How to DOWNGRADE Desire S with S-ON - HTC Desire S

Warning! I don't recommend this to users who are new to Android since there is a possibility of bricking your device. I will not be responsible if this happens.
It will downgrade everything even the HBoot using a HTC signed ROM. I've downgraded RUU_Saga_Telstra_WWE_1.36.841.3 with HBoot 0.98.0002 to Hboot 0.98.0000 of RUU_Saga_HTC_Thailand_1.35.1113.2.
First you need below tools and applications. I will not explain everything since I'm assuming you already know how to use it and make it.
1. ADB tool to access you device thru shell.
2. ADB driver - you may install HTC Sync since it has ADB driver in it.
3. HEX Editor - I used HxD.
4. Spare micro SD with Goldcard.
5. Card reader to make your life easier.
6. Update.zip ROM you will use to downgrade(rename it to PG88IMG.zip).
6. GingerBreak-v1.20.apk to temp root our device.
Step 1: Copy GingerBreak-v1.20.apk to your spare micro SD and insert it into your phone.
Step 2: Enable USB debugging in your device and connect it to your PC(Charge only). Make sure the drivers are installed properly. If not, install HTC Sync.
Step 3: Install and run GingerBreak-v1.20.apk. It will force close other apps(this is normal just close it). The gingerbreak application will promp that something goes wrong with the rooting(can't remember the actual spiel) but actually we already have our temp root.
Step 4: Run you ADB tool and issue command su to have root access. You can now see in your device that Superuser app is prompting you to allow the ADB root access. Accept it.
Step 5: On the # prompt, issue command dd if=/dev/block/mmcblk0p17 of=/mnt/sdcard/mmcblk0p17.img (to copy mmcblk0p17 to your SDcard). Power off your device and copy mmcblk0p17.img to your PC.(You can also use the command shell to copy it into your PC if you know how to do it).
Step 6: Open mmcblk0p17.img using your Hex editor. On the 11th line(I think), modify the current version to 1.28.401.1(since this is the lowest version I know). Save it and copy back to SDcard. Insert the sdcard and turn your phone on.
Step 7: Run GingerBreak-v1.20.apk again and follow step 3 to 4.
Step 8: On the # prompt, issue command dd if=/mnt/sdcard/mmcblk0p17.img of=/dev/block/mmcblk0p17 (to copy back mmcblk0p17.img to your phone). Do this as quickly as possible since the temp root access sometimes loose its effect.
Step 9: Power off your device and remove your SDcard. Using your card reader, delete everything(not format) in your microSD(with Goldcard) and paste your PG88IMG.zip.
Step 10: Hold volume down + power to boot to recovery and the phone will do the installation itself. Wait until you have your downgraded ROM.
This is how I do it. Hope you won't encounter any problem with this procedure. Good luck!
I want to give thanks to all the XDA members for the knowledge I acquired for this procedure and to the developer of Gingerbreak.
You may also check sonikz procedure on post #4. I think his procedure is faster. You may use which one is easier for you to follow.

Downgrade to what?To Froyo?
And for what reason?
Sorry for that noob question...

panosfx said:
Downgrade to what?To Froyo?
And for what reason?
Sorry for that noob question...
Click to expand...
Click to collapse
Good question i think, if i remember well, on the desire (or HD?) sometimes downgrading was a way of getting to a version of software where you then could get root again !From that point on you could get a recovery installed and install some nice roms. I dont know if thats whats going on here, i wouldn't dare to hope that ...?

Me n00b me downgrade
Newrad67, I have compiled a n00b way to achieve very similar results:
First off you need to create a Gold Card
Use the memory card that came with the phone, may as well hey!
Install Goldcard helper from market, run it and copy the CID for MMC2
This number has already been reversed so go to here, fill out the required fields.
That will then email you an image file. You can then using Gold Card Tool flash your image file to your phones SD card via the phones USB cable.
Next for the actual downgrade
You'll need this unzipped
in a command prompt, goto the directory you unzipped to
connect the phone via USB
then:
adb push misc_version /data/local/tmp
adb push GingerBreak /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/GingerBreak
Click to expand...
Click to collapse
This copies the files to the phone and changes the permissions so they will function
adb shell
Click to expand...
Click to collapse
This will enter the terminal for the phone
./data/local/tmp/GingerBreak
Click to expand...
Click to collapse
This will then temp root the phone you should now have # at the terminal prompt instead of $, which means you have higher privileges
From this point you can then run misc_version (Thanks to Blezz for the version number) This changes the version reported by the phone to 1.27.405.6, you cannot check this on the phone tho, as it will still report the other number.
cd /data/local/tmp
./misc_version -s 1.27.405.6
Click to expand...
Click to collapse
From here you can then install the update/downgrade from the exe, no need to dump zip files or anything. As with anything here, results may vary and I won't be buying new hardware if it breaks yours! But it works a treat on mine.

This can be used with paulobriens test signed RUU HTC update to get root/boot/recovery installed on s-on .
If it just were public
Sent from my HTC Desire S using XDA Premium App

panosfx said:
Downgrade to what?To Froyo?
And for what reason?
Sorry for that noob question...
Click to expand...
Click to collapse
This is why I recommend this only to advance users.
Our Desire S with S-On was released with Gingerbread ROM and Hboot that still not possible(as of now) to have custom boot recovery. Since we are on S-On, it is still not possible to be rooted and use custom ROM.
As far as I know, we don't have any official ROM except for Gingerbread. Correct me if I'm wrong. The list can be seen in this post. http://forum.xda-developers.com/showthread.php?t=1002506
I'm just sharing this to people who wants to change their ROM if they want to change to a different one. Like me who installed the latest ROM from TELSTRA and find the bloatware annoying. I've done this to get back to the ROM I'm more comfortable using.

Yeah I'm pretty much with you mate, no way to do anything more practical than flash a clean European Rom currently..... Not really a vast amount of progress either. Anything we should be doing to help get permanent root? Anyone?
Sent from my HTC Desire S using XDA App

Thankkssssss
It works on my s-on DS
Thanks a lot

i really like it how sonikz is doing now like it was his idea how to downgrade it using adb gingerbreak and misc_version lol
i'm gonna stop my rooting tries + supporting here for the desire s, hating such people like him

I never said it was my idea and I have in a posted my thanks to the relevant people in other threads, I didn't mean to rub anyone the wrong way... I hadn't seen a adb version of gingerbreak until Friday and I'm sure you know the apk is very unpredictable or at least it is on my phone so I couldn't use misc_version, it just kept kicking errors.... Hey I just threw it out there, my bad

okay
no it isnt the apks fault, maybe u forgot to use "su" in adb shell after using the apk, which u dont need for the command line version
anyway, maybe there is a way to get past the s-offf
in titanium backup there's a recovery exploit to remove files from s-on phones
we just need to know how the exploit is working and if it still working with 2.3
2nd option is i am getting a 2nd desire s soon.. it's a bugged on, radio destroyed and he don't get it repalced so he gives it me
maybe i can get the desire hd bootloader running somehow.. even if i am sure it will be a lot of work to get in

Plz guys... Get a grip.. we share.. whocares about credit.. come on..
Keep sharing.
Sent from my HTC Desire S using XDA Premium App

Worked
Sent from my HTC Desire S using XDA Premium App

@Rexton270: what worked?
@brokenworm: what you meant by the paulobriens test RUU?

@brokenworm:
it's not paul's ruu, the files he published been released 1 day before at 911snipers blog
sadly without ruu too

what ROM to get root
after doing that, what ROM is it better to download in order to become root ?
thanks

pdaGeek13 said:
after doing that, what ROM is it better to download in order to become root ?
thanks
Click to expand...
Click to collapse
If you are on S-ON, none as of now.
Sent from my HTC Desire S using XDA Premium App

> 2 hours
running for more than 2 hours now, normal ?
sonikz said:
Newrad67, I have compiled a n00b way to achieve very similar results:
First off you need to create a Gold Card
Use the memory card that came with the phone, may as well hey!
Install Goldcard helper from market, run it and copy the CID for MMC2
This number has already been reversed so go to here, fill out the required fields.
That will then email you an image file. You can then using Gold Card Tool flash your image file to your phones SD card via the phones USB cable.
Next for the actual downgrade
You'll need this unzipped
in a command prompt, goto the directory you unzipped to
connect the phone via USB
then:
This copies the files to the phone and changes the permissions so they will function
This will enter the terminal for the phone
This will then temp root the phone you should now have # at the terminal prompt instead of $, which means you have higher privileges
From this point you can then run misc_version (Thanks to Blezz for the version number) This changes the version reported by the phone to 1.27.405.6, you cannot check this on the phone tho, as it will still report the other number.
From here you can then install the update/downgrade from the exe, no need to dump zip files or anything. As with anything here, results may vary and I won't be buying new hardware if it breaks yours! But it works a treat on mine.
Click to expand...
Click to collapse

no not normal, restart your phone and try again
cause it's s-on nothing can happen to your system so don't worry and just restart

