Related
Hi all I am putting together an android app that will making the rooting process much easier. This thread is discuss issues and suggestions with this app.
I have the app near done, the biggest problem is that I cannot format the sdcard as fat32. Is formatting to fat32 required. Why do we do this? What is the real need to do this?
I have not tested the app out yet, but so far this is how it has been put together. There is a main activity with textboxes that have the urls of the files needed to root (dreaimg.nbh, recovery.img, hardsplupdate.zip, JF_RC33update.zip) and there are buttons for each step in the process to download these necessary files and extract them if needed and put them on the sdcard and renaming them properly. You can change the urls to something else if needed.
so you click the first button it downloads the .nbh and puts it on the sdcard and then prompts the user to turn off, power+camera on, flash. when phone is on then reinstall this app and go to step 2 (because it would of been lost when flashed)
you click the second button it downloads recovery.img and hardsplupdate.zip. renames the files appropriately and puts them on the sd. it runs a script to do the recovery.img flash. It then prompts you to restart into recovery mode and gives the instructions on flashing the hardspl. and tells you to reopen this app when done
you click the third button it downloads the latest JF firmware (lets just say the RC33 flavor) puts it on the sdcard and renames it as update.zip. it prompts you to restart into recovery mode and do the flash.
Anybody see any possible problems with this logic? Also what do people think about maybe packing some of these files in the app instead of having them be downloaded?
Update: app is working http://allshadow.com/forum/viewtopic.php?f=9&t=5229
I am still looking for help to make it better.
I need devs to help make it nicer.
I am also looking for someone who's familiar with the update.zip package, to pack the radio, hardspl, and jf_rc33 all in one update file.
If anybody is interested in helping, PM me
I dont think its that big of a deal to format the card yourself, but why not make an app on the desktop that does some of the work for you, like formatting the card, then downloading and renaming the files needed to get started?
Packing the files into the app is going to make the app big. I like this whole idea though.
when you flash the .nbh it does a wipe on its own so one would need to re-download the app after that unless you can get it to stick somehow, i like the idea, is each button of the app just running a script? like to get the dreaimg.nbh have a script that runs:
"$wget [url to the .nbh file]
$echo 'please reboot your phone into SPL by holding the camera and power button'"
or did you have some other idea?
i like the idea but i am just not sure how easy this would be to code as i am just used to writing scripts that do everything for me.
or you could follow Kllian's advice and make a desktop program that does all this. i could easily write a script for linux that would do it, and a .bat file wouldn't be too hard either. you would just need to have adb and you could have the scipt/batch reboot the phone into recovery to do the flashing of each update.zip
pm me if you have an questions or would like me to write a script to do all this
tubaking182 said:
when you flash the .nbh it does a wipe on its own so one would need to re-download the app after that unless you can get it to stick somehow, i like the idea, is each button of the app just running a script?
Click to expand...
Click to collapse
tubaking brings up a good point.
I have an idea that possibly could resolve the "wiping" issue. What you do is, the initial app would be placed on the desktop (assume RC30). From here you'd downgrade the firmware to RC29.
The problem is though, the app you are scripting will be wiped. SO...
How about saving it on the SD temporarily.
THEN modifying the .nbh file to restore the <rooting app> to desktop (from SD)
Just throwing some stuff out there.
IF you need some help, hit me up.
if anyone knows how to convert a .sh bash script from linux to a .bat batch file for windows then i already have the script written, send me a PM to get it. or we could port it into java, but i don't know how to do that stuff. tomorrow i will upload my script onto 4shared and provide a link here as long as it works. keep in mind that i am on a linux machine and my script will not work in M$ windows. i don't know a damn thing about mac, so i have no idea if this will work or not for them.
my script is nearly completely automated, the only thing you need to do is hit ENTER a few dozen times, i will also write a completely automated one that sleeps rather than waits for you to hit enter, but it will take longer to run most likely since i will have to oversetimate the sleep time.
hopefully i can find a windows machine and learn what commands in the cmd are equal to the commands in my terminal
akapoor said:
tubaking brings up a good point.
I have an idea that possibly could resolve the "wiping" issue. What you do is, the initial app would be placed on the desktop (assume RC30). From here you'd downgrade the firmware to RC29.
The problem is though, the app you are scripting will be wiped. SO...
How about saving it on the SD temporarily.
