*******UPDATED 8/31/10 *******
This rooting method was adapted from regaw_leinad's method and toastcfh's method. By following these steps you will successfully downgrade your phone back to android 2.1 in order to gain root.
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
special thanks to:
regaw_leinad
Sebastian Krahmer
Toastcfh
amon_ra
FILES YOU WILL NEED:
copy and paste into browser
Code:
sdx-downloads.com/sdx/evo/troot/eng-PC36IMG.zip
evo4g.me/downloads//count.php?target=evo-root.zip
files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
developer.android.com/sdk/index.html
You will need the Android SDK in order to communicate between your computer and your phone. Download it (last link above) and follow the setup instructions that it comes with.
Unzip the contents of the evo-root.zip and put all the files from it into the tools folder located in the android sdk folder.
Rename the eng-PC36IMG.zip to PC36IMG.zip and then put it the tools folder located in the android sdk folder. DO NOT UNZIP IT!
******* PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738 *******
Move the recovery-RA-evo-v1.8.0.img into the android sdk folder as well.
Make sure usb debugging is enabled on your device. To do so go to Settings > Applications > Development > and make sure the check box is checked.
Plug your phone into the computer. Select "Charge Only" from the notifications bar.
Open up terminal and navigate your way into the android sdk folder.
Code:
cd /
cd asdk
Push all the files onto your phone.
Code:
tools/adb push /asdk/tools/flash_image /sdcard/
tools/adb push /asdk/tools/rageagainstthecage-arm5.bin /data/local/tmp/
tools/adb push /asdk/tools/mtd-eng.img /sdcard/
tools/adb push /asdk/tools/PC36IMG.zip /sdcard/
tools/adb push /asdk/tools/recovery-RA-evo-v1.8.0.img /sdcard/
Note that the PC36IMG.zip will take longer than the other files to transfer to the sdcard because it is a large file.
Now we will make rageagainstthecage.bin executable.
Code:
tools/adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
You should see this (below) after it has made the change.
Code:
$
Now to use the rooted shell.
Code:
cd /data/local/tmp
./rageagainstthecage-arm5.bin
You will now see some text on your terminal screen describing the exploit.
Wait for the adb shell to finish the process. At this point it may or may not terminate the current shell session in terminal. If it does then it should look like this:
Code:
users-iMac:asdk user$
If it doesn't it will return to
Code:
$
in that case you need to exit the current session. To do so type
Code:
exit
Now we need initiate a new shell which should now have root permissions.
Enter the following:
Code:
tools/adb shell
and you will see you now have a
Code:
#
instead of
Code:
$
Now we need to flash the mdt-eng.img in order for it to let us install a custom recovery
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
That will flash your misc partition with Toast's mtd-eng.img
This should return you to
Code:
#
Now boot into hBoot
Code:
reboot bootloader
This will reboot your phone into hBoot. It will scan for the PC36IMG.img. When it asks yes or no, select yes.
It should then reflash your phone into the engineering build.
When it asks to reboot select yes.
You will need to flash custom recovery in order to be able to flash other custom roms or modifications. I use Amon_RA's recovery because it works great and has NEVER caused me any problems.
Now, open up terminal and get back into the android sdk folder
Code:
cd /
cd asdk
Since we have already pushed the recovery onto the sdcard we only need to flash the recovery onto the phone so that we can use it
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery-RA-evo-v1.8.0.img
Now lets rename that PC36IMG.zip file again
Code:
mv /sdcard/PC36IMG.zip /sdcard/eng-PC36IMG.zip
that way your phone doesn't try to flash it when you go into recovery each time
And last but not least we need to boot into it to flash a custom rom
Code:
reboot recovery
Your phone should then reboot into Amon_RA's recovery and you may now head over to the dev forum to find your new favorite custom rom.
very nice! can anyone confirm this? my buddy wants me to root his 2.2 and i would like to try this.
To make life easier for some people add this to your post mate, and apply it yourself if you would like.
Here is how to add your sdk/tools directory to your .bash_profile file so you won't have to navigate to the folder each time.
Download this so you'll be able to see your hidden files http://www.mediafire.com/?diimft1ninn Run it, check "Show Hidden Files" then click Restart finder. Now, navigate to your home folder (/Users/UserName/) and see if there's a .bash_profile already there. If not, create with textedit.