Blezz said:
no not normal, restart your phone and try again
cause it's s-on nothing can happen to your system so don't worry and just restart
Click to expand...
Click to collapse
same thing with this log:
$ ./GingerBreak
./GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 s
[**] (C) 2010-2011 The Android Exploid Crew. All rig
[**] Kudos to jenzi, the #brownpants-party, the Open
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0xafd17fd5 strcmp: 0xafd38065
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 25104 GOT start: 0x00014360 GOT end: 0x000
[*] vold: 25104 idx: -1024 fault addr: 0xfffb2284
[*] vold: 25162 idx: -2048 fault addr: 0xfff4e284
[*] vold: 25212 idx: -3072 fault addr: 0xffeea284
[*] vold: 25262 idx: -4096 fault addr: 0xffe86284
[*] vold: 25312 idx: -5120 fault addr: 0xffe22284
[*] vold: 25363 idx: -6144 fault addr: 0xffdbe284
[*] vold: 25414 idx: -7168 fault addr: 0xffd5a284
[*] vold: 25466 idx: -8192 fault addr: 0xffcf6284
etc ....
and sometimes:
[+] fault address in range (0x000132b4,idx=-3072)
[+] Calculated idx: -2005
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
:-(

Related

[ROOT] ~~~ HTC EVO - Auto Root ~~~ v2.5 (4/25/11)(deprecated)

