Hello,
I've encountered one stop point in my way to Jelly Bean. I'm playing with Desire HD, Android 2.3.5, HBOOT-2.00.0027. I've managed to get root by SuperOneClick, but I'm not able to flash the recovery. While I have root privs, I've downloaded "recovery-clockwork-touch-5.8.1.5-ace.img" and put it do sdcard as "recovery.img". Then I've tried to boot to hboot and through the fastboot run the following command:
fastboot flash recovery recovery.img
sending 'recovery' (3554 KB)...
OKAY [ 0.610s]
writing 'recovery'...
(bootloader) signature checking...
FAILED (remote: signature verify fail)
finished. total time: 1.220s
As you can see without success. Second try was updating the recovery partition with shell root privs through adb shell:
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21
# dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21
7108+0 records in
7108+0 records out
3639296 bytes transferred in 2.905 secs (1252769 bytes/sec)
I've got no error, but partition wasn't updated. It still contains the same data as I wouldn't run dd command at all. Is the partition in some kind of read only mode or ? I don't understand how it it possible. I thought that with the root I can do everything.
Is there any other way how I can move image data to recovery partition with the dd?
Are you S-Off or is your bootloader unlocked? If you don't know, paste the contents of hboot here.
The bootloader is locked with security on. Doesn't it matter actually? I thought that if you havethe root privileges, you can flash custom recovery with no problems. Apparently not.
I prefer not to use the htcdev unlocker. So what to do?
Root is software; it has nothing to do with flashing to hardware partitions. You flashed root somehow; did you unlock and then relock your bootloader? How did you root? At this point the best S-Off tool is retired. Unless you want to doc it manually, you need to unlock the bootloader with HTCDEV.
bananagranola said:
Root is software; it has nothing to do with flashing to hardware partitions. You flashed root somehow; did you unlock and then relock your bootloader? How did you root? At this point the best S-Off tool is retired. Unless you want to doc it manually, you need to unlock the bootloader with HTCDEV.
Click to expand...
Click to collapse
I know linux a little bit. Simply as I have written already I've got the root by running SuperOneClick application. Not sure what exploit it uses (perhaps ZergRush).
>did you unlock and then relock your bootloader?
No. As I said, I thought that I can simply move data to eMMC partition while I'm root by dd command. I dunno why I need to unlock and lock the bootloader again.
>How did you root?
Run the SuperOneClick application and clicked the "Shell root" button, then connect to phone through the adb connection, wrote "adb shell" and voila got "#".
>At this point the best S-Off tool is retired. Unless you want to doc it manually, you need to unlock the bootloader with HTCDEV.
Mmm, could tell me how the bootloader blocks the "dd" command from rewriting data on the eMMC partitions?
Can I download the S-Off tool somewhere, or unlock bootloader somehow else, why the root privileges are not enough here?
I'd like to know more about that.
I don't know anything about SuperOneClick. If it S-Offs your phone you should be fine just fastboot flashing a recovery. Can I see what your hboot says? If your phone in fastboot mode?
It helps that you know Linux. The closest Linux analogy is UEFI v. su rights. Root gives the ROM partition su rights in software. However, the bootloader won't let you flash other stuff to the partitions in hardware. They're separate issues.
EDIT: I just reread your OP. You need to have the recovery.img on your computer, not your phone. Then run fastboot from the folder where that recovery.img is saved.
SuperOneClick is here: http://forum.xda-developers.com/showthread.php?t=803682
Bootloader:
ACE PVT SHIP S-ON RL
HBOOT-2.00.0027
etc...
Er, you are S-On and your bootloader is locked. Are you sure you have root?
SuperOneClick does nothing for HTC devices, AFAIK its simply designed for root and go Motorola and LG phones... same applies for Gingerbreak v1.20 or 1.5...i cant remember if its 1.2 or 1.5.... S-off is hard to obtain now that AAHK is retired, but there are advanced instructions on the developer of AAHK on his/her webpage
Sent from my Inspire 4G using xda premium
> Er, you are S-On and your bootloader is locked. Are you sure you have root?
