This guide will explain how to downgrade chacha from higher RUU version to lower RUU version. Even HBoot downgrade is possible. Mine, I successfully downgraded from HBoot 1.05 to 1.04.
Usually this error msg appears if you try to downgrade your firmware ‘Main Version is Older’, the guide will help solve this.
The guide is based on thread http://forum.xda-developers.com/showthread.php?p=10757949#post10757949
This is not my actual work, I searched thru the forums when I wanted to downgrade my chacha from RUU_Chacha_HTC_Europe_1.33.401.1_Radio_47.17.35.3033H_7.48.35.14_2_release_204385_signed to RUU_Chacha_hTC_Asia_WWE_1.21.707.2_Radio_47.14.35.3030H_7.47.35.17_release_197518_signed and created this guide.
My device is carrier unlocked, S-ON and this method will work on S-ON devices.
Note: Before you proceed, I accept no responsibility if you brick your phone. Do it on your own risk!!!
Things you need
I assume you already have android SDK and HTC sync installed in your system
1) Flash_Image – http://www.android-hilfe.de/attachments/root-hacking-modding-fuer-htc-desire/8835d1275662657-how-rebrand-o2-desire-fertig-flash_image.zip
2) HEX Editor - http://mh-nexus.de/en/downloads.php?product=HxD
3) A gold card – search thru the forums if you need to create one.
Step 1: Achieve temp adb shell root
You can achieve temp adb shell root using zergRush method, if you don’t know how, your can see this thread http://forum.xda-developers.com/showthread.php?t=1296916 or simplest way is to use the batch file created by qzfive http://forum.xda-developers.com/showthread.php?t=1319386
Step 2: copy the mtd0 file to sdcard.
Open command prompt, change your directory to ADB directory (usually the folder where ADB.exe resides).
In the command prompt type, adb shell
You should see ‘#’ at the prompt, if you see ‘$’ then you didn’t achieved temp root, redo step-1.
In the command prompt type
cat /dev/mtd/mtd0 > /sdcard/misc.img
Step 3: now change the USB connection type to ‘disk drive’ and copy the ‘misc.img’ to your pc or laptop. Use HxD as administrator and open ‘misc.img’
Step 4: The current version number can be located at 11th line, change it to the version number of RUU you want to downgrade to. I have changed mine from 1.33.401.1 to 1.25.709.1 and save. Be sure to back up the file before any updates.
Step 5:
copy the flash_image (which you downloaded at the start) and misc.img back to your root of sdcard
Step 6: change the USB connection type to ‘charge only’ and execute the below commands in the adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/misc.img
Step 7:
Copy the rom.zip from RUU which you wanted to flash to the root of the goldcard and rename to PH06IMG.zip. Power off the phone, insert goldcard to the phone – press volume down + power on, the phone will flash the rom.
I'm quite happy to see that this ChaCha section is getting more and more used. This goes straight to the ChaCha guide that I made. Congratulations!
Thank you, i was trying my luck for s-off as in this forum http://forum.xda-developers.com/showthread.php?t=1317960 so downgraded my phone. and unfortunately no s-off!
Ok, this could be modified with a s-off hboot in the zip to achieve s-off, I'm sure of it. Anyone have an engineering s-off Hboot around?
It wouldn't work - if you modify a signed HTC .zip, the bootloader won't take it if it's S-ON
@#$%. I do feel this is is the start of an exploitable loophole. Now how to use it is the key.
as qzfive said, if the rom.zip in RUU is modified it cannot be flashed, i tried to modify the rom.zip using zip utility to change the CID information once, but the flashing was not successful. Believe HTC uses some special technique to build the zip
if any one can direct to information on building RUU may be we can give it a try
ajeevlal said:
as qzfive said, if the rom.zip in RUU is modified it cannot be flashed, i tried to modify the rom.zip using zip utility to change the CID information once, but the flashing was not successful. Believe HTC uses some special technique to build the zip
if any one can direct to information on building RUU may be we can give it a try
Click to expand...
Click to collapse
It has a digiotal signature that you are modifying by packing it with a normal zip program. Instead, use 7zip this way:
- extract the files you want to edit
- edit them (for text editor use notepad++ as others like normal notepad\word\wordpad are creating unneeded newline chars)
- open the zip with 7zip again and drag and drop the files you want to replace into 7zip.
Alex C. said:
It has a digiotal signature that you are modifying by packing it with a normal zip program. Instead, use 7zip this way:
- extract the files you want to edit
- edit them (for text editor use notepad++ as others like normal notepad\word\wordpad are creating unneeded newline chars)
- open the zip with 7zip again and drag and drop the files you want to replace into 7zip.
Click to expand...
Click to collapse
I'm guessing it's only possible to modify the CID of the .zip this way? I got an idea of replacing recovery.img in the zip to a CWM.img, guessing it wouldn't work?
