuickSSHd from Android Market.
This allowed me to have write access to /data/data/<package_name>/home where I created a world readable (755) directory. I scp'd the rageagaintthecage, modified misc partition image and flash_image binary to the phones filesystem, and made them executable. I could've used the Terminal Apps <data dir>/shared_prefs directory (which would be a $$$ free solution, as the ssh was not free, but not expensive either) but I'm lazy and doing stuff from a PC keyboard is easier than from a touch keyboard.
Running the exploit and flash_image from inside a ssh session seemed like a good idea but the sshd died after running the exploit, and didn't want to start untill the phone was rebooted. So next time I just started the sshd and done the rest of the stuff from a Terminal Emulator (After preparing scripts for ease of execution, and dropboxing the paths for copy paste ). After running the exploit the Terminal Emulator app stopted working correctly (as expected) but after force closing it and running it again I was greeted with a # prompt
I flashed the misc partition with an image modified with my phones CID, rebooted and voila! USB brick gone
Now I just have to beat one thing into my empty head (in the manner of "stop, drop, and roll" firedrill mantra). STOP, READ and THINK - before flashing
g'night
Click to expand...
Click to collapse
Hello
in you problem with USB bricks for unrooted HTC desire
I have the seam problem
please explain it to me
I copy the flash_image and mtd0.img to
\data\data in my device I only need to flash them to restore my device
when I try this command in terminal Eliminator
/data/data/flash_image misc /data/data/mtd0.img
It show me
error writing misc permission denied
help me please

I can't believe it, mate, finally this tutorial solved my usb (and bluetooth, and fm radio, and...) problem!!!!!
My Desire is unrooted, I've tried so many solution in the last 3 months but they all were useless.
I was starting to pack my phone for sending it to HTC Service when... tataaaa, I found your topic. Is on your if my wonderful Android powered phone got back fully functional.
Really, thank you for sharing your solution with us.
===========;-D
Francalberto

francalberto said:
I can't believe it, mate, finally this tutorial solved my usb (and bluetooth, and fm radio, and...) problem!!!!!
My Desire is unrooted, I've tried so many solution in the last 3 months but they all were useless.
I was starting to pack my phone for sending it to HTC Service when... tataaaa, I found your topic. Is on your if my wonderful Android powered phone got back fully functional.
Really, thank you for sharing your solution with us.
===========;-D
Francalberto
Click to expand...
Click to collapse
Good for you
All the credit goes to the people responsible for the tools used, I just put some things together.
Cheers

thank you very much
I really appreciate you effort you helped me so much
you are a brilliant man
thank you

Flashb, is your problem solved now?
Swyped with my S-OFF'd brain using teh internetz

