Database Info

[ROOT] ROOT Status of Official Sprint 2.1 release RUU: YES! | 6/03

ROOT Status of RUU_Hero_C_Sprint_2.27.651.5_R_signed_release : YES
Update: Regaw finally made it for us all! More info here http://forum.xda-developers.com/showthread.php?t=694572
======================================================
I noticed that someone has mixed up the TEST RUU and the RELEASE RUU. However they are different. The test RUU has su file built inside, other than the release RUU!
I flashed RUU_Hero_C_Sprint_2.27.651.5_R_signed_release.exe and i love it very much.
This update is very great, except that I lose my root access. And I tried every method to get root back again but failed.
1. Using asroot2 to root - Failed
I followed the Sticky GUIDE "How to Root the Sprint CDMA Hero", but failed when running
Code:
/data/local/asroot2 /system/bin/sh
The process was killed.
I know the linux kernel changed to 2.6.29 with the update. Maybe that is the reason why asroot2 does not work.
2. Using flashrec to flash a custom recovery image and then get root - Failed
I installed FlashRec 1.1.3 from zenthought's website, but failed when I tried backingup my recovery image.
3.Using adb to push the su file into the phone - Failed
I dump the su file from damageless's rom and flipz's Fresh 2.1.1 rom. Then using adb to push it into /data/local/ and chmod it to 4777, but running failed. It just said "Permission Denied". However, i push a busybox file into /data/local/ and chmod it to 4777, the busybox command runs ok.
KeithKris pointed that Su doesn't work on /data because that directory is mounted nosuid.
4.Using fastboot to flash a custom recovery image and then get root - Failed
I reboot my phone into fastboot, then connect it to PC using USB. I tried this command "fastboot boot recovery-RA-heroc-v1.6.2.img" but faild, it said "downloading 'boot.img'... FAILED (remote: not allow)".
5.Trying to flash back to RUU_Hero_C_Sprint_2.20.651.1_signed_test.exe - Failed
It said "Error 140: BOOTLOADER Version Error!".
Although regaw_leinad has pointed that the md5s on both(release version and test version) hboots are the EXACT same.
b819083aa9fe456c5a5fbde4917980e2
and
b819083aa9fe456c5a5fbde4917980e2
Click to expand...
Click to collapse
Thanks regaw_leinad for your kind help.
Update: 6. the Volex method - Failed
this volex method is revealed here. Already tested by regaw that 2.1 patched it. It doesn't work.
======================================================
After all these failures, there seems to be at least two ways to get the root back. And regaw_leinad and other guys are working hard on them.
1. Try to make a new asroot2 to exploit the linux 2.6.29/android 2.1 on our cdma hero. Here is the source code of our asroot2 -- heroc 1.5 exploit tool.
2. Try to hack the RUU file (actually we mean the rom.zip in the RUU.exe) and make sure it will pass the Bootloader check and signature check(maybe md5?). Then we could flash a RUU with su built inside and get the root back.
If anyone knows something about how to pass the signature check(maybe md5?) or linux kernel exploit, please share your wisdom. Thank you.
This post will be updated every day until the way to root comes out.
Update: Thanks to the donators in this thread! I believe the devs will find the exploit method soon with your support!
======================================================
BTW: Never ever flash the official 2.1 release RUU.exe unless you know what you are doing. You won't get root access until the exploit method has been found. If you do love the official update, you may flash this damageless's rom dump from the official 2.1 release. And the radio dump from the official 2.1 release is here1 and here2 (thanks to damageless and flipz, and remember flashing radio at your own risk). The only difference between damageless's dump and official RUU's system part is that it has root and busybox and it removed some useless apks.

would it be more like fastboot boot /sdcard/recovery-RA-.........img?

justinisyoung said:
would it be more like fastboot boot /sdcard/recovery-RA-.........img?
Click to expand...
Click to collapse
I tried /sdcard/recovery....img again, faild. Because in this command the image file should be on the PC not on the phone.