EDIT: I pulled the rom.zip from the 1.33.401.1 RUU and it wouldn't let me put my modified android-info.txt back into the .zip, 7zip gave me a "Not implemented/Operation not supported" error :/
qzfive said:
I'm guessing it's only possible to modify the CID of the .zip this way? I got an idea of replacing recovery.img in the zip to a CWM.img, guessing it wouldn't work?
EDIT: I pulled the rom.zip from the 1.33.401.1 RUU and it wouldn't let me put my modified android-info.txt back into the .zip, 7zip gave me a "Not implemented/Operation not supported" error :/
Click to expand...
Click to collapse
7zip said "Not implemented"? Weird.. So you are simply using drag and drop, eh?
As a side note, remove the first 256 bytes of the file, which is the RSA signature (for example using HxD) to get a "proper" zip file. All modifications of the file will invalidate the signature anyway, you won't be able to flash it unless you're S-OFF or through an exploit.
Yup, Drag and Drop gives the error "Not Implemented", and clicking the Add icon gives the error "Operation is not supported"
Funnily enough, WinRAR says "C:\Users\James\Desktop\PH06IMG.zip: The archive is corrupt" when trying to add files to it
I'm guessing HTC made their .zips pretty secure then :/
xdbg said:
As a side note, remove the first 256 bytes of the file, which is the RSA signature (for example using HxD) to get a "proper" zip file. All modifications of the file will invalidate the signature anyway, you won't be able to flash it unless you're S-OFF or through an exploit.
Click to expand...
Click to collapse
I've edited with 7zip and the signature was not invalidated. The files were then flashed.
do i have to buy xtc clip to get gold card or what ?
cause i cant find any other way to do it
Search on Google: gold card creator. You can also search "gold card" on XDA.
It worked Thanks....
what to do if i cant get adb shell root?
zergRush doesnt work saying Hellions with blue flames
the 2nd link is dead, and i guess its based on the same exploit
all i need is to flash europe 1.33.401.1 on top of 1.57.707.2
s-on
aZzz.bZzz said:
what to do if i cant get adb shell root?
zergRush doesnt work saying Hellions with blue flames
the 2nd link is dead, and i guess its based on the same exploit
all i need is to flash europe 1.33.401.1 on top of 1.57.707.2
s-on
Click to expand...
Click to collapse
facing similar issue... ok got adb shell working (already rooted) but failed at last command and says not enough memory ... card empty and phone got abt 80mb free.
my phone is s-on, and factory unlocked. Do i still need goldcard? read reviews long time ago that unlocked phone dont need that, only branded one need goldcard.
wish the xtc clip were cheaper ...
thank you , you were right it just wants a post on my wall.
I am sorry for the off topic but is there any easy tutorial how to Sim Carrier unlock MY HTC chacha S-ON, if there is one ?
I have USA Version CHACHA , with firmware 1.60.xxx
Really downgrade firmware? And do S-OFF?
With gold card not have downgrade
Related
DO NOT USE THIS IF YOUR PHONE CAME WITH GINGERBREAD Or newer Software. Use the Ace Hack Kit for DHD
How to downgrade to 1.32.405.6 WWE
HTC - Quietly S-OFF. Again.
About:
The problems started when HTC released their 1.72.405.3 OTA update. That update could not be rooted, and many people got stuck in stock roms. Now a downgrade method has arrived! After this process, you can use any root (+ S-OFF) method you want. Basically your device will be just like any other Desire HD with older build version. Downgrading will completely reset your device to factory defaults, so remember to back up all important data (such as contacts, game saves and sms messages).
System requirements:
HTC Sync (or ADB drivers)
Desire HD with build number 1.72 or higher
[Warning] Telus DHDs may lose sound because the 1.32.405.6 is not fully compatible with the sound chip. Just start using a custom ROM, and it will work fine.
How to downgrade:
Section 1
Disable any antivirus software
If you have a branded / regional (like Indian or Vodaphone) device, you have to make a Goldcard. Use "mmc2" instead of "mmc1"!!
Download the attached file and extract it
Get stock 1.32 PD98IMG.zip ROM, mirror
Put the PD98IMG.zip into your SD card. Do not put it into a folder, and do not extract it.
Click to expand...
Click to collapse
Section 2a [For Froyo ROMs, 1.7x and 1.8x]
Connect Desire HD to a computer. Charge only, USB Debugging enabled!
Open up a cmd and go to Downgrade folder, execute commands:
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
Click to expand...
Click to collapse
Section 2b [For Gingerbread ROMs, 2.x]
Connect Desire HD to a computer. Charge only, USB Debugging enabled!