Well, I have written already that I have security on and my bootloader is locked.
> SuperOneClick does nothing for HTC devices
why I got shell root with it then?
As I understand the issues:
Root - 'root' is linux super user that has all the privileges, if you are the root you are not limited by OS to do everything you want.
Bootloader lock - you can't flash custom ROMs in the fastboot mode, probably because of the fact that the custom ROM or the custom recovery are not signed
- what does it mean actually that the bootloader is unlocked? That it is rewrited by hacked version of bootloader where sign check is jumped? or I am wrong...
S-ON - hardware lock, probably you can't write to partitions ???
- probably that eMMC is set to be in read only mode by registry settings directly in eMMC chip? Am I right? And it is done in every boot when hw is initialized
As I said, I've got root privileges, so I am root in the Android and I can read from and write to everything in the Android. I've got it by some exploit (ZergRush / Gingerbreak). I'm not sure because it was set to "Auto" in the SuperOneclick app.
My situation:
Ok, I am able to obtain root privileges and I can rewrite eMMC partitions, but it has no effect probably because of S-ON (not sure here, nobody wants to tell me ).
I can't flash recovery through fastboot, probably because clockworkmod recovery is not signed by HTC.
As I understand, I can only follow the AAHK. It means downgrade to lower Android version where it is to possible get S-OFF and then it is possible to get root and rewrite eMMC.
I thought that obtaining the root is enough to rewrite the eMMC without S-OFF and/or unlocked bootloader, simply by rewriting block device in Linux.
AAHK is retired, but you can unlock your bootloader.
Ok.
I used AAHK to downgrade, S-OFF and root. Currently I'm running JellyTime 4.2...
Related
So i currently have ROM Manager v4.0.0.1 (but i havent flashed CWM yet) and ofc S-OFF and rooted, and HBOOT .85 and Stock ROM.
I tried to flash CWM v3.0.2.8 normally but i get this message in FastBoot USB mode
//------------------------------------------------------------------
C:\HTC_Ace\tools>fastboot-windows flash recovery ./recovery.img
sending 'recovery' (4286 KB)... OKAY
writing 'recovery'... FAILED (remote: not allowed)
//------------------------------------------------------------------
so i thought i would manually flash it with a terminal.
i then found out that i didnt have flash_image, so i found a download link and put it in my /system/bin/ file, and typed
//-------------------------------------------------------------------
# flash_image recovery /sdcard/recovery.img
error scanning partitions
//-------------------------------------------------------------------
any solutions?, for the first or second problem?, i just want CWM -
::and side note, can i access the original HTC Bootloader with this installed?
Do you have ENG S-OFF? Regular S-OFF doesn't cut the mustard when it comes to flashing via fastboot.
I think I do!, I used the easy radio software thingy when I rooted, so I presume so.
Sent from my Desire HD
Double check your CID in "System Info" in the bootloader. Does it Read CID: 11111111
there are only 4 options in the bootloader, i cannot see the "system info" option
If you cannot see "System Info" then you don't have ENG S-OFF, Just use THIS tool and you'll have it in no time.
Guys, no one tried to install recovery.img by replacing the same file in the firmware?
Sent from my Desire HD using XDA App
If you cannot see "System Info" then you don't have ENG S-OFF, Just use THIS tool and you'll have it in no time.
Click to expand...
Click to collapse
yo, so i did internet pass through on my phone and click 'flash ClockworkMod Recovery' in ROM Manager, and it installed v3.0.2.6.
My question is, if my phone didnt have ENG S-OFF the flash recovery that ROM Manager did; wouldnt have worked right? - its written in the last detailed process in the link you provided to me andy.
No with S-off rom manager can flash a recovery, but you can't flash via fastboot.
