Please note, this is NOT my own work. It's on the CM Wiki, but since so many people seem to not want to be bothered to read the damn wikis for their intended purpose, I'm going to be a ratbastard enabler and post the steps HERE in a thread, so next time someone goes to post to ask how, IF they use the search function they'll find THIS thread and not threadnaught this forum with questions about how to do it.
This has been tested and works 100%. I have not tried it for CM6, and I don't suggest anyone try it on a 911 patched Rogers Dream until CM6 is stable AND there's a proper kernel image for Dream/Magic 32A/32B. As usual, I hold no responsibility if this bricks your Dream. I have made ROMs for the Raphael, Rhodium, Topaz, and Kaiser, and am an expert on those devices but this is my first actual Android device that I've had for less than a week, and just rooted/flashed it today, so I am NOT an Android expert AT ALL.
Original Guide: Here!
(Note: This guide is for CM5)
Step 1) Download all of the required software. SDK, Fastboot, Exploid from DroidXRoot, SPL 1.33.2005, Amon_Ra Recovery for CM, CM5 Itself, Googleapps, and extra kernel for Rogers Dream.
Step 2) Install extract the SDK archive and rename it to 'sdk' for easier use. In Windows, extract to C:\sdk, linux ~/home/sdk, mac .. wherever you want. Extract the Fastboot.zip to the sdk/tools folder. Move exploid, SPL, and Recovery to sdk/tools for easier use with adb.
Step 3) On your Dream, go to Settings->Applications->Development and enable USB Debugging, and connect your Dream to your computer via USB cable.
Step 4) Enter your sdk/tools directory and type the following:
Code:
* adb push spl-signed.zip /sdcard/1_33_2005_spl.zip
* adb push update-cm5* /sdcard/update-cm5*
* adb push gapps-ds-ERE36B-signed.zip /sdcard/gapps-ds-ERE36B-signed.zip
* adb push bc-5.0.x-ebi1-signed.zip /sdcard/bc-5.0.x-ebi1-signed.zip
* adb push recovery-RA-dream-v1.7.0R-cyan.img /data/local
* adb push exploid /sqlite_stmt_journals
* adb shell chmod 777 /sqlite_stmt_journals/exploid
(*whatever your CM image is.)
Step 5) Running Exploid!
Code:
adb shell /sqlite_stmt_journals/exploid
should produce the following:
Code:
$ adb shell /sqlite_stmt_journals/exploid
[*] Android local root exploid (C) The Android Exploid Crew
[*] Modified by birdman for the DroidX
[+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
[+] opening NETLINK_KOBJECT_UEVENT socket
[+] sending add message ...
[*] Try to invoke hotplug now, clicking at the wireless
[*] settings, plugin USB key etc.
[*] You succeeded if you find /system/bin/rootshell.
[*] GUI might hang/restart meanwhile so be patient.
Now unplug/replug USB cable to apply exploit. ROOOOOTED!
Step 6) Custom Recovery time!
Type the following:
Code:
adb shell
this will take you to a $ prompt (that's the shell.)
Code:
rootshell
this will ask for a password, which is 'secretlol' without quotes.
Now that you're at a root shell, type
Code:
chmod 666 /dev/mtd/mtd1
exit
Now you're back at the regular shell prompt, type:
Code:
flash_image recovery /data/local/recovery-RA-dream-v1.7.0R-cyan.img
If this gives a "mtd: read error at 0x00000000 (Out of memory)" error, it's okay, just type it again and it should work without the error. This is normal, do not panic.
Once this is complete, type
Code:
exit
and power down the phone. (long hold end key)
Step 7) SPL
Hold Home and press the End key to power up the Dream. At the recovery menu select
Code:
Flash Zip from SDCARD
and select the
Code:
1_33_2005_spl.zip
.
Now reboot by holding home+back. It will take you back to the recovery shell, and this is okay. This is actually what we want. Now, type
Code:
adb shell reboot bootloader
and watch the screen to verify that you see:
Code:
HBOOT: 1.33.2005
RADIO: 3.22.26.17
Now, run the following Fastboot commands:
Code:
fastboot erase system -w
fastboot erase boot
fastboot oem powerdown
Step 8) Flashing CM!
Press home+end to power up the phone in recovery mode, and select
Code:
Flash Zip from SDCARD
, Select your CM image, then
Code:
Flash Zip from SDCARD
and select gapps-ds-ERE36B-signed.zip, and finally
Code:
Flash Zip from SDCARD
and select bc-5.0.x-ebi1-signed.zip.
Once that is complete, home+back to reboot, and you're done. That's it. First CM boot may take 5-15 mins.
Reserved for updates
Click to expand...
Click to collapse
Time for the update!
CyanogenMod6rc3
EBI1 Kernel for CM6rc3
Google Apps, Mdpi Tiny for CM6
Use these the same way you would in the above steps for flashing CM5, obviously replacing the zip files from CM5 with the ones from CM6 during the adb push, and the flashing from zip in recovery console. This should work exactly the same as the above version, but the end result is that you'll have FroYo instead of Eclair.
I waited until RC3 for this update because, in my opinion, RC2 was a bit laggy and overall wasn't as stable.