[Guide] Subsidy Unlock, SuperCID, and Radio S-OFF

Update 12-29-10: Due to problems reported with v03, we now link to v02.
Update 12-23-10: A new version of gfree, v02, has just been released by Guhl. Links have been updated to the new version, which allows you to set Sim Unlock, CID, and Radio S-ON/OFF independently. If you have previously run gfree, you will receive no additional benefit from running gfree v2, unless you want to change one of the settings.
Notice: gfree is known not to work for radio firmwares with higher versions then 26.03.02.xx -- the reason for this is that HTC patched the hole that allowed scotty2 to power cycle the emmc chip to drop its write protection. So if you installed a radio version with a higher version number, downgrade the radio firmware before using gfree.
Guhl also released gfree_verify, which allows you to verify your phone's settings (regardless of which gfree you used). See the wiki for more on that.
The wiki is usually up to date on the latest of everything, so be sure to check it frequently.
---------------
scotty2 delivers again!
His "gfree" program should do the following for your g2, dz, or dhd:
* Radio S-OFF -- the real deal. This means the g2 will permit permanent root.
* Subsidy Unlock -- AKA "Sim Unlock" AKA "Network Unlock" AKA "Use a foreign SIM Card"
* SuperCID - enables the flashing of any carrier's firmware for the phone.
If you don't know what this means or why you might want it, check the wiki.
INSTRUCTIONS:
NOTE: If you have NOT permarooted your phone previously with the HBOOT/wpthis method, doing so using the new "gfree" method should have the added effect of sim-unlocking the phone, setting superCID and turning Radio S-OFF. In fact, it's the new method for permarooting for G2/DZ and DHD. So if you haven't yet permarooted, look at those instructions.
Again, the instructions below are for people only who have already previously "permarooted" through the earlier hacked-HBOOT method. See the wiki if you are starting from scratch with a new G2/DZ/DHD and have not yet done anything "root-ish".
WARNING: Be aware that by following these instructions you are messing with your phone with potential for screwing things up. Do so at your own risk. The many authors of this guide assume no responsibility for any damage to your phone, health, general well-being, or anything else untoward with respect to these instructions or you following them.
gfree uses a dynamic in-memory patch of the kernel to remove the kernel's write protection of the radio partition.
So, for those of you who have permarooted the old HBOOT way and put on new kernels --The following kernel versions that are known NOT to work yet with gfree. If you have one of the following kernel versions on your phone install a different (stock, OTA or cyanogen) kernel before starting this procedure:
| pershoots 11/30 build
| pershoot's 2.6.32.26 – OC-UV-NEON_FP (1.516GHZ) – G2 - 12/3
| Cyanogen Kernel / release 6.1.1
| 2.6.32.26-cm-virtuous-v1.0 [email protected]#1
Other newer kernels may also not work with gfree. So if you experience problems with this procedure (either the phone reboots during the process or the procedure completes correctly but the verify still shows that the phone is locked) then you may think about downgrading the kernel to an original stock kernel or even better to this kernel.
Okay. So we're assuming you've permarooted already and usb debugging is on (Applications > Development, then enable USB debugging). You'll also need about 5MB free on your sdcard.
You might want to back up your phone with nandroid on the Clockwork recovery image first, just in case.
Note: If you hanker to do it the longer, manual, harder, and more dangerous way, or are just curious what gfree does, see the wiki history for the old instructions.
No? Then let's begin.
==== 1. Download gfree and verify sdcard is not mounted by your computer ====
You will need to download a program called gfree (v02) that will first copy partition 7 of the phone, then patch it, then reflash back to your phone. (verified to work with the g2 and desire z as well as the desire hd). (You will also need adb, which you can download as part of the Android SDK.)
Unzip gfree_02.zip to your computer.
Make sure your computer is not mounting your phone's sdcard.
==== 2. Run gfree on the phone ====
On your computer's terminal/command line, navigate to where the gfree file is, and then...
Code:
adb push gfree /data/local
adb shell
This copies gfree to your phone, then puts you in your phone's terminal. Then do this:
Code:
su
cd /data/local
chmod 777 gfree
./gfree -f
sync
Wait a few moments for the sync to "take". Then reboot your phone. That's it!
gfree created a backup of your original partition 7 at /sdcard/part7backup-<time>.bin you might consider copying this to a safe location on your computer.
Now you can try using a new SIM card to verifiy that it worked. Also, if you had to flash a different kernel before running gfree, you may now reflash the kernel you originally had.
Thanks to the gang at #g2root, including IntuitiveNipple, scotty2, tmzt, rhcp, ciwrl, and guhl... among many others.
Wiki: How to enable Radio S-OFF, SuperCID, and SIM-unlock (with some informational background)
File: gfree_02.zip
File: gfree_verify_v01.zip
Feel free to use the "Thanks" button below. Also, Scotty2's paypal email is walker.scott AT gmail.com if you want to make a contribution.
Finally, Americans might consider making a donation to the Electronic Frontier Foundation who fight to defend your legal right to root or unlock your own phone when the carriers and phone manufacturers may lobby or otherwise try to stop you. The EFF can always use your tax-deductible support.

Hey thanks for posting this!
So I guess this is like perm-perm-root.
Giving it a shot now.
Sent from my HTC Vision using XDA App

thenefield said:
Hey thanks for posting this!
So I guess this is like perm-perm-root.
Giving it a shot now.
Sent from my HTC Vision using XDA App
Click to expand...
Click to collapse
Yeah it's sim-unlock too. Which is nice.

Nice thanks going to try it to.
Sent from my HTC Vision using Tapatalk

shouldnt one image work for every phone

Word up scotty2. You the man.
EDIT: And you too fattire for writing up what no one else wants to

thatruth132 said:
shouldnt one image work for every phone
Click to expand...
Click to collapse
No. If it did, then this would be a lot easier, huh?

I cant wait until some juicy stuff comes out of this.

Now, what does this mean
"make everything better."

This is freaking awesome.

andrewklau said:
Now, what does this mean
"make everything better."
Click to expand...
Click to collapse
You know.... everything.