1. Make sure you have the Android SDK installed. Read HERE for more info.
2. Download 4shared.com - online file sharing and storage - download flash_image.zip
3. Download 4shared.com - online file sharing and storage - download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
__________________

elhead17 said:
1. Make sure you have the Android SDK installed. Read HERE for more info.
2. Download 4shared.com - online file sharing and storage - download flash_image.zip
3. Download 4shared.com - online file sharing and storage - download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
__________________
Click to expand...
Click to collapse
Sorry dude, there is NO su file in this released version of RUU.
So you won't run su after adb shell

just a question but can you successfully run the testkeys release RUU on your phone?

I thought with new 2.1 update root access was removed and there was no way workaround to get root access. I might be wrong here.
You might want to try RUU back to 1.56 version and try to gain ROOT access and just flash ROM release by the dev's here which still give us ROOT access.
I'm not sure if it even possible to go back from 2.1 to 1.5 RUU. Maybe some with more knowleadge of RUU can chip in here.
In addition the RUU you flash is same one release by Devs here on their modify ROMs.

i dont think it is possible to ruu back to 1.5. i think a dev said something about hboot being updated so it needs a new way for root.

kashb91 said:
i dont think it is possible to ruu back to 1.5. i think a dev said something about hboot being updated so it needs a new way for root.
Click to expand...
Click to collapse
You are correct sir. There's no way to downgrade hboot (without root), just like why you can't run the 1.29 RUU if you ran the 1.56, or yours came with 1.56 on it.

F.A.I.L.
10chars

aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned

gunnyman said:
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
Click to expand...
Click to collapse
well, I'll be around here unless someone buys me an EVO &

It is actually possible to go back to 1.5 even if you used the RUU (well I should say the test RUU). I just did it yesterday so I could take my phone in for service. I'll post how I did it when I'm not mobile. Basically I created an update package to flash the old hboot then used a combination of the 2 main unroot threads. Ended up being able to use the sdcard method after flashing the misc.ing from the other method. I know probably doesn't make sense but I've got it all documented at home.

eme82 said:
It is actually possible to go back to 1.5 even if you used the RUU (well I should say the test RUU). I just did it yesterday so I could take my phone in for service. I'll post how I did it when I'm not mobile. Basically I created an update package to flash the old hboot then used a combination of the 2 main unroot threads. Ended up being able to use the sdcard method after flashing the misc.ing from the other method. I know probably doesn't make sense but I've got it all documented at home.
Click to expand...
Click to collapse
I can't WAIT to read how you did this! I have been dying to get back to original HBoot since I ran the first test RUU back in April.

gunnyman said:
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
Click to expand...
Click to collapse
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.

chuckhriczko said:
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
Click to expand...
Click to collapse
Very very good point I'm not getting an evo till its rooted anyway

chuckhriczko said:
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
Click to expand...
Click to collapse
Possible, but I doubt it.
Chances are it's an entirely different kernel. My guess is the EVO gets a 2.6.30+ Kernel - It's hardware is completely different from ours. QUALCOM doesn't even make our chipset any more.

I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?

zemerick said:
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
Click to expand...
Click to collapse
I'm still using pre6 seems to be the one for the Hero.

zemerick said:
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
Click to expand...
Click to collapse
Here's the link: http://code.google.com/p/android-wi...ireless_tether_1_60_htc.apk&can=2&q=HTC+Donut

{Howto}Downgrrade form rooted 1.47.651.1

Ok... If your wimax isn't working and you want to downgrade to try to get it working this is how to do it...
1st get all of the files like you want to do Toast's Part-2. link: http://forum.xda-developers.com/showthread.php?t=701835
Then do this part:
STEP 2~FLASHING MTD PARTITION TO ENABLE DOWNGRADE:
- download all files posted above
- unzip the flash_image.zip and the mtd-eng.zip
- put the flash_image and mtd-eng.img on the root of your sdcard
- go into shell on ur pc and do:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
- this should only take a second or two
- now put the PC36IMG.zip on the root of your sdcard
- power off the phone
STEP 3~FLASHING ENG BUILD:
- hold volume down + power to boot into hboot
- it should now find and verify the PC36IMG.zip on the root of your sdcard. itll show a blue status bar on the top right of the screen.
- after a minute or so it will ask u if u wanna flash SAY YES
- affter it flashes the PC36IMG.zip it will ask if you wanna reboot. SAY YES
After if finally boots you should see HTC quietly brilliant which hangs forever but it should eventually get past it. Once it does you will have the oldest everything. This is a beta build and has a bunch of tools but just do an upgrade to root like you normally would. I would suggest going to .6 then upgrading to the latest 47 from there.
Hope that this helps someone.
P.S. is anyone willing to dump all of the tools that are included in this rom. It might be helpful for the other devs.