THEN modifying the .nbh file to restore the <rooting app> to desktop (from SD)
Just throwing some stuff out there.
IF you need some help, hit me up.
Click to expand...
Click to collapse
modifying ,nbh files is no easy task, i tried it once and fortunately for many people GSLeon3 was able to help me fix my tilt. i think the .bat or .sh would be the easiest way to root your phone
Tubaking,
Send over the file you have. Ill work on converting it to a .bat, useable from windows.
Email : akapoor92_at_gmail.com
I should have it soon, but since its like 3:30am here, I'm off to bed. Haha
tubaking182 said:
modifying ,nbh files is no easy task, i tried it once and fortunately for many people GSLeon3 was able to help me fix my tilt. i think the .bat or .sh would be the easiest way to root your phone
Click to expand...
Click to collapse
Uh, you'd not only need to modify the nbh file, but you'd also need to sign it with the Google OTA keys - otherwise the phone will refuse to flash it.
If it were possible to create Google-signed nbh files we'd dispense with all this downgrading nonsense and just create an nbh of the latest JF firmware with root and directly flash that.
The issue is that until you've patched the recovery loader the phone won't flash anything that isn't signed by Google. The reason we can get around this is that there is a leaked signed file with the old firmware version, and that version happens to contain a vulnerability that you can use to get root access. Once you have root access you can reflash the recovery loader with a new one which accepts the test keys. At that point you can dispense with the hacks and begin directly flashing whatever you want.
In any case, rooting a phone is serious enough of a matter that we probably shouldn't be encouraging anybody who can download an app to do it. They should at least have some confidence in reading and following obscure instructions online, because of anything goes wrong later that is what they'll be doing...
Thanks for all your input. I have been trying to hold hand people through the root process and it is a real pain. Biggest issues are people not being able to unzip files correctly, rename files correctly, and the biggest thing is the recovery.img step and typing in the commands.
- .nbh cannot be patched because it is signed.
- yes my app will get wiped because of the .nbh flash. It does tell the user to reinstall this app once done with the .nbh step and then continue
- i prefer an android app, so people can do it without a computer and without having to install the sdk
- the app does not run a script to get the files. it uses some android sdk functions to download files. it does use the unzip linux command to unzip, not sure if this will work because of permissions, i may have to figure out how to do it from the sdk. the app does run a script to do the recovery.img step, during this step we should already have root so no issue there with permissions.
Biggest problem I see is Fat32 format I heard it is not absolutely necessary. Does anyone have any more information about why this needs to be done?
it IS necessary, you need the card formatted in order to do the NBH flash, after that you should be ok. most card come formatted in the box they came in so anyone that said they didn't need to format their card is lying because is was already formatted to fat 32
in the RC29 firmware is there a su command in /system/bin/ or are all commands run as root without having to call /system/bin/su ??
moussam said:
in the RC29 firmware is there a su command in /system/bin/ or are all commands run as root without having to call /system/bin/su ??
Click to expand...
Click to collapse
from what i've read, in the RC29 version andything you type on the home screen gets put through a root shell as well all on it's own
I have a feeling whoever makes this app is going to sell iot for a ridiculous price on the market
My script is written but requires the user to do certain things, later I hope to have it be completely automated after a certain point and it will be free. After I get it written in linux shell I will be converting it to use in windows. Expect my automated root to be available for download by the weekend.
I got the app pretty close to done. I hope to put something up tonight or tomorrow that you guys can test. I am not going to charge for this app, I want to give it for free so everybody can have root and a more rich experience.
The place were I am stuck right now is the unzipping of the DREAIMG.NBH file from its zip file after it is downloaded. I am using java.util.zip I am not sure if the problem is because the file is so big or if I am doing it wrong. does anyone have an android java unzip code snippet?
The app now downloads files for you and unzips them if needed. THere is an issue with the unzipping though, after around 25 MB of unzipping DREAIMG.NBH i get this error...
java.io.IOException at java.util.zip.InflaterInputStream.read(InflaterInputStream.java)
anybody have any suggestions? Is their not enough memory to unzip the files or something?
For now I am not going to let the .nbh file be zipped up. THe app instead will have to download the full uncompressed .nbh file.
So it is ready to be tested, if you want to try it out PM me, I do not want to just post it and have everybody use it until it has been tested more.