...
I just bricked my phone LMAO!!!
I did the perm root that was easy... this jeez... followed the [Guide] How to recover your semi-brick (OMFG Thank you guys over there!) BUT I'm back... I literally almost **** my pants. Well... Gonna try this again maybe after finals LOL

Question though (going to try it later tonight LOL =P) the guide says I need a "custom cyanogenmod based kernel and provides the boot image that contains it.. I am using the nightlies do they contain that same function or no? also when I did flash that boot image and ran "insmod /sdcard/wpthis-cyanogen.ko" it said error function not implemented? Anyone not run into this issue? or have any ideas?

nycjv321 said:
Question though (going to try it later tonight LOL =P) the guide says I need a "custom cyanogenmod based kernel and provides the boot image that contains it.. I am using the nightlies do they contain that same function or no?
Click to expand...
Click to collapse
Nope.
nycjv321 said:
also when I did flash that boot image and ran "insmod /sdcard/wpthis-cyanogen.ko" it said error function not implemented? Anyone not run into this issue? or have any ideas?
Click to expand...
Click to collapse
"Error function not implemented" means it worked.

well this time it didn't brick... I think I got it time to verify it

Ok I ran it all again and worked but when I was verifying it I got all the supposed feedback except at "echo -e 'AT$QCPWRDN\r' > /dev/smd0" I got AT$QCPWRDN and then +CME Error: 0.... (No OK as said in the guide? ) and then it rebooted? what didn't work?

Got it to work!
SuperCID, Radio S-OFF, Subsidy Unlock is a reality!
Thanks to scotty2.
Thanks also to guhl (guhl99).
Read my post for more details: http://forum.xda-developers.com/showpost.php?p=9495073&postcount=363
Thread: http://forum.xda-developers.com/showthread.php?p=9495073#post9495073

This may be a stupid question but doesn't 0 also equate to no error? (In my older post) (Its just not stated in the guide, I don't want to overlook something which is why I asked ) You guys are AWESOME!!!

nycjv321 said:
This may be a stupid question but doesn't 0 also equate to no error? (In my older post) (Its just not stated in the guide, I don't want to overlook something which is why I asked ) You guys are AWESOME!!!
Click to expand...
Click to collapse
After entering the following into ADB Shell command prompt:
# echo -e 'AT$QCPWRDN\r' > /dev/smd0
The reply I got was a bunch of numbers (which filled the screen and wrapped to a new line) from what I can recall and then the phone rebooted. I didn't save the command window so I don't have the full details.
When the phone re-booted, I get signal from the local Thailand carrier AIS using a pre-paid SIM card.
The first time I went through the process I made a mistake setting the following using the Hex Editor:
"...set the 4 bytes at 0x807fc to 49 53 F4 7D"
The second time around I figured out what the "c" in "0x807fc" meant in terms of location on the Hex Editor. That was it.

:O i cant believe how awesome scotty2 is...

[Q] Obscure problem with rooting

Hi everyone
The following summarises my quest to root my recently acquired HTC Desire/Bravo:
Key info:
Android 2.2
HBOOT 0.93
Build 2.12.110.4 CL274424 release-keys
Radio 32.49.00.32U_5.11.05.27
Kernel 2.6.32.15-gd96f2c0 - [email protected] #1
SIM Unlocked
T-Mobile branded
UK
I first try using Unrevoked. After a promising start, I get the 'Validation error: backup CID missing' message, for which I can find no solution for on the internet. I tried using a different computer booting a clean Slax image, wiping the phone, and using four different versions (3.32, 3.31, 3.21, 3.14) to no avail.
Next I try using the GoldCard method. I find a suitable memory card, and get cracking using this method: http://theunlockr.com/2010/03/10/how-to-create-a-goldcard/
I manage to get my CID: 0353445355303147804029a554007c08
However, it turns out that the website used to generate the goldcard boot sector is not working ('Page not found'). It appears to have been working until only recently.
No matter, I found a standalone solution here: http://www.mygsmforum.com/f15/all-htc-goldcard-generator-perl-script-free-standalone-unlimited-7255/
I grabbed the file, and I managed to get it working by compiling both of the perl modules it needs. I typed in the command:
perl ./goldcardgenerator.pl -d sd80.img -p magic=xxx -p cardid=0080c700455a9204087413035535443530
You might notice I haven't specified the security level or the key set, but I can assure you that not a byte of the output file changes when I use the defaults specified in the readme.
So I have a convincing looking header. I do as the instructions say and copy the first 0x170 bytes to the beginning of the card. It reads and writes to the FAT32 partition fine, so I assume the card's good. So I copy over a rom I got here: http://forum.xda-developers.com/showthread.php?t=741775
Rename it update.zip and boot into recovery. I try to flash, and I get the 'E:Signature verification failed' error, so obviously the goldcard's not working.
My contention is that when I made the image, I missed one or more vital parameters, keys, seclevel, cid etc. However I really have no idea where to start looking for them, since they're so obscure.
Help with anything to do with this (Including getting Unrevoked to work) would be much appreciated! Honestly, I've spent the entire day trying to get this to work.
Thanks,
Hamish Milne

screw unrevoked.
Go to www.revolutionary.io and follow the instructions
Go to my guide and flash recovery
Backup your ROM, and then push superuser with adb.
Done. Rooted.
All resources you need are there. Tutorials, links etc.