Thats the hard way... but yeah it'l work.
Why is everyone so hype on adb everything...?

Tell me the easy way. I would love to do it instead.

kthejoker20 said:
Thats the hard way... but yeah it'l work.
Why is everyone so hype on adb everything...?
Click to expand...
Click to collapse
It's just easier to copy and paste stuff, even typing on a real keyboard. It's a pain in the ass doing it via terminal emulator with the lack of a physical keyboard on our Evo's.

Can anyone confirm if this helps fix the 4g issue?

krosemm said:
Can anyone confirm if this helps fix the 4g issue?
Click to expand...
Click to collapse
If you used the unrevoked, no it wont.
There is no fix for 4g from unrevoked yet.

Neotelos_com said:
If you used the unrevoked, no it wont.
There is no fix for 4g from unrevoked yet.
Click to expand...
Click to collapse
I used the toast method. And if i'm not mistaken I should flash roms w/o the 1.47.651.1 OTA update after downgrading right?

Nope, I try this method and it is not working. Some how the new OTA encrypted a code that any lower version will not over write it.

You don't have root access to even copy/paste or push the files to /data. I tried this and got a permission denied error message.

How do you input adb shell into Vista, I clicked "start", "run" and type "cmd" it bring up C:\users\XXXXX\ cd c:\android hit "enter"
then I type
c:\android>adb remount
Access is denied
Please advise what I did wrong. thanks

It worked for me... you have to make sure that when you enter the su command in adb to look at your phone. There should be a super user permission box that pops up. Accept it and youll be able to adb. It went fine for me after that.

urcboss07 said:
How do you input adb shell into Vista, I clicked "start", "run" and type "cmd" it bring up C:\users\XXXXX\ cd c:\android hit "enter"
then I type
c:\android>adb remount
Access is denied
Please advise what I did wrong. thanks
Click to expand...
Click to collapse
1) Put your phone on USB Debug
2) On your Phone make sure the Ninja(SuperUserPermission) is set to prompt you when you have a request.
3) go to your PC and type in adb shell
4) type in SU
5) Once do you that you will see a prompt from the Ninja asking for a request. Allow for it. And it will remember from that point forward.
6) Look at your cmd prompt screen for a # - if you have it you have full access.
Then so what commands you have been given to do.
It can also be done from the Android Terminal Emulator but some might not like working with a smaller screen I like it myself. Makes me feel geeky

mrmomoman said:
1) Put your phone on USB Debug
2) On your Phone make sure the Ninja(SuperUserPermission) is set to prompt you when you have a request.
3) go to your PC and type in adb shell
4) type in SU
5) Once do you that you will see a prompt from the Ninja asking for a request. Allow for it. And it will remember from that point forward.
6) Look at your cmd prompt screen for a # - if you have it you have full access.
Then so what commands you have been given to do.
It can also be done from the Android Terminal Emulator but some might not like working with a smaller screen I like it myself. Makes me feel geeky
Click to expand...
Click to collapse
This would only work if after the messup your still has root access. Some people have root and the "SU" will work but for the people w/o root will get access denied.

also
From above (I hate quoting) have you tried going to your tools folder inside your android folder and from there try your adb commands?

If you applied the OTA sent from Sprint, you lost root access. There will be no Ninja in the programs folder, because it was a new rom that the was flashed with the OTA. Root access has been closed for those that downloaded the update. If you try and type su, you will get permission denied.
Those of you that still have the root and superuser rights, DON'T DOWNLOAD THE OTA!! You are in a better position then the rest of us. I wanted the good battery life, so that's why I did it.