This tool is now deprecated. To root your Evo 4G running Gingerbread you will need to use the Revolutionary tool that can be found at http://www.revolutionary.io.
I'm sorry to do it but due to the ridiculous amount of people who are still asking for help rooting gingerbread, I will no longer be supporting this tool what so ever. Any further emails I receive about it will be deleted.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
I am proud to present the HTC EVO Auto Root script! It took me awhile but I finally got it fully automated, it probably would have been easier using VB to write it but I wanted it to be readable by everybody. I don't have working scripts for Linux or Mac yet but for older phones you should be able to follow the Alternative Method and use the code included at the end of the post with minimal changes. If you are new to rooting the Evo you should check out the Rooting Information and Common Problems thread to familiarize yourself with some of the screens you will see. At times your phone may shows ominous looking icons that look bad but really aren't, at times like that it is important that you don't panic and do anything that could damage your phone.
This will make a backup of your WiMAX partition and the RSA keys that are stored on it; backing up your RSA keys separate is not necessary. It will save it in the AutoRoot folder so be sure not to delete it.
If you run into any problems please include the following information with your post: Any methods you have previously tried to root with, what it did last plus any error messages it may have given (if you can right click, select all and copy it from the terminal), and if you are in the bootloader we need to know what the top two lines say. Running this will create a log file named: autorootlog.txt. Please post this as well.
Any feedback no matter good or bad is appreciated! Let me know how it works for you.
Randy (randyshear on youtube) has made a great video of the process if you would like to get an idea of what to expect before hand. It is important to note that, depending on your phone, the process may be slightly more involved or require more or less time.
HTC EVO 4G ** ROOT AND NAND UNLOCK ** AUTOROOT V 2.2 ** HOW TO **
This has been confirmed working with:
Software versions 1.32, 1.36, 3.29, 3.30 & 3.70
hBoot Version .76, .93, .97, 2.02 & 2.10
Thanks go to
HTC for making the phone to begin with
Sebastian Khramer for his rageagainstthecage exploit
Toastcfh for his tutorial and all of his work on improving the Evo, a lot of this is borrowed from his previous work
Amon_RA for his recoveries and for his quick work creating a recovery compatible with the new NAND blocks
Calkulin for collecting all of the radios and update images
Whosdaman, Football and Sniper911 for sharing the RUUs with us
The Unrevoked Crew for all of their hard work on the Unrevoked Forever s-off tool
amoamare and Zikronix for all of their hard work on rooting phones with the 2.02 hboot
chris1683 for his Sprint Lovers ROM
Netarchy for all of the great kernels
A huge thanks goes out to Dan0412 who took the time to debug this for version 003 2.02 phones
Schnick1 and tauzins for their help with getting ADB to act right
Props go to RyanZA and anyone else who worked on the z4root app. I wouldn't have got 3.70 rooted as fast as I did if I didn't have their app to learn from.
You Will Need:
A windows machine
HTC Sync that can be found on Sprint's website. HTC Sync 2.0.35.exe
At least 1 GB of free space on your SD card
A full or close to full battery (your phone will not charge during part of this and if it dies you will be SOL, aka Bricked)
ADB debugging enabled (Settings > Applications > Development > ADB Debugging)
Your phone connected to your computer as Charge Only and HTC's Evo drivers / HTC Sync installed.
The AutoRoot.zip File that can be found in this post
[*]I highly recommend you have the appropriate RUU, or PC36IMG, downloaded before you start. It is always good to have and if something does not go as planned it can get your phone back up and running with minimal down time.
Click to expand...
Click to collapse
IF YOU HAVE PREVIOUSLY TRIED ROOTING YOU MUST RESTORE FROM A RUU BEFORE RUNNING THIS. IT WILL NOT ROOT IT UNLESS YOU DO THIS.
Instructions:
This will try to back up your apps but it's not always able to, you will also lose all of your settings. Titanium Backup works well to save your apps however you will need to use z4root to temporarily root before you will be able to use it.
Download HTC Sync from Sprint's website here and install it. You may need to use the 'Repair' option for it to replace any old drivers.
Extract AutoRoot.zip into a folder that is easy to find and then open the folder.
Right click on 'AutoRoot.bat' and run it as Administrator.
Once it finds your phone it will start by checking out what kind of setup it uses and then attempt to get root access. If it fails usually it's from too many active apps or the phone being used, if so you will need to restart it before trying again. If you are using 3.70 it will let you know when it is running by blurring the screen.
When it is ready it will reboot your phone into the boot loader. Then, depending on your phones setup, it will either enter RUU mode and automatically flash the debugging firmware or give you instructions on how to flash it from the hBoot.
If you have to flash it manually just push Power to select "BOOTLOADER" and say Yes when it asks to flash the PC36IMG.zip. It will complain part of the way through about Boot Loader and/or radio errors and then skip them, this is normal. Once it finishes say No when asked to reboot and use the Vol Down button to highlight Recovery. Then press Power to select it.
If you are entering the Recovery your phone will show a Red Triangle with an Exclamation mark inside, at this point the script will take back over and attempt to flash Unrevoked Forever.
After it finishes flashing the engineering bootloader, or Unrevoked Forever, it will reboot into the bootloader and see if your NAND is unlocked. If so it will flash the Sprint Lovers ROM along with the Recovery and updated Radios. Afterward it may boot into the ROM and attempt to restore your Apps before finishing, try not to interrupt it until it tells you it has finished.
Once it's fully rooted and you have your phone set back up it's a good idea to make one more NANDroid with everything up to date. Then make one more backup of your WiMAX partition in case something happens to the first one.
Click to expand...
Click to collapse
If you have an older phone and don't want to flash Unrevoked Forever or Sprint Lovers w/ the radio updates you can have it skip them. It will just flash the engineering bootloader to unlock the NAND and then flash the recovery directly from there. You will need to update everything and flash a custom ROM on your own. This will only work if your phone has a version .9x hBoot.
Instructions for Quick method:
This will completely wipe your phone. If you would like to back up your apps you can use Titanium backup to save them. It also has an option to save the system files but this can result in a buggy ROM afterward.
Extract AutoRoot.zip into a folder that is easy to find.
Open a DOS prompt by running the OpenShell file.
Type 'autoroot quick' and press Enter
It will then flash the engineering bootloader and the recovery through fastboot. Once it is finished you can use the bootloader menu to boot into the recovery and make a NANDroid, flash a ROM, radios, etc.
Click to expand...
Click to collapse
Links:
Downloads
AutoRoot v2.5 - Full Root Zip (MD5: 5E1BF365F3B5479329896BD55C33678E)
AutoRoot v2.5 - Tools Only (MD5: 5DBA70A8CDD052A9908E4F43D6BBC669)
The following are the ROMs pulled out of the RUUs, you can flash them by renaming and putting it on your sd card or from your computer with fastboot using the included FlashZip script.
Sprint Evos (USA):
3.29.651.5_PC36IMG.zip (MD5: 2F5046C0FC6FE61114EBC53D5997B485)
3.30.651.2_PC36IMG.zip (MD5: 4A2CAB264244C79B2E2BE9E3CFE2B503)
3.70.651.1_PC36IMG.zip (MD5: 7056D42812AA5DF03FCC8DDDC2B64E85)
KDDI Evos (Japan):
1.05.970.1_PC36IMG.zip (MD5: 78F9E8BFEE705F34790A46C258268F02)
Sources
How to unlock Nand Protection ~ Part-2
RA-evo-v1.8.0 (a modified version is included)
RUU to restore 3.29.651.5
RUU to restore 3.30.651.2
RUU to restore 3.70.651.1 (Thanks to 911Sniper for the original mirror)
Sprint Lovers ROM (a modified version is included)
Click to expand...
Click to collapse
Changes for v2.5
Script now checks for Admin Priveledges and kills HTC Sync Services for Sync 3.05
Fixed issue recognizing build numbers
It will attempt to back up Apps now
Checks branding in order to recognize KDDI Evos
Unrevoked forever will now be retried if it doesn't get run the first try
Changed it so it will leave the phones in Fastboot mode if it fails
Recognizes ADB issues easier now
Changes for v2.4
Updated the ROM and Recovery
The working directory is now saved correctly when the path has a space in it
Fixed an error checking the firmware version that would cause the script to close
Made it more capable of recovering when the phone is in an unknown state
Fixed the SD card not being recognized with Eclair
Some parts will check for the 'daemon' error messages and will call to fix it
Made it so the MTD data is not saved unless it is recognized
The script will continue if it times out while waiting on Unrevoked Forever
The WiMAX partition is backed up through the ROM at the very beginning instead of through the Recovery
Changes for v2.3:
Updated the ROM, Recovery and Radios
The script will now recognize your phone at any point in the process and will continue where it left off
Fixed the FlashRecovery script and made it so you can choose what to flash, just put your PC36IMG of choice in the folder with it and let it do the work
Fixed the version checker so it doesn't get confused with custom ROMs anymore
Quick mode checks your hboot version from the ROM now so it won't even try if you have a new bootloader
It is much more tenacious going into the recovery, hopefully fixing the issue with ADB dropping out there
Fixed a bug where the MTD block sizes were not always being remembered correctly
Added more checks to make sure the phone is where it's supposed to be throughout the process
Made it try harder to get the recovery log so it doesn't get missed as much
Tweaked the timing some so it moves a little bit quicker and you only have to hit a button twice to exit instead of three times
Fixed the infinite loops so they are now 95% shorter
Changes for v2.2:
Updated the recovery to Amon RA's version 2.2.1
MTD information for each phone is saved in case it is restarted and unable to find out.
Fixed a bug where pre 3.xx ROMs were not being recognized correctly.
Phones are explicitly called by their serial number to prevent confusion if an emulator starts or another phone gets plugged in.
Unresponsive ADB daemons are killed to help prevent them for hanging or randomly restarting.
Changed autoroot.log to autorootlog.txt to make it easier to attach
Minor bug fixes.
Changes for v2.1:
Updated the recovery to Amon RA's version 2.2
Minor bug fixes
Changes for v2.0:
Added an app to give ADB root and keep it active in 3.70
Updated Sprint Lovers and Amon RA
Removed the two separate kernels/recoveries for new and old phones
Added a battery life check before flashing
Checks Firmware versions in both the ROM and hBoot
Checks that the Misc partition was flashed properly
Fixed all of the bugs with Quick root, it no longer flashes Sprint Lovers if you run it with S-OFF
It automatically restarts adbd where it would occasionally reset itself and get hung up
It also kills adbd when it finishes so you can move/delete it
Changed the bat that restarted adbd so it kills it instead
Added a bat to flash AmonRA through Fastboot with non-Eng hBoots
Added a bat to open a Cmd prompt already in the autoroot folder
Rewrote a good portion of the script and cleaned it up a lot
Made it more flexible so it doesn't get lost as easily
Plus more I forgot
Click to expand...
Click to collapse
Contents of v2.5 Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
AutoRoot.bat
check.bat
fastboot.exe
fastboot-linux
fastboot-mac
FindPhone.bat
FlashZip.bat
OpenShell.bat
StartRecovery.bat
amon_ra_1.8-mod/
res/
....AutoRoot.apk
....autoroot.ini
....dump_image
....Escalate.vbs
....Escalater.bat
....EscSC.lnk
....exploid.com
....FindPhone.bat
....flash_image
....ini.cmd
....mtd-eng.img
....PC36IMG_UD.zip
....PC36IMG_AmonRA-v2.3-hausmod_revA.zip
....PC36IMG-SprintLovers-AmonRA_2.3-hausmod_revA.zip
....radios.zip
....rageagainstthecage-arm5.bin
....recovery-RA-v2.3-hausmod_revA.img
....URFSOff.zip
....URFSOn.zip
....WatchPhone.bat
Notes:
Recovery is recovery-RA-supersonic-v2.3 with Netarchy's 4.3.2 CFS NoHAVS NoSBC NoUV
radios.zip is EVO_Radio_2.15.00.11.19_WiMAX_27167_R01_PRI_NV_1.90_003
URFSOff.zip is the Unrevoked Forever S-OFF tool
URFSOn.zip is the Unrevoked Forever S-ON tool
Click to expand...
Click to collapse
As always, this will void your warranty and may possibly damage your phone. You and you alone are responsible for anything that you do. Everything contained in this thread is for informational purposes only.
Click to expand...
Click to collapse
IMPORTANT: Everything contained in this post is meant for phones with the older bootloader. If you have hBoot version 2.02 or ROM version 3.30 you must use the above method.
Old Universal Root
(Scroll Down for Alternate Method)
You Will Need:
A windows machine and basic knowledge of DOS or a Linux/Mac box with a little bit of determination
At least 1 GB of free space on your SD card
A full or close to full battery
ADB debugging enabled (Settings > Applications > Development > ADB Debugging)
Your phone connected to your computer as Charge Only
The EVORoot.zip File that can be found in this post
Click to expand...
Click to collapse
Instructions:
Extract EVORoot.zip into a folder that is easy to find and go to that folder. Then copy the 'moveme' folder out of that one and on to your sdcard. Once it finishes copying unmount/eject the SD card through windows and change your phone back to Charge Only.
Double click on 'runexploit' and let it run. When it asks if you want to flash the hBoot push 'y' and then {enter}. If there are any errors follow the instructions given to try and resolve them. It will automatically reboot your phone once it is ready for it. If all you see is the prompt flashing press Ctrl+C or close the window to exit and re-run it as Administrator.
When the bootloader comes up push the Power button and you should see it start searching for updates. When it gets to PC36IMG.zip it will ask if you want to update with it, push Volume Up to say yes.
*DO NOT TURN OFF THE PHONE OR LET THE BATTERY DIE WHILE UPDATING*