Also note: This process will work for roms OTHER than CyanogenMod so long as they're either based on CM or have an EBI1 Kernel available. Make sure you use the correct EBI1 Kernel by checking what gapps version the Rom uses if it's CM-based but doesn't link to an EBI1 Kernel. For example, if it's gapps-mdpi-FRF91-3 then it's the CM6rc2 EBI1 Kernel you need.
Any questions? Post 'em here.
Thanks for posting this. I know some people got confused.
I highly recommend people also look at the pre existing thread: http://forum.xda-developers.com/showthread.php?p=7306638#post7306638 if they have questions as that is where the q/a is at.
ezterry said:
I highly recommend people also look at the pre existing thread: http://forum.xda-developers.com/showthread.php?p=7306638#post7306638 if they have questions as that is where the q/a is at.
Click to expand...
Click to collapse
The difference is your thread is a vague shortened process that assumes people are going to follow all the links in your post and read through pages of comments to figure out the exact steps of your "simplified process", where my thread gives them a one-stop-shop from stock to a stable rom. You've linked to your thread, so now people who don't mind looking around then posting tons of questions have their place to go.
Tl;dr version: this thread is for the people who can barely be bothered to use the search function and want everything in one place, your thread is for "everyone else".
Sent from my HTC Dream using XDA App
agentfusion said:
The difference is your thread is a vague shortened process that assumes people are going to follow all the links in your post and read through pages of comments to figure out the exact steps of your "simplified process", where my thread gives them a one-stop-shop from stock to a stable rom. You've linked to your thread, so now people who don't mind looking around then posting tons of questions have their place to go.
Tl;dr version: this thread is for the people who can barely be bothered to use the search function and want everything in one place, your thread is for "everyone else".
Sent from my HTC Dream using XDA App
Click to expand...
Click to collapse
Don't worry I'm following this thread so *I* don't inadvertently support people who don't follow links.
It just sucks that people really are that lazy. Seriously. They waste more time typing a question that has been answered 20 times than it would take to search for the proper answer.
So yeah, thanks for posting a topic that has a lot of great information for those of us who aren't lazy, I do personally like yours and think it should be in the informative links sticky. I just wish I had found yours first while I was searching for my answers because it really is informative for those of us not afraid to read and not have things spoonfed to them.
Sent from my HTC Dream [CM5] with xda app.
Thanks for the How-To. It was very easy to follow.
AverageCanadian said:
Thanks for the How-To. It was very easy to follow.
Click to expand...
Click to collapse
No problem! Glad you found it useful. All of those steps now work for CM6, so I will be adding links for CM6rc3 later tonight
Sent from my HTC Dream using XDA App on CM6rc3
update bump.
Tks for the guide. Total newbie here and trying to root my HTC Dream.
Up to now, i fallowed WIKI loll to the letter, tho, when i try to download the EXPLOID, either from your link or the WIKI one, it pup's out as a TROJAN program Exploit.Linux.Lotoor.e !
Is it safe to get it or i shouldn't go there???
I'm stuck to this step now and not sure what to do
Tks for the info..
Wood's said:
Tks for the guide. Total newbie here and trying to root my HTC Dream.
Up to now, i fallowed WIKI loll to the letter, tho, when i try to download the EXPLOID, either from your link or the WIKI one, it pup's out as a TROJAN program Exploit.Linux.Lotoor.e !
Is it safe to get it or i shouldn't go there???
I'm stuck to this step now and not sure what to do
Tks for the info..
Click to expand...
Click to collapse
To the best of my knowledge, it comes up as a trojan because it's a rootkit for Android, which is based on Linux... so virus scanners will consider Exploid as a "virus/trojan" because using a rootkit on a linux machine is basically using a trojan to get root access, which is what you're doing to your phone.. you're using an exploit to get root access.
Related
EPIC EASY ROOT!! COURTESY OF NETARCHY!!
netarchy said:
Part 1:
Code:
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
adb reboot
Part 2:
Toast's Part 2, for nand unlock
Click to expand...
Click to collapse
Everything below is grayed out as it is now of historical interest.
Simpleroot method for this version is out, this app makes rooting this ROM version much easier.
This method developed by an anonymous user. It is for rooting the new OTA v1.47.651.1. If your stuck with the new ota or just bought an EVO with this version, this is for you.
UPDATE 7/6:Hackfiles updated. See end of this post.
VIDEO TUTORIAL HERE, Courtesy of jiqqaman
Make sure you have adb ready to go and know how to get into adb shell. You must use the EVO browser to perform these steps. If these steps don't work, use recovery to wipe your phone and start fresh (you will lose all of your data on the phone)
1. Unzip the files into a directory somewhere on your computer
2. Put the files into the root of your sdcard (mount the EVO as a disk drive)
3. Unmount your phone
4. Run "adb shell" and start part1 on your phone:
Code:
Code:
sh /sdcard/part1
5. If the script says to power down, hold your power button and turn off your phone, then turn it back on.
6. When it starts up it will ask you to open the EVO browser. open your EVO browser to http://bit.ly/ad0pRn
7. When it asks you to, refresh the EVO browser on the same page
8. Reboot your phone with "adb reboot"
9. Run adb shell as soon as you can (when the HTC logo is still showing). You need to be fast. If you get "error: device not found", try again.
