Database Info

HowTo re-flash the recovery image after old 2.1 RUU

This guide was taken from AndroidCentral and I thought I would share it here because it's taken me 4 hours this morning to figure out why I was having so many problems trying to flash a recovery image when I know my phone was rooted and flashed in order to get 2.1 a month or so ago. I have been searching these forums and google and hope anyone else who has my issue finds this post.
1. Make sure you have the Android SDK installed.
2. Download flash_image.zip
3. Download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
Hope this helps. All credit goes to gbhil at Android Central.

You might want to change the title of the post. People might get confused thinking you found a way to downgrade the hboot and not how to flash the recovery image.

Can't get it to work.
I ran the RUU earlier.
Tried to root the old way.......didn't work.
Just tried this to get the recovery image back.
At the SU command it says: permission denied
Thanks,
Bubba.

bubbacs1 said:
Can't get it to work.
I ran the RUU earlier.
Tried to root the old way.......didn't work.
Just tried this to get the recovery image back.
At the SU command it says: permission denied
Thanks,
Bubba.
Click to expand...
Click to collapse
This won't work for the leak that was put out today. You lost root. This process requires root.

bubbacs1 said:
Can't get it to work.
I ran the RUU earlier.
Tried to root the old way.......didn't work.
Just tried this to get the recovery image back.
At the SU command it says: permission denied
Thanks,
Bubba.
Click to expand...
Click to collapse
If you used the new RUU that was leaked today you're screwed. The older 2.1 leaks were test ROMs that were already rooted so you could use the instructions above to flash the RECOVERY. Notice recovery in bold, not bootloader. Once hboot is updated there is no known way to downgrade so you could use an older RUU file.

This rom has no root. There is NO WAY to re-root after flashing the newest RUU. I'm sorry to say... you're ****ed.

HeroMeng said:
This rom has no root. There is NO WAY to re-root after flashing the newest RUU. I'm sorry to say... you're ****ed.
Click to expand...
Click to collapse
So they can't run an older ruu with 1.5?

HeroMeng said:
This rom has no root. There is NO WAY to re-root after flashing the newest RUU. I'm sorry to say... you're ****ed.
Click to expand...
Click to collapse
To clear that up, if you run the RUU you have no root. If you extract the ROM, set it up, and flash it, you will preserve root, just like damageless made for all of us. But, yeah, you are not gonna be able to get back from this one. at least until someone figures it out.

I changed the thread title to hopefully alleviate some confusion. I didn't realize there was a newer RUU released.
I flashed the Damageless Rom and it's running smoothly so far, but I'm still trying to figure out why wifi tethering isn't working out for me. :-(

celemew2 said:
I changed the thread title to hopefully alleviate some confusion. I didn't realize there was a newer RUU released.
I flashed the Damageless Rom and it's running smoothly so far, but I'm still trying to figure out why wifi tethering isn't working out for me. :-(
Click to expand...
Click to collapse
Did you get wifi tether version 1_60? That's the only version that ever worked for me.

Yeah, I have 1.60 installed on my phone right now, but when I try to start tethering, a SU Request black screen comes up and nothing happens until I get an error, "Activity SU Request (in application Superuser Permissions) is not responding."
I'm sure there's an answer somewhere, but lately I haven't been having luck searching for it.
Edit:
Thank you 98classic! All I had to do was enable USB Debugging. (I had it turned off cause I didn't like the warning up top when my phone was plugged into the computer)

"flash_image not found" what the f**k

need the binary? physically check its there with a root explorer
Sent from my broken Typewriter!!!

or do this download and set up the android SDK it itself includes the flash_image binary. after that u will need to open a command prompt on your computer u will have to change directory to platform tools
cd /path/to/platform-tools
after that u will get the chance to do
flash_image recovery /path/to/recovery.img
that will flash the recovery
now reboot into recovery
Typed from my broken Typewriter!!!