When it's finished push the power button to select 'fastboot' and use the volume buttons to select the yellow 'reboot' button. Push power one more time to select it and reboot your phone. It should start up rooted and ready to go, however you will still need a custom Recovery so you can make NANDroid back-ups and flash an up to date ROM.
Once the phone starts back up run 'flashrecovery' through explorer. It will automatically flash and then reboot your phone into Amon_RA's recovery. When it reboots you should see green text on a black background, if you see a triangle with an exclamation mark then you still have the stock recovery and need to reboot and try again.
Use the volume buttons to select Backup/Restore then push Power to select it.
Select Nand backup and push power. This will make an exact copy of your phone as it is. If you get an error that says 'run mobile-nandroid...." make sure you have at least 3 or 400MB free on your memory card. You can use USB-MS toggle to mount your SD card if you need to make room or copy a ROM to your phone. The moveme folder can also be deleted from your SD card at this point and you can make copies or move the backup once it is complete. Just make sure you have one good backup before continuing.
The NANDroids are saved under 'nandroid/??????????/backupfolder-date-time/'. The folders need to be moved whole.
Return to previous menu, select Wipe, then have it Wipe data/factory reset, Wipe cache & Wipe dalvik-cache. If you get stuck in a bootloop try these steps again and try wiping the SD:ext partition as well.
Return, then go in Flash zip from sdcard. Once there flash the Radios. It is again very important not to interrupt or reset the phone while the radios are being flashed, although it will probably want to reboot before flashing can be finalized, just follow the instructions.
Once it is finished Return to the previous menu and select Power Off. Then hold down the vol down button while turning the phone back on.
It will boot back up into the bootloader, select No if it asks to update or reboot. From here select Recovery and it should go back to the black background with green text.
Select Flash zip from sdcard and Flash ROM-Supersonic_3.30....zip. If you have a different ROM you want to use you can flash another one instead.
Once it is finished Return to the main menu and have it Reboot system. Your phone should start up normally and ask to be set up, complete the set up like normal.
When you have it set up and are sure everything is working properly I would make one more NANDroid so you have a copy with the updated radios. At this point you can also flash another recovery and do anything else you would normally do. Just be sure to use unrevoked forever if you plan on using a different hBoot.
Click to expand...
Click to collapse
Links:
Downloads
EVORoot.zip
EVORoot.zip - No bootloader, ROM or Radio updates
eng-PC36IMG.zip mirror 1, mirror 2
The following are the ROMs pulled out of the RUUs and renamed, make sure you use the correct version for your phone but if you aren't able to find out start with the 3.29.
3.29.651.5_PC36IMG.zip
3.30.651.2_PC36IMG.zip
If you are having trouble flashing custom ROMs try using this kernel (Thanks to xxbabiboi228xx)
Stock kernel #17
Sources
How to unlock Nand Protection ~ Part-2
All EVO Radio, WiMAX, PRI & NV versions
RA-evo-v1.8.0
RUU to restore 3.29.651.5
RUU to restore 3.30.651.2
Click to expand...
Click to collapse
Contents Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
exploid.com
flashboot.bat
flashrecovery.bat
runexploit.bat
moveme/
.....eng-PC36IMG.zip
.....evo_radios_wimax_pri_nv_3.30.zip
.....flash_image
.....mtd-eng.img
.....rageagainstthecage-arm5.bin
.....recovery-RA-evo-v1.8.0.img
.....SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip
Click to expand...
Click to collapse
Alternate method
If you already have the EVORoot.zip file you can download the scripts below without the boot/ROM/radio.
Instructions:
Extract EVORoot.zip into a folder that is easy to find such as C:\EVORoot. Then copy the 'moveme' folder out of that one and on to your sdcard.
Open up a DOS prompt and go to the EVORoot directory. eg. 'cd C:\EVORoot'.
type: runexploit {enter}
It will scroll a few lines saying that the ADB server will be reset and to run it on the desktop, this is normal. If it says Permission Denied check to make sure your phone is set to charge only and your sd card is not mounted as a hard disk.
type: adb shell {enter}
If you see '$' then type: "./data/local/tmp/rageagainstthecage-arm5.bin", without the quotation marks, and push enter. After a few seconds it should kick you out to the \> prompt.
If you see '#' then type: exit {enter}
type: flashboot {enter}
If you don't see any errors let it continue, if you do see an error push Ctrl+X to stop
Your phone will then reboot, when it comes back up the bootloader option should be highlight. Press the power button to select it. It should then search for a second and ask if you want to install the pc36img.zip, push Volume Up for Yes.
*DO NOT TURN OFF THE PHONE OR LET THE BATTERY DIE WHILE UPDATING*
When it's finished go into fastboot and select the yellow 'reboot' through the menu, it should start up rooted and ready to go however you will still need a custom Recovery so you can make NANDroid back-ups and flash an up to date ROM.
Once the phone starts up do step #4 to check for root (# prompt), if it is a '$' try typing 'su {enter}'. If that does not work use runexploit and then check again. Return to the DOS prompt once finished.
type: flashrecovery {enter}
Let it continue as long as there are no errors, otherwise Ctrl+X will stop it. If you run this more than once you can ignore the file not found errors from when it first starts. When the phone reboots you should see green text on a black background, if you see a triangle with an exclamation mark then you still have the stock recovery.
Use the volume buttons to select Backup/Restore then push Power to select it.
Select Nand backup and push power. This will make an exact copy of your phone as it is. If you get an error that says 'run mobile-nandroid...." make sure you have at least 3 or 400MB free on your memory card. You can use USB-MS toggle to mount your SD card if you need to make room or copy a ROM to your phone. The moveme folder can also be deleted from your SD card at this point and you can make copies or move the backup once it is complete. Just make sure you have one good backup before continuing.
The NANDroids are saved under 'nandroid/??????????/backupfolder-date-time/'. The folders need to be moved whole.
Return to previous menu, select Wipe, then have it Wipe data/factory reset, Wipe cache & Wipe dalvik-cache. If you get stuck in a bootloop try these steps again and try wiping the SD:ext partition as well.
Return, then go in Flash zip from sdcard. Select and Flash ROM-Supersonic_3.30....zip. If you have a different ROM you want to use you can flash that one instead.
Flash the Radios, it is again very important not to interrupt or reset the phone while the radios are being flashed. It will probably want to reboot itself afterward, just follow the instructions.
Once it is finished Return to the main menu and have it Reboot system. Your phone should start up normally and ask to be set up, complete the set up like normal.
Once you have it set up and are sure everything is working properly I would make one more NANDroid so you have a copy with the updated radios. At this point you can also flash another recovery and do anything else you would normally do. Just be sure to use unrevoked forever if you plan on using a different hBoot.
Click to expand...
Click to collapse
Links:
Downloads
EVORoot.zip
EVORoot.zip - No bootloader, ROM or Radio updates
eng-PC36IMG.zip mirror 1, mirror 2
Click to expand...
Click to collapse
Contents Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
flashboot.bat
flashrecovery.bat
runexploit.bat
moveme/
.....eng-PC36IMG.zip
.....evo_radios_wimax_pri_nv_3.30.zip
.....flash_image
.....mtd-eng.img
.....rageagainstthecage-arm5.bin
.....recovery-RA-evo-v1.8.0.img
.....SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip
Batch Files
runexploit.bat
Code:
adb shell "cat /sdcard/moveme/rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "./data/local/tmp/rageagainstthecage-arm5.bin"
flashboot.bat
Code:
adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image misc /sdcard/moveme/mtd-eng.img"
adb shell "mv /sdcard/moveme/eng-pc36img.zip /sdcard/pc36img.zip"
adb shell sync
adb reboot bootloader
flashrecovery.bat
Code:
adb shell "mv /sdcard/PC36IMG.zip /sdcard/moveme/eng-PC36IMG.zip"
adb shell "mv /sdcard/moveme/evo_radio_wimax_pri_nv_3.30.zip /sdcard/evo_radio_wimax_pri_nv_3.30.zip"
adb shell "mv /sdcard/moveme/SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip /sdcard/ROM-SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip"
adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image recovery /sdcard/moveme/recovery-RA-evo-v1.8.0.img"
adb shell sync
adb reboot recovery
Click to expand...
Click to collapse
This uses HTC's eng hBoot to unlock NAND protection so it is relatively safe, but, as always, this will void your warranty and may possibly damage your phone. You and you alone are responsible for anything that you do. This is for informational purposes only.
Click to expand...
Click to collapse
Here are linux and mac versions. You just need to get adb from somewhere (I don't think the packaged windows version will work).
If it's in your path, just change all of the "./adb" to "adb", or if you copy the executable to the same directory as these scripts, leave them as is.
Put them in the same directory, as the kit, and they should work.
I haven't tested, but thought I would write them up quickly to help with mutli-os support.
runexploit.sh
Code:
#!/bin/bash
./adb shell "cat /sdcard/moveme/rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin"
./adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
./adb shell "./data/local/tmp/rageagainstthecage-arm5.bin"
flashboot.sh
Code:
#/bin/bash
./adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
./adb shell "chmod 755 /data/flash_image"
./adb shell "/data/flash_image misc /sdcard/moveme/mtd-eng.img"
./adb shell "mv /sdcard/moveme/eng-pc36img.zip /sdcard/pc36img.zip"
./adb shell sync
./adb reboot bootloader
flashrecovery.sh
Code:
#!/bin/bash
./adb shell "mv /sdcard/PC36IMG.zip /sdcard/moveme/eng-PC36IMG.zip"
./adb shell "mv /sdcard/moveme/evo_radio_wimax_pri_nv_3.30.zip /sdcard/evo_radio_wimax_pri_nv_3.30.zip"
./adb shell "mv /sdcard/moveme/SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip /sdcard/ROM-SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip"
./adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
./adb shell "chmod 755 /data/flash_image"
./adb shell "/data/flash_image recovery /sdcard/moveme/recovery-RA-evo-v1.8.0.img"
./adb shell sync
./adb reboot recovery
I'm getting a permission denied when I try to runexploit
Can you post an alternate mirror for the rootkit?
jacobzamarripa said:
I'm getting a permission denied when I try to runexploit
Click to expand...
Click to collapse
Do you have debugging enabled?
MJStephens said:
Do you have debugging enabled?
Click to expand...
Click to collapse
usb debugging. yes
jacobzamarripa said:
usb debugging. yes
Click to expand...
Click to collapse
Are you running cmd.exe as admin?
Do you guys have a youtube video of step by step for this? Because i cant even get past the third step
BrashL said:
Are you running cmd.exe as admin?
Click to expand...
Click to collapse
im not quite sure how. im on windows xp
jacobzamarripa said:
im not quite sure how. im on windows xp
Click to expand...
Click to collapse
Im pretty sure he just means that your on an user name on windows that has Master rights.
Bravo, bravo. You really outdid yourself on this hauss. What a fabulous tutorial for noobs. In my spare time, I would be happy to make a Mac version of this tutorial for you. I think the Mac part jut confuses people more. Seriously, great work. I will be referring people to this. Replaces the need to do 20 commands with like 4 homemade batch scripts. Pm me or email at [email protected] and I will build a Mac tutorial (giving you full credit of course)...
Confirm?
This looks and sounds awesome. I would LOVE a mac version of this and like to donate to good work
Can I get a confirmation from someone reporting success using this method?
I'd like to use this on a friends phone today but am a bit hesitant because it's so new.
thanks!
i will confirm that all the scripts work on thier own. i have no idea if hauss's batch scripts work. all the exploits are legit though. i will download and proofread. either way, it should work. i know hauss is experianced at rooting and stuff.
wait, huge file. does someone mind sending me everything except the pc36img.zip and eng-pc36img.zip? email is [email protected]
does anyone know if it will work on parallels on mac.
adb connection will be reset. restart adb server on desktop and re-login
I keep getting error message saying "adb connection will be reset. restart adb server on desktop and re-login"
--------------------------------------------
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3316, 3316}
[*] Searching for adb ...
[+] Found adb as PID 1400
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
rukshmani said:
I keep getting error message saying "adb connection will be reset. restart adb server on desktop and re-login"
--------------------------------------------
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3316, 3316}
[*] Searching for adb ...
[+] Found adb as PID 1400
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
Click to expand...
Click to collapse
Actually i kept getting this same message when i was on the adb server and was attempting to get to the recovery screeen on the phone. Do you by any chance have HBoot 2.2 on your evo?
Hi Noobe , yes unfortunately..am i SOL
rukshmani said:
i keep getting error message saying "adb connection will be reset. Restart adb server on desktop and re-login"
--------------------------------------------
[*] cve-2010-easy android local root exploit (c) 2010 by 743c
[*] checking nproc limit ...
[+] rlimit_nproc={3316, 3316}
[*] searching for adb ...
[+] found adb as pid 1400
[*] spawning children. Dont type anything and wait for reset!
[*]
[*] if you like what we are doing you can send us paypal money to
[*] [email protected] so we can compensate time, effort and hw costs.
[*] if you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 usd!
[*]
[*] adb connection will be reset. Restart adb server on desktop and re-login.
Click to expand...
Click to collapse
this is not an error message! This means it is working! Just move on to the next step. If there is nothing that says the word error, there is probably no error!