Code:
Code:
adb shell /data/local/part2
10. It should print after part2 finished:
Code:
Code:
crw-rw-rw- root root 90, 2 2010-07-05 19:37 mtd1
11. When your phone finished booting, flash toastcfh's mtd-eng.img to misc:
Code:
Code:
cat /sdcard/flash_image > /data/local/flash_image
chmod 755 /data/local/flash_image
/data/local/flash_image misc /sdcard/mtd-eng.img
12. Now flash the Engineering SPL with toastcfh's post: http://forum.xda-developers.com/showthread.php?t=701835
13. If your are having troubles, you may find useful information HERE
FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY. DON'T **** UP YOUR ROOT!
zikronix said:
Permanant mirror for the updated hackfiles2
Updated Hackfiles2
Click to expand...
Click to collapse
Brilliant .
Thanks
Wow that was faster than I had anticipated. Will be interesting to see if this works for people. Good work!
Yay root, adobe haxed?
Omg..... I'm going to try this when I get home
Sent from my PC36100 using Tapatalk
SteelH you might wanna update your thread title to reflect correct version number 1.47.651.1 (says 1.46.651.1 at the moment)
Seriously?!? Dang that is amazing. I am a newb so will wait for others to work it out...and for someone to set up a three click...LOL. (I was a bit worried about the contest money. I'll donate to whomever gets a set up a newb can follow.)
Till then I'll let the more adventurous tell us how it goes.
Great work if this is for real!
wow props to the person that did this and props for it being anonymous!!!
does this really work?
Has anybody confirmed this?
Sent from my PC36100 using XDA App
EPIC!!
EPIC!!!!! Way to go community!
seankent4uf said:
SteelH you might wanna update your thread title to reflect correct version number 1.47.651.1 (says 1.46.651.1 at the moment)
Click to expand...
Click to collapse
Thank you.
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
WOW!
You guys are amazing..
This is gonna be a hectic week, I can already tell...
HTC releases source, OTA-root method!
Can't wait until some of these new FroYo ROMs start popping up.
ninja edit: So who wins the $600?
seankent4uf said:
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
Click to expand...
Click to collapse
meh i tried that but still no one listened. :-/
seankent4uf said:
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
Click to expand...
Click to collapse
That can't be said enough.
mcjx said:
This is gonna be a hectic week, I can already tell...
HTC releases source, OTA-root method!
Can't wait until some of these new FroYo ROMs start popping up.
ninja edit: So who wins the $600?
Click to expand...
Click to collapse
Anonymous. That is if everyone puts their money where their mouth is. Follow the other thread to see who does or doesn't pay up. I will keep it updated.
Epic, big win for the community
now how do we patch the hole in flash aftewards? kinda doesnt give me that warm fuzzy feeling we can gain root from flashlite....
XDA devs to the rescue, again!
I tried every method, read every thread in every forum in an effort to root my EVO. Nothing worked. I was driving myself mad and spending tons of time. I Eventually I came across a post which directed me to XDA Developers Thread ---==={ROOT GUIDE}===--- | 1.47.651.1 ROOT, post 579 by SharkUW . I have used this on my own phone and I don't see a reason why it wouldn't work. I modified some of the instructions to make it clearer. The instructions may not be exact, and there is some seat-of-the-pants involved, but I got it to work. Use it at your own risk.
Prerequisites (follow in order)
Android-SDK developers program. I loaded it to C:
JAVA SE Development (use correct bit – 32 or 64). loaded in C:
Microsoft .NET Framework V 4.0
Reboot your phone and do a factory reset. Erase everything
Set phone to Charge Only and USB debugging
Open the stock browser and sign-in with your PCS phone number. Leave running.
Shutdown the phone, then restart
Make sure ADB is functional on your computer. You should be able to "adb shell" (confirming adb is working, exit shell if you're in it).
Extract the Do_root.zip (link below) and place all these files into the SAME folder as adb.exe. I have not included the appropriate PC36IMG.zip. Get it here. http://forum.xda-developers.com/showthread.php?t=701835 Leave the name as "eng-PC36IMG.zip". Place that in the SAME directory as well as the .zip.
Open a command prompt on your computer. point directory to Android-SDK directory\tools and a list will come up… click on "root.bat” and click RUN.
If it hangs for more than 30 seconds with the browser ****, CTRL+C, yes to kill the bat and just run it again.
Follow the directions. Your phone is going to reboot. It is then going to do a little **** and reboot into the boot loader. Keep track of the Command screen and wait because some steps take a while and there is no way of telling if it’s working. Nothing lasted more than 5 minutes. Eventually it will be in a "bootloader" and ask if you want to reboot. Say Yes with a Volume UP.
The .bat is now done. You have root. (not sure if next part is true) You now need a custom recovery to flash a proper ROM beyond the scope of this guide.
In original instructions but I’ve found the following Recovery step and code is not necessary: Now take the last step and flash the recovery.img that will already be on the root of your sdcard. To do this, after the PC36IMG flash:
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery.img
To check for root do ADB Shell and should get #.
If you're all advancedy you can put on a different recovery image.
IMPORTANT If you get a message here about "not writing bad block", flash it again until you get 0 errors. I don't know how common it is, but personally my recovery has issues with flashing. Do NOT let that be a bad flash.
Attached Files
do_root.zip (4.07 MB, 49 views)
________________________________________
Last edited by SharkUW; 7th July 2010 at 01:06 AM.