Now add this to the file: export PATH=${PATH}:/Path/Of/Your/Sdk/Tools/Folder
Mine is /Users/bmxrider4444/Documents/Android/SDK/tools
Now do not save it as rich text. If yours is in rich text, click on "Format" in the menu bar, and click "make plain text". Now save it as .bash_profile and uncheck "if no extension is provided, use .txt".
Now you can go back to Ghost and uncheck "Show all hidden files" and restart finder again (special thanks to ajones7279 for these steps)
Enjoy!
Just as clarification as to what this does, it enables you to run adb commands and other commands without having to navigate to the /android/tools/ folder every time you want to run adb or whatever.
does this work?
seekis said:
At this point we need to push the recovery onto the sdcard
Code:
tools/adb push "location of recovery-RA-evo-v1.8.0.img" /sdcard/
Click to expand...
Click to collapse
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
seekis said:
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
Click to expand...
Click to collapse
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
randymac88 said:
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
Click to expand...
Click to collapse
Thats not the exact code no. I just put that as a place holder you are suppose to put in the location of where you have the recovery.img. For example, the exact command for me would be:
Code:
/Users/seekis/Downloads/recovery-ra-evo-v1.8.0.img
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
Click to expand...
Click to collapse
As far as using unrevoked, I stated that I, ME, MYSELF, has had issues with it. not that anybody else has. By all means go and use it if you would like. I will not. It is true that you will loose PRI 1.40, but seeing as how even after installing the OTA from HTC my phone still didn't update it to 1.40, I don't see the issue.
rsage said:
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
Click to expand...
Click to collapse
i believe it does unlock nand seeing as how i adapted it from toasts method
Hey Seekis - question, I'm stuck here. I keep getting "permission denied", or "operation not permitted" when trying to make the exploit executable at this step:
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Am I missing something? I've tried a million times and can't seem to get past this. I've successfully pushed all the files onto the sdcard.
I've also have had some trouble finding the exact root path to these files. I've been able to navigate, but I would think a lot of users would have some trouble.
Regardless, many thanks for getting this posted...
EDIT: I pushed the rageagainstthecage file to the sdcard by mistake. Will try again tomorrow.
ok i got rid of that step by moving the file into the android sdk and pushing it with all the other files
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
The wife's EVO is now fully rooted running Baked Snack 1.5 w/Netarchy's kernel. Touch and go there for a minute, but it all worked out. No 1.40 PRI, but I don't really care about that right now.
Woot! Thanks Seekis!!
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
FoxHound630 said:
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
Click to expand...
Click to collapse
You can mount the card on your system and copy paste it over as well, yes.
randymac88 said:
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
Click to expand...
Click to collapse
Had the same issue. When i first booked into the bootloader i had to select recovery then flash PC36IMG.zip. Then boot loop. Then i went back into the bootloader and it automagically read in the PC36IMG.zip and flashed it, then i got stock 2.1 root. Just a few minutes of "oh crap"
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
atom_jack said:
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
Click to expand...
Click to collapse
i dont know what to tell you other than try again. this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
seekis said:
i dont know what to tell you other than try again.
Click to expand...
Click to collapse
So after you flash PC36IMG.zip you should automatically get a root (#) prompt when going into the shell? ie, I'll have rooted 2.1 yes?
seekis said:
this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
Click to expand...
Click to collapse
Aha. Ok, I will keep trying til it gives me a root shell, I guess. I also tried unrevoked3 but that didn't seem to work.
Success!! So, I stupidly assumed that all PC36IMG.zip's were the same, and was using the one from the original 2.2 PC thread. Once I got the correct one, voila!
You might want to post the md5 of the one you are using, so there's no confusion for others. Also, you missed a tiny step when you first start up hboot - you have to select fastboot for it to start scanning for PC36IMG.zip.
Thanks!
Related
This guide was taken from AndroidCentral and I thought I would share it here because it's taken me 4 hours this morning to figure out why I was having so many problems trying to flash a recovery image when I know my phone was rooted and flashed in order to get 2.1 a month or so ago. I have been searching these forums and google and hope anyone else who has my issue finds this post.
1. Make sure you have the Android SDK installed.
2. Download flash_image.zip
3. Download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
Hope this helps. All credit goes to gbhil at Android Central.
