This tool is now deprecated. To root your Evo 4G running Gingerbread you will need to use the Revolutionary tool that can be found at http://www.revolutionary.io.
I'm sorry to do it but due to the ridiculous amount of people who are still asking for help rooting gingerbread, I will no longer be supporting this tool what so ever. Any further emails I receive about it will be deleted.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
I am proud to present the HTC EVO Auto Root script! It took me awhile but I finally got it fully automated, it probably would have been easier using VB to write it but I wanted it to be readable by everybody. I don't have working scripts for Linux or Mac yet but for older phones you should be able to follow the Alternative Method and use the code included at the end of the post with minimal changes. If you are new to rooting the Evo you should check out the Rooting Information and Common Problems thread to familiarize yourself with some of the screens you will see. At times your phone may shows ominous looking icons that look bad but really aren't, at times like that it is important that you don't panic and do anything that could damage your phone.
This will make a backup of your WiMAX partition and the RSA keys that are stored on it; backing up your RSA keys separate is not necessary. It will save it in the AutoRoot folder so be sure not to delete it.
If you run into any problems please include the following information with your post: Any methods you have previously tried to root with, what it did last plus any error messages it may have given (if you can right click, select all and copy it from the terminal), and if you are in the bootloader we need to know what the top two lines say. Running this will create a log file named: autorootlog.txt. Please post this as well.
Any feedback no matter good or bad is appreciated! Let me know how it works for you.
Randy (randyshear on youtube) has made a great video of the process if you would like to get an idea of what to expect before hand. It is important to note that, depending on your phone, the process may be slightly more involved or require more or less time.
HTC EVO 4G ** ROOT AND NAND UNLOCK ** AUTOROOT V 2.2 ** HOW TO **
This has been confirmed working with:
Software versions 1.32, 1.36, 3.29, 3.30 & 3.70
hBoot Version .76, .93, .97, 2.02 & 2.10
Thanks go to
HTC for making the phone to begin with
Sebastian Khramer for his rageagainstthecage exploit
Toastcfh for his tutorial and all of his work on improving the Evo, a lot of this is borrowed from his previous work
Amon_RA for his recoveries and for his quick work creating a recovery compatible with the new NAND blocks
Calkulin for collecting all of the radios and update images
Whosdaman, Football and Sniper911 for sharing the RUUs with us
The Unrevoked Crew for all of their hard work on the Unrevoked Forever s-off tool
amoamare and Zikronix for all of their hard work on rooting phones with the 2.02 hboot
chris1683 for his Sprint Lovers ROM
Netarchy for all of the great kernels
A huge thanks goes out to Dan0412 who took the time to debug this for version 003 2.02 phones
Schnick1 and tauzins for their help with getting ADB to act right
Props go to RyanZA and anyone else who worked on the z4root app. I wouldn't have got 3.70 rooted as fast as I did if I didn't have their app to learn from.
You Will Need:
A windows machine
HTC Sync that can be found on Sprint's website. HTC Sync 2.0.35.exe
At least 1 GB of free space on your SD card
A full or close to full battery (your phone will not charge during part of this and if it dies you will be SOL, aka Bricked)
ADB debugging enabled (Settings > Applications > Development > ADB Debugging)
Your phone connected to your computer as Charge Only and HTC's Evo drivers / HTC Sync installed.
The AutoRoot.zip File that can be found in this post
[*]I highly recommend you have the appropriate RUU, or PC36IMG, downloaded before you start. It is always good to have and if something does not go as planned it can get your phone back up and running with minimal down time.
Click to expand...
Click to collapse
IF YOU HAVE PREVIOUSLY TRIED ROOTING YOU MUST RESTORE FROM A RUU BEFORE RUNNING THIS. IT WILL NOT ROOT IT UNLESS YOU DO THIS.
Instructions:
This will try to back up your apps but it's not always able to, you will also lose all of your settings. Titanium Backup works well to save your apps however you will need to use z4root to temporarily root before you will be able to use it.
Download HTC Sync from Sprint's website here and install it. You may need to use the 'Repair' option for it to replace any old drivers.
Extract AutoRoot.zip into a folder that is easy to find and then open the folder.
Right click on 'AutoRoot.bat' and run it as Administrator.
Once it finds your phone it will start by checking out what kind of setup it uses and then attempt to get root access. If it fails usually it's from too many active apps or the phone being used, if so you will need to restart it before trying again. If you are using 3.70 it will let you know when it is running by blurring the screen.
When it is ready it will reboot your phone into the boot loader. Then, depending on your phones setup, it will either enter RUU mode and automatically flash the debugging firmware or give you instructions on how to flash it from the hBoot.
If you have to flash it manually just push Power to select "BOOTLOADER" and say Yes when it asks to flash the PC36IMG.zip. It will complain part of the way through about Boot Loader and/or radio errors and then skip them, this is normal. Once it finishes say No when asked to reboot and use the Vol Down button to highlight Recovery. Then press Power to select it.
If you are entering the Recovery your phone will show a Red Triangle with an Exclamation mark inside, at this point the script will take back over and attempt to flash Unrevoked Forever.
After it finishes flashing the engineering bootloader, or Unrevoked Forever, it will reboot into the bootloader and see if your NAND is unlocked. If so it will flash the Sprint Lovers ROM along with the Recovery and updated Radios. Afterward it may boot into the ROM and attempt to restore your Apps before finishing, try not to interrupt it until it tells you it has finished.
Once it's fully rooted and you have your phone set back up it's a good idea to make one more NANDroid with everything up to date. Then make one more backup of your WiMAX partition in case something happens to the first one.
Click to expand...
Click to collapse
If you have an older phone and don't want to flash Unrevoked Forever or Sprint Lovers w/ the radio updates you can have it skip them. It will just flash the engineering bootloader to unlock the NAND and then flash the recovery directly from there. You will need to update everything and flash a custom ROM on your own. This will only work if your phone has a version .9x hBoot.
Instructions for Quick method:
This will completely wipe your phone. If you would like to back up your apps you can use Titanium backup to save them. It also has an option to save the system files but this can result in a buggy ROM afterward.
Extract AutoRoot.zip into a folder that is easy to find.
Open a DOS prompt by running the OpenShell file.
Type 'autoroot quick' and press Enter
It will then flash the engineering bootloader and the recovery through fastboot. Once it is finished you can use the bootloader menu to boot into the recovery and make a NANDroid, flash a ROM, radios, etc.
Click to expand...
Click to collapse
Links:
Downloads
AutoRoot v2.5 - Full Root Zip (MD5: 5E1BF365F3B5479329896BD55C33678E)
AutoRoot v2.5 - Tools Only (MD5: 5DBA70A8CDD052A9908E4F43D6BBC669)
The following are the ROMs pulled out of the RUUs, you can flash them by renaming and putting it on your sd card or from your computer with fastboot using the included FlashZip script.
Sprint Evos (USA):
3.29.651.5_PC36IMG.zip (MD5: 2F5046C0FC6FE61114EBC53D5997B485)
3.30.651.2_PC36IMG.zip (MD5: 4A2CAB264244C79B2E2BE9E3CFE2B503)
3.70.651.1_PC36IMG.zip (MD5: 7056D42812AA5DF03FCC8DDDC2B64E85)
KDDI Evos (Japan):
1.05.970.1_PC36IMG.zip (MD5: 78F9E8BFEE705F34790A46C258268F02)
Sources
How to unlock Nand Protection ~ Part-2
RA-evo-v1.8.0 (a modified version is included)
RUU to restore 3.29.651.5
RUU to restore 3.30.651.2
RUU to restore 3.70.651.1 (Thanks to 911Sniper for the original mirror)
Sprint Lovers ROM (a modified version is included)
Click to expand...
Click to collapse
Changes for v2.5
Script now checks for Admin Priveledges and kills HTC Sync Services for Sync 3.05
Fixed issue recognizing build numbers
It will attempt to back up Apps now
Checks branding in order to recognize KDDI Evos
Unrevoked forever will now be retried if it doesn't get run the first try
Changed it so it will leave the phones in Fastboot mode if it fails
Recognizes ADB issues easier now
Changes for v2.4
Updated the ROM and Recovery
The working directory is now saved correctly when the path has a space in it
Fixed an error checking the firmware version that would cause the script to close
Made it more capable of recovering when the phone is in an unknown state
Fixed the SD card not being recognized with Eclair
Some parts will check for the 'daemon' error messages and will call to fix it
Made it so the MTD data is not saved unless it is recognized
The script will continue if it times out while waiting on Unrevoked Forever
The WiMAX partition is backed up through the ROM at the very beginning instead of through the Recovery
Changes for v2.3:
Updated the ROM, Recovery and Radios
The script will now recognize your phone at any point in the process and will continue where it left off
Fixed the FlashRecovery script and made it so you can choose what to flash, just put your PC36IMG of choice in the folder with it and let it do the work
Fixed the version checker so it doesn't get confused with custom ROMs anymore
Quick mode checks your hboot version from the ROM now so it won't even try if you have a new bootloader
It is much more tenacious going into the recovery, hopefully fixing the issue with ADB dropping out there
Fixed a bug where the MTD block sizes were not always being remembered correctly
Added more checks to make sure the phone is where it's supposed to be throughout the process
Made it try harder to get the recovery log so it doesn't get missed as much
Tweaked the timing some so it moves a little bit quicker and you only have to hit a button twice to exit instead of three times
Fixed the infinite loops so they are now 95% shorter
Changes for v2.2:
Updated the recovery to Amon RA's version 2.2.1
MTD information for each phone is saved in case it is restarted and unable to find out.
Fixed a bug where pre 3.xx ROMs were not being recognized correctly.
Phones are explicitly called by their serial number to prevent confusion if an emulator starts or another phone gets plugged in.
Unresponsive ADB daemons are killed to help prevent them for hanging or randomly restarting.
Changed autoroot.log to autorootlog.txt to make it easier to attach
Minor bug fixes.