The easiest 1.47.651.1 root+nand unlock you'll ever see without a gui (Updated)

Make sure your battery has a decent amount of charge in it, you don't want to run out of juice in the middle of this.
You will need to have the android sdk installed, as you will need to use the adb tool.
Windows users will need to install HTC Sync in order to get the usb driver for the phone installed.
Part 1: In which we find that the Evo spreads easier than a Thai whore during tourist season
Code:
adb shell "rm /data/local/rights/mid.txt"
adb shell "ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt"
adb reboot
Part 2: In which we find that engineers have no personality, but they make one hell of a bootloader
Put the files from Toast's Part 2, for nand unlock onto the sdcard (PC36IMG.zip, mtd-eng.img, recovery.img, flash_image)
then (after making sure the sdcard is remounted to the phone if you used disk mode to xfer the files):
Code:
adb shell "cat /sdcard/flash_image > /data/local/rights/flash_image"
adb shell "chmod 755 /data/local/rights/flash_image"
adb shell "/data/local/rights/flash_image misc /sdcard/mtd-eng.img"
adb reboot bootloader
When asked if you want to update, say yes. Relax for a while, the update takes some time.
When the phone eventually boots back up:
Part 3: In which I find the whore, and make her install a custom recovery
Code:
adb shell "cat /sdcard/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image recovery /sdcard/recovery.img"
After this you should be fully rooted with nand unlock.
I highly recommend going through Whitslack's Starting Over method to bring your software and radios up to date.
You're done.
Pity this only came to light a few days before people are going to be upgrading to a new OTA.
No, this will not work for anyone who updated to 2.2.

epic!!! 789

niice!

Nice Find!
At least now people can be rooted prior to the new OTA!

damn it!
___

Sweet! Wish I had that method starting out. Lol.
Sent from my PC36100 using XDA App

does this method really work??

BAttitude7689 said:
does this method really work??
Click to expand...
Click to collapse
Yes it does.

ok, so i have no idea how that works... care to go into it alittle bit more?

khshapiro said:
ok, so i have no idea how that works... care to go into it alittle bit more?
Click to expand...
Click to collapse
The init scripts chmod 777 mid.txt on boot (this means that anyone can do anything to the file basically). By removing the file and linking it to mtd1, the chmod now makes mtd1 accessible by everyone after a reboot, which means that you can go directly to toast's part2 which starts with flashing mtd-eng.img.
Incidentally it appears the droid eris guys have been using this flaw to their advantage for a while as well ;D.

So no, really? What is "root?"
You do fine work, sir

posting in a legendary thread

Couldn't you then just use wits "start over" method for part two to make the process even shorter?

netarchy said:
Part 1:
Code:
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
adb reboot
Click to expand...
Click to collapse
What would be more interesting is for someone on the new OTA non-root to see if this exists in the Froyo release. I'll look around for a posting of the OTA update non-rooted and try it on my smashed phone. At least I won't care if that thing looses root.

Could we get a "The easiest 1.47.651.1 root method with nand unlock" for dummies? I have no clue what to do with this code.

You need to use an ADB shell for this using the Android SDK....
I tried to use the Evo-Recovery shell and received permission denied errors.
I am not a DEV by any means, and do not claim any credit for any of this. However, for people who need help, this may offer some assistance -- this is definitely the easiest root method out there.
1. Download and Install Android SDK - Learn Here
http://forum.xda-developers.com/showthread.php?t=694250
2. Open up a Command Prompt by holding windows button & pressing R or by pressing Run and typing CMD.
3. Navigate your way in DOS to the Android SDK folder, then to the Tools Folder
4. Then enter in the code in part 1. After each line press enter...the line will repeat below it.
5. Follow Toasts Part 2 -- Link: http://forum.xda-developers.com/showthread.php?t=701835 -- Video found here: http://www.youtube.com/watch?v=tUXTB0eydwE.
5A. Because you didn't do Toast's Part 1 of Root first (you used an exploit provided by the OP), you will NOT have a NAND Backup. Put the Custom ROM you want to load on your SD card, and after unlocking NAND protection and doing the wipes, load it from the custom recovery in lieu of restoring your NAND backup.
6. You're now rooted w/ NAND Unlocked!
7. I would then suggest going here, and running this so you have a fully rooted, stock ROM with all your radio/wimax up to date: http://forum.xda-developers.com/showthread.php?t=715915.

Anyone know if this method will work on an unrevoked3'd Evo? I am trying to acquire full root and I was going to use SimpleRoot today but if this will work...