[GUIDE] How to downgrade 1.7x/1.8x/2.x to 1.32.405.6

DO NOT USE THIS IF YOUR PHONE CAME WITH GINGERBREAD Or newer Software. Use the Ace Hack Kit for DHD ​
How to downgrade to 1.32.405.6 WWE
HTC - Quietly S-OFF. Again.​
About:
The problems started when HTC released their 1.72.405.3 OTA update. That update could not be rooted, and many people got stuck in stock roms. Now a downgrade method has arrived! After this process, you can use any root (+ S-OFF) method you want. Basically your device will be just like any other Desire HD with older build version. Downgrading will completely reset your device to factory defaults, so remember to back up all important data (such as contacts, game saves and sms messages).
System requirements:
HTC Sync (or ADB drivers)
Desire HD with build number 1.72 or higher
[Warning] Telus DHDs may lose sound because the 1.32.405.6 is not fully compatible with the sound chip. Just start using a custom ROM, and it will work fine.
How to downgrade:
Section 1
Disable any antivirus software
If you have a branded / regional (like Indian or Vodaphone) device, you have to make a Goldcard. Use "mmc2" instead of "mmc1"!!
Download the attached file and extract it
Get stock 1.32 PD98IMG.zip ROM, mirror
Put the PD98IMG.zip into your SD card. Do not put it into a folder, and do not extract it.
Click to expand...
Click to collapse
Section 2a [For Froyo ROMs, 1.7x and 1.8x]
Connect Desire HD to a computer. Charge only, USB Debugging enabled!
Open up a cmd and go to Downgrade folder, execute commands:
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
Click to expand...
Click to collapse
Section 2b [For Gingerbread ROMs, 2.x]
Connect Desire HD to a computer. Charge only, USB Debugging enabled!
Open up a cmd and go to Downgrade folder, execute commands:
Code:
adb push misc_version /data/local/tmp
adb push fre3vo /data/local/tmp
adb shell chmod 777 /data/local/tmp/fre3vo
adb shell chmod 777 /data/local/tmp/misc_version
adb shell
./data/local/tmp/fre3vo -debug -start FBB00000 -end FFFFFFFF
Click to expand...
Click to collapse
Section 3
If you got "#" in the result, you have temporary root! Proceed with commands:
Code:
cd /data/local/tmp
./misc_version -s 1.31.405.6
Close the CMD. Reboot while holding volume down, it will go to the bootloader
Follow the instructions (start the update)
Done. You can now click my thanks button! Proceed with old S-OFF methods, and remove the PD98IMG.zip from your SD. I recommend Radio S-OFF for new users.
Click to expand...
Click to collapse
Big thanks: Scotty2, Guhl and the fre3vo team
Downloadcount for Downgrade package v1 is 15808, and for v2 it is 32012.
FAQ:
Q: Will I lose all my settings and applications?
- Yes, so make a backup with MyBackup Pro.
Q: I have done Radio S-OFF and SuperCID, do I need this?
- No, with those you do not need this kind of trickery.
Q: I have flashed a custom ROM with e.g. 1.84 build number, do I need this?
- No, with ClockworkMod you can jump between builds freely.
Q: It says '#' but I still cannot use root applications!
- That is normal, this method only gives root in command line. Just go ahead and downgrade.
Q: Is my phone Froyo or Gingerbread?
- Check it in Settings -> About -> Software information -> Android version. 2.2 is Froyo and 2.3 is Gingerbread.
Q: How do I navigate to downgrade folder?
- You can read this short and easy explanation.
Click to expand...
Click to collapse
Troubleshooting:
- "Main version is older"? You did not type everything correctly. Please try it again and see if any errors come up.
- "Error opening backup file"? You did not use "Charge only" -connection, or your SD card is faulty.
- "CID mismatch/CID incorrect"? Your device is branded. Just make a Goldcard, put the PD98IMG.zip to the card again and go to the bootloader.
- "Model ID incorrect"? Some Telus DHDs get this, just make a Goldcard.
- "Failed to set prot mask (Inappropriate ioctl for device)"? Use Gingerbread method to downgrade.
- Zip will not load in bootloader? Format your SD card to FAT32, no quick format! You can also try another SD.
- Problems while making Goldcard? See this post.
- PD98IMG.zip md5sum is: C3D244A9F056E48EE3851A14FF52204C
Click to expand...
Click to collapse
If you like my work, please consider: (or just hit the thanks button )
Am I missing something or is it your link that just ain't there ?? lol
mcnob said:
Am I missing something or is it your link that just ain't there ?? lol
Click to expand...
Click to collapse
He's most likely updating it as we type - hate clutter so lets sit back and wait
http://forum.xda-developers.com/showpost.php?p=10428859&postcount=162
mcnob said:
Am I missing something or is it your link that just ain't there ?? lol
Click to expand...
Click to collapse
Look:
http://forum.xda-developers.com/showpost.php?p=10428115&postcount=54
but you should use DHD RUU (not desire Z) and lower version numer (since unbranded rootable version for DHD is 1.32.405.6)
Great work to everyone involved, now finally those lame "root doesn't work" posts will vanish
Excellent
So has any one tried it?
Got temp root trying to flash old ruu...lets see
I have temproot working. Currently downloading the RUU file on my REALLY slow internet...
I think there is a couple of small errors?
cd /data/local/tmp
./misc-version -s 1.31.405.3
should be
cd /data/local/tmp/
./misc_version -s 1.31.405.3
also, the psneuter is a .txt file, just remove the .txt extension to use the file.
robE9 said:
Got temp root trying to flash old ruu...lets see
Click to expand...
Click to collapse
Second confirmation for temp root but I've ran out of time to flash RUU
"So, rebooted in bootloader, loaded pd98img.zip....checked it but after says Main Version is older ! Update Fail ! Press power to reboot.
Any ideeas to try ?
Once i am home again I shall donate a crate of beer to the team!!
BlackTigerX said:
Great work to everyone involved, now finally those lame "root doesn't work" posts will vanish
Click to expand...
Click to collapse
You still will not have permanent root of 1.72/1.75! but this does allow you to downgrade and attain root on older Firmware
robE9 said:
"So, rebooted in bootloader, loaded pd98img.zip....checked it but after says Main Version is older ! Update Fail ! Press power to reboot.
Any ideeas to try ?
Click to expand...
Click to collapse
Did you get #, and did you run the misc_version executable? Did you write the version number correctly there?
ghostofcain said:
You still will not have root of 1.72/1.75! but this does allow you to downgrade and attain root on older Firmware
Click to expand...
Click to collapse
That is right. The psneuter gives temporary root, but as scotty2 said, it kind of shoots the current rom in the head while doing that..
i tried again with _ instead of - at version and now its updating hope will be ok
.. PD98IMG.zip to apply the file gives me an error
View attachment 483907​
Any ideas?. Thanks!
Is it possible to flash the PD98IMG without using an SD card?
My DHD bricked mine http://forum.xda-developers.com/showthread.php?t=895593
apside said:
.. PD98IMG.zip to apply the file gives me an error
Any ideas?. Thanks!
Click to expand...
Click to collapse
What error? I cannot find error in that screenshot.
xdario said:
Is it possible to flash the PD98IMG without using an SD card?
My DHD bricked mine http://forum.xda-developers.com/showthread.php?t=895593
Click to expand...
Click to collapse
The RUU itself might work, but I would not bet on it. Just get a new SD.
apside said:
.. PD98IMG.zip to apply the file gives me an error
View attachment 483907​
Any ideas?. Thanks!
Click to expand...
Click to collapse
dont write "reboot bootloader" just reboot by power buton and press down the volume button until you are in bootloader
Btw the downgrade was succesfull, i just rooted with visionary thx guys a lot :X
at me work fine