Changes for v2.1:
Updated the recovery to Amon RA's version 2.2
Minor bug fixes
Changes for v2.0:
Added an app to give ADB root and keep it active in 3.70
Updated Sprint Lovers and Amon RA
Removed the two separate kernels/recoveries for new and old phones
Added a battery life check before flashing
Checks Firmware versions in both the ROM and hBoot
Checks that the Misc partition was flashed properly
Fixed all of the bugs with Quick root, it no longer flashes Sprint Lovers if you run it with S-OFF
It automatically restarts adbd where it would occasionally reset itself and get hung up
It also kills adbd when it finishes so you can move/delete it
Changed the bat that restarted adbd so it kills it instead
Added a bat to flash AmonRA through Fastboot with non-Eng hBoots
Added a bat to open a Cmd prompt already in the autoroot folder
Rewrote a good portion of the script and cleaned it up a lot
Made it more flexible so it doesn't get lost as easily
Plus more I forgot
Click to expand...
Click to collapse
Contents of v2.5 Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
AutoRoot.bat
check.bat
fastboot.exe
fastboot-linux
fastboot-mac
FindPhone.bat
FlashZip.bat
OpenShell.bat
StartRecovery.bat
amon_ra_1.8-mod/
res/
....AutoRoot.apk
....autoroot.ini
....dump_image
....Escalate.vbs
....Escalater.bat
....EscSC.lnk
....exploid.com
....FindPhone.bat
....flash_image
....ini.cmd
....mtd-eng.img
....PC36IMG_UD.zip
....PC36IMG_AmonRA-v2.3-hausmod_revA.zip
....PC36IMG-SprintLovers-AmonRA_2.3-hausmod_revA.zip
....radios.zip
....rageagainstthecage-arm5.bin
....recovery-RA-v2.3-hausmod_revA.img
....URFSOff.zip
....URFSOn.zip
....WatchPhone.bat
Notes:
Recovery is recovery-RA-supersonic-v2.3 with Netarchy's 4.3.2 CFS NoHAVS NoSBC NoUV
radios.zip is EVO_Radio_2.15.00.11.19_WiMAX_27167_R01_PRI_NV_1.90_003
URFSOff.zip is the Unrevoked Forever S-OFF tool
URFSOn.zip is the Unrevoked Forever S-ON tool
Click to expand...
Click to collapse
As always, this will void your warranty and may possibly damage your phone. You and you alone are responsible for anything that you do. Everything contained in this thread is for informational purposes only.
Click to expand...
Click to collapse
IMPORTANT: Everything contained in this post is meant for phones with the older bootloader. If you have hBoot version 2.02 or ROM version 3.30 you must use the above method.
Old Universal Root
(Scroll Down for Alternate Method)
You Will Need:
A windows machine and basic knowledge of DOS or a Linux/Mac box with a little bit of determination
At least 1 GB of free space on your SD card
A full or close to full battery
ADB debugging enabled (Settings > Applications > Development > ADB Debugging)
Your phone connected to your computer as Charge Only
The EVORoot.zip File that can be found in this post
Click to expand...
Click to collapse
Instructions:
Extract EVORoot.zip into a folder that is easy to find and go to that folder. Then copy the 'moveme' folder out of that one and on to your sdcard. Once it finishes copying unmount/eject the SD card through windows and change your phone back to Charge Only.
Double click on 'runexploit' and let it run. When it asks if you want to flash the hBoot push 'y' and then {enter}. If there are any errors follow the instructions given to try and resolve them. It will automatically reboot your phone once it is ready for it. If all you see is the prompt flashing press Ctrl+C or close the window to exit and re-run it as Administrator.
When the bootloader comes up push the Power button and you should see it start searching for updates. When it gets to PC36IMG.zip it will ask if you want to update with it, push Volume Up to say yes.
*DO NOT TURN OFF THE PHONE OR LET THE BATTERY DIE WHILE UPDATING*
When it's finished push the power button to select 'fastboot' and use the volume buttons to select the yellow 'reboot' button. Push power one more time to select it and reboot your phone. It should start up rooted and ready to go, however you will still need a custom Recovery so you can make NANDroid back-ups and flash an up to date ROM.
Once the phone starts back up run 'flashrecovery' through explorer. It will automatically flash and then reboot your phone into Amon_RA's recovery. When it reboots you should see green text on a black background, if you see a triangle with an exclamation mark then you still have the stock recovery and need to reboot and try again.
Use the volume buttons to select Backup/Restore then push Power to select it.
Select Nand backup and push power. This will make an exact copy of your phone as it is. If you get an error that says 'run mobile-nandroid...." make sure you have at least 3 or 400MB free on your memory card. You can use USB-MS toggle to mount your SD card if you need to make room or copy a ROM to your phone. The moveme folder can also be deleted from your SD card at this point and you can make copies or move the backup once it is complete. Just make sure you have one good backup before continuing.
The NANDroids are saved under 'nandroid/??????????/backupfolder-date-time/'. The folders need to be moved whole.
Return to previous menu, select Wipe, then have it Wipe data/factory reset, Wipe cache & Wipe dalvik-cache. If you get stuck in a bootloop try these steps again and try wiping the SD:ext partition as well.
Return, then go in Flash zip from sdcard. Once there flash the Radios. It is again very important not to interrupt or reset the phone while the radios are being flashed, although it will probably want to reboot before flashing can be finalized, just follow the instructions.
Once it is finished Return to the previous menu and select Power Off. Then hold down the vol down button while turning the phone back on.
It will boot back up into the bootloader, select No if it asks to update or reboot. From here select Recovery and it should go back to the black background with green text.
Select Flash zip from sdcard and Flash ROM-Supersonic_3.30....zip. If you have a different ROM you want to use you can flash another one instead.
Once it is finished Return to the main menu and have it Reboot system. Your phone should start up normally and ask to be set up, complete the set up like normal.
When you have it set up and are sure everything is working properly I would make one more NANDroid so you have a copy with the updated radios. At this point you can also flash another recovery and do anything else you would normally do. Just be sure to use unrevoked forever if you plan on using a different hBoot.
Click to expand...
Click to collapse
Links:
Downloads
EVORoot.zip
EVORoot.zip - No bootloader, ROM or Radio updates
eng-PC36IMG.zip mirror 1, mirror 2
The following are the ROMs pulled out of the RUUs and renamed, make sure you use the correct version for your phone but if you aren't able to find out start with the 3.29.
3.29.651.5_PC36IMG.zip
3.30.651.2_PC36IMG.zip
If you are having trouble flashing custom ROMs try using this kernel (Thanks to xxbabiboi228xx)
Stock kernel #17
Sources
How to unlock Nand Protection ~ Part-2
All EVO Radio, WiMAX, PRI & NV versions
RA-evo-v1.8.0
RUU to restore 3.29.651.5
RUU to restore 3.30.651.2
Click to expand...
Click to collapse
Contents Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
exploid.com
flashboot.bat
flashrecovery.bat
runexploit.bat
moveme/
.....eng-PC36IMG.zip
.....evo_radios_wimax_pri_nv_3.30.zip
.....flash_image
.....mtd-eng.img
.....rageagainstthecage-arm5.bin
.....recovery-RA-evo-v1.8.0.img
.....SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip
Click to expand...
Click to collapse
Alternate method
If you already have the EVORoot.zip file you can download the scripts below without the boot/ROM/radio.
Instructions:
Extract EVORoot.zip into a folder that is easy to find such as C:\EVORoot. Then copy the 'moveme' folder out of that one and on to your sdcard.
Open up a DOS prompt and go to the EVORoot directory. eg. 'cd C:\EVORoot'.
type: runexploit {enter}
It will scroll a few lines saying that the ADB server will be reset and to run it on the desktop, this is normal. If it says Permission Denied check to make sure your phone is set to charge only and your sd card is not mounted as a hard disk.
type: adb shell {enter}
If you see '$' then type: "./data/local/tmp/rageagainstthecage-arm5.bin", without the quotation marks, and push enter. After a few seconds it should kick you out to the \> prompt.
If you see '#' then type: exit {enter}
type: flashboot {enter}
If you don't see any errors let it continue, if you do see an error push Ctrl+X to stop
Your phone will then reboot, when it comes back up the bootloader option should be highlight. Press the power button to select it. It should then search for a second and ask if you want to install the pc36img.zip, push Volume Up for Yes.
*DO NOT TURN OFF THE PHONE OR LET THE BATTERY DIE WHILE UPDATING*
When it's finished go into fastboot and select the yellow 'reboot' through the menu, it should start up rooted and ready to go however you will still need a custom Recovery so you can make NANDroid back-ups and flash an up to date ROM.
Once the phone starts up do step #4 to check for root (# prompt), if it is a '$' try typing 'su {enter}'. If that does not work use runexploit and then check again. Return to the DOS prompt once finished.
type: flashrecovery {enter}
Let it continue as long as there are no errors, otherwise Ctrl+X will stop it. If you run this more than once you can ignore the file not found errors from when it first starts. When the phone reboots you should see green text on a black background, if you see a triangle with an exclamation mark then you still have the stock recovery.
Use the volume buttons to select Backup/Restore then push Power to select it.
Select Nand backup and push power. This will make an exact copy of your phone as it is. If you get an error that says 'run mobile-nandroid...." make sure you have at least 3 or 400MB free on your memory card. You can use USB-MS toggle to mount your SD card if you need to make room or copy a ROM to your phone. The moveme folder can also be deleted from your SD card at this point and you can make copies or move the backup once it is complete. Just make sure you have one good backup before continuing.
The NANDroids are saved under 'nandroid/??????????/backupfolder-date-time/'. The folders need to be moved whole.
Return to previous menu, select Wipe, then have it Wipe data/factory reset, Wipe cache & Wipe dalvik-cache. If you get stuck in a bootloop try these steps again and try wiping the SD:ext partition as well.
Return, then go in Flash zip from sdcard. Select and Flash ROM-Supersonic_3.30....zip. If you have a different ROM you want to use you can flash that one instead.