Good news the app works on downloading the .nbh file and then flashing you to RC29. It then successfully downloads the recovery.img and hardspl update.zip
I had someone testing it and when they ran the recovery script the mount command gave them mount: operation not permitted. Is this correct? I know without root it is supposed to give you mount: permission denied.
If this is correct the app is working, and I just need someone else to confirm.
Mike
Does anybody else want to help with the coding of this project? If so create an open-source repository and I will add the current source in there.
I have been working on a project to insert debug messages in low level dlls [like coredll, ws2.dll] and so on. The testing so far was done on device emulators and the .nb0 image seems to be pretty stable on it now.
Where I need help from xda community is how to take the next step - how to generate a ROM image for my kaiser. Specifically what all build options should be specified to my platform builder to get the right image for my device.
I tried to search previous postings for help but could not find one - may be I did not search thoroughly. My apologies if I did not search thoroughly - if it has been discussed in the past - would be great if someone could point me a link to it.
Thnx
TPC and myself has kitchens available for download. Pick one and replace your files, and build ROM.
To be precise - download a kitchen from here?
http://m-s-j.net/tpckitchen/kitchens/
poifgh said:
To be precise - download a kitchen from here?
http://m-s-j.net/tpckitchen/kitchens/
Click to expand...
Click to collapse
yes any one will work
Thnx for helping .. have a few hickups setting the ROM up.
1. Downloaded http://m-s-j.net/tpckitchen/kitchens/TPC_KITCHEN_6.120146.7z
2. Doing a build_rom.bat results in the following errors
Failed to set data for 'htcrt_backup'
"There is no device found to meet your project configuration. Try to update your devices file with new one."
"Access Violation - read at 000000"
Do I need to setup some config file somewhere - do we have a README for the process?
3. I dont quite understand the point "replace your files, and build ROM."
I have changes done to coredll and ws2.dll which were compiled using the 'emulator' flag in platform builder
a. What compile flags should the I use before I copy/paste my dlls into the kitchen
b. In the current kitchen - coredll is a directory containing 5 files S00 to S04 and also contains imageinfo files. Do I put in my coredll.dll file? or is there a step in between?
As you could see from my questions, I am complete newbee in building ROMs for phones - would appreciate any help from the community
thnx
I guess you're using Vista, right? It did me too. There are two (three?) solutions:
1. Disable UAC
2. Ignore it and via htc rom tool build .nbh by yourself (click right -> run as administrator on TOOLS\htcrt.exe) - OS.nb is in TMP directory
3. (not confirmed) Run the build script via cmdline manually, AFAIK TPC has got it written somewhere there.
poifgh said:
Thnx for helping .. have a few hickups setting the ROM up.
1. Downloaded http://m-s-j.net/tpckitchen/kitchens/TPC_KITCHEN_6.120146.7z
2. Doing a build_rom.bat results in the following errors
Failed to set data for 'htcrt_backup'
"There is no device found to meet your project configuration. Try to update your devices file with new one."
"Access Violation - read at 000000"
Do I need to setup some config file somewhere - do we have a README for the process?
3. I dont quite understand the point "replace your files, and build ROM."
I have changes done to coredll and ws2.dll which were compiled using the 'emulator' flag in platform builder
a. What compile flags should the I use before I copy/paste my dlls into the kitchen
b. In the current kitchen - coredll is a directory containing 5 files S00 to S04 and also contains imageinfo files. Do I put in my coredll.dll file? or is there a step in between?
As you could see from my questions, I am complete newbee in building ROMs for phones - would appreciate any help from the community
thnx
Click to expand...
Click to collapse
this is not the right place to be asking this, if you have questions about my kitchen you need to look in my kitchen thread. you will find the answers to your questions have already been posted there and if you need more help ask there and we will help you.
twopumpchump said:
this is not the right place to be asking this, if you have questions about my kitchen you need to look in my kitchen thread. you will find the answers to your questions have already been posted there and if you need more help ask there and we will help you.
Click to expand...
Click to collapse
you know how it is anymore, Have a question = START A NEW THREAD.
msd24200 said:
you know how it is anymore, Have a question = START A NEW THREAD.
Click to expand...
Click to collapse
= Flying Fishheads lol
I would love to help the community by using your kernel for the newer radios to port any roms for the older radio... is there any help you can give me? should i use your boot.img from the test-donut.img/test-eclair.img?