You might want to change the title of the post. People might get confused thinking you found a way to downgrade the hboot and not how to flash the recovery image.
Can't get it to work.
I ran the RUU earlier.
Tried to root the old way.......didn't work.
Just tried this to get the recovery image back.
At the SU command it says: permission denied
Thanks,
Bubba.
bubbacs1 said:
Can't get it to work.
I ran the RUU earlier.
Tried to root the old way.......didn't work.
Just tried this to get the recovery image back.
At the SU command it says: permission denied
Thanks,
Bubba.
Click to expand...
Click to collapse
This won't work for the leak that was put out today. You lost root. This process requires root.
bubbacs1 said:
Can't get it to work.
I ran the RUU earlier.
Tried to root the old way.......didn't work.
Just tried this to get the recovery image back.
At the SU command it says: permission denied
Thanks,
Bubba.
Click to expand...
Click to collapse
If you used the new RUU that was leaked today you're screwed. The older 2.1 leaks were test ROMs that were already rooted so you could use the instructions above to flash the RECOVERY. Notice recovery in bold, not bootloader. Once hboot is updated there is no known way to downgrade so you could use an older RUU file.
This rom has no root. There is NO WAY to re-root after flashing the newest RUU. I'm sorry to say... you're ****ed.
HeroMeng said:
This rom has no root. There is NO WAY to re-root after flashing the newest RUU. I'm sorry to say... you're ****ed.
Click to expand...
Click to collapse
So they can't run an older ruu with 1.5?
HeroMeng said:
This rom has no root. There is NO WAY to re-root after flashing the newest RUU. I'm sorry to say... you're ****ed.
Click to expand...
Click to collapse
To clear that up, if you run the RUU you have no root. If you extract the ROM, set it up, and flash it, you will preserve root, just like damageless made for all of us. But, yeah, you are not gonna be able to get back from this one. at least until someone figures it out.
I changed the thread title to hopefully alleviate some confusion. I didn't realize there was a newer RUU released.
I flashed the Damageless Rom and it's running smoothly so far, but I'm still trying to figure out why wifi tethering isn't working out for me. :-(
celemew2 said:
I changed the thread title to hopefully alleviate some confusion. I didn't realize there was a newer RUU released.
I flashed the Damageless Rom and it's running smoothly so far, but I'm still trying to figure out why wifi tethering isn't working out for me. :-(
Click to expand...
Click to collapse
Did you get wifi tether version 1_60? That's the only version that ever worked for me.
Yeah, I have 1.60 installed on my phone right now, but when I try to start tethering, a SU Request black screen comes up and nothing happens until I get an error, "Activity SU Request (in application Superuser Permissions) is not responding."
I'm sure there's an answer somewhere, but lately I haven't been having luck searching for it.
Edit:
Thank you 98classic! All I had to do was enable USB Debugging. (I had it turned off cause I didn't like the warning up top when my phone was plugged into the computer)
"flash_image not found" what the f**k
need the binary? physically check its there with a root explorer
Sent from my broken Typewriter!!!
or do this download and set up the android SDK it itself includes the flash_image binary. after that u will need to open a command prompt on your computer u will have to change directory to platform tools
cd /path/to/platform-tools
after that u will get the chance to do
flash_image recovery /path/to/recovery.img
that will flash the recovery
now reboot into recovery
Typed from my broken Typewriter!!!
ROOT Status of RUU_Hero_C_Sprint_2.27.651.5_R_signed_release : YES
Update: Regaw finally made it for us all! More info here http://forum.xda-developers.com/showthread.php?t=694572
======================================================
I noticed that someone has mixed up the TEST RUU and the RELEASE RUU. However they are different. The test RUU has su file built inside, other than the release RUU!
I flashed RUU_Hero_C_Sprint_2.27.651.5_R_signed_release.exe and i love it very much.
This update is very great, except that I lose my root access. And I tried every method to get root back again but failed.
1. Using asroot2 to root - Failed
I followed the Sticky GUIDE "How to Root the Sprint CDMA Hero", but failed when running
Code:
/data/local/asroot2 /system/bin/sh
The process was killed.
I know the linux kernel changed to 2.6.29 with the update. Maybe that is the reason why asroot2 does not work.