---==={ROOT GUIDE}===--- | 1.47.651.1 ROOT method |

EPIC EASY ROOT!! COURTESY OF NETARCHY!!
netarchy said:
Part 1:
Code:
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
adb reboot
Part 2:
Toast's Part 2, for nand unlock
Click to expand...
Click to collapse
Everything below is grayed out as it is now of historical interest.
Simpleroot method for this version is out, this app makes rooting this ROM version much easier.
This method developed by an anonymous user. It is for rooting the new OTA v1.47.651.1. If your stuck with the new ota or just bought an EVO with this version, this is for you.
UPDATE 7/6:Hackfiles updated. See end of this post.
VIDEO TUTORIAL HERE, Courtesy of jiqqaman
Make sure you have adb ready to go and know how to get into adb shell. You must use the EVO browser to perform these steps. If these steps don't work, use recovery to wipe your phone and start fresh (you will lose all of your data on the phone)
1. Unzip the files into a directory somewhere on your computer
2. Put the files into the root of your sdcard (mount the EVO as a disk drive)
3. Unmount your phone
4. Run "adb shell" and start part1 on your phone:
Code:
Code:
sh /sdcard/part1
5. If the script says to power down, hold your power button and turn off your phone, then turn it back on.
6. When it starts up it will ask you to open the EVO browser. open your EVO browser to http://bit.ly/ad0pRn
7. When it asks you to, refresh the EVO browser on the same page
8. Reboot your phone with "adb reboot"
9. Run adb shell as soon as you can (when the HTC logo is still showing). You need to be fast. If you get "error: device not found", try again.
Code:
Code:
adb shell /data/local/part2
10. It should print after part2 finished:
Code:
Code:
crw-rw-rw- root root 90, 2 2010-07-05 19:37 mtd1
11. When your phone finished booting, flash toastcfh's mtd-eng.img to misc:
Code:
Code:
cat /sdcard/flash_image > /data/local/flash_image
chmod 755 /data/local/flash_image
/data/local/flash_image misc /sdcard/mtd-eng.img
12. Now flash the Engineering SPL with toastcfh's post: http://forum.xda-developers.com/showthread.php?t=701835
13. If your are having troubles, you may find useful information HERE
FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY. DON'T **** UP YOUR ROOT!
zikronix said:
Permanant mirror for the updated hackfiles2
Updated Hackfiles2
Click to expand...
Click to collapse

Brilliant .
Thanks

Wow that was faster than I had anticipated. Will be interesting to see if this works for people. Good work!

Yay root, adobe haxed?

Omg..... I'm going to try this when I get home
Sent from my PC36100 using Tapatalk

SteelH you might wanna update your thread title to reflect correct version number 1.47.651.1 (says 1.46.651.1 at the moment)

Seriously?!? Dang that is amazing. I am a newb so will wait for others to work it out...and for someone to set up a three click...LOL. (I was a bit worried about the contest money. I'll donate to whomever gets a set up a newb can follow.)
Till then I'll let the more adventurous tell us how it goes.
Great work if this is for real!

wow props to the person that did this and props for it being anonymous!!!

does this really work?

Has anybody confirmed this?
Sent from my PC36100 using XDA App

EPIC!!
EPIC!!!!! Way to go community!

seankent4uf said:
SteelH you might wanna update your thread title to reflect correct version number 1.47.651.1 (says 1.46.651.1 at the moment)
Click to expand...
Click to collapse
Thank you.

If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."

WOW!
You guys are amazing..

This is gonna be a hectic week, I can already tell...
HTC releases source, OTA-root method!
Can't wait until some of these new FroYo ROMs start popping up.
ninja edit: So who wins the $600?

seankent4uf said:
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
Click to expand...
Click to collapse
meh i tried that but still no one listened. :-/

seankent4uf said:
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
Click to expand...
Click to collapse
That can't be said enough.
mcjx said:
This is gonna be a hectic week, I can already tell...
HTC releases source, OTA-root method!
Can't wait until some of these new FroYo ROMs start popping up.
ninja edit: So who wins the $600?
Click to expand...
Click to collapse
Anonymous. That is if everyone puts their money where their mouth is. Follow the other thread to see who does or doesn't pay up. I will keep it updated.

Epic, big win for the community

now how do we patch the hole in flash aftewards? kinda doesnt give me that warm fuzzy feeling we can gain root from flashlite....