Click to expand...
Click to collapse
first, a thing we must know for porting job is what boot.img included.
here: http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
the ramdisk do some initializing jobs, so if we port a ROM, we should ensure that the content in ramdisk and files which are included in ramdisk (like init.rc), have necessary things the ROM needed.
for the first step, we can just extract the boot.img from the ROM, and extract the ramdisk from the boot.img which extracted just now, then repack it with my kernel (you can extract the kernel from my boot.img with same tools).
(to execute the perl script in link above, you need linux or just cygwin. )
but if we are sure that the ROM we want to port have nothing special with ramdisk, just like common ROMs, we can use my boot.img files directly. for eclair ROM, I suggest you extract the boot.img from my ROM, and don't use the first boot.img (test-NOCDB.img) I had posted.
after this, make our update.zip (use other's ROM as an example, especially the update-script in META-INF directory). sign our zip with testkey and apply it, then we can make our phone booting into desktop.
(you can find information about sign and download tools here: http://forum.xda-developers.com/showthread.php?t=471586, though the thread is not talk about how to sign things)
the main troubles we may meet probably are symlinks and setperm* in the update-script. if there is already a file/link has a name we want to symlink to, or if there isn't a file we want to symlink from or setperm, we will fail. so check the files carefully.
the next step is make everything work properly. we can use file from a ROM which made for new radio (and work well of course) to replace the one in the ROM we are porting. we can find these files in my 2.x ROM for eclair, or other's 1.6 ROM for donut (and for new radio, since the maker of them tested them already).
the most important files are (to my knowledge):
system/lib/libhtc_acoustic.so
system/lib/libhtc_ril.so (if something wrong with mobile network)
system/lib/libcamera.so
system/lib/libcameraservice.so
system/lib/liboemcamera.so (for 2.x) or system/lib/libqcamera.so (for 1.6)
system/lib/libgps.so
system/bin/akmd
(are there something I missed?)
(if we want to use NCommander's work on CameraHardwareInterface with a 2.x ROM, we should use my kernel for DONUT instead. I didn't try it, and I don't recommend it.)
these files are some thing work with hardware partially, so different radio may need different files. but if something just work fine, don't hurry to replace the file for it.
and now...., I don't have more thing to talk about, since we have most things work well. but for further tweaks, there are lots of things to do.
everyone can post your question here. if I know the answer I will post it. if I don't or I am not online, I think others will response you. and if there are things I missed or made some mistake, plz point it out
I will update this post when we collection more info or correct something. I find that I don't organized everything in order . I will update it later.
Thanks for the post... what's the difference between your eclair/donut kernel? (This is based on your original post about your kernel... is there an updated kernel somewhere i should know about?)
Edit
Nevermind i figured it out by reading your post more. carefully thanks for the detailed instructions
Thank you very much for this sanpei. This is the type of posts that really should be on this forum
Appreciated so much. waiting for your next updates.
Phil_McRevis said:
Nevermind i figured it out by reading your post more. carefully thanks for the detailed instructions
Click to expand...
Click to collapse
sorry for my poor ability of expression
asero said:
This is the type of posts that really should be on this forum
Click to expand...
Click to collapse
I expect more people can share their knowledge, and we can make a wiki for all
Hello!
I have to edit some lines of init.rc of your kernel. I've thus extracted the ramdisk, edited the file, repacked and tried booting with fastboot boot kernel-img ramdisk-img, but the phone hangs on the operator logo. I've tried even just extracting kernel+ramdisk and boot them - same result (the boot.img works well).
how can I fix it? Thanks
Wrong post
This has been resolved by using the flash lite exploit to gain root access allowing the misc partition to be flashed with a downgraded main version number which allows the old leaked Eng RUU we have to be flashed!
GUI for how to root
http://forum.xda-developers.com/showthread.php?t=720565
Old and Outdated information from the Original Post listed below for historical purposes ONLY
Who is Affected: If you've flashed the official OTA update on top of a non rooted ROM or your new EVO comes loaded with it, right now it appears there is no way to obtain root...yet!
What is Patched by the OTA: Through the radio.img which the OTA flashes, it updates the Main Version in the bootloader preventing Toast's root methods from working. It also flashes back the stock recovery, removing our root access in recovery mode and ability to apply .zip files. And last of all, the OTA patches the exploit hole in /system/bin/hstools used for unrevoked1 root.