2. Using flashrec to flash a custom recovery image and then get root - Failed
I installed FlashRec 1.1.3 from zenthought's website, but failed when I tried backingup my recovery image.
3.Using adb to push the su file into the phone - Failed
I dump the su file from damageless's rom and flipz's Fresh 2.1.1 rom. Then using adb to push it into /data/local/ and chmod it to 4777, but running failed. It just said "Permission Denied". However, i push a busybox file into /data/local/ and chmod it to 4777, the busybox command runs ok.
KeithKris pointed that Su doesn't work on /data because that directory is mounted nosuid.
4.Using fastboot to flash a custom recovery image and then get root - Failed
I reboot my phone into fastboot, then connect it to PC using USB. I tried this command "fastboot boot recovery-RA-heroc-v1.6.2.img" but faild, it said "downloading 'boot.img'... FAILED (remote: not allow)".
5.Trying to flash back to RUU_Hero_C_Sprint_2.20.651.1_signed_test.exe - Failed
It said "Error 140: BOOTLOADER Version Error!".
Although regaw_leinad has pointed that the md5s on both(release version and test version) hboots are the EXACT same.
b819083aa9fe456c5a5fbde4917980e2
and
b819083aa9fe456c5a5fbde4917980e2
Click to expand...
Click to collapse
Thanks regaw_leinad for your kind help.
Update: 6. the Volex method - Failed
this volex method is revealed here. Already tested by regaw that 2.1 patched it. It doesn't work.
======================================================
After all these failures, there seems to be at least two ways to get the root back. And regaw_leinad and other guys are working hard on them.
1. Try to make a new asroot2 to exploit the linux 2.6.29/android 2.1 on our cdma hero. Here is the source code of our asroot2 -- heroc 1.5 exploit tool.
2. Try to hack the RUU file (actually we mean the rom.zip in the RUU.exe) and make sure it will pass the Bootloader check and signature check(maybe md5?). Then we could flash a RUU with su built inside and get the root back.
If anyone knows something about how to pass the signature check(maybe md5?) or linux kernel exploit, please share your wisdom. Thank you.
This post will be updated every day until the way to root comes out.
Update: Thanks to the donators in this thread! I believe the devs will find the exploit method soon with your support!
======================================================
BTW: Never ever flash the official 2.1 release RUU.exe unless you know what you are doing. You won't get root access until the exploit method has been found. If you do love the official update, you may flash this damageless's rom dump from the official 2.1 release. And the radio dump from the official 2.1 release is here1 and here2 (thanks to damageless and flipz, and remember flashing radio at your own risk). The only difference between damageless's dump and official RUU's system part is that it has root and busybox and it removed some useless apks.
would it be more like fastboot boot /sdcard/recovery-RA-.........img?
justinisyoung said:
would it be more like fastboot boot /sdcard/recovery-RA-.........img?
Click to expand...
Click to collapse
I tried /sdcard/recovery....img again, faild. Because in this command the image file should be on the PC not on the phone.
1. Make sure you have the Android SDK installed. Read HERE for more info.
2. Download 4shared.com - online file sharing and storage - download flash_image.zip
3. Download 4shared.com - online file sharing and storage - download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
__________________
elhead17 said:
1. Make sure you have the Android SDK installed. Read HERE for more info.
2. Download 4shared.com - online file sharing and storage - download flash_image.zip
3. Download 4shared.com - online file sharing and storage - download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
__________________
Click to expand...
Click to collapse
Sorry dude, there is NO su file in this released version of RUU.
So you won't run su after adb shell
just a question but can you successfully run the testkeys release RUU on your phone?
I thought with new 2.1 update root access was removed and there was no way workaround to get root access. I might be wrong here.
You might want to try RUU back to 1.56 version and try to gain ROOT access and just flash ROM release by the dev's here which still give us ROOT access.
I'm not sure if it even possible to go back from 2.1 to 1.5 RUU. Maybe some with more knowleadge of RUU can chip in here.
In addition the RUU you flash is same one release by Devs here on their modify ROMs.
i dont think it is possible to ruu back to 1.5. i think a dev said something about hboot being updated so it needs a new way for root.
kashb91 said:
i dont think it is possible to ruu back to 1.5. i think a dev said something about hboot being updated so it needs a new way for root.
Click to expand...