XDA devs to the rescue, again!

[Guide] How to gain root on 2.2 for Mac

*******UPDATED 8/31/10 *******
This rooting method was adapted from regaw_leinad's method and toastcfh's method. By following these steps you will successfully downgrade your phone back to android 2.1 in order to gain root.
I don't trust unrevoked as I have had problems with it in the past.

I am not responsible for any damages to your phone.
special thanks to:
regaw_leinad
Sebastian Krahmer
Toastcfh
amon_ra
FILES YOU WILL NEED:
copy and paste into browser
Code:
sdx-downloads.com/sdx/evo/troot/eng-PC36IMG.zip
evo4g.me/downloads//count.php?target=evo-root.zip
files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
developer.android.com/sdk/index.html
You will need the Android SDK in order to communicate between your computer and your phone. Download it (last link above) and follow the setup instructions that it comes with.
Unzip the contents of the evo-root.zip and put all the files from it into the tools folder located in the android sdk folder.
Rename the eng-PC36IMG.zip to PC36IMG.zip and then put it the tools folder located in the android sdk folder. DO NOT UNZIP IT!

******* PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738 *******
Move the recovery-RA-evo-v1.8.0.img into the android sdk folder as well.
Make sure usb debugging is enabled on your device. To do so go to Settings > Applications > Development > and make sure the check box is checked.
Plug your phone into the computer. Select "Charge Only" from the notifications bar.
Open up terminal and navigate your way into the android sdk folder.
Code:
cd /
cd asdk
Push all the files onto your phone.
Code:
tools/adb push /asdk/tools/flash_image /sdcard/
tools/adb push /asdk/tools/rageagainstthecage-arm5.bin /data/local/tmp/
tools/adb push /asdk/tools/mtd-eng.img /sdcard/
tools/adb push /asdk/tools/PC36IMG.zip /sdcard/
tools/adb push /asdk/tools/recovery-RA-evo-v1.8.0.img /sdcard/
Note that the PC36IMG.zip will take longer than the other files to transfer to the sdcard because it is a large file.

Now we will make rageagainstthecage.bin executable.
Code:
tools/adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
You should see this (below) after it has made the change.
Code:
$
Now to use the rooted shell.
Code:
cd /data/local/tmp
./rageagainstthecage-arm5.bin
You will now see some text on your terminal screen describing the exploit. 

Wait for the adb shell to finish the process. At this point it may or may not terminate the current shell session in terminal. If it does then it should look like this:
Code:
users-iMac:asdk user$
If it doesn't it will return to
Code:
$
in that case you need to exit the current session. To do so type
Code:
exit

Now we need initiate a new shell which should now have root permissions.
Enter the following:
Code:
tools/adb shell
and you will see you now have a
Code:
#
instead of
Code:
$
Now we need to flash the mdt-eng.img in order for it to let us install a custom recovery
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
That will flash your misc partition with Toast's mtd-eng.img


This should return you to
Code:
#
Now boot into hBoot
Code:
reboot bootloader
This will reboot your phone into hBoot. It will scan for the PC36IMG.img. When it asks yes or no, select yes.
It should then reflash your phone into the engineering build.
When it asks to reboot select yes.
You will need to flash custom recovery in order to be able to flash other custom roms or modifications. I use Amon_RA's recovery because it works great and has NEVER caused me any problems.
Now, open up terminal and get back into the android sdk folder
Code:
cd /
cd asdk
Since we have already pushed the recovery onto the sdcard we only need to flash the recovery onto the phone so that we can use it
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery-RA-evo-v1.8.0.img
Now lets rename that PC36IMG.zip file again
Code:
mv /sdcard/PC36IMG.zip /sdcard/eng-PC36IMG.zip
that way your phone doesn't try to flash it when you go into recovery each time
And last but not least we need to boot into it to flash a custom rom
Code:
reboot recovery
Your phone should then reboot into Amon_RA's recovery and you may now head over to the dev forum to find your new favorite custom rom.

very nice! can anyone confirm this? my buddy wants me to root his 2.2 and i would like to try this.