Going to try it tomorrow and hope it works. Thanks
Where are the attached files?
Can't find the do_root.zip file. Seems there is no attachment, please re-post. Thanks.
I tried to attach the do_root.zip file and a link to Toast 2 file. If that doesn't work, go to the referenced post #579 here: http://forum.xda-developers.com/showthread.php?t=718889&page=58.
Have you tried this SimpleRoot? I just did it, and it worked flawlessly.
Vivix729 said:
Have you tried this SimpleRoot? I just did it, and it worked flawlessly.
Click to expand...
Click to collapse
Simpleroot ftw.
mattrb said:
Simpleroot ftw.
Click to expand...
Click to collapse
QFT. I did simple root (I still setup adb and ensured it was working first) and then flashed the rooted Stock 1.47 ROM in about 40 min. I think most people that are running into issues with Simpleroot do not have adb setup properly or they did something inadvertently and need to clear out the files/cache and need to start over from scratch.
gmanvbva said:
QFT. I did simple root (I still setup adb and ensured it was working first) and then flashed the rooted Stock 1.47 ROM in about 40 min. I think most people that are running into issues with Simpleroot do not have adb setup properly or they did something inadvertently and need to clear out the files/cache and need to start over from scratch.
Click to expand...
Click to collapse
I did simple root and it worked fine too. I don't think the issue is adb being setup since he has an adb file in his download.
Update from a few days ago.
Just got a new SDHC card and simpleroot worked. The SDHC that came with my phone died. I placed a spare in there that was a 2gd regular micro and Hboot would not ready the IMG for nothing.
If simple root is not working then it's the Sh!tty card acting up.
Happy ending for me.
I just got my phone yesterday did the ota simpleroot and seems like it worked fine
but now i dont know what to do next
to get custom roms or froyo 2.2 or anything lol
Awesome post |OP|.
My desktop is Windows 7 x64 and doesn't play nicely with the standard tools.
I was forced to adapt your root.bat script to an OSX friendly BASH script.
The only requirement is that you download the android SDK from developer.android.com/sdk/index.html (apparently, I'm too new to post links).
The steps I took to get root:
Unzip the android SDK
follow |OP|'s instructions, unzipping the contens of do_root into [sdk-root]/tools/
unzip the attached bash script to the [sdk-root]/tools/
run my bash script from the [sdk-root] folder instead of root.bat - type "./root.sh" without the double-quotes
Grab a copy of Froyo while your phone is being rooted
Make sure your battery has a decent amount of charge in it, you don't want to run out of juice in the middle of this.
You will need to have the android sdk installed, as you will need to use the adb tool.
Windows users will need to install HTC Sync in order to get the usb driver for the phone installed.
Part 1: In which we find that the Evo spreads easier than a Thai whore during tourist season
Code:
adb shell "rm /data/local/rights/mid.txt"
adb shell "ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt"
adb reboot
Part 2: In which we find that engineers have no personality, but they make one hell of a bootloader
Put the files from Toast's Part 2, for nand unlock onto the sdcard (PC36IMG.zip, mtd-eng.img, recovery.img, flash_image)
then (after making sure the sdcard is remounted to the phone if you used disk mode to xfer the files):
Code:
adb shell "cat /sdcard/flash_image > /data/local/rights/flash_image"
adb shell "chmod 755 /data/local/rights/flash_image"
adb shell "/data/local/rights/flash_image misc /sdcard/mtd-eng.img"
adb reboot bootloader
When asked if you want to update, say yes. Relax for a while, the update takes some time.
When the phone eventually boots back up:
Part 3: In which I find the whore, and make her install a custom recovery
Code:
adb shell "cat /sdcard/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image recovery /sdcard/recovery.img"
After this you should be fully rooted with nand unlock.
I highly recommend going through Whitslack's Starting Over method to bring your software and radios up to date.
You're done.
Pity this only came to light a few days before people are going to be upgrading to a new OTA.
No, this will not work for anyone who updated to 2.2.
epic!!! 789
niice!
Nice Find!
At least now people can be rooted prior to the new OTA!
damn it!
___
Sweet! Wish I had that method starting out. Lol.
Sent from my PC36100 using XDA App
does this method really work??
BAttitude7689 said:
does this method really work??
Click to expand...
Click to collapse
Yes it does.
ok, so i have no idea how that works... care to go into it alittle bit more?
khshapiro said:
ok, so i have no idea how that works... care to go into it alittle bit more?
Click to expand...
Click to collapse
The init scripts chmod 777 mid.txt on boot (this means that anyone can do anything to the file basically). By removing the file and linking it to mtd1, the chmod now makes mtd1 accessible by everyone after a reboot, which means that you can go directly to toast's part2 which starts with flashing mtd-eng.img.
Incidentally it appears the droid eris guys have been using this flaw to their advantage for a while as well ;D.
So no, really? What is "root?"
You do fine work, sir
posting in a legendary thread
Couldn't you then just use wits "start over" method for part two to make the process even shorter?
netarchy said:
Part 1:
Code:
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
adb reboot
Click to expand...
Click to collapse
What would be more interesting is for someone on the new OTA non-root to see if this exists in the Froyo release. I'll look around for a posting of the OTA update non-rooted and try it on my smashed phone. At least I won't care if that thing looses root.