Click to collapse
You are correct sir. There's no way to downgrade hboot (without root), just like why you can't run the 1.29 RUU if you ran the 1.56, or yours came with 1.56 on it.
F.A.I.L.
10chars
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
gunnyman said:
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
Click to expand...
Click to collapse
well, I'll be around here unless someone buys me an EVO &
It is actually possible to go back to 1.5 even if you used the RUU (well I should say the test RUU). I just did it yesterday so I could take my phone in for service. I'll post how I did it when I'm not mobile. Basically I created an update package to flash the old hboot then used a combination of the 2 main unroot threads. Ended up being able to use the sdcard method after flashing the misc.ing from the other method. I know probably doesn't make sense but I've got it all documented at home.
eme82 said:
It is actually possible to go back to 1.5 even if you used the RUU (well I should say the test RUU). I just did it yesterday so I could take my phone in for service. I'll post how I did it when I'm not mobile. Basically I created an update package to flash the old hboot then used a combination of the 2 main unroot threads. Ended up being able to use the sdcard method after flashing the misc.ing from the other method. I know probably doesn't make sense but I've got it all documented at home.
Click to expand...
Click to collapse
I can't WAIT to read how you did this! I have been dying to get back to original HBoot since I ran the first test RUU back in April.
gunnyman said:
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
Click to expand...
Click to collapse
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
chuckhriczko said:
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
Click to expand...
Click to collapse
Very very good point I'm not getting an evo till its rooted anyway
chuckhriczko said:
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
Click to expand...
Click to collapse
Possible, but I doubt it.
Chances are it's an entirely different kernel. My guess is the EVO gets a 2.6.30+ Kernel - It's hardware is completely different from ours. QUALCOM doesn't even make our chipset any more.
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
zemerick said:
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
Click to expand...
Click to collapse
I'm still using pre6 seems to be the one for the Hero.
zemerick said:
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
Click to expand...
Click to collapse
Here's the link: http://code.google.com/p/android-wi...ireless_tether_1_60_htc.apk&can=2&q=HTC+Donut
Ok... If your wimax isn't working and you want to downgrade to try to get it working this is how to do it...
1st get all of the files like you want to do Toast's Part-2. link: http://forum.xda-developers.com/showthread.php?t=701835
Then do this part:
STEP 2~FLASHING MTD PARTITION TO ENABLE DOWNGRADE:
- download all files posted above
- unzip the flash_image.zip and the mtd-eng.zip
- put the flash_image and mtd-eng.img on the root of your sdcard
- go into shell on ur pc and do:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
- this should only take a second or two
- now put the PC36IMG.zip on the root of your sdcard
- power off the phone
STEP 3~FLASHING ENG BUILD:
- hold volume down + power to boot into hboot
- it should now find and verify the PC36IMG.zip on the root of your sdcard. itll show a blue status bar on the top right of the screen.
- after a minute or so it will ask u if u wanna flash SAY YES
- affter it flashes the PC36IMG.zip it will ask if you wanna reboot. SAY YES
After if finally boots you should see HTC quietly brilliant which hangs forever but it should eventually get past it. Once it does you will have the oldest everything. This is a beta build and has a bunch of tools but just do an upgrade to root like you normally would. I would suggest going to .6 then upgrading to the latest 47 from there.
Hope that this helps someone.
P.S. is anyone willing to dump all of the tools that are included in this rom. It might be helpful for the other devs.
Thats the hard way... but yeah it'l work.
Why is everyone so hype on adb everything...?
Tell me the easy way. I would love to do it instead.
kthejoker20 said:
Thats the hard way... but yeah it'l work.
Why is everyone so hype on adb everything...?
Click to expand...
Click to collapse
It's just easier to copy and paste stuff, even typing on a real keyboard. It's a pain in the ass doing it via terminal emulator with the lack of a physical keyboard on our Evo's.
Can anyone confirm if this helps fix the 4g issue?
krosemm said:
Can anyone confirm if this helps fix the 4g issue?
Click to expand...
Click to collapse
If you used the unrevoked, no it wont.
There is no fix for 4g from unrevoked yet.
Neotelos_com said:
If you used the unrevoked, no it wont.
There is no fix for 4g from unrevoked yet.
Click to expand...
Click to collapse
I used the toast method. And if i'm not mistaken I should flash roms w/o the 1.47.651.1 OTA update after downgrading right?