To make life easier for some people add this to your post mate, and apply it yourself if you would like.
Here is how to add your sdk/tools directory to your .bash_profile file so you won't have to navigate to the folder each time.
Download this so you'll be able to see your hidden files http://www.mediafire.com/?diimft1ninn Run it, check "Show Hidden Files" then click Restart finder. Now, navigate to your home folder (/Users/UserName/) and see if there's a .bash_profile already there. If not, create with textedit.
Now add this to the file: export PATH=${PATH}:/Path/Of/Your/Sdk/Tools/Folder
Mine is /Users/bmxrider4444/Documents/Android/SDK/tools
Now do not save it as rich text. If yours is in rich text, click on "Format" in the menu bar, and click "make plain text". Now save it as .bash_profile and uncheck "if no extension is provided, use .txt".
Now you can go back to Ghost and uncheck "Show all hidden files" and restart finder again (special thanks to ajones7279 for these steps)
Enjoy!
Just as clarification as to what this does, it enables you to run adb commands and other commands without having to navigate to the /android/tools/ folder every time you want to run adb or whatever.

does this work?

seekis said:
At this point we need to push the recovery onto the sdcard
Code:
tools/adb push "location of recovery-RA-evo-v1.8.0.img" /sdcard/
Click to expand...
Click to collapse
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.

^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am

seekis said:
I don't trust unrevoked as I have had problems with it in the past.

I am not responsible for any damages to your phone.
Click to expand...
Click to collapse
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.

randymac88 said:
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
Click to expand...
Click to collapse
Thats not the exact code no. I just put that as a place holder you are suppose to put in the location of where you have the recovery.img. For example, the exact command for me would be:
Code:
/Users/seekis/Downloads/recovery-ra-evo-v1.8.0.img
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
Click to expand...
Click to collapse
As far as using unrevoked, I stated that I, ME, MYSELF, has had issues with it. not that anybody else has. By all means go and use it if you would like. I will not. It is true that you will loose PRI 1.40, but seeing as how even after installing the OTA from HTC my phone still didn't update it to 1.40, I don't see the issue.

rsage said:
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
Click to expand...
Click to collapse
i believe it does unlock nand seeing as how i adapted it from toasts method

Hey Seekis - question, I'm stuck here. I keep getting "permission denied", or "operation not permitted" when trying to make the exploit executable at this step:
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Am I missing something? I've tried a million times and can't seem to get past this. I've successfully pushed all the files onto the sdcard.
I've also have had some trouble finding the exact root path to these files. I've been able to navigate, but I would think a lot of users would have some trouble.
Regardless, many thanks for getting this posted...
EDIT: I pushed the rageagainstthecage file to the sdcard by mistake. Will try again tomorrow.

ok i got rid of that step by moving the file into the android sdk and pushing it with all the other files

Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!

The wife's EVO is now fully rooted running Baked Snack 1.5 w/Netarchy's kernel. Touch and go there for a minute, but it all worked out. No 1.40 PRI, but I don't really care about that right now.
Woot! Thanks Seekis!!

do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?

FoxHound630 said:
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
Click to expand...
Click to collapse
You can mount the card on your system and copy paste it over as well, yes.

randymac88 said:
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
Click to expand...
Click to collapse
Had the same issue. When i first booked into the bootloader i had to select recovery then flash PC36IMG.zip. Then boot loop. Then i went back into the bootloader and it automagically read in the PC36IMG.zip and flashed it, then i got stock 2.1 root. Just a few minutes of "oh crap"

I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!

atom_jack said:
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
Click to expand...
Click to collapse
i dont know what to tell you other than try again. this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.

seekis said:
i dont know what to tell you other than try again.
Click to expand...
Click to collapse
So after you flash PC36IMG.zip you should automatically get a root (#) prompt when going into the shell? ie, I'll have rooted 2.1 yes?
seekis said:
this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
Click to expand...
Click to collapse
Aha. Ok, I will keep trying til it gives me a root shell, I guess. I also tried unrevoked3 but that didn't seem to work.

Success!! So, I stupidly assumed that all PC36IMG.zip's were the same, and was using the one from the original 2.2 PC thread. Once I got the correct one, voila!
You might want to post the md5 of the one you are using, so there's no confusion for others. Also, you missed a tiny step when you first start up hboot - you have to select fastboot for it to start scanning for PC36IMG.zip.
Thanks!