Flash the Radios, it is again very important not to interrupt or reset the phone while the radios are being flashed. It will probably want to reboot itself afterward, just follow the instructions.
Once it is finished Return to the main menu and have it Reboot system. Your phone should start up normally and ask to be set up, complete the set up like normal.
Once you have it set up and are sure everything is working properly I would make one more NANDroid so you have a copy with the updated radios. At this point you can also flash another recovery and do anything else you would normally do. Just be sure to use unrevoked forever if you plan on using a different hBoot.
Click to expand...
Click to collapse
Links:
Downloads
EVORoot.zip
EVORoot.zip - No bootloader, ROM or Radio updates
eng-PC36IMG.zip mirror 1, mirror 2
Click to expand...
Click to collapse
Contents Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
flashboot.bat
flashrecovery.bat
runexploit.bat
moveme/
.....eng-PC36IMG.zip
.....evo_radios_wimax_pri_nv_3.30.zip
.....flash_image
.....mtd-eng.img
.....rageagainstthecage-arm5.bin
.....recovery-RA-evo-v1.8.0.img
.....SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip
Batch Files
runexploit.bat
Code:
adb shell "cat /sdcard/moveme/rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "./data/local/tmp/rageagainstthecage-arm5.bin"
flashboot.bat
Code:
adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image misc /sdcard/moveme/mtd-eng.img"
adb shell "mv /sdcard/moveme/eng-pc36img.zip /sdcard/pc36img.zip"
adb shell sync
adb reboot bootloader
flashrecovery.bat
Code:
adb shell "mv /sdcard/PC36IMG.zip /sdcard/moveme/eng-PC36IMG.zip"
adb shell "mv /sdcard/moveme/evo_radio_wimax_pri_nv_3.30.zip /sdcard/evo_radio_wimax_pri_nv_3.30.zip"
adb shell "mv /sdcard/moveme/SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip /sdcard/ROM-SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip"
adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image recovery /sdcard/moveme/recovery-RA-evo-v1.8.0.img"
adb shell sync
adb reboot recovery
Click to expand...
Click to collapse
This uses HTC's eng hBoot to unlock NAND protection so it is relatively safe, but, as always, this will void your warranty and may possibly damage your phone. You and you alone are responsible for anything that you do. This is for informational purposes only.
Click to expand...
Click to collapse
Here are linux and mac versions. You just need to get adb from somewhere (I don't think the packaged windows version will work).
If it's in your path, just change all of the "./adb" to "adb", or if you copy the executable to the same directory as these scripts, leave them as is.
Put them in the same directory, as the kit, and they should work.
I haven't tested, but thought I would write them up quickly to help with mutli-os support.
runexploit.sh
Code:
#!/bin/bash
./adb shell "cat /sdcard/moveme/rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin"
./adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
./adb shell "./data/local/tmp/rageagainstthecage-arm5.bin"
flashboot.sh
Code:
#/bin/bash
./adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
./adb shell "chmod 755 /data/flash_image"
./adb shell "/data/flash_image misc /sdcard/moveme/mtd-eng.img"
./adb shell "mv /sdcard/moveme/eng-pc36img.zip /sdcard/pc36img.zip"
./adb shell sync
./adb reboot bootloader
flashrecovery.sh
Code:
#!/bin/bash
./adb shell "mv /sdcard/PC36IMG.zip /sdcard/moveme/eng-PC36IMG.zip"
./adb shell "mv /sdcard/moveme/evo_radio_wimax_pri_nv_3.30.zip /sdcard/evo_radio_wimax_pri_nv_3.30.zip"
./adb shell "mv /sdcard/moveme/SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip /sdcard/ROM-SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip"
./adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
./adb shell "chmod 755 /data/flash_image"
./adb shell "/data/flash_image recovery /sdcard/moveme/recovery-RA-evo-v1.8.0.img"
./adb shell sync
./adb reboot recovery
I'm getting a permission denied when I try to runexploit
Can you post an alternate mirror for the rootkit?
jacobzamarripa said:
I'm getting a permission denied when I try to runexploit
Click to expand...
Click to collapse
Do you have debugging enabled?
MJStephens said:
Do you have debugging enabled?
Click to expand...
Click to collapse
usb debugging. yes
jacobzamarripa said:
usb debugging. yes
Click to expand...
Click to collapse
Are you running cmd.exe as admin?
Do you guys have a youtube video of step by step for this? Because i cant even get past the third step
BrashL said:
Are you running cmd.exe as admin?
Click to expand...
Click to collapse
im not quite sure how. im on windows xp
jacobzamarripa said:
im not quite sure how. im on windows xp
Click to expand...
Click to collapse
Im pretty sure he just means that your on an user name on windows that has Master rights.
Bravo, bravo. You really outdid yourself on this hauss. What a fabulous tutorial for noobs. In my spare time, I would be happy to make a Mac version of this tutorial for you. I think the Mac part jut confuses people more. Seriously, great work. I will be referring people to this. Replaces the need to do 20 commands with like 4 homemade batch scripts. Pm me or email at [email protected] and I will build a Mac tutorial (giving you full credit of course)...
Confirm?
This looks and sounds awesome. I would LOVE a mac version of this and like to donate to good work
Can I get a confirmation from someone reporting success using this method?
I'd like to use this on a friends phone today but am a bit hesitant because it's so new.
thanks!
i will confirm that all the scripts work on thier own. i have no idea if hauss's batch scripts work. all the exploits are legit though. i will download and proofread. either way, it should work. i know hauss is experianced at rooting and stuff.
wait, huge file. does someone mind sending me everything except the pc36img.zip and eng-pc36img.zip? email is [email protected]
does anyone know if it will work on parallels on mac.
adb connection will be reset. restart adb server on desktop and re-login
I keep getting error message saying "adb connection will be reset. restart adb server on desktop and re-login"
--------------------------------------------
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3316, 3316}
[*] Searching for adb ...
[+] Found adb as PID 1400
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
rukshmani said:
I keep getting error message saying "adb connection will be reset. restart adb server on desktop and re-login"
--------------------------------------------
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3316, 3316}
[*] Searching for adb ...
[+] Found adb as PID 1400
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
Click to expand...
Click to collapse
Actually i kept getting this same message when i was on the adb server and was attempting to get to the recovery screeen on the phone. Do you by any chance have HBoot 2.2 on your evo?
Hi Noobe , yes unfortunately..am i SOL
rukshmani said:
i keep getting error message saying "adb connection will be reset. Restart adb server on desktop and re-login"
--------------------------------------------
[*] cve-2010-easy android local root exploit (c) 2010 by 743c
[*] checking nproc limit ...
[+] rlimit_nproc={3316, 3316}
[*] searching for adb ...
[+] found adb as pid 1400
[*] spawning children. Dont type anything and wait for reset!
[*]
[*] if you like what we are doing you can send us paypal money to
[*] [email protected] so we can compensate time, effort and hw costs.
[*] if you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 usd!
[*]
[*] adb connection will be reset. Restart adb server on desktop and re-login.
Click to expand...
Click to collapse
this is not an error message! This means it is working! Just move on to the next step. If there is nothing that says the word error, there is probably no error!
Related
Update - 2/21/2011
If you have bricked an HTC EVO this will likely NOT work for you and this is the wrong info to be reading. I have gotten a few emails from this link about EVO 110 errors.
12/26/2010 - This thread is super old now:
If you ran the 1.56 RUU and your phone no longer turns on visit htc.com, go to support, choose Hero (Sprint) and download the 2.1 system update.
Remove battery from your phone and start it up again, then run the exe file that you just downloaded -
http://member.america.htc.com/downlo...2.27.651.6.exe
------All the info below is kept for reference -------
(As of 3/31/2010 - I am 10 for 10 for getting these back and working!! 3/3 of going back to 100% stock)
Edit: I have no longer kept track... its been over a month and I know personally I've done about 15 more of these... with about half being return to stock.
If you need to contact me, PLEASE EMAIL instead of using private messages, it'll probably turn into a google talk chat anyways, so add me on there, [email protected] (Its just easier than having to log in here and reply to private messages, since I get emails on the go as well.)
So you just ran the 1.56 RUU and got a 110 error. Now your screen turns on and stays black and if you plug the phone into USB you see the HTC logo. Unplug it and see the RUU menu.
Like you, I decided to attempt to roll back using the RUU 1.56. I was hit with the 110 error, and nothing but fastboot would work, I was able to launch ./fastboot-mac oem boot to get into the system.
I tried ./fastboot-mac boot image/bootname.img and a billion other things like everyone else who is having the issue, but just like them I had no success. In the second post below are the steps to resolve this issue. This will either take you to your first Nandroid backup or to whatever ROM you choose to flash once you get recovery back. I have not found a way to get back to 100% stock, but at least your phone wont be a brick.
EDIT:As of 3/30/2010 @ 8:30 PM I was able to get my phone completely 100% to stock. I was able to do this by retrieving a Nandroid restore from someone who used flashrec to make their initial backup. This restore does not touch the recovery image but I was able to boot into my recovery then write the HTC recovery back on top of it. I now have 100% un-rooted phone. See Post number 2 for the right way to do this.?
I've helped a few people over log me in now.
I'm willing to continue doing this but it is cutting into my family time, I will do this for a "respectable" amount of money.
Feel like I've helped you??
Buy me some coffee!
(Zip attached includes fix and stock folders. Use the fix folder FIRST to get completely booted. You can use the stock folder if you want to get 100% stock after you have a running unrooted system but have RA recovery.)
Steps to resolve:
(You SHOULD have a Nandroid backup of some sort, if not download a ROM... Fresh1.1??)
1) Boot the phone to black screen
2) Plug phone into PC/MAC - The HTC logo should appear at this point
---- If you've been doing anything else, rerun the RUU and let it fail and reboot to the HTC logo.
3) PC - fastboot oem boot | MAC - ./fastboot oem boot
(Make sure you turn on USB Debugging under Settings --> Applications --> Developer)
4) Root your phone using asroot2
Code:
adb push asroot2 /data/local/
adb shell chmod 0755 /data/local/asroot2
adb shell
/data/local/asroot2 /system/bin/sh
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4775 su
5) This is where your Nandroid backup comes into play.