Nope, I try this method and it is not working. Some how the new OTA encrypted a code that any lower version will not over write it.
You don't have root access to even copy/paste or push the files to /data. I tried this and got a permission denied error message.
How do you input adb shell into Vista, I clicked "start", "run" and type "cmd" it bring up C:\users\XXXXX\ cd c:\android hit "enter"
then I type
c:\android>adb remount
Access is denied
Please advise what I did wrong. thanks
It worked for me... you have to make sure that when you enter the su command in adb to look at your phone. There should be a super user permission box that pops up. Accept it and youll be able to adb. It went fine for me after that.
urcboss07 said:
How do you input adb shell into Vista, I clicked "start", "run" and type "cmd" it bring up C:\users\XXXXX\ cd c:\android hit "enter"
then I type
c:\android>adb remount
Access is denied
Please advise what I did wrong. thanks
Click to expand...
Click to collapse
1) Put your phone on USB Debug
2) On your Phone make sure the Ninja(SuperUserPermission) is set to prompt you when you have a request.
3) go to your PC and type in adb shell
4) type in SU
5) Once do you that you will see a prompt from the Ninja asking for a request. Allow for it. And it will remember from that point forward.
6) Look at your cmd prompt screen for a # - if you have it you have full access.
Then so what commands you have been given to do.
It can also be done from the Android Terminal Emulator but some might not like working with a smaller screen I like it myself. Makes me feel geeky
mrmomoman said:
1) Put your phone on USB Debug
2) On your Phone make sure the Ninja(SuperUserPermission) is set to prompt you when you have a request.
3) go to your PC and type in adb shell
4) type in SU
5) Once do you that you will see a prompt from the Ninja asking for a request. Allow for it. And it will remember from that point forward.
6) Look at your cmd prompt screen for a # - if you have it you have full access.
Then so what commands you have been given to do.
It can also be done from the Android Terminal Emulator but some might not like working with a smaller screen I like it myself. Makes me feel geeky
Click to expand...
Click to collapse
This would only work if after the messup your still has root access. Some people have root and the "SU" will work but for the people w/o root will get access denied.
also
From above (I hate quoting) have you tried going to your tools folder inside your android folder and from there try your adb commands?
If you applied the OTA sent from Sprint, you lost root access. There will be no Ninja in the programs folder, because it was a new rom that the was flashed with the OTA. Root access has been closed for those that downloaded the update. If you try and type su, you will get permission denied.
Those of you that still have the root and superuser rights, DON'T DOWNLOAD THE OTA!! You are in a better position then the rest of us. I wanted the good battery life, so that's why I did it.
I tried every method, read every thread in every forum in an effort to root my EVO. Nothing worked. I was driving myself mad and spending tons of time. I Eventually I came across a post which directed me to XDA Developers Thread ---==={ROOT GUIDE}===--- | 1.47.651.1 ROOT, post 579 by SharkUW . I have used this on my own phone and I don't see a reason why it wouldn't work. I modified some of the instructions to make it clearer. The instructions may not be exact, and there is some seat-of-the-pants involved, but I got it to work. Use it at your own risk.
Prerequisites (follow in order)
Android-SDK developers program. I loaded it to C:
JAVA SE Development (use correct bit – 32 or 64). loaded in C:
Microsoft .NET Framework V 4.0
Reboot your phone and do a factory reset. Erase everything
Set phone to Charge Only and USB debugging
Open the stock browser and sign-in with your PCS phone number. Leave running.
Shutdown the phone, then restart
Make sure ADB is functional on your computer. You should be able to "adb shell" (confirming adb is working, exit shell if you're in it).
Extract the Do_root.zip (link below) and place all these files into the SAME folder as adb.exe. I have not included the appropriate PC36IMG.zip. Get it here. http://forum.xda-developers.com/showthread.php?t=701835 Leave the name as "eng-PC36IMG.zip". Place that in the SAME directory as well as the .zip.
Open a command prompt on your computer. point directory to Android-SDK directory\tools and a list will come up… click on "root.bat” and click RUN.
If it hangs for more than 30 seconds with the browser ****, CTRL+C, yes to kill the bat and just run it again.