[ROOT] Easy Root, works with any Stock ROM (Including 2.31.651.7!)

Disclaimer: This is not one-click. However, it IS relatively short and straightforward, and does not require you to downgrade.
Credits: The 743C exploit, and ChainsDD for Superuser.
You need:
Android SDK installed and working.
The zip attached to this post.
If you're still on Cupcake (Android 1.5) you'll need su and Superuser from http://bit.ly/su2361cd
So, let's get down to business.
Unzip the attached file into your /android-sdk/tools/ directory, it'll make your life (and ours) easier.
Open up your command line, change to the SDK tools directory, and enter these commands:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
Now execute the exploit:
Code:
adb shell
/data/local/tmp/rageagainstthecage-arm5.bin
Wait for the exploit to finish.
Code:
exit
If it doesn't exit cleanly, chances are it worked, just close your terminal or command prompt and open a new one.
Test that it worked:
Code:
adb kill-server
adb start-server
adb shell
If you see a $, it DID NOT work, execute the exploit again. (Step 3)
If you see a #, it WORKED, continue:
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
You may need to ctrl-c once it says Success!
Next time you 'su' in adb shell, make sure to click Allow in Superuser!
You may instead install Superuser from the Market if you wish.
Clean up the exploit:
Code:
adb shell rm /data/local/tmp/rageagainstthecage-arm5.bin
If you ever do a "Factory Reset", Superuser will go away, but you DO NOT lose root. Just reinstall Superuser.
What next? The choice is yours! Remove stock apps, get some good 'ol WiFi tethering, or flash something different!
*NOTE*
The above steps DO NOT put a recovery on your phone, though it is VERY EASY.
Once you're rooted, install ROM Manager by Koushik Dutta from the Market. Open it up, click "Flash ClockworkMod Recovery".
Select your model (Hero CDMA), and hit Allow when the Superuser Prompt shows up.
*NOTE*
The above steps DO NOT install Busybox on your phone.
Simply install Busybox from Stephen (Stericson), available on the market.
Start the app and click Allow when prompted by Superuser.
How To Uninstall
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
rm /system/xbin/su
rm /etc/passwd
rm /etc/group
Uninstall Superuser.apk then reboot, and you're set!

tehdarkknight said:
Disclaimer: This is not one-click. However, it IS relatively short and straightforward.
Credits: The 743C exploit, and ChainsDD for Superuser.
You need:
Android SDK installed and working.
The zip attached to this post.
So, let's get down to business.
Unzip the attached file into your /android-sdk/tools/ directory, it'll make your life (and ours) easier.
Open up your command line, change to the SDK tools directory, and enter these commands:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
Now execute the exploit:
Code:
adb shell
/data/local/tmp/rageagainstthecage-arm5.bin
Wait for the exploit to finish.
Code:
exit
If it doesn't exit cleanly, chances are it worked, just close your terminal or command prompt and open a new one.
Test that it worked:
Code:
adb kill-server
adb start-server
adb shell
If you see a $, it DID NOT work, execute the exploit again. (Step 3)
If you see a #, it WORKED, continue:
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
You may need to ctrl-c once it says Success!
Next time you 'su' in adb shell, make sure to click Allow in Superuser!
That's it!
I won't give directions on installing a recovery or flashing another rom, there are plenty of threads detailing how to do so.
Click to expand...
Click to collapse
Pretty straightforward. This will probably help a lot of newer hero owners, because amazingly, people are still buying them every day!
If I get a chance to test it out, I will.

Nice job. Should be stickied so people don't run around searching through all the old rooting threads which aren't as compatible with the newer RUU versions.

Worked nicely on a refurb Hero that Sprint sent due to the dust problem.
Thanks!

Works great for me

Why am I having trouble doing this? I was able to do it on one Hero though not after many retries, but not on another.

tehdarkknight said:
Disclaimer: This is not one-click. However, it IS relatively short and straightforward, and does not require you to downgrade.
Credits: The 743C exploit, and ChainsDD for Superuser.
Click to expand...
Click to collapse
Great! I can't live without WiFi tethering my iPad which is why I haven't done the 2.31.651.7 HTC OTA update at all.
So, I take it that this exploit will root the Official RUU_Hero_C_Sprint_2.31.651.7_signed_release.exe file then too? I ask because I really don't like to do 'update patches'. I prefer to flash and start fresh so I'm planning on flashing the RUU and then doing this root exploit. Yes, No???