Successfully eliminating all released methods of obtaining root access.
Conclusion:
after going through all these methods with a great helpful member of the unrevoked team, joshua_, this was the final answer:
[22:34] <joeykrim> cant see to find a method to RUU the phone back down ... ive tried all the methods ive seen. any methods i missed?
[22:34] <joshua_> ok, looks like we are hosed then
[22:34] <joshua_> we have a few more tricks up our sleeve sooner or later
Future:
If you have any suggestions/ideas, please post. I might have missed a method.
We will work towards obtaining root for those with new EVOs that have the official OTA applied and those who applied the official OTA.
Details of the tested known root methods:
user debug PC36IMG.zip (toast part 1) - bootloader error - Main Version is older! Update Fail! Do you want to reboot device?
eng build PC36IMG.zip (toast part 2) - bootloader error - Main Version is older! Update Fail! Do you want to reboot device?
RUU_Supersonic_1.32.651.6 extracted rom.zip renamed to PC36IMG.zip - bootloader error - main version is older
RUU_Supersonic_1.32.651.6_Radio_1.39.00.05.31_release_171253_signed.exe - Error [140]: Bootloader version error The ROM Update Utility cannot update your Android. Please get the correct ROM Update Utility and try again.
RUU_Supersonic_1.32.651.1_Radio_1.39.00.04.26_release_171253.exe - Error [140]: Bootloader version error The ROM Update Utility cannot update your Android. Please get the correct ROM Update Utility and try again.
Stock Recovery - Apply update.zip - clockwork recovery update.zip - E:failed to verify whole-file signature E:signature verification failed
flash_image (flash boot or mtd-eng.img) - copied to /sdcard, but sdcard is mounted with noexec. partition with write access for non-root user and allows executing is /data/local . flash_image can't write to the partitions w/o being run with root permissions. chownto and chown of flash_image to user root - permission denied.
##786# - Reset - doesn't seem to effect much in the way of bootloader version ...
Modifying PC36IMG.zip - using a hex editor to attempt at changing the MainVer stored in the android-info.txt, if any bit changes, it seems to fail the validation by the bootloader.
I tried almost all of these after the OTA hit my wifes phone. No dice. Subscribed to further updates on this thread.
I created a PC36IMG.zip file which contained the .6 releases wimax image and the android-info.txt file from the new update. I was then able to successfully flash it with hboot by placing it in the root of the sdcard and doing a down volume power on boot. It found the pc36img.zip file, verified it, asked me if I wanted to flash it. When I selected yes, proceeded to do so. It then reported the flash as having been successful.
I can't tell if the flash actually worked because I don't know where to check the wimax version info...
I don't know if this worked because the phone doesn't care to check the MainVer when flashing just the wimax image or if it did it because I pulled a fast one with the android-info.txt file swap.
I extracted the wimax image from the RUU_Supersonic_1.32.651.6_Radio_1.39.00.05.31_release_171253_signed.exe file.
I wonder if it would be possible to pull the same trick with the larger subset of images from the rooting pc36img.zip files. i.e. swap out the android-info.txt files...
frankenstein\ said:
I created a PC36IMG.zip file which contained the .6 releases wimax image and the android-info.txt file from the new update. I was then able to successfully flash it with hboot by placing it in the root of the sdcard and doing a down volume power on boot. It found the pc36img.zip file, verified it, asked me if I wanted to flash it. When I selected yes, proceeded to do so. It then reported the flash as having been successful.
I can't tell if the flash actually worked because I don't know where to check the wimax version info...
I don't know if this worked because the phone doesn't care to check the MainVer when flashing just the wimax image or if it did it because I pulled a fast one with the android-info.txt file swap.
I extracted the wimax image from the RUU_Supersonic_1.32.651.6_Radio_1.39.00.05.31_release_171253_signed.exe file.
I wonder if it would be possible to pull the same trick with the larger subset of images from the rooting pc36img.zip files. i.e. swap out the android-info.txt files...
Click to expand...
Click to collapse
im guessing the only reason it allowed you to flash a PC36IMG.zip which wasn't HTC signed is because you're using the hboot from the eng build of the PC36IMG.zip which doesn't check for HTC signatures on the PC36IMG.zip file. Not sure if it looks at the MainVer or not ...
once you're on a stock hboot, the PC36IMG.zip file has to be signed by HTC in order to flash!