Thank you for this! Question about number part 7. YOu suggest running the fully rooted stock 1.47.651.1 afterwards. Would it be a bad idea to Just run the fully rooted stock froyo 3.23.651.3 or even any other custom rom for that matter? i.e OMJ's EVO 2.2 Custom rom? Thanks

regulator207 said:
Couldn't you then just use wits "start over" method for part two to make the process even shorter?
Click to expand...
Click to collapse
No because you need the engineering hboot to flash it since it's not signed by HTC.
Should work on 1.32 or 1.47. Nice.
Someone should test if this still works in the new 2.2 update. Good chance it does.

damit!
justinisyoung said:
damn it!
___
Click to expand...
Click to collapse
Hey! That's what I was gonna say!

[Guide] How to gain root on 2.2 for Mac

*******UPDATED 8/31/10 *******
This rooting method was adapted from regaw_leinad's method and toastcfh's method. By following these steps you will successfully downgrade your phone back to android 2.1 in order to gain root.
I don't trust unrevoked as I have had problems with it in the past.

I am not responsible for any damages to your phone.
special thanks to:
regaw_leinad
Sebastian Krahmer
Toastcfh
amon_ra
FILES YOU WILL NEED:
copy and paste into browser
Code:
sdx-downloads.com/sdx/evo/troot/eng-PC36IMG.zip
evo4g.me/downloads//count.php?target=evo-root.zip
files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
developer.android.com/sdk/index.html
You will need the Android SDK in order to communicate between your computer and your phone. Download it (last link above) and follow the setup instructions that it comes with.
Unzip the contents of the evo-root.zip and put all the files from it into the tools folder located in the android sdk folder.
Rename the eng-PC36IMG.zip to PC36IMG.zip and then put it the tools folder located in the android sdk folder. DO NOT UNZIP IT!

******* PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738 *******
Move the recovery-RA-evo-v1.8.0.img into the android sdk folder as well.
Make sure usb debugging is enabled on your device. To do so go to Settings > Applications > Development > and make sure the check box is checked.
Plug your phone into the computer. Select "Charge Only" from the notifications bar.
Open up terminal and navigate your way into the android sdk folder.
Code:
cd /
cd asdk
Push all the files onto your phone.
Code:
tools/adb push /asdk/tools/flash_image /sdcard/
tools/adb push /asdk/tools/rageagainstthecage-arm5.bin /data/local/tmp/
tools/adb push /asdk/tools/mtd-eng.img /sdcard/
tools/adb push /asdk/tools/PC36IMG.zip /sdcard/
tools/adb push /asdk/tools/recovery-RA-evo-v1.8.0.img /sdcard/
Note that the PC36IMG.zip will take longer than the other files to transfer to the sdcard because it is a large file.

Now we will make rageagainstthecage.bin executable.
Code:
tools/adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
You should see this (below) after it has made the change.
Code:
$
Now to use the rooted shell.
Code:
cd /data/local/tmp
./rageagainstthecage-arm5.bin
You will now see some text on your terminal screen describing the exploit. 

Wait for the adb shell to finish the process. At this point it may or may not terminate the current shell session in terminal. If it does then it should look like this:
Code:
users-iMac:asdk user$
If it doesn't it will return to
Code:
$
in that case you need to exit the current session. To do so type
Code:
exit

Now we need initiate a new shell which should now have root permissions.
Enter the following:
Code:
tools/adb shell
and you will see you now have a
Code:
#
instead of
Code:
$
Now we need to flash the mdt-eng.img in order for it to let us install a custom recovery
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
That will flash your misc partition with Toast's mtd-eng.img


This should return you to
Code:
#
Now boot into hBoot
Code:
reboot bootloader
This will reboot your phone into hBoot. It will scan for the PC36IMG.img. When it asks yes or no, select yes.
It should then reflash your phone into the engineering build.
When it asks to reboot select yes.
You will need to flash custom recovery in order to be able to flash other custom roms or modifications. I use Amon_RA's recovery because it works great and has NEVER caused me any problems.
Now, open up terminal and get back into the android sdk folder
Code:
cd /
cd asdk
Since we have already pushed the recovery onto the sdcard we only need to flash the recovery onto the phone so that we can use it
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery-RA-evo-v1.8.0.img
Now lets rename that PC36IMG.zip file again
Code:
mv /sdcard/PC36IMG.zip /sdcard/eng-PC36IMG.zip
that way your phone doesn't try to flash it when you go into recovery each time
And last but not least we need to boot into it to flash a custom rom
Code:
reboot recovery
Your phone should then reboot into Amon_RA's recovery and you may now head over to the dev forum to find your new favorite custom rom.

very nice! can anyone confirm this? my buddy wants me to root his 2.2 and i would like to try this.