I bought a desire (used) and upgraded it from official Froyo to official Gingerbread via RUU, now i decided to install any custom rom on it, for this i downloaded all necessary files (revolutionary etc.), following is the information of my desire;
BRAVO PVT4 SHIP S-OFF
HBOOT-1.02.0001
MICROP-051D
TOUCH PANEL-SYNT0101
RADIO-5.17.05.23
JULY 22 2011, 16:19:16
I was surprised to see it was already S-OFF, my questions are;
1) why is it already S-OFF? (it was not rooted before upgrade)
2) Tell me the steps for gaining root or installing custom recovery? (in my case where i am already s-off)
3) Do i have to run revolutionary or just start by installing amon-ra recovery by android-win-tools method?
I am new to this thing and never rooted or installed custom rom before, but went through a lot of threads in this forum and did not find any clue relating to my case.
Thanks in advance.
Ashar said:
I bought a desire (used) and upgraded it from official Froyo to official Gingerbread via RUU, now i decided to install any custom rom on it, for this i downloaded all necessary files (revolutionary etc.), following is the information of my desire;
BRAVO PVT4 SHIP S-OFF
HBOOT-1.02.0001
MICROP-051D
TOUCH PANEL-SYNT0101
RADIO-5.17.05.23
JULY 22 2011, 16:19:16
I was surprised to see it was already S-OFF, my questions are;
1) why is it already S-OFF? (it was not rooted before upgrade)
2) Tell me the steps for gaining root or installing custom recovery? (in my case where i am already s-off)
3) Do i have to run revolutionary or just start by installing amon-ra recovery by android-win-tools method?
I am new to this thing and never rooted or installed custom rom before, but went through a lot of threads in this forum and did not find any clue relating to my case.
Thanks in advance.
Click to expand...
Click to collapse
I don't think this s-off is as "thorough" as revolutionary. I tried to get someone else who had this but his English was not too good so didn't get very far. It would be nice to know the limitations of this factory S-off though.
Have you got a recovery in mind? As you are PVT4, you need to be aware that you cannot use clockworkmod 2.5.0.7 if you are erase size 40,000. Which means you need to use a newer CWM (Bah) or AmonRA.
To find out, download a terminal emulator from the market:
Code:
cat /proc/mtd
(note space between cat and /)
Then you need to fastboot flash recovery. Follow link in my signature for an adb and fastboot faq. Also be aware adb and fastboot are different things. adb has nothing to do with this.
Please use the Q&A Forum for questions Thanks
Moving to Q&A
rootSU said:
I don't think this s-off is as "thorough" as revolutionary. I tried to get someone else who had this but his English was not too good so didn't get very far. It would be nice to know the limitations of this factory S-off though.
Have you got a recovery in mind? As you are PVT4, you need to be aware that you cannot use clockworkmod 2.5.0.7 if you are erase size 40,000. Which means you need to use a newer CWM (Bah) or AmonRA.
To find out, download a terminal emulator from the market:
Code:
cat /proc/mtd
(note space between cat and /)
Then you need to fastboot flash recovery. Follow link in my signature for an adb and fastboot faq. Also be aware adb and fastboot are different things. adb has nothing to do with this.
Click to expand...
Click to collapse
Thanks for your quick reply. Please note some of results for MTD and ROOT Check.
$ export PATH=/data/local/bin:$PATH
$ cat /proc/mtd
dev: size erasesize name
mtd0: 00100000 00040000 "misc"
mtd1: 00480000 00040000 "recovery"
mtd2: 00340000 00040000 "boot"
mtd3: 0fa00000 00040000 "system"
mtd4: 02800000 00040000 "cache"
mtd5: 096c0000 00040000 "userdata"
$
It means my erase size is 40,000 and i need latest CWM, or AmonRA recovery?
Root Checker Advanced Root Access Results
Superuser.apk - com.noshufou.android.su - is NOT installed!