Could we get a "The easiest 1.47.651.1 root method with nand unlock" for dummies? I have no clue what to do with this code.
You need to use an ADB shell for this using the Android SDK....
I tried to use the Evo-Recovery shell and received permission denied errors.
I am not a DEV by any means, and do not claim any credit for any of this. However, for people who need help, this may offer some assistance -- this is definitely the easiest root method out there.
1. Download and Install Android SDK - Learn Here
http://forum.xda-developers.com/showthread.php?t=694250
2. Open up a Command Prompt by holding windows button & pressing R or by pressing Run and typing CMD.
3. Navigate your way in DOS to the Android SDK folder, then to the Tools Folder
4. Then enter in the code in part 1. After each line press enter...the line will repeat below it.
5. Follow Toasts Part 2 -- Link: http://forum.xda-developers.com/showthread.php?t=701835 -- Video found here: http://www.youtube.com/watch?v=tUXTB0eydwE.
5A. Because you didn't do Toast's Part 1 of Root first (you used an exploit provided by the OP), you will NOT have a NAND Backup. Put the Custom ROM you want to load on your SD card, and after unlocking NAND protection and doing the wipes, load it from the custom recovery in lieu of restoring your NAND backup.
6. You're now rooted w/ NAND Unlocked!
7. I would then suggest going here, and running this so you have a fully rooted, stock ROM with all your radio/wimax up to date: http://forum.xda-developers.com/showthread.php?t=715915.
Anyone know if this method will work on an unrevoked3'd Evo? I am trying to acquire full root and I was going to use SimpleRoot today but if this will work...
Thank you for this! Question about number part 7. YOu suggest running the fully rooted stock 1.47.651.1 afterwards. Would it be a bad idea to Just run the fully rooted stock froyo 3.23.651.3 or even any other custom rom for that matter? i.e OMJ's EVO 2.2 Custom rom? Thanks
regulator207 said:
Couldn't you then just use wits "start over" method for part two to make the process even shorter?
Click to expand...
Click to collapse
No because you need the engineering hboot to flash it since it's not signed by HTC.
Should work on 1.32 or 1.47. Nice.
Someone should test if this still works in the new 2.2 update. Good chance it does.
damit!
justinisyoung said:
damn it!
___
Click to expand...
Click to collapse
Hey! That's what I was gonna say!
*******UPDATED 8/31/10 *******
This rooting method was adapted from regaw_leinad's method and toastcfh's method. By following these steps you will successfully downgrade your phone back to android 2.1 in order to gain root.
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
special thanks to:
regaw_leinad
Sebastian Krahmer
Toastcfh
amon_ra
FILES YOU WILL NEED:
copy and paste into browser
Code:
sdx-downloads.com/sdx/evo/troot/eng-PC36IMG.zip
evo4g.me/downloads//count.php?target=evo-root.zip
files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
developer.android.com/sdk/index.html
You will need the Android SDK in order to communicate between your computer and your phone. Download it (last link above) and follow the setup instructions that it comes with.
Unzip the contents of the evo-root.zip and put all the files from it into the tools folder located in the android sdk folder.
Rename the eng-PC36IMG.zip to PC36IMG.zip and then put it the tools folder located in the android sdk folder. DO NOT UNZIP IT!
******* PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738 *******
Move the recovery-RA-evo-v1.8.0.img into the android sdk folder as well.
Make sure usb debugging is enabled on your device. To do so go to Settings > Applications > Development > and make sure the check box is checked.
Plug your phone into the computer. Select "Charge Only" from the notifications bar.
Open up terminal and navigate your way into the android sdk folder.
Code:
cd /
cd asdk
Push all the files onto your phone.
Code:
tools/adb push /asdk/tools/flash_image /sdcard/
tools/adb push /asdk/tools/rageagainstthecage-arm5.bin /data/local/tmp/
tools/adb push /asdk/tools/mtd-eng.img /sdcard/
tools/adb push /asdk/tools/PC36IMG.zip /sdcard/
tools/adb push /asdk/tools/recovery-RA-evo-v1.8.0.img /sdcard/
Note that the PC36IMG.zip will take longer than the other files to transfer to the sdcard because it is a large file.
Now we will make rageagainstthecage.bin executable.
Code:
tools/adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
You should see this (below) after it has made the change.
Code:
$
Now to use the rooted shell.
Code:
cd /data/local/tmp
./rageagainstthecage-arm5.bin
You will now see some text on your terminal screen describing the exploit.
Wait for the adb shell to finish the process. At this point it may or may not terminate the current shell session in terminal. If it does then it should look like this:
Code:
users-iMac:asdk user$
If it doesn't it will return to
Code:
$
in that case you need to exit the current session. To do so type
Code:
exit
Now we need initiate a new shell which should now have root permissions.
Enter the following:
Code:
tools/adb shell
and you will see you now have a
Code:
#
instead of
Code:
$
Now we need to flash the mdt-eng.img in order for it to let us install a custom recovery
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
That will flash your misc partition with Toast's mtd-eng.img
This should return you to
Code:
#
Now boot into hBoot
Code:
reboot bootloader
This will reboot your phone into hBoot. It will scan for the PC36IMG.img. When it asks yes or no, select yes.