To make life easier for some people add this to your post mate, and apply it yourself if you would like.
Here is how to add your sdk/tools directory to your .bash_profile file so you won't have to navigate to the folder each time.
Download this so you'll be able to see your hidden files http://www.mediafire.com/?diimft1ninn Run it, check "Show Hidden Files" then click Restart finder. Now, navigate to your home folder (/Users/UserName/) and see if there's a .bash_profile already there. If not, create with textedit.
Now add this to the file: export PATH=${PATH}:/Path/Of/Your/Sdk/Tools/Folder
Mine is /Users/bmxrider4444/Documents/Android/SDK/tools
Now do not save it as rich text. If yours is in rich text, click on "Format" in the menu bar, and click "make plain text". Now save it as .bash_profile and uncheck "if no extension is provided, use .txt".
Now you can go back to Ghost and uncheck "Show all hidden files" and restart finder again (special thanks to ajones7279 for these steps)
Enjoy!
Just as clarification as to what this does, it enables you to run adb commands and other commands without having to navigate to the /android/tools/ folder every time you want to run adb or whatever.

does this work?

seekis said:
At this point we need to push the recovery onto the sdcard
Code:
tools/adb push "location of recovery-RA-evo-v1.8.0.img" /sdcard/
Click to expand...
Click to collapse
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.

^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am

seekis said:
I don't trust unrevoked as I have had problems with it in the past.

I am not responsible for any damages to your phone.
Click to expand...
Click to collapse
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.

randymac88 said:
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
Click to expand...
Click to collapse
Thats not the exact code no. I just put that as a place holder you are suppose to put in the location of where you have the recovery.img. For example, the exact command for me would be:
Code:
/Users/seekis/Downloads/recovery-ra-evo-v1.8.0.img
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
Click to expand...
Click to collapse
As far as using unrevoked, I stated that I, ME, MYSELF, has had issues with it. not that anybody else has. By all means go and use it if you would like. I will not. It is true that you will loose PRI 1.40, but seeing as how even after installing the OTA from HTC my phone still didn't update it to 1.40, I don't see the issue.

rsage said:
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
Click to expand...
Click to collapse
i believe it does unlock nand seeing as how i adapted it from toasts method

Hey Seekis - question, I'm stuck here. I keep getting "permission denied", or "operation not permitted" when trying to make the exploit executable at this step:
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Am I missing something? I've tried a million times and can't seem to get past this. I've successfully pushed all the files onto the sdcard.
I've also have had some trouble finding the exact root path to these files. I've been able to navigate, but I would think a lot of users would have some trouble.
Regardless, many thanks for getting this posted...
EDIT: I pushed the rageagainstthecage file to the sdcard by mistake. Will try again tomorrow.

ok i got rid of that step by moving the file into the android sdk and pushing it with all the other files

Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!

The wife's EVO is now fully rooted running Baked Snack 1.5 w/Netarchy's kernel. Touch and go there for a minute, but it all worked out. No 1.40 PRI, but I don't really care about that right now.
Woot! Thanks Seekis!!

do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?

FoxHound630 said:
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
Click to expand...
Click to collapse
You can mount the card on your system and copy paste it over as well, yes.

randymac88 said:
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
Click to expand...
Click to collapse
Had the same issue. When i first booked into the bootloader i had to select recovery then flash PC36IMG.zip. Then boot loop. Then i went back into the bootloader and it automagically read in the PC36IMG.zip and flashed it, then i got stock 2.1 root. Just a few minutes of "oh crap"

I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!

atom_jack said:
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
Click to expand...
Click to collapse
i dont know what to tell you other than try again. this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.

seekis said:
i dont know what to tell you other than try again.
Click to expand...
Click to collapse
So after you flash PC36IMG.zip you should automatically get a root (#) prompt when going into the shell? ie, I'll have rooted 2.1 yes?
seekis said:
this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
Click to expand...
Click to collapse
Aha. Ok, I will keep trying til it gives me a root shell, I guess. I also tried unrevoked3 but that didn't seem to work.