Open up a cmd and go to Downgrade folder, execute commands:
Code:
adb push misc_version /data/local/tmp
adb push fre3vo /data/local/tmp
adb shell chmod 777 /data/local/tmp/fre3vo
adb shell chmod 777 /data/local/tmp/misc_version
adb shell
./data/local/tmp/fre3vo -debug -start FBB00000 -end FFFFFFFF
Click to expand...
Click to collapse
Section 3
If you got "#" in the result, you have temporary root! Proceed with commands:
Code:
cd /data/local/tmp
./misc_version -s 1.31.405.6
Close the CMD. Reboot while holding volume down, it will go to the bootloader
Follow the instructions (start the update)
Done. You can now click my thanks button! Proceed with old S-OFF methods, and remove the PD98IMG.zip from your SD. I recommend Radio S-OFF for new users.
Click to expand...
Click to collapse
Big thanks: Scotty2, Guhl and the fre3vo team
Downloadcount for Downgrade package v1 is 15808, and for v2 it is 32012.
FAQ:
Q: Will I lose all my settings and applications?
- Yes, so make a backup with MyBackup Pro.
Q: I have done Radio S-OFF and SuperCID, do I need this?
- No, with those you do not need this kind of trickery.
Q: I have flashed a custom ROM with e.g. 1.84 build number, do I need this?
- No, with ClockworkMod you can jump between builds freely.
Q: It says '#' but I still cannot use root applications!
- That is normal, this method only gives root in command line. Just go ahead and downgrade.
Q: Is my phone Froyo or Gingerbread?
- Check it in Settings -> About -> Software information -> Android version. 2.2 is Froyo and 2.3 is Gingerbread.
Q: How do I navigate to downgrade folder?
- You can read this short and easy explanation.
Click to expand...
Click to collapse
Troubleshooting:
- "Main version is older"? You did not type everything correctly. Please try it again and see if any errors come up.
- "Error opening backup file"? You did not use "Charge only" -connection, or your SD card is faulty.
- "CID mismatch/CID incorrect"? Your device is branded. Just make a Goldcard, put the PD98IMG.zip to the card again and go to the bootloader.
- "Model ID incorrect"? Some Telus DHDs get this, just make a Goldcard.
- "Failed to set prot mask (Inappropriate ioctl for device)"? Use Gingerbread method to downgrade.
- Zip will not load in bootloader? Format your SD card to FAT32, no quick format! You can also try another SD.
- Problems while making Goldcard? See this post.
- PD98IMG.zip md5sum is: C3D244A9F056E48EE3851A14FF52204C
Click to expand...
Click to collapse
If you like my work, please consider: (or just hit the thanks button )
Am I missing something or is it your link that just ain't there ?? lol
mcnob said:
Am I missing something or is it your link that just ain't there ?? lol
Click to expand...
Click to collapse
He's most likely updating it as we type - hate clutter so lets sit back and wait
http://forum.xda-developers.com/showpost.php?p=10428859&postcount=162
mcnob said:
Am I missing something or is it your link that just ain't there ?? lol
Click to expand...
Click to collapse
Look:
http://forum.xda-developers.com/showpost.php?p=10428115&postcount=54
but you should use DHD RUU (not desire Z) and lower version numer (since unbranded rootable version for DHD is 1.32.405.6)
Great work to everyone involved, now finally those lame "root doesn't work" posts will vanish
Excellent
So has any one tried it?
Got temp root trying to flash old ruu...lets see
I have temproot working. Currently downloading the RUU file on my REALLY slow internet...
I think there is a couple of small errors?
cd /data/local/tmp
./misc-version -s 1.31.405.3
should be
cd /data/local/tmp/
./misc_version -s 1.31.405.3
also, the psneuter is a .txt file, just remove the .txt extension to use the file.
robE9 said:
Got temp root trying to flash old ruu...lets see
Click to expand...
Click to collapse
Second confirmation for temp root but I've ran out of time to flash RUU
"So, rebooted in bootloader, loaded pd98img.zip....checked it but after says Main Version is older ! Update Fail ! Press power to reboot.
Any ideeas to try ?
Once i am home again I shall donate a crate of beer to the team!!
BlackTigerX said:
Great work to everyone involved, now finally those lame "root doesn't work" posts will vanish
Click to expand...
Click to collapse
You still will not have permanent root of 1.72/1.75! but this does allow you to downgrade and attain root on older Firmware
robE9 said:
"So, rebooted in bootloader, loaded pd98img.zip....checked it but after says Main Version is older ! Update Fail ! Press power to reboot.
Any ideeas to try ?
Click to expand...
Click to collapse
Did you get #, and did you run the misc_version executable? Did you write the version number correctly there?
ghostofcain said:
You still will not have root of 1.72/1.75! but this does allow you to downgrade and attain root on older Firmware
Click to expand...
Click to collapse
That is right. The psneuter gives temporary root, but as scotty2 said, it kind of shoots the current rom in the head while doing that..
i tried again with _ instead of - at version and now its updating hope will be ok
.. PD98IMG.zip to apply the file gives me an error
View attachment 483907
Any ideas?. Thanks!