It should then reflash your phone into the engineering build.
When it asks to reboot select yes.
You will need to flash custom recovery in order to be able to flash other custom roms or modifications. I use Amon_RA's recovery because it works great and has NEVER caused me any problems.
Now, open up terminal and get back into the android sdk folder
Code:
cd /
cd asdk
Since we have already pushed the recovery onto the sdcard we only need to flash the recovery onto the phone so that we can use it
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery-RA-evo-v1.8.0.img
Now lets rename that PC36IMG.zip file again
Code:
mv /sdcard/PC36IMG.zip /sdcard/eng-PC36IMG.zip
that way your phone doesn't try to flash it when you go into recovery each time
And last but not least we need to boot into it to flash a custom rom
Code:
reboot recovery
Your phone should then reboot into Amon_RA's recovery and you may now head over to the dev forum to find your new favorite custom rom.
very nice! can anyone confirm this? my buddy wants me to root his 2.2 and i would like to try this.
To make life easier for some people add this to your post mate, and apply it yourself if you would like.
Here is how to add your sdk/tools directory to your .bash_profile file so you won't have to navigate to the folder each time.
Download this so you'll be able to see your hidden files http://www.mediafire.com/?diimft1ninn Run it, check "Show Hidden Files" then click Restart finder. Now, navigate to your home folder (/Users/UserName/) and see if there's a .bash_profile already there. If not, create with textedit.
Now add this to the file: export PATH=${PATH}:/Path/Of/Your/Sdk/Tools/Folder
Mine is /Users/bmxrider4444/Documents/Android/SDK/tools
Now do not save it as rich text. If yours is in rich text, click on "Format" in the menu bar, and click "make plain text". Now save it as .bash_profile and uncheck "if no extension is provided, use .txt".
Now you can go back to Ghost and uncheck "Show all hidden files" and restart finder again (special thanks to ajones7279 for these steps)
Enjoy!
Just as clarification as to what this does, it enables you to run adb commands and other commands without having to navigate to the /android/tools/ folder every time you want to run adb or whatever.
does this work?
seekis said:
At this point we need to push the recovery onto the sdcard
Code:
tools/adb push "location of recovery-RA-evo-v1.8.0.img" /sdcard/
Click to expand...
Click to collapse
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
seekis said:
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
Click to expand...
Click to collapse
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
randymac88 said:
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
Click to expand...
Click to collapse
Thats not the exact code no. I just put that as a place holder you are suppose to put in the location of where you have the recovery.img. For example, the exact command for me would be:
Code:
/Users/seekis/Downloads/recovery-ra-evo-v1.8.0.img
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
Click to expand...
Click to collapse
As far as using unrevoked, I stated that I, ME, MYSELF, has had issues with it. not that anybody else has. By all means go and use it if you would like. I will not. It is true that you will loose PRI 1.40, but seeing as how even after installing the OTA from HTC my phone still didn't update it to 1.40, I don't see the issue.
rsage said:
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
Click to expand...
Click to collapse
i believe it does unlock nand seeing as how i adapted it from toasts method
Hey Seekis - question, I'm stuck here. I keep getting "permission denied", or "operation not permitted" when trying to make the exploit executable at this step:
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Am I missing something? I've tried a million times and can't seem to get past this. I've successfully pushed all the files onto the sdcard.
I've also have had some trouble finding the exact root path to these files. I've been able to navigate, but I would think a lot of users would have some trouble.
Regardless, many thanks for getting this posted...
EDIT: I pushed the rageagainstthecage file to the sdcard by mistake. Will try again tomorrow.
ok i got rid of that step by moving the file into the android sdk and pushing it with all the other files
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
The wife's EVO is now fully rooted running Baked Snack 1.5 w/Netarchy's kernel. Touch and go there for a minute, but it all worked out. No 1.40 PRI, but I don't really care about that right now.
Woot! Thanks Seekis!!
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
FoxHound630 said:
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
Click to expand...
Click to collapse
You can mount the card on your system and copy paste it over as well, yes.
randymac88 said:
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
Click to expand...
Click to collapse
Had the same issue. When i first booked into the bootloader i had to select recovery then flash PC36IMG.zip. Then boot loop. Then i went back into the bootloader and it automagically read in the PC36IMG.zip and flashed it, then i got stock 2.1 root. Just a few minutes of "oh crap"
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
atom_jack said:
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
Click to expand...
Click to collapse
i dont know what to tell you other than try again. this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
seekis said:
i dont know what to tell you other than try again.
Click to expand...
Click to collapse
So after you flash PC36IMG.zip you should automatically get a root (#) prompt when going into the shell? ie, I'll have rooted 2.1 yes?
seekis said:
this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
Click to expand...
Click to collapse
Aha. Ok, I will keep trying til it gives me a root shell, I guess. I also tried unrevoked3 but that didn't seem to work.
Success!! So, I stupidly assumed that all PC36IMG.zip's were the same, and was using the one from the original 2.2 PC thread. Once I got the correct one, voila!
You might want to post the md5 of the one you are using, so there's no confusion for others. Also, you missed a tiny step when you first start up hboot - you have to select fastboot for it to start scanning for PC36IMG.zip.
Thanks!