The application Superuser is recommended as it provides basic security and is available for free in the Android Market
System Environment PATH: /sbin /vendor/bin /system/sbin /system/bin /system/xbin
The adb binary is set to default shell user access as a standard non-root user
Standard su binary location: ls -l /system/bin/su:
/system/bin/su: No such file or directory
Standard su binary location: ls -l /system/xbin/su:
/system/xbin/su: No such file or directory
Alternate su binary location:
/sbin/su: Permission denied
Alternate su type binary location:
/system/xbin/sudo: No such file or directory
SU binary not found or not operating properly
Results provided on your HTC Desire device by Root Checker version 3.7 from joeykrim in the Android Market - http://goo.gl/GgWae
May be you can extract limitations of this factory s-off from above technical data.
Now may i do the following?
1) run revolutionary and do not install recovery from therein.
2) flash fastboot recovery by android-win-tools method.
3) flash su-2.3.6.3-efgh-signed from within custom recovery
4) flash any custom rom.
or may i skip step 1 and follow the rest?
thanks in advance
rootSU said:
I don't think this s-off is as "thorough" as revolutionary. I tried to get someone else who had this but his English was not too good so didn't get very far. It would be nice to know the limitations of this factory S-off though.
Click to expand...
Click to collapse
Well it is exactly, as s-off as if you did it using revolutionary. So the bootloader won't check signatures(which is the definition of s-off), but you won't be able to use fastboot commands, as those are not included in the stock hboot.
To be able to flash a recovery using "fastboot flash recovery" He must first flash a custom hboot with fastboot commands enabled. Do the following:
1. download this zip file: http://alpharev.nl/PB99IMG_stock.zip
2. Rename it to "PB99IMG.zip"(make sure it's not PB99IMG.zip.zip, as windows may hide the ending)
3. Place this file on the root of your sd-card.
4. Shut down your phone and boot up by holding "vol-down" and pressing power While keeping "vol-down" pressed until you enter hboot.
Your phone should now flash the image, and you should be able to flash a recovery using fastboot commands.
(This means you don't need to use revolutionary, but you cannot just flash cwm before doing the above steps either)
Thanks for the info, I wasn't aware of fastboot.
So the signature checking is also in nvram?
Sent from my HTC Desire using XDA App
mortenmhp said:
Well it is exactly, as s-off as if you did it using revolutionary. So the bootloader won't check signatures(which is the definition of s-off), but you won't be able to use fastboot commands, as those are not included in the stock hboot.
To be able to flash a recovery using "fastboot flash recovery" He must first flash a custom hboot with fastboot commands enabled. Do the following:
1. download this zip file: http://alpharev.nl/PB99IMG_stock.zip
2. Rename it to "PB99IMG.zip"(make sure it's not PB99IMG.zip.zip, as windows may hide the ending)
3. Place this file on the root of your sd-card.
4. Shut down your phone and boot up by holding "vol-down" and pressing power While keeping "vol-down" pressed until you enter hboot.
Your phone should now flash the image, and you should be able to flash a recovery using fastboot commands.
(This means you don't need to use revolutionary, but you cannot just flash cwm before doing the above steps either)
Click to expand...
Click to collapse
Thanks for your reply, please answer these questions ( i am so careful because i m doing it for the first time)
1) what will be my hboot version after flashing PB99IMG.zip? (right now my hboot is 1.02.0001 and i am on stock gingerbread 2.3.3)
2) if i just want to gain root access and dont want a custom rom, do i need to flash hboot and recovery or just flash su-2.3.6.3-efgh-signed?
(i just want to uninstall adobe flash player 10.1 and google maps 5.2 from system preinstalled in 2.3.3 to gain some space for installing latest versions 10.3 and gm 5.10)
thanks in advance
It'll be 6.093 or something. You can't flash su without flashing recovery. You can't flash recovery until you do PB99IMG.zip
Removing pre installed apps just makes space in system, which is not where you install apps so doing that alone will not give you more space.
Have a read of the root memory faq in my signature
Sent from my HTC Desire using XDA App
rootSU said:
So the signature checking is also in nvram?
Click to expand...