[App] [26.04.2011][v1.2] GingerBreak APK (root for GingerBread)

NOTICE: Gingerbreak is an exploit that has been fixed in many of the latest Android versions and releases. If it does not work, it does not work. I can't "fix" the exploit, you will have to wait for a new exploit to come out, or root a different way!
About
The GingerBreak APK is a wrapper around the newly released GingerBreak exploit (credits to The Android Exploid Crew), which is meant to attain root access on GingerBread. This specific exploit may work on various Froyo and Honeycomb versions as well.
What the APK and exploit do is as follows:
- The APK puts the right files in the right place to run the exploit
- The APK runs the exploit
- The exploit attempts to attain root access
- If it succeeds, the exploit remounts /system as read-write and runs the installer script
- The installer script attempts to install the su binary and superuser APK, and reboots
Some important things to know:
- You must have USB debugging enabled on your device
- You need to have an SD card (formatted and) inserted - if it doesn't work, try formatting the SD card in your computer, or switching it with a different (or old, etc) SD card
- The APK must be installed to device, NOT SD card
- The exploit may take a while to run, but not more than 10 minutes, if it does, get me a logcat, and reboot the device. In rare occasions, even if the device does not reboot, you may still have root. So check that out after you manually pull battery after 15 minutes or so of being stuck.
- Always reboot between root attempts!
- While (temporary?) root access may be attained, due to locked bootloaders, efuses, S-ON, and whatnot this may still not work on your device. For temproot purposes, use the raw binary exploit (linked below), not this APK.
- The GingerBreak exploit should not be used to attain temproot and continue using the device. It fscks vold, you do not want to be running like that. You want to reboot! So if the root doesn't stick, you (still) have a problem.
Installation
- Optional: Press the Thanks button below this post
- Make sure USB debugging is enabled
- Make sure you have an SD card (formatted and) inserted
- Get the APK on the phone somehow, and install it
- Open the APK, press the root button
- Wait a few minutes. If there are no problems, the device will reboot (note that the reboot itself can take like 10 minutes due to cache wipe)
- Make sure the Superuser app is install and working
- Optional: Install BusyBox from Market (I personally prefer the stericsson installer)
- Optional: Uninstall GingerBreak, you don't need it on your phone anymore
- Optional: Make a donation
WARNING: Apparently on some devices the root exploit causes the SD card (internal or external) to be formatted. Also, if it gets stuck but you do see the card mounting/unmounting, try formatting your SD card yourself and try again (or use a different SD card) - often this works (a fix for both issues is being looked at)
NO IT DOES NOT WORK ON THE GALAXY ACE (yet ?)
WORKS ON A RARE SGS2, BUT NOT ON MOST (seems to be only pre-release devices that are rootable this way)
ACER A500 / ICONIA Look here (click). Will eventually be integrated, I guess
Donate
Donate to Chainfire by PayPal: click this link
Donate to The Android Exploid Crew by PayPal: [email protected]
Report!
Please report back if it does or doesn't work on specific devices. If it doesn't, don't forget to post your logcat as attachment, and mention your device details and GingerBreak version.
Credits
- I made the APK and did some slight modding to the exploit code to install from an APK
- The exploit ("GingerBreak") itself is made by The Android Exploid Crew. Original code can be found here: http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html
Manual rooting
From v1.1 it is no longer possible to manually root the device over an ADB connection using the files from this APK. Please use the original binaries from the c-skills website to do this. There are several guides posted here on XDA about how to do this manually, some are mentioned/linked-to in the first few pages of this thread.
Note
GingerBreak is not specific to any device, but there is code in there that may not work on device X or Y. The exploit is generic, but that does not mean one size fits all, nor does it mean that there will be no firmwares out there that fix this exploit. A special version may need to be compiled for your device, ask your favorite hacker from your specific device's forum. This APK is meant to make the process easier, but also adds dependancies so that it may not work on your device.
AGAIN, THIS DOES NOT WORK ON S-ON DEVICES !
Changelog
26.04.2011: v1.2
- Removed some code that may break operation while the code itself isn't needed
- Added UnRoot option
- The APK now logs exploit output semi-live
22.04.2011: v1.1
- Modded exploit code to not need /data/local/tmp - this should fix the problem extracting assets as well as be more compatible with various devices (in theory). In case the APK notices that this cannot work, it will warn you about this.
- Added some warnings and errors to the APK
21.04.2011: v1.0
- First release of APK
- Slight mods to the exploit source to have it work better from APK
Sources
Attached archive contains the modified sources for the exploit part of this APK. I will publish new versions only when it changes; the APK may be updated to a newer version, this does not necessarily mean the exploit has changed
Also, apologies for the few days delay in posting the source.
Genius tool!
Congrats to C-Skills to for the exploit of course.
PS: if you want it to work on Galaxy S II: extract in /app-cache instead of /data/local/tmp
Finally this has come out
Sent from my a Vibrant using the xda premium app
Will this work on any phone
Sent from my a Vibrant using the xda premium app
supercurio said:
Genius tool!
PS: if you want it to work on Galaxy S II: extract in /app-cache instead of /data/local/tmp
Click to expand...
Click to collapse
Will be looked at! (I'm sure it'll need more modifications for other devices as well, hehe)
I get an error saying 'could not extract assets'. Is there a solution for this?
Running 2.3.3.
Sent from my GT-I9000 using XDA App
I am trying to root using adb.
Can anybody tell how long will it sleep/wait after displaying
[*] vold: 1965 GOT start: 0x00014344 GOT end: 0x00014384
to complete the root
(@robin2)
try:
adb shell mkdir /data/local/tmp
will it work on Nexus S? Anyone tried yet?
please see the steps below
E:\Downloads\New folder\SuperOneClickv1\SuperOneClickv1>adb push gingerbreak /da
ta/local/tmp
586 KB/s (16830 bytes in 0.028s)
E:\Downloads\New folder\SuperOneClickv1\SuperOneClickv1>adb shell chmod 777 /dat
a/local/tmp/gingerbreak
E:\Downloads\New folder\SuperOneClickv1\SuperOneClickv1>adb shell /data/local/tm
p/gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 1965 GOT start: 0x00014344 GOT end: 0x00014384
That's not my modded version, so don't ask me.
why would you need on a nexus s ??
it is one of the most simple phone to root and get superuser ...
there are many guides in the development section for the nexus s look there
i would much prefer to use one of those as i know it will work !!
I cannot create/remove any directories/files in /data/local/ because I don't have root access.
I've tried...
Sent from my GT-I9000 using XDA App
For those that want to root manually, you can follow this: http://forum.xda-developers.com/showthread.php?t=1044582
It's for a Nexus One (tested), so if you want to use the step-by-step for a different device, you will have to change the partitions in the mounting commands.
Hi! I have Nexus One and is currently on an unrooted 2.3.3
I placed the APK file on my SD card and when I tried to launch it, all I got was "could not extract assets" what should I do?
curiousitykilledthepat said:
Hi! I have Nexus One and is currently on an unrooted 2.3.3
I placed the APK file on my SD card and when I tried to launch it, all I got was "could not extract assets" what should I do?
Click to expand...
Click to collapse
For people getting "could not extract assets" error execute
adb shell rmdir /data/local/tmp
and then
adb shell mkdir /data/local/tmp
The above post worked for me. Thanks.
Been thinking a bit about how things are done in the v1.0, going to do some massive changes for the next release that should make it much more compatible.
:/
it doesn't root the Desire S, unfortunately