Follow the directions. Your phone is going to reboot. It is then going to do a little **** and reboot into the boot loader. Keep track of the Command screen and wait because some steps take a while and there is no way of telling if it’s working. Nothing lasted more than 5 minutes. Eventually it will be in a "bootloader" and ask if you want to reboot. Say Yes with a Volume UP.
The .bat is now done. You have root. (not sure if next part is true) You now need a custom recovery to flash a proper ROM beyond the scope of this guide.
In original instructions but I’ve found the following Recovery step and code is not necessary: Now take the last step and flash the recovery.img that will already be on the root of your sdcard. To do this, after the PC36IMG flash:
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery.img
To check for root do ADB Shell and should get #.
If you're all advancedy you can put on a different recovery image.
IMPORTANT If you get a message here about "not writing bad block", flash it again until you get 0 errors. I don't know how common it is, but personally my recovery has issues with flashing. Do NOT let that be a bad flash.
Attached Files
do_root.zip (4.07 MB, 49 views)
________________________________________
Last edited by SharkUW; 7th July 2010 at 01:06 AM.
Going to try it tomorrow and hope it works. Thanks
Where are the attached files?
Can't find the do_root.zip file. Seems there is no attachment, please re-post. Thanks.
I tried to attach the do_root.zip file and a link to Toast 2 file. If that doesn't work, go to the referenced post #579 here: http://forum.xda-developers.com/showthread.php?t=718889&page=58.
Have you tried this SimpleRoot? I just did it, and it worked flawlessly.
Vivix729 said:
Have you tried this SimpleRoot? I just did it, and it worked flawlessly.
Click to expand...
Click to collapse
Simpleroot ftw.
mattrb said:
Simpleroot ftw.
Click to expand...
Click to collapse
QFT. I did simple root (I still setup adb and ensured it was working first) and then flashed the rooted Stock 1.47 ROM in about 40 min. I think most people that are running into issues with Simpleroot do not have adb setup properly or they did something inadvertently and need to clear out the files/cache and need to start over from scratch.
gmanvbva said:
QFT. I did simple root (I still setup adb and ensured it was working first) and then flashed the rooted Stock 1.47 ROM in about 40 min. I think most people that are running into issues with Simpleroot do not have adb setup properly or they did something inadvertently and need to clear out the files/cache and need to start over from scratch.
Click to expand...
Click to collapse
I did simple root and it worked fine too. I don't think the issue is adb being setup since he has an adb file in his download.
Update from a few days ago.
Just got a new SDHC card and simpleroot worked. The SDHC that came with my phone died. I placed a spare in there that was a 2gd regular micro and Hboot would not ready the IMG for nothing.
If simple root is not working then it's the Sh!tty card acting up.
Happy ending for me.
I just got my phone yesterday did the ota simpleroot and seems like it worked fine
but now i dont know what to do next
to get custom roms or froyo 2.2 or anything lol
Awesome post |OP|.
My desktop is Windows 7 x64 and doesn't play nicely with the standard tools.
I was forced to adapt your root.bat script to an OSX friendly BASH script.
The only requirement is that you download the android SDK from developer.android.com/sdk/index.html (apparently, I'm too new to post links).
The steps I took to get root:
Unzip the android SDK
follow |OP|'s instructions, unzipping the contens of do_root into [sdk-root]/tools/
unzip the attached bash script to the [sdk-root]/tools/
run my bash script from the [sdk-root] folder instead of root.bat - type "./root.sh" without the double-quotes
Grab a copy of Froyo while your phone is being rooted
Make sure your battery has a decent amount of charge in it, you don't want to run out of juice in the middle of this.
You will need to have the android sdk installed, as you will need to use the adb tool.
Windows users will need to install HTC Sync in order to get the usb driver for the phone installed.
Part 1: In which we find that the Evo spreads easier than a Thai whore during tourist season
Code:
adb shell "rm /data/local/rights/mid.txt"
adb shell "ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt"
adb reboot
Part 2: In which we find that engineers have no personality, but they make one hell of a bootloader
Put the files from Toast's Part 2, for nand unlock onto the sdcard (PC36IMG.zip, mtd-eng.img, recovery.img, flash_image)
then (after making sure the sdcard is remounted to the phone if you used disk mode to xfer the files):
Code:
adb shell "cat /sdcard/flash_image > /data/local/rights/flash_image"
adb shell "chmod 755 /data/local/rights/flash_image"
adb shell "/data/local/rights/flash_image misc /sdcard/mtd-eng.img"
adb reboot bootloader
When asked if you want to update, say yes. Relax for a while, the update takes some time.