Success!! So, I stupidly assumed that all PC36IMG.zip's were the same, and was using the one from the original 2.2 PC thread. Once I got the correct one, voila!
You might want to post the md5 of the one you are using, so there's no confusion for others. Also, you missed a tiny step when you first start up hboot - you have to select fastboot for it to start scanning for PC36IMG.zip.
Thanks!

[GUIDE] Safer way to unroot and revert to stock myTouch 3G 1.2

This method we will use nandroid's recovery option in ClockworkMod
Requirements:
Rooted myTouch 3G 1.2 with USB Debugging
ClockworkMod Recovery Installed (can be install from ROM Manager)
Universal Androot apk saved to your AndroidSDK tools folder
(I will be doing this in adb)
Create the recovery folders
Code:
mkdir /sdcard/clockworkmod
mkdir /sdcard/clockworkmod/backup
mkdir /sdcard/clockworkmod/backup/Stock
Mount the SD card so you can access it on your computer.
Now extract SAPPIMG_Sapphire_T-Mobile_US_2.10.531.4_release_signed.zip (from shipped-roms) [FYI: I had to use 7zip for this] into clockworkmod/backup/Stock.
Now we are down with that unmount it and return to adb.
Once your phone has remounted the SD card do:
Code:
cd /sdcard/clockworkmod/backup/stock
md5sum * > nandroid.md5
cd ../../../
cat /system/bin/flash_image > flash_image
(If you do not have flash_image post here in this thread and I will pm you a link to it)
Reboot the phone and boot into recovery mode (hold home when powering on)
Once in there
**DO A FULL WIPE**
then restore the "Stock" backup from the restore menu,
It should get past boot and system then fail on /data THIS IS NORMAL
It is not safe to reboot your phone
Set up your phone and all that good stuff, then re-enable adb debugging.
in a command prompt cd to your androidsdk/tools folder and run
Code:
adb install UniversialAndroot.apk
and reroot your phone (bare with me)
once that is done do
Code:
adb shell
su
be sure to click allow on the Superuser Permission pop up that shows up on the phone
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/app
rm Superuser.apk
cd ..
cat /sdcard/flash_image > flash_image
chmod 0700 flash_image
./flash_image recovery /sdcard/clockworkmod/backup/Stock/recovery.img
rm flash_image
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
exit
unroot your phone via universal androot and uninstall it via the applications menu
reboot and done!
I have done this a couple times and every time it worked like a charm.

Hey there, I get to inputting the md5 command, but I get cannot create nandroid.md5: permission denied
What am I doing wrong?

Using a SAPPIMG.zip is not at all unsafe and is faster and easier.

Well, I have been trying to use the sappimg.zip from unlockr's guide and on the t-mobile dev forums, but yet all of them end up giving me a Main version is older! error.
I cant seem to find the solution.

I've had the same problem. I have made the gold card a million times (worked rooting the phone) and now it tells me the older error. Thought it would be easier reverting back, guess that's not true.
Anyways, can I get the flash_image file?

getting past the "older version" error
what i did to get past the "older version" error, was this:
step1: re-use gold card and the 1.5 version sappimg.zip from unlockr.com
step2: reboot using the original sappimg for t-mobile (i wont link from the post but i found it on XDA aka use search)
this will reload EVERYTHING as stock MT3g1.2 including original splash, and recovery images.

if you want to revert it to stock, try this: http://forum.xda-developers.com/showthread.php?t=641174, it may help

The safer way is to NOT BOTHER.
The update schedule is to run from today through the 25th inclusive. That's 11 days. The average length of time that any particular user will have to wait is therefore 5.5 days. Chances are that the update will be posted by tonight or tomorrow (latest), and 10 minutes later, it will be fixed so that it doesn't rob you of root (keep your options open!).
So... you save about 5 days of waiting (average) and end up with your options wide open. OR, you can commit to the average and end up locked out, possibly forever.