Yep, unrEVOked is obsolete. This should be mentioned in sticky thread.

Truly excellent! Thank you!
Flashed the Clockwork mod, and replaced the bootloader without breaking the OS.
However, I still don't have root. I know I could flash the ROM, but I'd rather not wipe my data again. How exactly would I go about 'flashing superuser with adb'? (I have the adb installed btw)
EDIT: Wait, found it

actually, i had hboot 1.06 on my stock cdma desire, and i had to use revolutionary's tool before running unrevoked. i tried 3 different desires with unrevoked before i discovered revolutionary, and after it unrevoked did its job just fine.

Keylayout woes after replacing dead French DZ mainboard with one from an American G2

Hello all
I've owned a DZ for 2 years now And like it so wanted some spare parts...
So I purchased 2 partially broken T-Mobile G2's this summer off ebay:
* G2_1 one with cracked digitizer (all else operational)
* G2_2 one with dead LCD (all else operational)
As soon as I got them I took them apart and transformed
G2_1+G2_2 --> G2_OK + G2_PARTS (cracked digitizer+dead LCD+rest ok as spare parts)
G2_OK has been the ROM test phone while DZ has remained my everyday phone
Well in the past 3 weeks my DZ has grown old:
* vibrator went dead so I remplaced it by switching it from that of G2_PARTS --> worked great !!!
* mainboard went dead (basicaly it only works after leaving the phone in the freezer - until it heats up and shuts off and won't boot [fortunately worked long enough to do a nandroid backup]) so I switched it with htat of G2_PARTS
So now I have a Hybrid: a French DZ with an American T-Mobile G2 mainboard...
Everything works just fine except the physical keyboard which behaves in a very weird way !!! It is neither qwerty nor azerty, what ever key layout I pick some keys are off. FN key registers properly in KeyEvent Display but is unusable (i.e. FN+R nevers gives me a 4, I get nothing)...
Using KeyEvent display it seems that keys having the same geographic position (but labels differ) on the french keyboard and american keyboard generate the same scancodes (seems logical as the mainboards are the same) layouts are not working on top on the DZ...
So I'm gessing the scancodes changed on the DZ with the mainboard change.
Finally some keys have the same labels such as ", ;" (on the left of spacebar) have the same scancodes but not the same keykodes. On the hybrid DZ_G2 it is seen as SEMI_COLON wihc is wrong it should be COMMA as on the G2.
I'm trying to see If I can alter the kl and kcm files to work around my issue, but any guidance would be greatly appreciated.
Regards

This is probably wrong forum, but you should change your phone's CID to a French one.
It's stored in mmcblk0p17, and changing it instafixes all the keyboard issues.
@Mods: please move this thread to a General section.

NeverGone\RU said:
This is probably wrong forum, but you should change your phone's CID to a French one.
It's stored in mmcblk0p17, and changing it instafixes all the keyboard issues.
Click to expand...
Click to collapse
Thanks that worked !
I had to modify partition17 but also partition7
using dd and a hex editopr changing partition7 worked.
However same procedure did not work on partition17 so I had to go abck to 1.33.405.5 and use gfree to change CID in partition7

Future reference, changing cid is simple with fastboot so you don't risk bricks with dd and hex editor
fastboot oem changeCid 11111111
Sent from my Nexus 4 using xda premium

demkantor said:
Future reference, changing cid is simple with fastboot so you don't risk bricks with dd and hex editor
fastboot oem changeCid 11111111
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
Well I actually tried that first... but it failed. Which was bizarre and lead me to investigate how the G2 the mainborad came from had been unlocked given that
the DZ engineering hboot installed
CMW recovery installed
by the previous owner (I bought it from off ebay).
It turned out (by looking at partition7 with the hex editor and looking at gfree source code to see what it actually does) that partition7 was still:
cid=T-MOB010
secu_flag=1
simlocked (although I was able to make calls through french carrier I'm guessing Engineering Hboot was what made that possible)
So I figured only
Code:
./gfree -b hboot-eng.img -y recovery.img
had been run instead of
Code:
./gfree -f -b hboot-eng.img -y recovery.img
Hence my trying to do it manually at first and then resorting to gfree as dd was actually not writing the hex editor modified partition7 (Which lead me to believe gfree's powercycling the mmc was required before being able to write to it)
So as a summary, I messed up initially because I didn't check that the G2 bought off ebay had been fully unlocked and assumed it had been just because engineering hboot and CMW were installed...
Oh and by the way, I had to
set cid to HTC__203
reboot
set cid to 1111111
reboot
else the backup cid would have stayed as T-MOB010 and keyboard would have stayed FUBAR.