(Browse to your nandroid folder, find your first backup and copy all of the .img files except system and cache to your SD card root directory)
NOTE: At this point you should dismount the SD card if you mounted inside of Android OS(Sense/Launcher)
6) run adb shell (PC - adb shell | Mac - ./adb shell)
7) type su
8) Run the following commands (if you get out of memory errors, type su again and try once more)
NOTE: Do not copy the "#"'s in the commands, the # just means you are running as SU, as opposed to the "$"
Code:
# flash_image recovery /sdcard/recovery.img
# flash_image boot /sdcard/boot.img
# flash_image misc /sdcard/misc.img
9) now... type reboot recovery
This time you should get your recovery menu, should have been RA or whatever you used... from there I did a complete nandroid restore and my system booted.
Also, after I did this I did try to let it boot without doing a recovery and it wouldnt go anywhere... but I'm fairly impatient... it may have wanted to load. I figured it best to do an entire Nandroid restore though.
-------------------------------------------------------------
100% Stock Configuration Work Around
-------------------------------------------------------------
Non-Rooted Nandroid Backup:
nandroid.7z
I was able to get my phone completely 100% to stock. I was able to do this by retrieving a Nandroid restore from someone who used flashrec to make their initial backup. This restore does not touch the recovery image but I was able to boot into my recovery then write the HTC recovery back on top of it. I now have 100% un-rooted phone. I'm not sure how to go about posting a 127MB file, what do you think it the best place?
After restoring the Nandroid backup I tried this:
Code:
Dustan-Bonneys-MacBook:tools dustanbonney$ ./adb shell
$ su
su: permission denied
Then I rebooted to recovery (I used RA 1.5.2)
Code:
Dustan-Bonneys-MacBook:tools dustanbonney$ ./adb remount
remount succeeded
Dustan-Bonneys-MacBook:tools dustanbonney$ ./adb shell
/ # mount -a
mount: mounting /dev/block/mmcblk0p2 on /system/sd failed: No such file or directory
/ # cd /sdcard
/sdcard # flash_image recovery /sdcard/Stock/recovery.img
flashing recovery from /sdcard/Stock/recovery.img
/sdcard # reboot recovery
I was booted to the Triangle and exclamation mark... I pulled the battery and booted up normally.
Stock Kernel - 2.6.27-533ce29d [email protected] )
Stock Build - 1.56.651.2 CL85027 release-keys
Other things that should be mentioned:
If you used RA 1.6.2 - I was unable to get my boot.img or the stock boot.img from the RUU's rom.zip to flash back to the recovery partition. I had to use the RA 1.6.2.img and "flash_image recovery /sdcard/recoverynamegoeshere.img"
It seems that if you've flashed the radio update, the RUU does not write the radio back successfully. Others have had issues going back to the stock radio using the upgrade.zip option as well.
I attempted to use the boot.img, recovery.img, from the RUU's rom.zip with no success. I might try it again. I was able to get to stock recovery (Triangle and exclamation) and to the Hboot menu... but from hboot I had to run the RUU and rebrick the device cause I couldnt get anything at that point, even fastboot oem boot wouldnt load.
There have been times when I get weird issues writing the flash recovery, boot, or misc and when you reboot and load "fastboot oem boot" it wont look like it goes anywhere.... check "adb devices" and your device should be listed. From there do an "adb remount" and then "adb shell" and reflash once more and then "reboot recovery".
If all else fails, I'm available for a small fee.
[email protected]
Anxiously waiting your news. Just encountered this problem today.
Updated ...
imekul said:
Anxiously waiting your news. Just encountered this problem today.
Click to expand...
Click to collapse
Wow! If you've fixed this, I think you're everyone's hero now. We won't have to worry about using the RUU now
I was going to try something similar to this today, but i was unable to brick my phone using the 1.56.651.2 RUU. I was running Flipz updated radio and DamageControl v2.0r2.. The RUU completed successfully..
I was reading over the forum post in http://forum.xda-developers.com/showthread.php?t=645002 and i read that you could boot the system using the command 'fastboot oem boot' I was going to try to use FlashRec to do the work of Flashing the recovery, then booting into recovery and use nandroid.. but you beat me to it! Good work!
I attempted flashing a new recovery image this way with no avail... I also attempted only
Code:
flash_image recovery /sdcard/recovery.img
and still was unable to boot the phone into recovery. I think it had to have been something with doing boot.img and recovery.img at the same time... I dont know what the misc.img does and I'm assuming data.img is userdata... but I did them all and then it worked...
Other users also tried flashrec and with no success... right track though.
chavo2005 said:
I was going to try something similar to this today, but i was unable to brick my phone using the 1.56.651.2 RUU. I was running Flipz updated radio and DamageControl v2.0r2.. The RUU completed successfully..
I was reading over the forum post in http://forum.xda-developers.com/showthread.php?t=645002 and i read that you could boot the system using the command 'fastboot oem boot' I was going to try to use FlashRec to do the work of Flashing the recovery, then booting into recovery and use nandroid.. but you beat me to it! Good work!
Click to expand...
Click to collapse
What do u mean by 3) PC - fastboot oem boot | MAC - oem boot?
blankd3ckskat3r said:
What do u mean by 3) PC - fastboot oem boot | MAC - oem boot?
Click to expand...
Click to collapse
if your using a pc type fastboot oem boot
if your using a mac type ./fastboot oem boot
This!
Thanks Regaw
regaw_leinad said:
if your using a pc type fastboot oem boot
if your using a mac type ./fastboot oem boot
Click to expand...
Click to collapse
Trying this right now.
So far, am getting lots of "mtd: write error" and "mtd: re-read error" Out of memory errors for flashing the recovery image. Guess I'll give this some time, and try to su again and reflash? Or should I kill it as soon as the Out of memory errors pop up and try again?
If you get errors like...
adb shell
su
flash_image recovery .........
(out of memory... etc)
Then...
just su again... so you really su twice
its what I had to do.
imekul said:
Trying this right now.
So far, am getting lots of "mtd: write error" and "mtd: re-read error" Out of memory errors for flashing the recovery image. Guess I'll give this some time, and try to su again and reflash? Or should I kill it as soon as the Out of memory errors pop up and try again?
Click to expand...
Click to collapse
Trying it a second time, and so far am getting a bunch of Out of memory errors. After the first one "finished," I did as you recommended and typed "su" a second time, and then typed the "flash_image recovery /sdcard/recovery.img" command.
So far, looks like it's giving the same errors the second time around.
This second attempt, it ended with "error writing recovery: No space left on device."
Just to be sure, I checked the SD card, and that has over 1 GB of free space.
If you're willing to allow something like logmein.com or some way for me to remote assist you, I would like to try. [email protected] if you're in.
imekul said:
This second attempt, it ended with "error writing recovery: No space left on device."
Just to be sure, I checked the SD card, and that has over 1 GB of free space.
Click to expand...
Click to collapse
Sounds awesome. Thanks. I'll e-mail you now.
Dun Dun Dun... The results are in!
imekul said:
Sounds awesome. Thanks. I'll e-mail you now.
Click to expand...
Click to collapse
dfbonney is the man!!
After a friendly little session on LogMeIn Express, I am good as new! How awesome!!
imekul said:
dfbonney is the man!!
After a friendly little session on LogMeIn Express, I am good as new! How awesome!!
Click to expand...
Click to collapse
We ended up just needing to run
Code:
adb shell
reboot
fastboot oem boot
adb shell
su
//flash commands here
that seemed to do it. so make sure if you're having issues to restart the device and try again!
Edit: Also, we didnt get data.img to work so we only did boot, recovery, and misc.img's
Requirements:
- ClockworkMod Recovery on your device
- Know how to reboot into recovery
- Have Android SDK (adb) installed - and familiar with the concept of what it does, and know how to access it via command line - if not look around, it's everywhere on how to do this.
Disclaimer:
- What you do is your fault
Optional:
- Ability to discern what, and what not to remove
Synopsis:
This is a good technique if you're receiving 'read only' errors while trying to remove apps - namely located in /system/app
[size=+3]Method:[/size]
- Reboot into recovery - it's been said in other threads it's best to DISCONNECT USB, power down, boot into recovery and THEN replug the USB connector.
- Using the clockwork menu - navigate down to 'partitions menu' using your volume down button - then hit the power button
- From the partitions menu, select 'mount /system' and hit the power button
- From your Android SDK tools directory - check 'adb devices' - this should indicate your phone is connected and in 'recovery' mode.
e.g.:
Code:
$ adb devices
List of devices attached
HT06BR007742 recovery
- Type 'adb shell' - this will put you into a command line for your phone
- From the command shell: 'cd /system/app'
- To get a list of what you can remove, type 'ls'
- To remove an .apk - type 'rm FileName.apk'
- When you're done, it's suggested you use the clockwork menu to reboot the phone ('back to the main clockwork menu, and 'reboot device')
Further example / note:
Once logged in via 'adb shell' and the system dir is mounted via clockwork:
Code:
/system/app # ls |grep "ATT"
ATT_Maps.apk
ATT_Navigator.apk
/system/app # rm ATT_Navigator.apk
Also, a side note, you can see all available commands for this shell by typing:
Code:
ls /sbin
The list is quite comprehensive.
I hope this helps someone
thanks thinice !
Added to the sticky roll-up.
I'm not 100% on this but I was able to uninstall whatever I wanted through Titanium Backup, including the ATT bloatware once I was rooted.
I am not sure about the Titanium Backup method. I restored to stock rom with root and used Titanium backup to remove some apps. They showed as removed, however when I reboot the phone the apps are back and not removed. I could not get Titanium backup to remove the apps with root alone.
removing AT&T Radio
I have searched the forum and have not yet found the answer to this question...I have removed all of the AT&T apps that I want to remove, except, which apk is AT&T radio?