I like the way you think...
Sent from my T-Mobile myTouch 3G using XDA App

Need eng spl
bartcrusades said:
well, i have been trying to use the sappimg.zip from unlockr's guide and on the t-mobile dev forums, but yet all of them end up giving me a main version is older! Error.
I cant seem to find the solution.
Click to expand...
Click to collapse
just got through doing the same thing tried goldcard method and still got main version older....then i got it right...flash eng spl i beleive it was 0010 then do the sappimg.zip it works and when you finish the update your 0013 spl is back...then used universal androot installed superuser then installed rom manager and made backup of stock then put my phone back the way it was hopefully when the update comes out and i do think it will be a long time before it does i can restore backup of stock unroot with universal androot and uninstall superuser. At least thats the plan. If you want to do this look for kennys posts in the sappimg thread his directions are what i used.

That is the correct way to do it. Eng spl then tmo stock image. When done its back to completely stock.
Sent from my T-Mobile myTouch 3G using XDA App

hey i do not have flash_image can u post up a link? thanks.

[GUIDE] How to downgrade 1.7x/1.8x/2.x to 1.32.405.6

DO NOT USE THIS IF YOUR PHONE CAME WITH GINGERBREAD Or newer Software. Use the Ace Hack Kit for DHD ​
How to downgrade to 1.32.405.6 WWE
HTC - Quietly S-OFF. Again.​
About:
The problems started when HTC released their 1.72.405.3 OTA update. That update could not be rooted, and many people got stuck in stock roms. Now a downgrade method has arrived! After this process, you can use any root (+ S-OFF) method you want. Basically your device will be just like any other Desire HD with older build version. Downgrading will completely reset your device to factory defaults, so remember to back up all important data (such as contacts, game saves and sms messages).
System requirements:
HTC Sync (or ADB drivers)
Desire HD with build number 1.72 or higher
[Warning] Telus DHDs may lose sound because the 1.32.405.6 is not fully compatible with the sound chip. Just start using a custom ROM, and it will work fine.
How to downgrade:
Section 1
Disable any antivirus software
If you have a branded / regional (like Indian or Vodaphone) device, you have to make a Goldcard. Use "mmc2" instead of "mmc1"!!
Download the attached file and extract it
Get stock 1.32 PD98IMG.zip ROM, mirror
Put the PD98IMG.zip into your SD card. Do not put it into a folder, and do not extract it.
Click to expand...
Click to collapse
Section 2a [For Froyo ROMs, 1.7x and 1.8x]
Connect Desire HD to a computer. Charge only, USB Debugging enabled!
Open up a cmd and go to Downgrade folder, execute commands:
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
Click to expand...
Click to collapse
Section 2b [For Gingerbread ROMs, 2.x]
Connect Desire HD to a computer. Charge only, USB Debugging enabled!
Open up a cmd and go to Downgrade folder, execute commands:
Code:
adb push misc_version /data/local/tmp
adb push fre3vo /data/local/tmp
adb shell chmod 777 /data/local/tmp/fre3vo
adb shell chmod 777 /data/local/tmp/misc_version
adb shell
./data/local/tmp/fre3vo -debug -start FBB00000 -end FFFFFFFF
Click to expand...
Click to collapse
Section 3
If you got "#" in the result, you have temporary root! Proceed with commands:
Code:
cd /data/local/tmp
./misc_version -s 1.31.405.6
Close the CMD. Reboot while holding volume down, it will go to the bootloader
Follow the instructions (start the update)
Done. You can now click my thanks button! Proceed with old S-OFF methods, and remove the PD98IMG.zip from your SD. I recommend Radio S-OFF for new users.
Click to expand...
Click to collapse
Big thanks: Scotty2, Guhl and the fre3vo team
Downloadcount for Downgrade package v1 is 15808, and for v2 it is 32012.