THIS THREAD IS OUT OF DATE. TO COMPILE CM7 FOR THE DESIRE HD, USE THE OFFICIAL INSTRUCTIONS HERE:
http://wiki.cyanogenmod.com/index.php?title=Compile_CyanogenMod_for_Ace
This is completely unofficial. It's been really fun though. You get the absolute up-to-the-second fresh CyanogenMod 7 build on your PC any time you like. The devs are working on it almost literally every hour some days. So it's really cool, especially for those of us addicted to new roms
WARNING: The repository is a big download. After your first 'repo sync' command, expect to download about 6.4 gigabytes
THE USUAL WARNINGS: You need ENG or RADIO S-OFF HBOOT/BOOT LOADER with a ROOTED PHONE and a CUSTOM CLOCKWORKMOD RECOVERY in order to flash custom roms. You will have already (arguably) voided your warranty if you change the BOOT-LOADER, ROOT YOUR PHONE or install a CUSTOM RECOVERY. You may brick your phone by following this Guide or any of the Guides that this Guide links to. By brick, I mean - you may need to buy a new phone, as your current phone has just become an expensive door-stop (you can't even get it to boot). I've never had this happen to me in 2 years of flashing roms on Windows Mobile and lately (2 months) of flashing Android roms. However, it could happen to you, if you aren't careful or if you are cosmically unlucky. And … I take no responsibilty for this horrible event. Change your phone in any way, including flashing roms, at your own risk. For information on how to ROOT, CHANGE THE BOOTLOADER, CHANGE RECOVERY etc, see:
Visionary to root your phone - http://www.google.com/url?q=http%3A%2F%2Fandroid.modaco.com%2Fcontent%2Fhtc-desire-hd-desirehd-modaco-com%2F320722%2F10-nov-r12-test-visionary-one-click-root%2F&sa=D&sntz=1&usg=AFQjCNH7cEaVrpQ4me7EWaUszRzyKYBu2g
DHD Script to install an Engineering Bootloader: http://www.google.com/url?q=http%3A%2F%2Fforum.xda-developers.com%2Fattachment.php%3Fattachmentid%3D441870%26d%3D1289854953&sa=D&sntz=1&usg=AFQjCNEu37cfNR6xWLf8pusUbuDdB1uFtA
OPTIONAL (but recommended) Radio S-OFF, SuperCID, SimUnlock: http://forum.xda-developers.com/showthread.php?t=857444
Install Rom Manager from market in order to get the latest official clockwork RECOVERY (2.5.1.3 last I checked). You can flash your first custom rom with this version of recovery. To install the recovery, open Rom Manager and tap the very first option under the heading 'Recovery': 'Flash ClockworkMod Recovery'.
In order to make backups after installing your custom CM7 roms, you will need to switch from clockworkmod recovery version 2.5.1.3 to version 3 for Ace (either from phunkycow http://forum.xda-developers.com/showthread.php?t=905530 or www.crackflashers.com )
Here is an example of how to flash a custom recovery. You need to replace the recovery's filename '....img' in this tutorial with the filename of recovery version 3 (that you download from phunkycow or crackflashers: http://android.modaco.com/content/htc-desire-hd-desirehd-modaco-com/323305/18-nov-2-5-1-2-r2-clockworkmod-recovery-for-htc-desire-hd/
Most importantly.... I'm not a dev. Everything you read here and in the guides I link to is thanks to:
Kaili- (most importantly .... He's the one driving CM Gingerbread development for the Ace)
Cyanogen (driving CM development in general and especially for the Vision.... which thankfully is a similar device to ours)
Paul from Modaco (for Visionary ... needed for rooting your device)
sfjuocekr (for the DHD script to change the bootloader)
Apache14 (for Radio S-OFF, SuperCID, SimUnlock)
Thus ... I apologize in advance for the many things you might be burning to ask, but (sadly) for which I do not know how to do.
AND FINALLY ..... Here's a link to my guide
https://docs.google.com/document/d/..._sbizIPo8-6XabLSI/edit?hl=en&authkey=CLfiiZ0I
Nb: This is a link to a Google Document. It has a lot of formatting (font sizes, colours etc), so I couldn't be bothered re-formatting it to fit in this XDA-Dev forum post window. Also: This is a publicly available document. Feel free to copy it, including to your website or to another forum. However, I'd suggest including the warnings and acknowledgements.
If you are getting problems or errors (e.g. in the linux terminal), please hit refresh in your browser. I might have corrected my Guide since you last looked at it.
ENJOY!
[EDIT 15/1/2011 12:29am Australian Eastern Time] Thanks to Kali-
I have just added the following instructions under the heading of proprietary files in this guide:
Open linux terminal and execute:
gedit ~/android/system/vendor/htc/ace/proprietary/CodecDSPID.txt
Add the following line to the end of the file:
Recording,/system/etc/soundimage/Sound_Original.txt
[EDIT 15/1/2011 3:45pm Australian Eastern Time] The command under the heading, 'Set up your linux ‘virtual’ or ‘real’ machine to accept ADB and fastboot through a USB connection' (step 5), should read:
sudo chmod a+r /etc/udev/rules.d/70-android.rules
NOT 51-android.rules ..... I have just corrected this now.
Much appreciated! I'm sure many people will find this very useful.