You talking about fm radio on a sense rom?
Sent from my HTC Liberty using XDA App
Ah, no I'm using my HTC Aria with the stock image. I've rooted it though, and I'm just getting rid of the included AT&T apps I do not want. This one shows up as "AT&T Radio". Just trying to figure out which apk to remove in order to remove this app.
what apps are SAFE to remove without effecting HTC Sense or Aria? we need to make a list of files/apps safe to remove. i heard one user saying removing HTC stocks caused error issues when it tried to sync.
Hello also any luck with change the radio to activate for 1700 mhz UMTS ?
wdlamb said:
Ah, no I'm using my HTC Aria with the stock image. I've rooted it though, and I'm just getting rid of the included AT&T apps I do not want. This one shows up as "AT&T Radio". Just trying to figure out which apk to remove in order to remove this app.
Click to expand...
Click to collapse
AndroidMusic.apk
Thanks, that was exactly what I was looking for.
I've worked on this a few hrs now. I got Clockwork Recovery to work. Figured out HTC Sync was reverting the phone to stock recovery somehow. Removed that though...
Have rerun Unrevoked, and I can get into clockwork. I'm not interested in changing to different ROM now, just removing ATT crap.
When I try sideloading instructions/alternate method for removing ATT stuff, I get an error in cmd:
C:\android\tools>adb remount
remount failed: Operation not permitted
adb devices returns:
List of devices attached:
<myserial#> device
Any ideas? Have I not completed the root access procedure? I thought it was part of the Unrevoked process.
ahren37 said:
I've worked on this a few hrs now. I got Clockwork Recovery to work. Figured out HTC Sync was reverting the phone to stock recovery somehow. Removed that though...
Have rerun Unrevoked, and I can get into clockwork. I'm not interested in changing to different ROM now, just removing ATT crap.
When I try sideloading instructions/alternate method for removing ATT stuff, I get an error in cmd:
C:\android\tools>adb remount
remount failed: Operation not permitted
adb devices returns:
List of devices attached:
<myserial#> device
Any ideas? Have I not completed the root access procedure? I thought it was part of the Unrevoked process.
Click to expand...
Click to collapse
Yes, I think I was getting the same problem so I did a sequence of steps in some weird sequence to actually change it. It went something like this:
1. Make sure your PATH variable is set to Tools folder of Android SDK
2. Boot your phone into Clockwork and connect to PC
3. On your phone go to Partitions Menu and mount /system, then mount USB storage
3. Go to command prompt on your PC change your drive to phone/SD card drive (whatever that is, F:\ in my case)
4. adb remount
5. unmount /system
6. mount /data, mount USB storage
7. adb pull /data/data/com.android.providers.settings/databases/settings.db C:\settings.db
where C:\ is the main PC drive
8. change to C:\
9. echo update secure set value = 1 where name = 'install_non_market_apps';|sqlite3 settings.db
10. change to F:\
11. adb push C:\settings.db /data/data/com.android.providers.settings/databases/settings.db
12. Unmount everything, reboot and sideloading should work
sorting and backup
To see which files take the most space, use du with sort:
Code:
du * | sort -n
If concerned about deleting an important app, try moving it to the sd card instead. First mount the sdcard with the recovery menu, then:
Code:
mkdir -p /sdcard/backup/system/app
mv /system/app/something.apk /sdcard/backup/system/app
Thanks for the guide!
Great I'll try this tonight. Thanks
Sent from my HTC Aria using XDA App
I'm getting errors when attempting to remove the ATT_Navigator and ATT_Maps.
/system/app # rm ATT_Navigator.apk
rm ATT_Navigator.apk
rm: can't remove 'ATT_Navigator.apk': Directory not empty
Same error for both. Any suggestions?
I'm running Liberated 2.1 and ClockworkMod 2.5.0.1.
asiancuta said:
what apps are SAFE to remove without effecting HTC Sense or Aria? we need to make a list of files/apps safe to remove. i heard one user saying removing HTC stocks caused error issues when it tried to sync.
Click to expand...
Click to collapse
Yeah, I think it'll be nice to have a master list so future people won't have to mess with backups.
some I'm curious about is Mobi TV, Mobile banking, Mobile Video, Peep, and mostly if it'll be okay to remove the htc twitter widget.
the only program i ran into any issues with removing was the defalut mms app. i decided to see what would happen if i got rid of that app and replaced it with handcent or chompsms. those programs could still send messages, but i couldn't receive any.
the easiest way to compile a list like that is browse the forums for any preexisting knowledge, then just start testing things for yourself. make a nandroid backup of your rom as it sits, start removing programs, boot normally and see what happens! if theres no errors after you've removed the desired apk, make a new backup, reboot into recovery and keep going at it.
*******UPDATED 8/31/10 *******
This rooting method was adapted from regaw_leinad's method and toastcfh's method. By following these steps you will successfully downgrade your phone back to android 2.1 in order to gain root.
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
special thanks to:
regaw_leinad
Sebastian Krahmer
Toastcfh
amon_ra
FILES YOU WILL NEED:
copy and paste into browser
Code:
sdx-downloads.com/sdx/evo/troot/eng-PC36IMG.zip
evo4g.me/downloads//count.php?target=evo-root.zip
files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
developer.android.com/sdk/index.html
You will need the Android SDK in order to communicate between your computer and your phone. Download it (last link above) and follow the setup instructions that it comes with.
Unzip the contents of the evo-root.zip and put all the files from it into the tools folder located in the android sdk folder.
Rename the eng-PC36IMG.zip to PC36IMG.zip and then put it the tools folder located in the android sdk folder. DO NOT UNZIP IT!
******* PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738 *******
Move the recovery-RA-evo-v1.8.0.img into the android sdk folder as well.
Make sure usb debugging is enabled on your device. To do so go to Settings > Applications > Development > and make sure the check box is checked.
Plug your phone into the computer. Select "Charge Only" from the notifications bar.
Open up terminal and navigate your way into the android sdk folder.
Code:
cd /
cd asdk
Push all the files onto your phone.
Code:
tools/adb push /asdk/tools/flash_image /sdcard/
tools/adb push /asdk/tools/rageagainstthecage-arm5.bin /data/local/tmp/
tools/adb push /asdk/tools/mtd-eng.img /sdcard/
tools/adb push /asdk/tools/PC36IMG.zip /sdcard/
tools/adb push /asdk/tools/recovery-RA-evo-v1.8.0.img /sdcard/
Note that the PC36IMG.zip will take longer than the other files to transfer to the sdcard because it is a large file.
Now we will make rageagainstthecage.bin executable.
Code:
tools/adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
You should see this (below) after it has made the change.
Code:
$
Now to use the rooted shell.
Code:
cd /data/local/tmp
./rageagainstthecage-arm5.bin
You will now see some text on your terminal screen describing the exploit.
Wait for the adb shell to finish the process. At this point it may or may not terminate the current shell session in terminal. If it does then it should look like this:
Code:
users-iMac:asdk user$
If it doesn't it will return to
Code:
$
in that case you need to exit the current session. To do so type
Code:
exit
Now we need initiate a new shell which should now have root permissions.
Enter the following:
Code:
tools/adb shell
and you will see you now have a
Code:
#
instead of
Code:
$
Now we need to flash the mdt-eng.img in order for it to let us install a custom recovery
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
That will flash your misc partition with Toast's mtd-eng.img
This should return you to
Code:
#
Now boot into hBoot
Code:
reboot bootloader
This will reboot your phone into hBoot. It will scan for the PC36IMG.img. When it asks yes or no, select yes.
It should then reflash your phone into the engineering build.
When it asks to reboot select yes.
You will need to flash custom recovery in order to be able to flash other custom roms or modifications. I use Amon_RA's recovery because it works great and has NEVER caused me any problems.
Now, open up terminal and get back into the android sdk folder
Code:
cd /
cd asdk
Since we have already pushed the recovery onto the sdcard we only need to flash the recovery onto the phone so that we can use it
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery-RA-evo-v1.8.0.img
Now lets rename that PC36IMG.zip file again
Code:
mv /sdcard/PC36IMG.zip /sdcard/eng-PC36IMG.zip
that way your phone doesn't try to flash it when you go into recovery each time
And last but not least we need to boot into it to flash a custom rom
Code:
reboot recovery
Your phone should then reboot into Amon_RA's recovery and you may now head over to the dev forum to find your new favorite custom rom.
very nice! can anyone confirm this? my buddy wants me to root his 2.2 and i would like to try this.
To make life easier for some people add this to your post mate, and apply it yourself if you would like.
Here is how to add your sdk/tools directory to your .bash_profile file so you won't have to navigate to the folder each time.
Download this so you'll be able to see your hidden files http://www.mediafire.com/?diimft1ninn Run it, check "Show Hidden Files" then click Restart finder. Now, navigate to your home folder (/Users/UserName/) and see if there's a .bash_profile already there. If not, create with textedit.
Now add this to the file: export PATH=${PATH}:/Path/Of/Your/Sdk/Tools/Folder
Mine is /Users/bmxrider4444/Documents/Android/SDK/tools
Now do not save it as rich text. If yours is in rich text, click on "Format" in the menu bar, and click "make plain text". Now save it as .bash_profile and uncheck "if no extension is provided, use .txt".
Now you can go back to Ghost and uncheck "Show all hidden files" and restart finder again (special thanks to ajones7279 for these steps)
Enjoy!
Just as clarification as to what this does, it enables you to run adb commands and other commands without having to navigate to the /android/tools/ folder every time you want to run adb or whatever.
does this work?
seekis said:
At this point we need to push the recovery onto the sdcard
Code:
tools/adb push "location of recovery-RA-evo-v1.8.0.img" /sdcard/
Click to expand...
Click to collapse
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
seekis said:
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
Click to expand...
Click to collapse
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
randymac88 said:
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
Click to expand...
Click to collapse
Thats not the exact code no. I just put that as a place holder you are suppose to put in the location of where you have the recovery.img. For example, the exact command for me would be:
Code:
/Users/seekis/Downloads/recovery-ra-evo-v1.8.0.img
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
Click to expand...