FAQ:
Q: Will I lose all my settings and applications?
- Yes, so make a backup with MyBackup Pro.
Q: I have done Radio S-OFF and SuperCID, do I need this?
- No, with those you do not need this kind of trickery.
Q: I have flashed a custom ROM with e.g. 1.84 build number, do I need this?
- No, with ClockworkMod you can jump between builds freely.
Q: It says '#' but I still cannot use root applications!
- That is normal, this method only gives root in command line. Just go ahead and downgrade.
Q: Is my phone Froyo or Gingerbread?
- Check it in Settings -> About -> Software information -> Android version. 2.2 is Froyo and 2.3 is Gingerbread.
Q: How do I navigate to downgrade folder?
- You can read this short and easy explanation.
Click to expand...
Click to collapse
Troubleshooting:
- "Main version is older"? You did not type everything correctly. Please try it again and see if any errors come up.
- "Error opening backup file"? You did not use "Charge only" -connection, or your SD card is faulty.
- "CID mismatch/CID incorrect"? Your device is branded. Just make a Goldcard, put the PD98IMG.zip to the card again and go to the bootloader.
- "Model ID incorrect"? Some Telus DHDs get this, just make a Goldcard.
- "Failed to set prot mask (Inappropriate ioctl for device)"? Use Gingerbread method to downgrade.
- Zip will not load in bootloader? Format your SD card to FAT32, no quick format! You can also try another SD.
- Problems while making Goldcard? See this post.
- PD98IMG.zip md5sum is: C3D244A9F056E48EE3851A14FF52204C
Click to expand...
Click to collapse
If you like my work, please consider: (or just hit the thanks button )

Am I missing something or is it your link that just ain't there ?? lol

mcnob said:
Am I missing something or is it your link that just ain't there ?? lol
Click to expand...
Click to collapse
He's most likely updating it as we type - hate clutter so lets sit back and wait
http://forum.xda-developers.com/showpost.php?p=10428859&postcount=162

mcnob said:
Am I missing something or is it your link that just ain't there ?? lol
Click to expand...
Click to collapse
Look:
http://forum.xda-developers.com/showpost.php?p=10428115&postcount=54
but you should use DHD RUU (not desire Z) and lower version numer (since unbranded rootable version for DHD is 1.32.405.6)

Great work to everyone involved, now finally those lame "root doesn't work" posts will vanish

Excellent
So has any one tried it?

Got temp root trying to flash old ruu...lets see

I have temproot working. Currently downloading the RUU file on my REALLY slow internet...
I think there is a couple of small errors?
cd /data/local/tmp
./misc-version -s 1.31.405.3
should be
cd /data/local/tmp/
./misc_version -s 1.31.405.3
also, the psneuter is a .txt file, just remove the .txt extension to use the file.

robE9 said:
Got temp root trying to flash old ruu...lets see
Click to expand...
Click to collapse
Second confirmation for temp root but I've ran out of time to flash RUU

"So, rebooted in bootloader, loaded pd98img.zip....checked it but after says Main Version is older ! Update Fail ! Press power to reboot.
Any ideeas to try ?

Once i am home again I shall donate a crate of beer to the team!!

BlackTigerX said:
Great work to everyone involved, now finally those lame "root doesn't work" posts will vanish
Click to expand...
Click to collapse
You still will not have permanent root of 1.72/1.75! but this does allow you to downgrade and attain root on older Firmware

robE9 said:
"So, rebooted in bootloader, loaded pd98img.zip....checked it but after says Main Version is older ! Update Fail ! Press power to reboot.
Any ideeas to try ?
Click to expand...
Click to collapse
Did you get #, and did you run the misc_version executable? Did you write the version number correctly there?
ghostofcain said:
You still will not have root of 1.72/1.75! but this does allow you to downgrade and attain root on older Firmware
Click to expand...
Click to collapse
That is right. The psneuter gives temporary root, but as scotty2 said, it kind of shoots the current rom in the head while doing that..

i tried again with _ instead of - at version and now its updating hope will be ok

.. PD98IMG.zip to apply the file gives me an error
View attachment 483907​
Any ideas?. Thanks!

Is it possible to flash the PD98IMG without using an SD card?
My DHD bricked mine http://forum.xda-developers.com/showthread.php?t=895593

apside said:
.. PD98IMG.zip to apply the file gives me an error
Any ideas?. Thanks!
Click to expand...
Click to collapse
What error? I cannot find error in that screenshot.
xdario said:
Is it possible to flash the PD98IMG without using an SD card?
My DHD bricked mine http://forum.xda-developers.com/showthread.php?t=895593
Click to expand...
Click to collapse
The RUU itself might work, but I would not bet on it. Just get a new SD.

apside said:
.. PD98IMG.zip to apply the file gives me an error
View attachment 483907​
Any ideas?. Thanks!
Click to expand...
Click to collapse
dont write "reboot bootloader" just reboot by power buton and press down the volume button until you are in bootloader
Btw the downgrade was succesfull, i just rooted with visionary thx guys a lot :X

at me work fine