Ah yes forgot to add the caveat that you need all secure flags removed as in used the gfree method to root.
Glad you sorted everything out without any damage... Its not that a hex editor or dd commands in themselves are going to brick its that some people aren't careful and do sometimes mistype
Sent from my Nexus 4 using xda premium

[Q] Set warranty bit -> dd to hide text ?

Hello all,
I thought of a possibility to remove the "Set warranty bit : %s". I allmost did it but not having the possibility and knowledge of recovering from a brick i stumbled and thought to ask you guys before i do something stupid. I remember i did a similar thing to HTC Sensation to the hboot bootloader by changing the **** UNLOCKED *** text to something i liked but i'm not sure if additional checks are being made on GT-I9195 LTE.
I searched with grep inside /dev/block/mmcblk0 and found the string "Set Warranty Bit : %s". Dumping the first 10 Mb will include the area where the text is.
Will the phone brick if i dd if=/dev/block/mmcblk0 of=/mnt/extSdcard/binary.bin, transfer it on the pc, hexedit the text and variable replacing every letter with 0x20 and flashing it back on the phone will mess up the GPT(checksum maybe?) and brick the phone or should i give it a go ?
Thanks.

raz3k said:
*text*.
Click to expand...
Click to collapse
Make a backup and give it a go.

Hi,
Thanks for the response, what kind of backup should i do because if GPT checksum fails i don't think i'll be able to unbrick without JTAG.
After some research i found that this text is in the aboot partition which is /dev/block/mmcblk0p5 - 2097152 bytes in size.
Will i brick it or not ? Does the aboot partition have a checksum on itself done by other chianloader ?
For example does TriangleAway from chainfire modify this partition?
Cheers!

raz3k said:
After some research i found that this text is in the aboot partition which is /dev/block/mmcblk0p5 - 2097152 bytes in size.
Will i brick it or not ? Does the aboot partition have a checksum on itself done by other chianloader ?
Click to expand...
Click to collapse
I'm of no help but I'd be interested in that as well.
aboot is the Knox boot loader (the master of all boot related partitions?)
Here @SilviuMik wrote some info about Knox and partitions: http://forum.xda-developers.com/showpost.php?p=48607142&postcount=19

2698
aguaz said:
I'm of no help but I'd be interested in that as well.
aboot is the Knox boot loader (the master of all boot related partitions?)
Here @SilviuMik wrote some info about Knox and partitions: http://forum.xda-developers.com/showpost.php?p=48607142&postcount=19
Click to expand...
Click to collapse
Thanks for your info, i will dig even more, on the other side my image is set up, i just need a confirmation from a guru so that i can flash without keeping my fingers crossed.

If u could do this u could remove knox, i think that u can brick ur phone. Jtag ready, but wait for a guru

In the meantime i've spoken with @SilviuMik and he has not played with a knox enabled aboot.img because he doesn't have a knox enabled phone but in his opinion it will brick.
After digging even more i found @babuk123 's post here that is in fact a solution to debrick in case of a hard brick that could result in after fiddling around with aboot.img .
Technically what you need to do is dump partitions from p0 -> p7 from a working phone ( or even better your phone while it still works ) and dd them on a sdcard. They state that the qualcomm chip will read stuff from the sdcard if the internal memory is bricked, but i can't be sure (i'm not sure if the chip priorities the sdcard in spite of the internal memory if known binary code is found on the sdcard).
Can someone confirm that they unbricked their S4 mini using this method ? Because if i can debrick i will give it a go.
L.E. : I tried a different approach, i made a backup of p0 -> p7, wrote it on the sdcard, modified it to suppress the warranty void string, booted and the phone ignored it completely which means that either this method does not work at all or it may work if the eMMC is corrupted. For now i'm stuck again.
Thanks.

Maybe @E:V:A can shed some light on how the boot chain actually works (sbl1-3,aboot,rpm,tz) and how to boot off an sdcard.
He has written some interesting Qualcomm stuff http://forum.xda-developers.com/showthread.php?t=1856327
See also http://forum.xda-developers.com/showthread.php?t=1769411

Bump.
Don't do anything stupid, but don't give up!