Click to collapse
As far as using unrevoked, I stated that I, ME, MYSELF, has had issues with it. not that anybody else has. By all means go and use it if you would like. I will not. It is true that you will loose PRI 1.40, but seeing as how even after installing the OTA from HTC my phone still didn't update it to 1.40, I don't see the issue.
rsage said:
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
Click to expand...
Click to collapse
i believe it does unlock nand seeing as how i adapted it from toasts method
Hey Seekis - question, I'm stuck here. I keep getting "permission denied", or "operation not permitted" when trying to make the exploit executable at this step:
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Am I missing something? I've tried a million times and can't seem to get past this. I've successfully pushed all the files onto the sdcard.
I've also have had some trouble finding the exact root path to these files. I've been able to navigate, but I would think a lot of users would have some trouble.
Regardless, many thanks for getting this posted...
EDIT: I pushed the rageagainstthecage file to the sdcard by mistake. Will try again tomorrow.
ok i got rid of that step by moving the file into the android sdk and pushing it with all the other files
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
The wife's EVO is now fully rooted running Baked Snack 1.5 w/Netarchy's kernel. Touch and go there for a minute, but it all worked out. No 1.40 PRI, but I don't really care about that right now.
Woot! Thanks Seekis!!
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
FoxHound630 said:
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
Click to expand...
Click to collapse
You can mount the card on your system and copy paste it over as well, yes.
randymac88 said:
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
Click to expand...
Click to collapse
Had the same issue. When i first booked into the bootloader i had to select recovery then flash PC36IMG.zip. Then boot loop. Then i went back into the bootloader and it automagically read in the PC36IMG.zip and flashed it, then i got stock 2.1 root. Just a few minutes of "oh crap"
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
atom_jack said:
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
Click to expand...
Click to collapse
i dont know what to tell you other than try again. this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
seekis said:
i dont know what to tell you other than try again.
Click to expand...
Click to collapse
So after you flash PC36IMG.zip you should automatically get a root (#) prompt when going into the shell? ie, I'll have rooted 2.1 yes?
seekis said:
this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
Click to expand...
Click to collapse
Aha. Ok, I will keep trying til it gives me a root shell, I guess. I also tried unrevoked3 but that didn't seem to work.
Success!! So, I stupidly assumed that all PC36IMG.zip's were the same, and was using the one from the original 2.2 PC thread. Once I got the correct one, voila!
You might want to post the md5 of the one you are using, so there's no confusion for others. Also, you missed a tiny step when you first start up hboot - you have to select fastboot for it to start scanning for PC36IMG.zip.
Thanks!
DISCLAIMER: This guide and package are provided as-is. I do not accept any responsibility for damage caused by following the guide or using the programs. This process was used by myself for rooting, unlocking and installing ROMs on my own Telus Desire HD. Please read through the entire guide ahead of time and make sure you understand where all the files in the package are.
Introduction
I noticed there was a good deal of confusion about the forums as to what to do with the Telus Desire HD and whether it was closer to the European DHD or the Inspire 4G. Turns out its closer to the Inspire 4G. jkoljo helped figure out what needed to be done to successfully flash this phone, so don't forget to thank him!
By the way, don't order a SIM unlock code if you need to unlock the phone so you can use it on another network. This procedure allows you to SIM unlock you phone without an unlock code. (Refer to step 22 in Section B.d).
Feel free to let me know if theres anything wrong or missing or if you have any questions.
Enjoy rooting and ROMing!
-AlexDP
-------------------------
Note: All the files needed for this process are included in this package. The folders for each section are located under folders with corresponding names (i.e. the files for Preparation are in the "Preparation" folder).
Download the package here:
-Full version, includes the PD98IMG.zip stock downgrade ROM file.
-Lighter version with no PD98IMG.zip file. You can get the necessary PD98IMG.zip file from here and use it when needed as per the guide.
A. Preparation Notes:
-Install HTC Sync (from the "Step 1 - HTC Sync" folder")
-Set your phone to allow usb debugging by going to Settings->Applications->Development and checking off USB debugging.
-Make sure you have the same SIM card if you've logged into Android Market before.
-Leave your Desire HD plugged in to your PC. Choose Charging only when prompted (unless you need to copy files to your SD, in which case switch to Mount drive).
-At the end of the process, once your all done rooting, save a copy of the following files from your SD card just in case:
hboot_check.nb0
hboot_eng.nb0
part7backup-SomeNumbersHere.img
hboot_original.bin
-Create a Gold Card:
Install GoldCard Helper from the Android Market,
Run it and make note of the value listed after Card:mmc2, Reverse CID. It should be a long series of numbers and letters. (make sure to use mmc2, the default copy to clipboard copies mmc1 ..)
Visit this page (http://psas.revskills.de/?q=goldcard), enter the new copied number and create your goldcard image, which will be e-mailed to you.
Save the file attached in the email to your PC.
Install HxD Hex Editor on your computer, from the "Step 4 - Gold Card" folder.
Run HxD Hex Editor. ("Run as Administrator" under Vista and Windows 7).
Go to the Extra menu and select Open Disk. Under physical disk, select Removable Disk (your microSD card), uncheck Open as Read only and click OK. Note that you should select physical disk NOT the logical disk. This is important!
Go to the Extra menu again and select Open Disk Image. Open the goldcard image that you received by email.
Press OK when prompted for Sector Size (selecting 512 (Hard disks/Floppy disks)) and click OK.
You should now have two tabs - one is your removable disk, the other is your goldcard image.
Click on the goldcard image tab. Go to the Edit menu, choose Select All then select the Edit menu again and select Copy.
Click on the Removable Disk tab. Highlight offset (line) 00000000 to offset (line) 00000170 (including the 00000170 line), then click on the Edit menu and select Paste Write.
Click on the File menu and select Save, accepting the warning.
Your Gold Card SD card is completed.
----
B. Rooting (Do this if you just want to root, or if you want to install a custom rom, do this first):
B.a Downgrade Process
1- Copy the PD98IMG.zip file from the "Step 1 - PD98IMG" folder and put it on the root of your SD card (i.e. not in any folders). Do NOT rename this file.
2- Go to the "Common files" folder and double click Start Here.
3- Copy the files in "Step 3 - Downgrade" to the "Common files" folder.
4- In the new command window that opens, type the following commands (you shouldn't get any errors. hit enter after each):
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
NOTE: You should have the "#" sign instead of the "$". If you do, you have temporary root, and can continue on.
Code:
/data/local/tmp/misc_version -s 1.31.405.3
exit
Note: If you get an error while running the step before exit, try using 1.31.405.6 instead of .3.
5- Type adb reboot bootloader and hit enter. Your phone will be switched into the white bootloader screen. Wait for the bootloader screen.
6- Hit the power button to select bootloader from the options. It'll automatically find the PD98IMG.zip and start examining it. You'll see a blue progress bar at the top right. Once it finishes it'll ask you to hit volume up if you want to install. Do so. Don't worry if some items are marked "Bypassed" during install.
7- Once its done, it'll ask you to hit the power button to restart. Android should boot up.
8- Set the usb debugging option again. (Refer to Preparation step 2).
B.b Temp Root
Note: As an alternative to this section, you can download and install Visionary on your phone and have it do the temproot, by tapping the Temproot Now option. If you do this, jump straight to section B.d once you're done. If you have trouble doing this, or Visionary shows "rooting" then gets stuck or get a black screen, reboot your phone and follow this section fo the guide.
9- Make sure your SIM card is in when signing in to the Android Market for the next steps, otherwise it'll give you an error saying it can't access the Google server (!?! wtf, btw...)
10- Copy the files from the "Step 10 - Temp Root" folder to the "Common files" folder.
11- Go to the "Common files" folder and double click Start Here.
12- In the new command window that opens, type the following commands (you shouldn't get any errors. hit enter after each):
Code:
adb push su /sdcard/su
adb push Superuser.apk /sdcard/Superuser.apk
adb push rage /data/local/tmp/rage
adb push busybox /data/local/tmp/busybox
adb push root /data/local/tmp/root
adb shell chmod 0755 /data/local/tmp/*
13- On the HTC Desire HD, install the Android Terminal Emulator (by Jack Palevich) app from the Android Market.
14- Launch the Terminal Emulator, and run the following command: /data/local/tmp/rage
15- After a minute or so, you will see the following message on the phone Forked #### childs. Press the Menu button & select Reset Term. The Terminal Emulator will exit out.(If you don't see this after a few minutes, something is wrong. Retrace your steps).
16- Launch Terminal Emulator. It will force close. Launch it a second time, and you'll have a root shell (i.e. you'll see a # sign instead of the $ sign in the console).
B.c Permanent Root
Note: It turns out this section (B.c) is actually unnecessary as its taken care of later in the process already. You can safely skip this section and go straight to section B.d.
17- Copy the files from the "Step 17 - Permanent Root" folder to the "Common files" folder.
18- Go to the "Common files" folder and double click Start Here.
19- In the new command window that opens, type the following commands (you shouldn't get any errors. hit enter after each):
Code:
adb push gfree /data/local
adb shell chmod 777 /data/local/gfree
20- Launch the Terminal Emulator on your phone and run the following commands:
Code:
/data/local/gfree -f
sync
/data/local/tmp/root
NOTE: You may see an error that states mkdir: /system/xbin already exists, if you do, simply ignore and continue on.
Code:
sync
21- Wait for this to finish. Once done, restart the HTC Desire HD.
B.d Unlock phone for flashing ROMs and carrier unlocking
Note: The order of these steps has been changed, but the folder names haven't been updated. Please pay good attention to the instructions here.
22- Run Easy Radio Tool (in the "Step 23 - Easy Radio Tool" folder), select the first option (especially if you want to SIM unlock, if not the Radio S-OFF option is sufficient). Follow the directions in the program. Make sure to accept the SuperUser request on the phone when it pops up (keep your phone unlocked so you see it). It may fail at one point and your phone will restart. If it does, thats ok just run it again and it'll finish successfully this time.