DaWeav said:
Great! I can't live without WiFi tethering my iPad which is why I haven't done the 2.31.651.7 HTC OTA update at all.
So, I take it that this exploit will root the Official RUU_Hero_C_Sprint_2.31.651.7_signed_release.exe file then too? I ask because I really don't like to do 'update patches'. I prefer to flash and start fresh so I'm planning on flashing the RUU and then doing this root exploit. Yes, No???
Click to expand...
Click to collapse
I tested it with the very same RUU, it works.

tehdarkknight said:
I tested it with the very same RUU, it works.
Click to expand...
Click to collapse
SUPER!
Because when I saw this post, I tried to download the latest OTA patch, but my phone just responds 'Your phone is up to date. There are no updates available for your phone'. Strange, because I'm on 2.27.651.6 and the OTAcerts.ZIP is in tact.
Oh well, FEAR NOT, because after I get back from the store this morning, then get the TV tuned to the split screen with football on one and the baseball playoffs on the other, and get Leo Laporte's TechGuy radio show screaming...it'll be the perfect time to flash my phone to factory fresh.
Thanks.

Works perfectly on latest and "greatest" stock ROM... excellent

DaWeav said:
SUPER!
Because when I saw this post, I tried to download the latest OTA patch, but my phone just responds 'Your phone is up to date. There are no updates available for your phone'. Strange, because I'm on 2.27.651.6 and the OTAcerts.ZIP is in tact.
Click to expand...
Click to collapse
Same thing happened to me, that's why I tested this method with the RUU

What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Sent from my HERO200 using XDA App

tehdarkknight said:
Same thing happened to me, that's why I tested this method with the RUU
Click to expand...
Click to collapse
Well, I just did the RUU, then did this root, then loaded WiFi Tether, and I'm back in business with my iPad tethering.
Vandelay007 said:
What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Click to expand...
Click to collapse
One reason is that when I tried to download the latest OTA update today, I could not. And another reason is before I RUU'd, I had less than 50MB of available memory, but now I have 96MB available with all of my programs loaded again. So for me, it just seems more and more that Android (or HTC Sense) is like Windows boxes since it seems I have to reload the Android OS every now and then to clean things out.

Vandelay007 said:
What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Sent from my HERO200 using XDA App
Click to expand...
Click to collapse
Well, if you're using Sprint's official stock .5 rom, with no tweaks applied, you gain the advantage of having an up-to-date rom with the latest bugfixes from Sprint, plus I would say my root method is less invasive and more transparent than other root methods. My personal opinion is that it feels like a root method that can't be abused easily.

SuperOneClick

But I don't need storage space with firerats custom mtd partition....I have over 200mb free with over 50 apps and zero of them on m SD card
Sent from my HERO200 using XDA App

this isnt working.... I can't get passed step 3... my phones just restarts, and then i can't get any further than that.

devonkosa said:
this isnt working.... I can't get passed step 3... my phones just restarts, and then i can't get any further than that.
Click to expand...
Click to collapse
Give us some info. What's your ROM version?

aosp said:
SuperOneClick
Click to expand...
Click to collapse
Is SuperOneClick the same method of rooting?

chiill said:
Is SuperOneClick the same method of rooting?
Click to expand...
Click to collapse
Yes it is....
Ok guyz, I'm going to help yall out !!!!
Look at this and this works I just did it.... any questions pm me then I will post up on here....
http://forum.xda-developers.com/showthread.php?t=803682
This is for rooting your hero and other android devices, even at .7 on the Hero.... I just did this and I laughed at out quick and easy this was... Just make sure you are charge only, and you unzip the downloaded file,.. then open up the SuperOneClickv1.3-ShortFuse.zip on your computer somewhere and open up the SuperOneClick program, and bam you are done....
http://forum.xda-developers.com/atta...5&d=1286657043