[Q] HTC Desire HD - Can't Downgrade from Gingerbread to 1.32.405.6

Hi,
I was following the article :
[GUIDE] How to downgrade 1.7x/1.8x/2.x to 1.32.405.6
@ http://forum.xda-developers.com/showthread.php?t=905003
.
The cursor blinks after this line:
Code:
[*] vold: 0000 GOT start: 0x00014360 GOT end: 0x000143a0
I have waited for almost an hour, but nothing happens, and I have to break using Ctrl+C.
My questions is, what am I doing wrong/ what needs to be done? Cause I see other posts where the output shows many more lines similar to the one above, and then the # (root) prompt, but I don't get it.
-- Phone: HTC Desire HD [Unlocked]
-- OS: Just received OTA Gingerbread: 2.3.3; s/w version: 2.37.720.3
-- Factory Reset Done
-- PC Connection is in : Charging mode and USB Debugging
Complete output:
Code:
G:\htc desire hd\Mod\Setups\Downgrade>adb push misc_version /data/local/tmp
1104 KB/s (15837 bytes in 0.014s)
G:\htc desire hd\Mod\Setups\Downgrade>adb push GingerBreak /data/local/tmp
1173 KB/s (16830 bytes in 0.014s)
G:\htc desire hd\Mod\Setups\Downgrade>adb shell chmod 777 /data/local/tmp/misc_version
G:\htc desire hd\Mod\Setups\Downgrade>adb shell chmod 777 /data/local/tmp/GingerBreak
G:\htc desire hd\Mod\Setups\Downgrade>adb shell
$ ./data/local/tmp/GingerBreak
./data/local/tmp/GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 0000 GOT start: 0x00014360 GOT end: 0x000143a0
Thanks in advance,
Gautam
Downgrade Failed
I got the same result.. Needed help.. :sad:
Same here. Any help would be appreciated
Ok guys even I am stuck here too and I had posted about this, but no one replied, however I got down to googling tactics and the most statisfying reason that I have come up with (reasoning is based on the countless articles and websites about gingerbread and gingerbreak) is that the gingerbreak crack is for a different version of of gingerbread, a version which was launched before we Indians, got out version of gingerbread and thats why our DHDs are getting stuck at the same place over and over again. It's all because of different s/w version numbers.
I guess we all have to wait for a gingerbreak version that is applicable across all DHD ROMs, only then can we be able to downgrade. There might be other way(s), but I know none. This is my two bit about what all of us, are going through when following the downgrade guide. I may be wrong, I may not be. If you have a different thing to say about it, then by all means let all of us hear it.
Thanks Ruben for the clarification. I think you're right. The following two links suggest that as well.
Check out (Google them as I can't paste links due to the less # of posts that I have):
Google Patches GingerBreak Exploit, But Don’t Worry – We Still Have Root (For Now)
Change Iab98d71c: Detect Android devices vulnerable to CVE-2011-1823
I was trying to downgrade so that I could install Android Revolution HD 5.1.7 on my DHD. Any other way to achieve the same? I wish I knew this; just updated to Ginger a few days ago.
The pleasure was all mine Gautam, just trying to do my part to help other Indian DHD users. anyways check out this page http://forum.xda-developers.com/showthread.php?t=905003&page=149 and I believe jkoljo is already on the job.
Unfortunately there is no other way to downgrade the gingerbread 2.37 hoping for an exploit from, The Android Exploid Crew and jkoljo.
is it cuz we are indians?
Same exact problem. Spent more than 24hrs finding a solution. Really bored of the stock ROM and the gingerbread update does not even have enough visual changes. Zzz really wish someone does something about it
Once again Indians have a disadvantage.
Android Version: 2.3.3
HTC Sense Version : 2.1
Baseband : 12.54.60.25U_26.09.04.11_M2
Kernel : 2.6.35.10-g0956377 ([email protected]#1)
Build Number : 2.36.405.8 CL47853 release-keys
Software : 2.36.405.8
I too was following the instructions. The first time I tried I had my sdhc card in and gingerbreak got a little further than you quoted above but just kept saying 'sendmsg fail'. I googled this and found a post which said that gigngerbreak could run without the sdhc card. So I tried that and got the same problem you reported. I waited a few minutes with nothing happening then decided to pop my card back in...at which point gingerbreak started running again.
If your card is in when gingerbreak starts it might be worth ejecting/inserting when you reach the sticking point.
(In the end it didn't help me, gingerbreak finished OK but then I got an error from misc_version which I have not yet been able to get past)
ericjennings said:
Android Version: 2.3.3
HTC Sense Version : 2.1
Baseband : 12.54.60.25U_26.09.04.11_M2
Kernel : 2.6.35.10-g0956377 ([email protected]#1)
Build Number : 2.36.405.8 CL47853 release-keys
Software : 2.36.405.8
I too was following the instructions. The first time I tried I had my sdhc card in and gingerbreak got a little further than you quoted above but just kept saying 'sendmsg fail'. I googled this and found a post which said that gigngerbreak could run without the sdhc card. So I tried that and got the same problem you reported. I waited a few minutes with nothing happening then decided to pop my card back in...at which point gingerbreak started running again.
If your card is in when gingerbreak starts it might be worth ejecting/inserting when you reach the sticking point.
(In the end it didn't help me, gingerbreak finished OK but then I got an error from misc_version which I have not yet been able to get past)
Click to expand...
Click to collapse
1st you will need the following files
GingerBreak from http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html
misc_version from http://www.multiupload.com/A9PNGVBWBE
Default rom http://forum.xda-developers.com/showthread.php?t=905003
and Android SDK http://developer.android.com/sdk/index.html
Also you will need a clean SD card 1 gig or more should be fine (smaller is better)
Unzip GingerBreak and misc_version into a folder say c:\Downgrade (I normally use 7Zip)
You should have:
c:\Downgrade\GingerBreak with 5 Files
c:\Downgrade\misc_version with 4 Files
Make sure you installed Android SDK's Platform tools and updated your path to reflect this
IE: run SDK Manager and install Android SDK Tools and Google USB Driver pack if you don t have HTC Sync driver running.
Format the SD card and copy the rom.zip into the base of the card, not a sub directory. (Do not unzip)
Now: Plug in the phone to the USB and make sure Debugging is on and the phone is set to charge only.
Then open Command prompt ie: run cmd.exe
Go to your Downgrade directory and test if your adb command is in the path. ie: run it and make sure it lists switches and not say file not found
Then run as follow
adb push misc_version /data/local/tmp
adb push GingerBreak /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/GingerBreak
adb shell
./data/local/tmp/GingerBreak
if you fail to get root ie: prompt does not return to # or get a endless sendmsg() failed? Error, reboot the phone and repeat the commands above. The phone I used, took 3 tries to get this right.
at the # run the following
cd /data/local/tmp
./misc_version -s 1.31.405.6
When its done exit cmd and goto your phone, Reboot it while pressing volume down.
It will come up with a menu and follow the update instructions.
You should then be on Android version 2.2 when done.
Please note the rom that is supplied works with unbranded phone only if you have a branded phone you will need to make a goldcard. If you want to know how to make one, google is your friend sorry.
You must have htc sync installed!
**** I TAKE NO RESPONSIBILITY IF THE BELOW PROCESS DOES NOT WORK FOR YOU & IF YOU BRICK YOUR PHONE - DO THIS AT YOUR OWN RISK ****
What you need :
- MicroSD card with SD Adapter
Procedure :
1. You need to setup ADB on your PC and download the Android SDK, guide here:
How To: Set Up ADB/USB Drivers for Android Devices | The Unlockr
2. Create a GoldCard here (remember to open the SD Card as a PHYSICAL DISK) :
How To: Create a Goldcard | The Unlockr
3. Download the Generic Software here :
http://androidfiledepot.com/Storage...ravo_HTC_Europe_1.15.405.3_Radio_32.30.00.28U _4.05.00.11_release_121865.exe
4. Insert the Goldcard into the Desire and connect it to your PC. Run the software downloaded in step 3.
5. This will flash your Desire with a generic HTC version of the OS.
6. Enjoy!
If you see error 131, you don't have htc sync!
Nilseby, thanks for the suggestion.
I tried your method, and the process starts; phone switches off and HTC in displayed in White. After a few minutes, it says, that it can't go through with this, and the program just hangs. I powered on the phone and it's back to the way it was. Flashing didn't go through. I created a gold card as well and formatted, still no luck.
2.37.720.3
Why, oh why did I upgrade to 2.37.720.3?
I actually wanted to root my DHD so that I could take screenshots of its screen. Now that it is being reporting that as of now 2.37.720.3 is not downgradable, is there any other way to take screenshots of my phone's screen? Other than, of course, taking pics with another camera.
Thank God!
I am using RCMIX HD Kingdom v 1.2 with Sense 3.0 on my DHD and when I saw I downgrade guide from Gingerbread to get root access, I decided to upgrade to the official 2.3.3 in India. I saw the initial posts in that thread say that the method worked really well.
I had almost made up my mind to try the official update knowing that I can downgrade using the guide, but just before doing that I thought I'd read the more recent posts and guess what I realized the Indian software number 2.37.720.3 cannot be downgraded! Which means no root access and no custom ROMs (at least for now). I immediately changed my mind and didn't upgrade.
Thank God!
Good decision av. Just wait till this issue gets sorted out and then dive in. I was too eager to see what was up with Mr.Ginger and curosity killed the cat.
Sent from my Desire HD using XDA App
We in Australia have the same problem regret upgrading.
Just got my UK 2.37 upgrade a few days ago...why, oh, why did I accept it!? Hopefully not long until the 2.37 gingerbreak is out
guitarist7 said:
Just got my UK 2.37 upgrade a few days ago...why, oh, why did I accept it!? Hopefully not long until the 2.37 gingerbreak is out
Click to expand...
Click to collapse
yeah..
now i cant do anything with it
I can't even get a GoldCard to work on 2.37x , I know its not the cards I'm using as they still work for older releases
DotNetRules said:
I can't even get a GoldCard to work on 2.37x , I know its not the cards I'm using as they still work for older releases
Click to expand...
Click to collapse
What do you mean by getting a GoldCard to work? Is the phone not mounting it or something?