When the phone eventually boots back up:
Part 3: In which I find the whore, and make her install a custom recovery
Code:
adb shell "cat /sdcard/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image recovery /sdcard/recovery.img"
After this you should be fully rooted with nand unlock.
I highly recommend going through Whitslack's Starting Over method to bring your software and radios up to date.
You're done.
Pity this only came to light a few days before people are going to be upgrading to a new OTA.
No, this will not work for anyone who updated to 2.2.
epic!!! 789
niice!
Nice Find!
At least now people can be rooted prior to the new OTA!
damn it!
___
Sweet! Wish I had that method starting out. Lol.
Sent from my PC36100 using XDA App
does this method really work??
BAttitude7689 said:
does this method really work??
Click to expand...
Click to collapse
Yes it does.
ok, so i have no idea how that works... care to go into it alittle bit more?
khshapiro said:
ok, so i have no idea how that works... care to go into it alittle bit more?
Click to expand...
Click to collapse
The init scripts chmod 777 mid.txt on boot (this means that anyone can do anything to the file basically). By removing the file and linking it to mtd1, the chmod now makes mtd1 accessible by everyone after a reboot, which means that you can go directly to toast's part2 which starts with flashing mtd-eng.img.
Incidentally it appears the droid eris guys have been using this flaw to their advantage for a while as well ;D.
So no, really? What is "root?"
You do fine work, sir
posting in a legendary thread
Couldn't you then just use wits "start over" method for part two to make the process even shorter?
netarchy said:
Part 1:
Code:
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
adb reboot
Click to expand...
Click to collapse
What would be more interesting is for someone on the new OTA non-root to see if this exists in the Froyo release. I'll look around for a posting of the OTA update non-rooted and try it on my smashed phone. At least I won't care if that thing looses root.
Could we get a "The easiest 1.47.651.1 root method with nand unlock" for dummies? I have no clue what to do with this code.
You need to use an ADB shell for this using the Android SDK....
I tried to use the Evo-Recovery shell and received permission denied errors.
I am not a DEV by any means, and do not claim any credit for any of this. However, for people who need help, this may offer some assistance -- this is definitely the easiest root method out there.
1. Download and Install Android SDK - Learn Here
http://forum.xda-developers.com/showthread.php?t=694250
2. Open up a Command Prompt by holding windows button & pressing R or by pressing Run and typing CMD.
3. Navigate your way in DOS to the Android SDK folder, then to the Tools Folder
4. Then enter in the code in part 1. After each line press enter...the line will repeat below it.
5. Follow Toasts Part 2 -- Link: http://forum.xda-developers.com/showthread.php?t=701835 -- Video found here: http://www.youtube.com/watch?v=tUXTB0eydwE.
5A. Because you didn't do Toast's Part 1 of Root first (you used an exploit provided by the OP), you will NOT have a NAND Backup. Put the Custom ROM you want to load on your SD card, and after unlocking NAND protection and doing the wipes, load it from the custom recovery in lieu of restoring your NAND backup.
6. You're now rooted w/ NAND Unlocked!
7. I would then suggest going here, and running this so you have a fully rooted, stock ROM with all your radio/wimax up to date: http://forum.xda-developers.com/showthread.php?t=715915.
Anyone know if this method will work on an unrevoked3'd Evo? I am trying to acquire full root and I was going to use SimpleRoot today but if this will work...
Thank you for this! Question about number part 7. YOu suggest running the fully rooted stock 1.47.651.1 afterwards. Would it be a bad idea to Just run the fully rooted stock froyo 3.23.651.3 or even any other custom rom for that matter? i.e OMJ's EVO 2.2 Custom rom? Thanks
regulator207 said:
Couldn't you then just use wits "start over" method for part two to make the process even shorter?
Click to expand...
Click to collapse
No because you need the engineering hboot to flash it since it's not signed by HTC.
Should work on 1.32 or 1.47. Nice.
Someone should test if this still works in the new 2.2 update. Good chance it does.
damit!
justinisyoung said:
damn it!
___
Click to expand...
Click to collapse
Hey! That's what I was gonna say!