I think in order for this to be patched, the bootloader code needs to be disassembled between the two versions to find out what bytes were patched and then either remove the code that checks for HTC signing or find a way to circumvent it.
We had to do things like this when working with mach_kernel when we got ahold of the first developer build of OS X for Intel. It was a pain in the ass and took weeks before we cracked the kernel.
There is even more risk with this though since tampering with the bootloader can definitely permanently brick devices.
joeykrim said:
If you've flashed the official OTA update or your new EVO comes loaded with it, right now it appears there is no way to obtain root...yet!
after going through all these methods with a great helpful member of the unrevoked team, joshua_, this was the final answer:
[22:34] <joeykrim> cant see to find a method to RUU the phone back down ... ive tried all the methods ive seen. any methods i missed?
[22:34] <joshua_> ok, looks like we are hosed then
[22:34] <joshua_> we have a few more tricks up our sleeve sooner or later
If you have any suggestions/ideas, please post. I might have missed a method.
We will work towards obtaining root for those with new EVOs that have the official OTA applied and those who applied the official OTA.
Here are details of the tested methods:
user debug PC36IMG.zip (toast part 1) - bootloader error - Main Version is older! Update Fail! Do you want to reboot device?
eng build PC36IMG.zip (toast part 2) - bootloader error - Main Version is older! Update Fail! Do you want to reboot device?
RUU_Supersonic_1.32.651.6 extracted rom.zip renamed to PC36IMG.zip - bootlaoder error - main version is older
RUU_Supersonic_1.32.651.6_Radio_1.39.00.05.31_release_171253_signed.exe - Error [140]: Bootloader version error The ROM Update Utility cannot update your Android. Please get the correct ROM Update Utility and try again.
RUU_Supersonic_1.32.651.1_Radio_1.39.00.04.26_release_171253.exe- Error [140]: Bootloader version error The ROM Update Utility cannot update your Android. Please get the correct ROM Update Utility and try again.
Stock Recovery - Apply update.zip - clockwork recovery update.zip - E:failed to verify whole-file signature E:signature verification failed
flash_image (flash boot or mtd-eng.img) - copied to /sdcard, but sdcard is mounted with noexec. only partition with write access for non-root user and allows executing is /sqlite_stmt_journals . flash_image can't write to the partitions w/o being run with root permissions. another words, need root access to use flash_image
##786# - Reset - doesn't seem to effect much in the way of bootloader version ...
Click to expand...
Click to collapse
since my frien did the OTA update yesterday and "bricked" his phone i have been trying to fix the phone (i have access to bootloader so it seems to me that maybe, just maybe i can save the phone) anyways, i have been getting a lot of the same error messages anytime i try to update/load any stock rom via bootloader.
what my question is, is there a way to take a 1.47.651.1 rom/image and put it into an ruu? i have looked all over htc's website, but they don't even acknowlege the existence of the evo, at least not that i can find.
joeykrim said:
flash_image (flash boot or mtd-eng.img) - copied to /sdcard, but sdcard is mounted with noexec. only partition with write access for non-root user and allows executing is /sqlite_stmt_journals . flash_image can't write to the partitions w/o being run with root permissions. another words, need root access to use flash_image
...
Click to expand...
Click to collapse
Just curious here, regarding the above step, if you had access to a phone that was already rooted, could you use your sdcard in that phone to copy the files into /data and then transfer the sdcard back to the unrooted phone to flash it then?
Sorry for the long multi quote, there are quite a few good ideas and I wanted to make sure I explored each of them as far as the original poster intended.
EtherealRemnant said:
I think in order for this to be patched, the bootloader code needs to be disassembled between the two versions to find out what bytes were patched and then either remove the code that checks for HTC signing or find a way to circumvent it.
Click to expand...
Click to collapse
interesting ... circumventing the HTC signature check would be perfect and essentially give us an eng build bootloader.
in the RUU.exe rom.zip files, the android-info.txt indicate the MainVer along with a separate hboot.img file. the official OTA didn't have an hboot.img file. It only had a radio.img file which must have updated the MainVer value.