Click to collapse
Well not exactly, but the stock hboot allows for skipping signature check if the flag in nvram is set AFAIK.
rootSU said:
It'll be 6.093 or something. You can't flash su without flashing recovery. You can't flash recovery until you do PB99IMG.zip
Removing pre installed apps just makes space in system, which is not where you install apps so doing that alone will not give you more space.
Have a read of the root memory faq in my signature
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
After doing PB99IMG.zip my phone info is as follows;
BRAVO PVT4 SHIP S-OFF
HBOOT-6.93.1002 (it was 1.02.0001 before)
MICROP-051d
RADIO-5.17.05.23
Aug 10 2010, 15:52:18 (it was July 22 2011, 16:19:16 before)
Now please recommed me the recovery (CWM or AmonRA) and a custom rom (fast, stable, more user space, more battery) to flash, thanks again for your kind help and guidance
mortenmhp said:
Well not exactly, but the stock hboot allows for skipping signature check if the flag in nvram is set AFAIK.
Click to expand...
Click to collapse
Yes, alpharev hboots "ignore" the NVRAM flag. But I am unsure how these factory hboots with s-off work. I don't understand why they would implement an ignore via hboot, when they have the flag in NVRAM. I would expect them to turn the flag of at source instead of using the same work around as alpharev, which is what I am confused about.
Thats kind of why I wanted someone to investigate, but the fastboot commands make sense. I suppose the Nexus one haas embeded fastboot commands as it's a developer phone. Although, why HTC would release an S-OFF version of the desire but ommit fastboot is beyond me. I thought the whole reason they did this was due to petition pressure not to lock it down too much
Hi all, I followed the step in strawmetals guide to root, s-off, and debrand htc DZ. I am not sure if it worked. Android down grade appeared to work but how do I
1. Tell if I am perm rooted?
2. Confirm S-OFF?
3. Confirm Debranding?
In device settings I have,
Android Ver 2.2
Build Ver. 1.34.405.5
If your phone is on and you see superuser app its rooted. As far as checking soff and debrand boot into bootloader. There are commands to run with adb that tell u all that as well. They are usually included in guides
Sent from my HTC Vision using xda premium
Boot loader method: boot your phone to boot loader (power off, hold power on and down volume)
Edit: remember to remove any PC10IMG.zip from your SD card.
you will see
PVT ENG S-OFF
H BOOT 0.76.200
Then choose from menu chose Bootloader => System Info
you will see, at near bottom CID 11111111
Then you're ENG S-OFF, perm root, SIM unlocked
gfree method
extract this in to your adb folder http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_verify_v01.zip
run:
$adb push gfree_verify /data/local
$adb shell
#su
#cd data/local
#chmod 777 gfree_verify
# stop ril-daemon
# ./gfree_verify
You will get
gfree verify_cid returned:
@CID: 11111111
gfree verify_secu_flag returned:
@secu_flag: 0
gfree verify_simlock returned:
@SIMLOCK= 00
I did not try the gfree verify myself so I cannot recommend it, try at your own risk. I recommend the bootloader method because it's easier and you don't have to run any code.
Please click thanks if this helps.
Edit: at this point, you should start to happy flashing I would recommend Adromadus Audacity Beta 2
KyraOfFire said:
Boot loader method: boot your phone to boot loader (power off, hold power on and down volume)
Edit: remember to remove any PC10IMG.zip from your SD card.
you will see
PVT ENG S-OFF
H BOOT 0.76.200
Then choose from menu chose Bootloader => System Info
you will see, at near bottom CID 11111111
Then you're ENG S-OFF, perm root, SIM unlocked
Click to expand...
Click to collapse
Sorry, but this isn't right. That just shows you have S-OFF and SuperCID. It doesn't say anything about whether you have root access or not (which the Superuser app can tell you, or running an app that needs root, or trying to "su" in Terminal Emulator). For instance, you can be S-OFF but running a non-rooted stock ROM.
SuperCID is completely separate from SIM unlock.
gfree_verify can show you the SIM unlock though, as you said.