[EDIT 15/1/2011 12:29am Australian Eastern Time] Thanks to Kali-
I have just added the following instructions under the heading of proprietary files in this guide:
Open linux terminal and execute:
gedit ~/android/system/vendor/htc/ace/proprietary/CodecDSPID.txt
Add the following line to the end of the file:
Recording,/system/etc/soundimage/Sound_Original.txt
That's freaking sweet! I am going to try it tonight, I've gone to their github several times, but I've never understood how the project is organised. I hope I'll achieve it.
Cheers & thanks.
excellent guide.. and can anyone help me find a guide on how to compile a Desire HD rom based on google AOSP?
thanks
Walker Street said:
[EDIT 15/1/2011 12:29am Australian Eastern Time] Thanks to Kali-
I have just added the following instructions under the heading of proprietary files in this guide:
Open linux terminal and execute:
gedit ~/android/system/vendor/htc/ace/proprietary/CodecDSPID.txt
Add the following line to the end of the file:
Recording,/system/etc/soundimage/Sound_Original.txt
Click to expand...
Click to collapse
how fo you sync ace only?
Jhinta said:
how fo you sync ace only?
Click to expand...
Click to collapse
If you'd like the to sync less files (i.e. ace only files):
I'm sorry, but I don't know how to do this.
All the how-to's I read on the CyanogenMod wiki talk about doing a complete 'repo sync'. This is about 6.4 gigabytes.
PapaDocta said:
excellent guide.. and can anyone help me find a guide on how to compile a Desire HD rom based on google AOSP?
thanks
Click to expand...
Click to collapse
Sorry, I don't know how to do this. I suspect it takes a lot more dev know-how.
Typo .... Setting up USB connection: Mistake in my guide corrected
[EDIT 15/1/2011 3:45pm Australian Eastern Time] The command under the heading, 'Set up your linux ‘virtual’ or ‘real’ machine to accept ADB and fastboot through a USB connection' (step 5), should read:
sudo chmod a+r /etc/udev/rules.d/70-android.rules
NOT 51-android.rules ..... I have just corrected this now.
Hi Walker Street, just a little addition to your tutorial. After adding the repository you should perform a "sudo apt-get update" otherwise they won't be able to see the changes
danitxu said:
Hi Walker Street, just a little addition to your tutorial. After adding the repository you should perform a "sudo apt-get update" otherwise they won't be able to see the changes
Click to expand...
Click to collapse
Very true
Walker Street said:
[EDIT 15/1/2011 3:45pm Australian Eastern Time] The command under the heading, 'Set up your linux ‘virtual’ or ‘real’ machine to accept ADB and fastboot through a USB connection' (step 5), should read:
sudo chmod a+r /etc/udev/rules.d/70-android.rules
NOT 51-android.rules ..... I have just corrected this now.
Click to expand...
Click to collapse
so ihave build a zip 2x but iḿ keep gettting
waiting for service.media.audo_policy
audiopolicy service not poblished,waiting
Jhinta said:
so ihave build a zip 2x but iḿ keep gettting
waiting for service.media.audo_policy
audiopolicy service not poblished,waiting
Click to expand...
Click to collapse
I've never seen this before.
When I got in trouble (it wasn't building):
I deleted my ~/android/system folder and downloaded the repo again. But you need the bandwidth to download 5-6 gigs again.
Walker Street said:
I've never seen this before.
When I got in trouble (it wasn't building):
I deleted my ~/android/system folder and downloaded the repo again. But you need the bandwidth to download 5-6 gigs again.
Click to expand...
Click to collapse
i did that the second time
Jhinta said:
i did that the second time
Click to expand...
Click to collapse
Sorry, I don't know what's going on. The rom is compiling OK with my setup. However, I'm now getting a crash every time I make or receive a call. So I'm trying MIUI for a change.
By the way, no need to download my rom for the proprietary files.
You can always get the latest ones from here: https://github.com/koush/proprietary_vendor_htc and place them in: "folder_you_did_repo_sync/vendor/htc/ace/".
The Ace ones, are the ones you need. This way you can always have the latest proprietary files for your custom builds!
phunkycow said:
By the way, no need to download my rom for the proprietary files.
You can always get the latest ones from here: https://github.com/koush/proprietary_vendor_htc and place them in: "folder_you_did_repo_sync/vendor/htc/ace/".
The Ace ones, are the ones you need. This way you can always have the latest proprietary files for your custom builds!
Click to expand...
Click to collapse
ya , this fixed my errors thnx , BTW how do you chane build number and so on
phunkycow said:
By the way, no need to download my rom for the proprietary files.
You can always get the latest ones from here: https://github.com/koush/proprietary_vendor_htc and place them in: "folder_you_did_repo_sync/vendor/htc/ace/".
The Ace ones, are the ones you need. This way you can always have the latest proprietary files for your custom builds!
Click to expand...
Click to collapse
Thanks phunkycow! I've incorporated this in my how-to
hey walker street. isit normal for me not to see the files that is downloaded to android/system/ ? i cant see any of it using the explorer or in terminal using ls command. advise pls
nozomisaynya said:
hey walker street. isit normal for me not to see the files that is downloaded to android/system/ ? i cant see any of it using the explorer or in terminal using ls command. advise pls
Click to expand...
Click to collapse
You might have downloaded it somewhere else.... not sure what that means. Linux can be a fussy O/S.