Not sure where on the phone this MainVer value is stored? in the radio?
you're suggesting, compare the bootloader, which is obviously stored somewhere in radio.img as thats the only file being flashed thru the OTA which increments the bootloader version number, against an older radio.img to attempt and find which bytes were changed for the version number?
The radio.img files are all around 22mbs ... ugh
if we're able to find the change in version number on the radio.img, not sure how it would help in flashing over it?
i was kind of thinking down these lines...since the bootloader checks the version number of any file it attempts to flash, the version number is going to be the key.
if we're able to increment (or temp change) the main version number in the file being flashed w/o messing up the htc signature, that could work.
2002wrex said:
what my question is, is there a way to take a 1.47.651.1 rom/image and put it into an ruu?
Click to expand...
Click to collapse
i've heard this was often done back in the WinMo days but i haven't seen anything on this board regarding this approach. if you have any detailed information, we could def look into it!
unknown_owner said:
Just curious here, regarding the above step, if you had access to a phone that was already rooted, could you use your sdcard in that phone to copy the files into /data and then transfer the sdcard back to the unrooted phone to flash it then?
Click to expand...
Click to collapse
very clever concept!
i'm not 100% sure on all the different approaches in the suggestion, but here are the ones it prompted me to explore.
unfortunately, every time the /sdcard is mounted on the phone, its mounted as noexec, meaning no files located on the /sdcard can be executed like programs.
also the /sdcard is mounted with uid=1000 and gid=1015 meaning all files mounted on the /sdcard have their uid/gid overwrote so none of them are allowed root ownership.
without being able to "su" to root access, we aren't able to run any programs with root access.
trying to chownto flash_image to any reference file as root results in:
chownto flash_image /system/bin/chown
Can't change user/group to root!
chown root flash_image
Unable to chmod flash_image: Operation not permitted
if i missed the suggested approach, could you elaborate?
Oh boy...... I thought I was alone in this. I try everything I can and now gave up. Any one can rooted this new OTA please let me know. I really need to downgrade from this.
Made me think of a problem that happened with the Directivo a few years back...
ht t p://dealdatabase.com/forum/showthread.php?t=22154
I was looking around, trying to figure out some way to hack the hdvr2 w/o modifying the prom. I recalled something from the xbox-linux team's presentation for CCC, which was something close to "once you break the chain of trust, the box is forever compromised." I thought to myself: "self, if we can load one kernel via BASH_ENV, why can't we load a second kernel?"
Click to expand...
Click to collapse
So, is there a way we could compromise the kernel? If so, then...
Subscribed...
Not really interested in rooting until froyo is working, and I could really use the wifi fixes this OTA is supposed to offer, but I'll hold off installing it until we know it can eventually be rooted.
Mikesus said:
http://dealdatabase.com/forum/showthread.php?t=22154
So, is there a way we could compromise the kernel? If so, then...
Click to expand...
Click to collapse
i read thru the thread. im not clear on how they used BASH_ENV or any other method to load a 2nd kernel.
unfortunately, i think we have an extra layer of security that they dont. thanks HTC!
without nand unlocked on the kernel partition no data can be stored there including a 2nd kernel.
appreciate the link and info. perhaps the ideas or concepts will spur some innovation!
joeykrim said:
i've heard this was often done back in the WinMo days but i haven't seen anything on this board regarding this approach. if you have any detailed information, we could def look into it!
Click to expand...
Click to collapse
the thing about winmo ruu's (here's a topic i DO know well) is that they are always in a zip. you decompress the zip and have access to all the files. one of them will be the ruu, the rest are all the supporting files/images/rom. all of the android ruu's seem to come as on large exe that doesn't allow access to the files, it merely runs itself. in the winmo days if you got a rom with no ruu, and didn't want to flash from SD, you just took someone elses ruu and dumped the rom image in to the decompressed folder containing the ruu.
i appreciate the help joey, obviously you are busy with your own problems and a lot of people around here just throw you the old "SEARCH BUTTON" response. any help is greatly appreciated!
2002wrex said:
the thing about winmo ruu's (here's a topic i DO know well) is that they are always in a zip. you decompress the zip and have access to all the files. one of them will be the ruu, the rest are all the supporting files/images/rom. all of the android ruu's seem to come as on large exe that doesn't allow access to the files, it merely runs itself. in the winmo days if you got a rom with no ruu, and didn't want to flash from SD, you just took someone elses ruu and dumped the rom image in to the decompressed folder containing the ruu.