Sent from my Desire Z running CM7.
u guys are good
Ok, here is what i got
Vision pvt eng s-off
hboot-0.84.2
emmc-boot
@simlock=00
cid = 1111111
I am rooted
Thanks
@steviewevie: thanks, I learned something new
Big Bam said:
Ok, here is what i got
Vision pvt eng s-off
hboot-0.84.2
emmc-boot
@simlock=00
cid = 1111111
I am rooted
Click to expand...
Click to collapse
You have S-OFF, SIM unlock and SuperCID. That doesn't show whether you are rooted or not, but that setup means you can flash a pre-rooted custom ROM, or alternatively you can root another ROM that is rootable and your root will be permanent (since you have S-OFF).
KyraOfFire - you are very welcome !
Sent from my Desire Z running CM7.
Hi All.
Not my phone, but a friends:
VISION PVT SHIP S-ON
HBOOT-0.85.0013
MICROP-0425
RADIO-26.10.04.03_M
eMMC-boot
Apr 11 2011.23:36:27
If you go into recovery, the phone just vibrates a few times and turns off. If you go Factory Reset, the phone just freezes.
I've tried:
RUU with no luck (get's stuck on Rebooting into Bootloader)
tried putting the .ZIP onto the SD but got "ModelID Incorrect" (can't create a GoldCard as phone won't boot, therefor no ADB)
flashing a recovery through fastboot but got "FAILED (remote: signature verify fail)"
booting into recovery using fastboot boot (FAILED (remote: signature verify fail))
I assume all my issues have been due to S-ON.
I'm stumped - any ideas?
There have been a few folks on here with the same issue in the last few weeks. Not that the phone is terribly old, but I wonder if it can be that some hardware component (eMMC or other) is failing over time?
expza said:
Hi All.
*snip*
RUU with no luck (get's stuck on Rebooting into Bootloader)
tried putting the .ZIP onto the SD but got "ModelID Incorrect" (can't create a GoldCard as phone won't boot, therefor no ADB)
flashing a recovery through fastboot but got "FAILED (remote: signature verify fail)"
booting into recovery using fastboot boot (FAILED (remote: signature verify fail))
?
Click to expand...
Click to collapse
IIRC there is a way to create a GoldCard manually without the phone ... but i'm highly unsure :-s
The last two sounds like an error due to s-on
oelly said:
IIRC there is a way to create a GoldCard manually without the phone ... but i'm highly unsure :-s
The last two sounds like an error due to s-on
Click to expand...
Click to collapse
I was able to create a working GoldCard using my phone, it no longer gives Model-ID Incorrect. HOWEVER, new problem. It's now moaning about Main Version being older, update failed.
I see android-info.txt in the ZIP is:
modelid: PC1010000
cidnum: T-MOB010
mainver: 2.15.531.3
hbootpreupdate:12
However, this phones info is:
VISION PVT SHIP S-ON
HBOOT-0.85.0013
MICROP-0425
RADIO-26.10.04.03_M
eMMC-boot
Apr 11 2011.23:36:27
I assume it's the Radio Version number that is not matching up - however, the one RUU's in Shipped-Roms with that Radio Number are EXE's and not ZIPs.
Does anyone know how I can get a ZIP RUU that would work with this phones current versions?
edit: p.s. ZIP I'm currently using is PC10IMG_Vision_TMOUS_2.15.531.3_Radio_12.52.60.25U_26.08.04.30_M3.zip (renamed when on SDcard to PC10IMG.zip)
double edit: Have found a way to extract zip from EXE. Loaded it to Gold Card and update is currently flashing via HBOOT. Still on Bootloader. Assume this takes a while (10 - 15 minutes), so I'll be patient.
combo edit: should state the the RUU ZIP I extracted was RUU_Vision_Gingerbread_S_HTC_WWE_2.42.405.2_Radio_12.56.60.25_26.10.04.03_M_release_199043_signed.exe
Phone honors the PC10IMG.zip, but gets stuck on BOOTLOADER - Updating.