23- Run EasyS-OFF (in the "Step 24 - EasyS-OFF" folder) and follow the instructions.
B.e Flash ClockworksMod Recovery
24- Download and run ROM Manager from the Android Market and have it install ClockworksMod Recovery.
24.I If you're not flashing a Gingerbread-based ROM (like CM7), please choose the last option in the list "All ClockworkMod Recoveries" then choose 2.5.1.3.
24.II If your installing a CyanogenMod or any other Gingerbread-based ROM you must have ClockworkMod Recovery 3.0 and above, so just choose the first option in the list, "Flash ClockworkMod Recovery".
If this fails with a message about permissions, it means you haven't rooted correctly, retrace your steps.
----
C. Flashing a new ROM:
1- Download the ROM of your choice (I recommend Android Revolution HD, available here: http://forum.xda-developers.com/showthread.php?t=840040, but feel free to chose any). Copy the zip for the ROM to your SD card. Inside ROM Manager, click Install ROM from SD Card and select the ROM that you put on your SD card. Select wipe data and cache and optionally the backup checkbox. Let it finish installing and rebooting your device.
Note: If you are flashing to a ROM other than a stock Telus ROM (Raidroid Stockify is a stock Telus ROM), you will have to enter your APN settings manually. If you're using your phone on a different network than Telus, you will have to enter your APN settings.
Note:If you want CyanogenMod, it's available inside ROM Manager and you dont need to do this part and you can skip to the very last step. If you want to install CyanogenMod 7 or any Gingerbread-based ROM, you must first update your ClockworkMod Recovery to 3.0 and above. Please note that you can't restore from a backup or install a non-Gingerbread ROM from ClockworkMod Recovery 3.0 and above. If you need to restore from backup or downgrade, install ClockworkMod Recovery 2.5.1.3 (ROM Manager -> All ClockworkMod Recoveries -> 2.5.1.3) then proceed to flash or restore as needed.
2- Copy Telus Kernel.zip to your SD card from the "Step 2 - Telus Kernel" folder.
3- Run Kernel Update Utility (in the "Step 3 - Kernel Update Utility" folder) and click "Select a cwm zip", then click next, then click Go to fastboot, wait for the white bootloader screen on your phone, then click Flash. Once it's done, it'll reboot back into Android.
4- Once that's done click next, wait for the USB connection and USB debugging mode notification.
5- Click flash button in Kernel Update Utility and once that's done click finish.
Your done! Sound works perfectly and so does Wi-Fi!
--------------------------
Guide Credits:
This guide and package was pieced together from various other guides and packages after exploring the various posts and methods on the topic, mostly from Xda-Developers. I've listed them here:
Gold Card Guide: http://www.droid-den.com/android-guides/android-guide-how-to-create-a-gold-card
CyanogenMod Downgrade and Rooting guide: http://wiki.cyanogenmod.com/index.php?title=HTC_Desire_HD:_Full_Update_Guide#Downgrade_to_1.32.405.6
How to downgrade: http://forum.xda-developers.com/showthread.php?t=905003
One click Radio S-OFF tool: http://forum.xda-developers.com/showthread.php?t=857537
One click ENG S-OFF: http://forum.xda-developers.com/showthread.php?t=855403
Desire HD, no sound thread (thanks jkoljo): http://forum.xda-developers.com/showthread.php?t=949909&page=10
Thanks to everyone who wrote those guides and these programs and made it possible for us to flash the Telus Desire HD, specifically jkoljo, who put his own time into it.
Instead of gfree and rage, you can just use Visionary and Radio S-OFF Tool, saves a lot of time
Sent from my Desire HD using Tapatalk
True. I was personally having some trouble with Visionary though... after hitting temproot now or temproot on boot it'd show the rooting screen, then hang there and turn black. The whole phone would get slow too.
I'll probably add that as alternative steps tomorrow morning when I wake though. Thanks for the feedback!
Sent from my Desire HD using XDA App
Alex, thanks so much. I don't yet have the device, but was looking for a fool-proof rooting/sound-maintaining guide before purchasing. I knew it would come in good time
I also had tons of trouble using Visionary to temp/perm root my Desire Z. I would definitely shy away from that method, especially if you're comfortable with ADB. Your method, while it may take longer, works great.
Does this also provide a SIM Unlock like it does the G2?
Does flashing the Telus Kernel from the Kernel Update Utility yield a different result than flashing it from Clockwork?
Thanks Guys. Guide worked Perfect!
You should remove the gfree part of your guide, Easy Radio Tool does exactly the same, but in one click. In the current form, you are Radio S-OFFing two times.
Gfree does not give you permanent root.
jkoljo said:
You should remove the gfree part of your guide, Easy Radio Tool does exactly the same, but in one click. In the current form, you are Radio S-OFFing two times.
Gfree does not give you permanent root.
Click to expand...
Click to collapse
So you mean the entire part B.c, right? Thanks again for your feedback!
Yes, entire B.c section, and flashing ClockworkMod should be the last step of all.
jkoljo said:
Yes, entire B.c section, and flashing ClockworkMod should be the last step of all.
Click to expand...
Click to collapse
Thanks, updated as such.
I'm getting this error:
mmap<> failed. Operation not permitted
On section B a -4 on the command
adb shell /data/local/tmp/psneuter adb shell
Anyone know what's causing it?
Hey guys, has anyone been successful in getting sound on the cm7 nightly ROM?
omegacell said:
I'm getting this error:
mmap<> failed. Operation not permitted
On section B a -4 on the command
adb shell /data/local/tmp/psneuter adb shell
Anyone know what's causing it?
Click to expand...
Click to collapse
I'm sorry, there was a mistake. It should be:
adb shell /data/local/tmp/psneuter
<hit enter>
adb shell
<hit enter>
Instead of:
adb shell /data/local/tmp/psneuter adb shell
I've updated the guide to reflect that.
sound and other stuff
plasticdarlow said:
Hey guys, has anyone been successful in getting sound on the cm7 nightly ROM?
Click to expand...
Click to collapse
Nope I cant get any sound and if youflash the telus zip I just get stuck at htc logo, funny thing is I can get sound through fm radio only, i get sound oon fm radio through headset and through speaker but not on anything else.
I'm getting stuck during root process....any ideas???
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb push psneuter /data/local/tmp
2490 KB/s (0 bytes in 557962.000s)
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb push misc_version /data/local/tmp
15 KB/s (0 bytes in 15837.001s)
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb shell chmod 777 /data/local/tmp/psneuter
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb shell chmod 777 /data/local/tmp/misc_version
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb shell /data/local/tmp/psneuter
mmap() failed. Operation not permitted
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>
I loaded cm 6 and got no sound at all either. Which roms are people having good luck with?
Sent from my Nexus One using XDA App
Step Ba6 when applying PD98IMG.zip I recieve a "Model ID incorrect!" and "Update Fail!". Any suggestions? There were no errors up to that point. My scree is currently sitting at Press POWER to reboot. Not wanting to brick - am I ok to POWER. Model on the packing box shows A9192 if that means anything.
dr_pepper said:
Step Ba6 when applying PD98IMG.zip I recieve a "Model ID incorrect!" and "Update Fail!". Any suggestions? There were no errors up to that point. My scree is currently sitting at Press POWER to reboot. Not wanting to brick - am I ok to POWER. Model on the packing box shows A9192 if that means anything.
Click to expand...
Click to collapse
you can reboot my phone had the same problem i was unable to downgrade i was stuck at that point for a while. i dont know if there is a fix for this yet.
Bummer. Thanks for the reply
gold card
Did you guys use a gold card. Did you follow everything from the start down. I did it last night and had no problems. The only problem you will have if you get it done is with roms. At this point it is probably best just to get root and wait for some roms that use the right kernel, some roms sound tinny, some just don't work. CM7 doesn't work with sound at all and if you apply the TELUS kernel it locks up at HTC boot screen.
Axioo PICOPAD QGN
Android OS, v2.2 Frozen Yogurt
Qualcomm MSM7227 (App: ARM11 600MHz)
This wont work on PICOPAD 9
This is a very unpopular device from Indonesia. Although it is very easy to Root using "Superoneclick". As more people got hold of this free set(via Singapore old Starhub Internet plans), more people are also starting to ask about the steps on rooting this device. I thought I should start a guide here where I've followed from different places, piece them together here.
Feel free to comment and share if there are other ways to root, flash and install custom roms or android version. More importantly over clocked kernels. (remember seeing a link at kwbr's thread)
There are similar sets "CSL Spice Mi700 DroidPad", "Viewpad 7", etc
Alternatively you could research more by heading on to Viewpad 7's thread as I found out that device is very much similar and more developers are active there. I've also tried flashing kwbr's rom and it works for me.
Well if you are going to follow this thread to root, then read on...
WARNING! You warranty is now VOID & I will not be responsible if you brick your device.
Click to expand...
Click to collapse
Sections:
1. Rooting your device (wiki)
2. Installing Clockwork recovery (wiki)
3. Setting up ADB (optional)
4. Setting up partition on SDcard to free up device main space (WIP)
1. ROOT & Busybox (comes in a package)
Use these steps to root with "SuperOneClick". (Thanks to SuperOneClick)
Download and install "SuperOneClick"
Alternatively, download older version (some say works better) 1.6.5 1.7.0
Make sure you have .NET Framework v2.0 for Windows XP(win update)
On picopad, Unmount your SD card. From settings -> sd card -> unmount
Enable USB debugging, Setting -> Applications -> Development -> tick USB Debugging
Connect picopad to Pc via usb, ignore pctools if popup.
Goto Windows Explorer, Picopad will appear as "CD-ROM", explore CD-ROM and run SETUP.exe, ignore pctools
Open "SuperOneClick"
Change the option from "psneute" to "rageagainstthecage"
Click Root.
Rooted , Superuser & Busybox installed
Mount back your SDcard if u wish and reboot your device at least twice.
Congrats! Your device is rooted!