Hboot information and downgrading

Before I start this thread, I should say that all credit goes to otaking71 for finding this crack.
The two original threads are here
http://forum.xda-developers.com/showthread.php?t=1255043
http://forum.xda-developers.com/showthread.php?t=1255360
All of the work was done in the #htc_evo_shift channel on freenode irc.
Table of contents:
1. Hboot information about the exploit.
2. Downgrading
2.1 Notes
3. Full root(Updated 2.2 root)
4. Links
5. Credits/donation links
I will aim to make it so this mod can be ported to other devices to help downgrade bootloaders and software. Please read the entire thread before flashing anything and trying this.
Hboot
Hboot uses a hidden partition to check everything it flashes against, this partition is "misc", or hboot -1, or on the shift mmcblk0p17(hboot itself is at mmcblk0p18).
Some raw dumps of this partition using strings to filter ascii strings brings out this type of dump.
Locked bootloader for the evo shift's dump
"SPCS_001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
2.76.651.4
FNOC
FNOC"
Unlocked bootloader for the verizon thunderbolt
"VZW__001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
1.02.605.6
FNOC
FNOC"
Eng spl unlocked evo shift
"FN0C
FN0C
FN0C"
Now the place to focus at is the version numbers, 2.76.651.4. Hboot will check all items you try to flash via hboot or ruu utility against this number and if it is lower than what you are trying to flash, it will allow you to proceed in flashing through hboot, or ruu. If the number is higher, it will reject the flash. If the number doesn't exist(like in the eng spl) it will assume it is able to flash it(ONLY TESTED ON ENG SPL, not locked bootloaders). So by dumping the TB's misc partition into our own, we made it so the locked hboot would accept flashes. Either by RUU or hboot.
We believe the package you flash still needs to be signed though so that only leaves you with official ruu's and extracted ruu zips.
Joeykrim's history(Located on the second page of this thread)
joeykrim said:
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)
Click to expand...
Click to collapse
How to downgrade your device
For the shift, will be different on other devices with a bit of modding.
1. Temproot(With Fre3vo for the shift) http://forum.xda-developers.com/showthread.php?t=1185243
2. Move the file misc.img to the root of your sdcard, and PG06IMG.zip too if you plan on flashing through hboot.
3. Modify the misc partition to bypass the version check, type the following in an adb shell or a terminal emulator on your phone.
Code:
dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
Note for other devs: misc.img is the image from the TB, could be other images as long as it has a lower version number.
4. This is up to you, you can either use the ruu utility to revert or the PG06IMG.zip in hboot. I'll include links to both. Since both utilities check the misc partition, both are able to flash =)
5. Reboot and then full root like normal on your downgraded device.
Notes
1. When flashing hboot/using this exploit it always flashes twice/stops early and recontinues. Don't worry about it, this is normal(Sometimes it looks like more than 2 but just chill out).
2. Some SDcards are not recognized by hboot, so you will either have to switch cards for this operation or use the ruu utility method.
3. Remove the PG06IMG from your sdcard after flash, or hboot will pick it up next time.
Full root for downgraded 2.2
Flash ENG bootloader
1. Download these files and extract them to the root of your sdcard: www.thebcblends.com/shift/Shift-root.zip
2. Obtain temproot from z4Root, visionary, OR CM's temproot wiki
3. Flash hboot with Engineer SPL:
Code:
dd if=/sdcard/Shift/hboot_eng.nb0 of=/dev/block/mmcblk0p18
4. Boot into bootloader and check for S-OFF
Flashing a recovery
1. Grab latest shift recovery from: http://www.koushikdutta.com/2010/02/clockwork-recovery-image.html
2. Make sure you're temprooted(may have to temp root again)
3. Install recovery from rom manager
Alternative install can be done if you grab another recovery's recovery.img and do one of the following below.
a. Okay this is for those with fastboot - flash the recovery with fastboot: fastboot flash recovery recovery.img
b. This is for those where fastboot doesn't work or they don't have it - 1. Place recovery.img on the root of your sdcard, then type the command below.
Code:
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21
Full root/Rom flashing
Well I know you don't have anything you want to save from the 2.2 ruu since it's just a stock flash, so I am going to leave it off here as flash whatever rom you want over the new system via recovery and you should end up with a fully rooted android.
Just remember to wipe data/factory reset after flash.
Links - MD5Sums aren't terribly important here as the files will not flash if they are not correct due to the signatures.
Fre3vo temp root for GB - http://forum.xda-developers.com/showthread.php?t=1185243
misc.img for the misc partition - http://dl.dropbox.com/u/41040697/misc.img MD5Sum: c88dd947eb3b36eec90503a3525ae0de
Misc.img mirror(You guys took down my second dropbox.....trying a different site now): http://www.box.net/shared/0l8ex73zne0tfr10ob69
Second mics.img mirror: http://dl.dropbox.com/u/15373824/misc.img
Another mirror for misc.img: http://dev-host.org/a9dbnuzgb9qv/misc.zip (Thanks Fdxrider)
Official ruu file for downgrading to 2.2 - http://www.multiupload.com/15N2D30H6C MD5SUM: a4b880954d2ac29d5bdf0dade9dede3c
PG06IMG for hboot downgrading to 2.2 - http://dl.dropbox.com/u/41040697/PG06IMG.zip MD5SUM: d20be478fd860b80f5e800c958f79077
Mirror for PG06IMG(First link went down temporarily due to generating too much traffic on my account, good job guys xD) - http://dl.dropbox.com/u/15373824/PG06IMG.zip
Mirror for PG06IMG: http://dev-host.org/xmlaaco0s2ph/PG06IMG.zip
2.2 root [Bcnice guide]- http://forum.xda-developers.com/showthread.php?t=932153
Cm's rooting method(For those without z4root or visionary) - http://wiki.cyanogenmod.com/wiki/HTC_Evo_Shift_4G:_Full_Update_Guide
Credits
Otaking71 - Discoverer of this exploit for the shift and working throughout the night to establish it as a working downgrade.
Bcnice20 & other 2.2 root devs - I borrowed your root methods for this guide, and linked to them. Just had to update it for recovery basically.
Stuke00 - Fre3vo temp root for 2.3.3
Joeykrim - Donating that history for the curious minds.
Donation links:
Otaking71 - Main driver of this discovery/creator and came up with this theory
http://forum.xda-developers.com/donatetome.php?u=1762836
Should we vote this to the front or try to keep it on the downlow?
^ Shift Faced
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Something of that sort, you can obtain full root through this exploit. Though it's through downgrading the firmware you use old 2.2 rooting methods.
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
YoungCorruption said:
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
Click to expand...
Click to collapse
sounds like its time to change your siggy there youngcorruption!
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
halrulez said:
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
Click to expand...
Click to collapse
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Nice write up, thanks to otaking and scary you all saved the shifters from a horrible ota update
Sent from my Supreme Shift using Tapatalk
Scaryghoul said:
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Click to expand...
Click to collapse
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
halrulez said:
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
Click to expand...
Click to collapse
Either one, you can either mount your phone on usb and move the misc.img to your sdcard then type the command in terminal on your phone.
OR
You can adb push the file to your sdcard then adb shell the command.
I'll make the instructions more detailed in a bit.
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
I just did it and it worked perfectly. Back on 2.2, ready to root. Thanks again to otaking and scary for all your hard work.
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
halrulez said:
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
Click to expand...
Click to collapse
you might need to install htc sync to run ruu's. http://www.htc.com/managed-assets/support/software/htc-sync/setup_3.0.5557.exe
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Best day ever!!!!!!!!!!!!!!!!!!!!!!!!!
strapped365 said:
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Click to expand...
Click to collapse
provide link to said drivers?
riggsandroid said:
provide link to said drivers?
Click to expand...
Click to collapse
kinda cant provide an actual link directly to the drivers because i had to set up unrevoked just like i was rooting an evo, so i just hinted they were in the tool
http://unrevoked.com/recovery/
thats where you can get the tool from to setup your drivers if you have issues with sync not playing well or your pc just dont want to read the drivers right
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
blakeatl said:
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
Click to expand...
Click to collapse
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)

Categories

Resources