Any suggestions? Is it safe to delete items out of the RUU .zip? Want to try flash recovery.img only.
edit: looks the the rom.zip I extract is always corrupt (when trying to edit it using WinRAR or something)
You can't edit the zips, they are signed, so anything you do to them will cause them to not flash.
Winrar might be complaining because of the signing.
-Nipqer
Given up on trying to flash the RUU via HBOOT - it just freezes on "Bootloader - Updating" - pulling battery causes no issues so I assume it doesn't even attempt to flash anything.
Next step, using HTCDev to unlock the bootloader? Safe? I worry that the Bootloader not flashing via RUU means that HTCDev Bootloader Unlock won't work, or could possibly break it.
same problem
hi mate, im having the exact same problem as you...did you manage to fix it?
i have found the same ruu for my radio version but it gets stuck on the bootloader as the bar moves but the fone stays on the same screen.
do u think i need to make that goldchip card? how do i make one please?
i had that same problem just 2 days ago so in order to get the ruu to flash right it has to be a radio thats higher than the one you already have ... but if that dosnt work you will have to change it manualy using adb in recovery mode so wat you do is power offf the phone comptley and plug it in your computer via usb then open up adb and type adb devices the phone has to be off and it should show your device id then the word recvery next to it then your gunna wanna pull the misc.img from the phone and edit it with a hex editor i did this method to downgrade my g2 kus my sdcard dosnt read but after you change the misc the ruu shuld flash fine 1.power off phone Connect phone to computer,
2.Open adb cmd and type : adb shell
3.Type su
4. if you get # symbol continue
5.Type : dd if=/dev/block/mmcblk0p24 of=/sdcard/misc.img (YOU CAN COPY THE IMG TO EITHER sdcard, which is internal memory, or sdcard2, which is removal card)
6. Switch to USB mode
7.copy misc.img from the root of the sdcard to your computer
8.Open misc.img with HeX Editor XVI32
9.Find the version and change it. it will be the first area in the the upper right in the screen of the app
10.change the number in whatever you want. (has to be in the form of.. 1.00.000.0
11.Save it and upload it to the root of the sdcard with miscnew.img name
12. Switch to charge mode
13.Type adb shell, su dd if=/sdcard/misc.img of=/dev/block/mmcblk0p24
14.Reboot to fastboot then fastboot reboot to RUU then fastboot flash PC10IMG.zip and it shuld flash fine
---------- Post added at 11:42 PM ---------- Previous post was at 11:37 PM ----------
or yu can try this http://forum.xda-developers.com/showthread.php?t=1526316 and should work its alot easier than the adb method
Never managed to fix this (tried the exact same thing ari3z suggested, but ages ago) - just kept freezing when trying to write anything to flash.
Phone was eventually swapped out in warranty.
Sorry for my pour English!
I am a Chinese , and in China there are some htc phones were locked in hboot by some speculators. They use xtc-clip unlock the official hboot so we can see it shows s-off and cid is 11111111 , then they flash a modified hboot designed by themselves so that we can not flash any RUU and PG76IMG.zip with this modified hboot. We call this phone is Trojan phone or virus phone.
I have two ideas to solve this problem. One is flash CWM recovery so I can flash rom in recovery mode , but it's not a perfact method. The other is to flash back to official hboot so I can flash RUU and PG76IMG.zip.But it is impossible to flash stock hboot in modified hboot mode, it doesn't work.
Maybe some of you guys know, if we have root permission when we load system use ADB SHELL, then we can use dd command to recover hboot just like
Desire HD("dd if=/data/local/tmp/hboot_7230_Ace_0.85.0024_110411.nb0 of=/dev/block/mmcblk0p18"), "/dev/block/mmcblk0p18" is the hboot partition mount point in Desire HD.
Now the problem is I can't find the hboot partition mount point in G13. Could anyone tell me the mount point or how to get the hboot partition address in nand flash ?