If you are satisfy with only root and superuser access, then you can stop here.
If you would like to install(flash) Clockworkmod recovery so you can backup your device(nandroid) and flash rom/kernel/stuff easier, proceed to step 2. (Highly Recommended)
If you want to set up ADB proceed to step 3 (optional, may come in handy and good for other android devices.)
2. ClockworkMod Recovery 5.0.2.6
2a. Preparing to installing CWR
Download CWR 5.0.2.6 and Flash_Image
Unzip, then copy "flash_image" and "cwm5026.img" to the root of your sdcard. (if you don't know how.. take your SDcard out and use a card reader)
Power on the device and install a terminal app so you could type commands in, try Android Terminal or Terminal Emulator
Once installed, open the app and start typing:
Gain superuser access type
su (once in superuser, you will see "#")
Click to expand...
Click to collapse
copy flash_image to system/bin
cp /sdcard/flash_image /system/bin
Click to expand...
Click to collapse
Install the flash_image
chmod 755 /system/bin/flash_image
Click to expand...
Click to collapse
Backup your original Recovery
cat /dev/mtd/mtd3 > /sdcard/orirecovery.img
Click to expand...
Click to collapse
And if you ever want to restore back for warranty issues
flash_image recovery /sdcard/orirecovery.img
Click to expand...
Click to collapse
2b installing ClockworkMod Recovery 5.0.2.6
The previous ver 2XXX is pretty outdated, thanks to mb-14 for sharing 5026.
Now you are ready to flash ClockworkMod Recovery
Assuming the file name that you download from CWR is "cwm5026.img" Type
flash_image recovery /sdcard/cwm5026.img
Click to expand...
Click to collapse
Done!
Now to run Clockwork Recovery:
First, turn off your device.
Now, hold down both volume button and press the power button at the same time, when you see recover on the corner of the screen, you can let go as you will boot up in Clockworkmod Recovery.
How to use 5.0.2.6 CWR?
Use the device vol+ and [/b]vol- to move up and down or the soft keys menu for "down", home for "up"
Select options by pressing the power button or , use the soft keys search for "enter"
back is for "back".
When you load into CWR, you could do many stuff, some simple info on the main options,
Wiping data is resetting your device to factory default, but CWR remains as long as you do not flash a stock recovery or a rom with a different recovery inside.
You could do stuff like formatting and partitioning SDcard to prepare for Apps to be install in SDcard to save space in device. Other than that, you could do a Backup for your entire device which is also known as nandroid backup, but it doesn't backup the bootloader and radio, so take note if you are going to flash custom radio or bootloader.
If you have a backup, you could restore back to that backup, this is good if you accidentally flash something bad or dislike a rom
Fixing permission is good if you always have FC.
You can mount SDcard to your pc from here and manage files with from your PC.
You could use ADB to push / pull files in and out of your device from PC.
you could install other roms, kernel and files using the "install zip" option.
If you want to set up ADB proceed to step 3 (optional, may come in handy and good for other android devices.)
3. Installing ADB on your windows
Download and install Latest JAVA SE Development kit "JDK" and Android SDK.
Follow the steps here on installing ADB, Android Debug Bridge.
3a. SET PATH for ADB: Check if you had set the path to sdk platform tools folder, this is to run adb command from any path. Steps for Windows XP:
Right-click ‘My Computer’ and click ‘Properties’.
In the ‘System Properties’ window, click the ‘Environment Variables’ button on the ‘Advanced’ tab.
Find ‘Path’ in the ‘System variables’ section and double-click it to edit it.
Make sure NOT to delete the existing entry in ‘Variable value’.
Just add the following string to the end of it, including the semi-colons:
;c:\android-sdk-windows\tools;c:\android-sdk-windows\platform-tools;C:\Program Files\Android\android-sdk-windows\platform-tools
Click to expand...
Click to collapse
Start ADB shell to command picopad from your pc:
Make sure Picopad is connected to pc via USB and sdcard is mounted.
From PC, Goto command prompt (Start -> Run type "CMD")
Type "ADB devices" from command prompt ( to see if path is set and picopad is connected, you should see 1 device attached, not more, not less)
C:\Documents and Settings\tish>adb devices
List of devices attached
FM88888888888 device
Click to expand...
Click to collapse
Troubleshooting:
If you can't get the adb command to work, probably you didn't set the path correctly, refer back to SET PATH or go to your adb actual folder to type the command which should be here C:\android-sdk-windows\platform-tools\
3b. Using ADB
At recovery or booted up device, on Pc Type:
adb shell (you will see "$")
Click to expand...
Click to collapse
now access superuser type
su (allow superuser access from Picopad and you will see "#")
Click to expand...
Click to collapse
Here you can copy files using (push/pull), I recommend you google for ADB commands to have a better understanding.
4. More sections to come eg: The space problem on the device, so alternative is partitioning sdcard to install apps as to free up space in device........
You could buy me a beer if you really appreciate my work here.
Updates from Fri the 21th April 2012
Reorganizing error section
Adding missed out steps here and there
Placing direct link for faster downloads
Added 2 older ver. SuperOneclick which works better
Removed CWR 2.5.1.2 details since it's outdated.
Added some details on 5.0.2.6 CWR
Updates from Fri the 13th Jan 2012
Added CWM 5.0.2.6 and soft keys steps.
Added possibility to explore Viewpad 7's dev forum.
Included some wiki info on root and CWR(Clockworkmod Recover)
Added troubleshoot for Set path to android sdk adb folder.
Included ADB set and using step
I first rooted my Picopad using guides from hucqim80, however they are not meant for Picopad and I've gather the info and posted them here.
Original recovery image provided by jax79sg here
This is to recover original recovery and replace clockworkmod recover.
This step is done because you need to send your set for warranty repair probably.
Remember to do a factory reset first before replace with original recover.
tishfire said:
Wonder if anyone had backup their Picopad's original recovery? "orirecovery.img" Accidentally erased mine thinking I had already backup in my pc.
Hope you could put up for me to download thanks .
Click to expand...
Click to collapse
I will upload mine somewhere after i try your steps above.
sure, thanks
axioo picopad.
Hi tishfire , thanks for the guide, i got the same device as yours but when it always stuck at the below lines , can anyone help ? thanks in advance.
[/I]Killing ADB Server...
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Pushing psneuter...
677 KB/s (585731 bytes in 0.843s)
OK
chmod psneuter...
OK
Running psneuter...[/I]
did u go to cd-rom folder and execute setup.exe before u click superoneclick?
No , I did not run the setup.exe from the cdrom drive cos when i plugin the device it automatically ask me to do the PC syncing. Actually i tried that before but that din work either.
I ran both PC running win7 and winXP, both also stuck at Running psneuter ...
Hi,
I ran into this error which puzzles me greatly.
# flash_image recovery /sdcard/cwrecovery.img
flash_image recovery /sdcard/cwrecovery.img
flash_image: permission denied
Do you know how to resolve this?
Thanks in advance.
Warmest Regards
eagleen said:
Hi tishfire , thanks for the guide, i got the same device as yours but when it always stuck at the below lines , can anyone help ? thanks in advance.
[/I]Killing ADB Server...
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Pushing psneuter...
677 KB/s (585731 bytes in 0.843s)
OK
chmod psneuter...
OK
Running psneuter...[/I]
Click to expand...
Click to collapse
same with me....anybody can give another tips ?
try to turn on picopad usb first. then try to ru he setup in picopad identified as " cd-rom" try again
Sent via Picopad
is there any custom ROM compatible for this device ?
help
Please help me when i type cp /sdcard/flash_image /system/bin and press enter i got something like this : cp /sdcard/flash_image /system/bin: not found
I'm a wrong.?
can this Stock ROM modified for support with App2sd by Trkton ?
Vuska said:
can this Stock ROM modified for support with App2sd by Trkton ?
Click to expand...
Click to collapse
It supports without any modification in the first place.
Roms, probably the MI700's custom rom will work, get to hucqim80's signature, the link is there.
nhasir said:
Please help me when i type cp /sdcard/flash_image /system/bin and press enter i got something like this : cp /sdcard/flash_image /system/bin: not found
I'm a wrong.?
Click to expand...
Click to collapse
probably ur file is not in that directory for this error message to appear.
eagleen said:
Hi tishfire , thanks for the guide, i got the same device as yours but when it always stuck at the below lines , can anyone help ? thanks in advance.
[/I]Killing ADB Server...
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Pushing psneuter...
677 KB/s (585731 bytes in 0.843s)
OK
chmod psneuter...
OK
Running psneuter...[/I]
Click to expand...
Click to collapse
Okay, i know your problem... just change the option in superoneclick from psneuter to rageagainstthecage... and then root it...
when the superoneclick start to not responding, just re root it using the same method....
then to enable your superuser, install z4root to your device
I managed to root the picopad and flashed as stated.
When i boot up pressing both power and vol button, i was brought into this FTM mode. And from there i can't do anything...... the screen looks as follows.
Hmm....the cwrecovery didn't get flashed?
SWVer=3.240
MODEL: FM6-0001
HWVer:106
Power on with pressing VOLUME_DOWN keys to leave Auto FTM.
[Resolved]
Try holding both up and down volume buttons instead of just one of them
tishfire said:
Wonder if anyone had backup their Picopad's original recovery? "orirecovery.img" Accidentally erased mine thinking I had already backup in my pc.
Hope you could put up for me to download thanks .
Click to expand...
Click to collapse
This is many months late, here's the stuff if anyone needs it.
http://www.megaupload.com/?d=PKMW1ODU
jax79sg said:
This is many months late, here's the stuff if anyone needs it.
http://www.megaupload.com/?d=PKMW1ODU
Click to expand...
Click to collapse
Im still using my picopad.
Thanks!
Sent from my Nexus S using XDA App
can anyone help me with original backup for the splash and welcome screen axioo pico pad?
my pico pad splash and welcome screen change to viewsonic because i install viewpad 7 ROM in to my pico pad.....
somebody....help me please !!!
thankyou