Click to expand...
Click to collapse
interesting again .. so the RUU .exe files for android, do have a payload stored in a rom.zip file which is dumped to a temp directory after the RUU .exe starts and before it finishes.
now, the rom.zip files have been pulled and posted in each of the two RUU .exe threads we currently have. these rom.zip files do contain all .img files which are flashed to the phone. the catch is though, just as the PC36IMG.zip files used in root, these rom.zip files seem to have a special HTC signature (checksum?) in their header.
if you open these rom.zip files from the RUU in winzip, it will error out, but using 7zip, they open just fine.
im new to HTC, this is my first HTC android phone and its almost been 4 weeks so this is as much as i know. it seems, if we're able to alter these rom.zip files either used in the RUU .exe or naming them PC36IMG.zip flashed thru the bootloader and the phone excepts them, we would be golden!
to help save you some searching and let you see what im talking about, here is the latest RUU rom.zip file
http://www.joeyconway.me/evo/stock/RUU_Supersonic_1.32.651.6_Radio_1.39.00.05.31_rom.zip
Subscribed, I was able to Order my EVO today so I will be watching for development. I pledge my donations to whoever is able to figure it out. I really appreciate the efforts of this community.
I second that pledge for donations! I, like many others here, updated while knowing that I probably shouldn't have. I knew better...
Subscribed.
Thanks for all the effort and work. I hope ya'll get it figured out.
dang, I just got my evo yesterday and got the update message so I thought it'd be ok to update it as I thought it might have been old.
Came home and was excited to do all my customization and tweaks, but w/ no prevail
So my local best buy will not give the phone to the customer without pushing the new OTA to it :/
Apparently all of the stores will be doing this per Sprint and HTC's request.
EtherealRemnant said:
So my local best buy will not give the phone to the customer without pushing the new OTA to it :/
Apparently all of the stores will be doing this per Sprint and HTC's request.
Click to expand...
Click to collapse
Try calling them ahead of time before picking it up and asking if you can just swing by and pick it up yourself and call Sprint to activate yourself. Tell them you are in a rush, make up a story, and see if they just let you pay for it and run.
I saw a few people post that they built ROMs for this device using dsixda's kitchen. Just wanted to know if you had to create a 'hammerhead' file for the storage mount points since this isn't included in the supported devices (obviously because the tool isn't being updated anymore).
If you created a mount point file, can you please post the contents so I can reuse (fyi... I've installed this on a Mac, but should be able to reverse engineer one from a different OS)? I'm a bit of a noob using this kitchen and just got it configured on my mac yesterday. Just looking to mess around with it a bit for lack of a better thing to do.
I´ve also created device files for several devices, it´s not as hard as it sounds, as long as you´ve read the OP in this thread ?
http://forum.xda-developers.com/showthread.php?t=633246
You need to unpack one Stock Kernel of the device you want to add the support to the kitchen, check the contents of the RAMdisk for the required mounting points and add them yourself ?
teknomar7 said:
I saw a few people post that they built ROMs for this device using dsixda's kitchen. Just wanted to know if you had to create a 'hammerhead' file for the storage mount points since this isn't included in the supported devices (obviously because the tool isn't being updated anymore).
If you created a mount point file, can you please post the contents so I can reuse (fyi... I've installed this on a Mac, but should be able to reverse engineer one from a different OS)? I'm a bit of a noob using this kitchen and just got it configured on my mac yesterday. Just looking to mess around with it a bit for lack of a better thing to do.
Click to expand...
Click to collapse
Gorgtech said:
I´ve also created device files for several devices, it´s not as hard as it sounds, as long as you´ve read the OP in this thread ?
http://forum.xda-developers.com/showthread.php?t=633246
You need to unpack one Stock Kernel of the device you want to add the support to the kitchen, check the contents of the RAMdisk for the required mounting points and add them yourself ?
Click to expand...
Click to collapse
That's how I got to this point to begin with was by going through that thread. I just don't want to get the syntax wrong and I'm not 100% sure what all those parms mean in that template file. Plus the info in the recovery.fstab file seemed to be quite different from the ones already in that folder. I was hoping someone would be able to just give me a copy so I can check my syntax. Sort of a learning experience for me.
i will try