Is it possible to flash the PD98IMG without using an SD card?
My DHD bricked mine http://forum.xda-developers.com/showthread.php?t=895593
apside said:
.. PD98IMG.zip to apply the file gives me an error
Any ideas?. Thanks!
Click to expand...
Click to collapse
What error? I cannot find error in that screenshot.
xdario said:
Is it possible to flash the PD98IMG without using an SD card?
My DHD bricked mine http://forum.xda-developers.com/showthread.php?t=895593
Click to expand...
Click to collapse
The RUU itself might work, but I would not bet on it. Just get a new SD.
apside said:
.. PD98IMG.zip to apply the file gives me an error
View attachment 483907
Any ideas?. Thanks!
Click to expand...
Click to collapse
dont write "reboot bootloader" just reboot by power buton and press down the volume button until you are in bootloader
Btw the downgrade was succesfull, i just rooted with visionary thx guys a lot :X
at me work fine
DISCLAIMER: This guide and package are provided as-is. I do not accept any responsibility for damage caused by following the guide or using the programs. This process was used by myself for rooting, unlocking and installing ROMs on my own Telus Desire HD. Please read through the entire guide ahead of time and make sure you understand where all the files in the package are.
Introduction
I noticed there was a good deal of confusion about the forums as to what to do with the Telus Desire HD and whether it was closer to the European DHD or the Inspire 4G. Turns out its closer to the Inspire 4G. jkoljo helped figure out what needed to be done to successfully flash this phone, so don't forget to thank him!
By the way, don't order a SIM unlock code if you need to unlock the phone so you can use it on another network. This procedure allows you to SIM unlock you phone without an unlock code. (Refer to step 22 in Section B.d).
Feel free to let me know if theres anything wrong or missing or if you have any questions.
Enjoy rooting and ROMing!
-AlexDP
-------------------------
Note: All the files needed for this process are included in this package. The folders for each section are located under folders with corresponding names (i.e. the files for Preparation are in the "Preparation" folder).
Download the package here:
-Full version, includes the PD98IMG.zip stock downgrade ROM file.
-Lighter version with no PD98IMG.zip file. You can get the necessary PD98IMG.zip file from here and use it when needed as per the guide.
A. Preparation Notes:
-Install HTC Sync (from the "Step 1 - HTC Sync" folder")
-Set your phone to allow usb debugging by going to Settings->Applications->Development and checking off USB debugging.
-Make sure you have the same SIM card if you've logged into Android Market before.
-Leave your Desire HD plugged in to your PC. Choose Charging only when prompted (unless you need to copy files to your SD, in which case switch to Mount drive).
-At the end of the process, once your all done rooting, save a copy of the following files from your SD card just in case:
hboot_check.nb0
hboot_eng.nb0
part7backup-SomeNumbersHere.img
hboot_original.bin
-Create a Gold Card:
Install GoldCard Helper from the Android Market,
Run it and make note of the value listed after Card:mmc2, Reverse CID. It should be a long series of numbers and letters. (make sure to use mmc2, the default copy to clipboard copies mmc1 ..)
Visit this page (http://psas.revskills.de/?q=goldcard), enter the new copied number and create your goldcard image, which will be e-mailed to you.
Save the file attached in the email to your PC.
Install HxD Hex Editor on your computer, from the "Step 4 - Gold Card" folder.
Run HxD Hex Editor. ("Run as Administrator" under Vista and Windows 7).
Go to the Extra menu and select Open Disk. Under physical disk, select Removable Disk (your microSD card), uncheck Open as Read only and click OK. Note that you should select physical disk NOT the logical disk. This is important!
Go to the Extra menu again and select Open Disk Image. Open the goldcard image that you received by email.
Press OK when prompted for Sector Size (selecting 512 (Hard disks/Floppy disks)) and click OK.
You should now have two tabs - one is your removable disk, the other is your goldcard image.
Click on the goldcard image tab. Go to the Edit menu, choose Select All then select the Edit menu again and select Copy.
Click on the Removable Disk tab. Highlight offset (line) 00000000 to offset (line) 00000170 (including the 00000170 line), then click on the Edit menu and select Paste Write.
Click on the File menu and select Save, accepting the warning.
Your Gold Card SD card is completed.
----
B. Rooting (Do this if you just want to root, or if you want to install a custom rom, do this first):
B.a Downgrade Process
1- Copy the PD98IMG.zip file from the "Step 1 - PD98IMG" folder and put it on the root of your SD card (i.e. not in any folders). Do NOT rename this file.
2- Go to the "Common files" folder and double click Start Here.
3- Copy the files in "Step 3 - Downgrade" to the "Common files" folder.
4- In the new command window that opens, type the following commands (you shouldn't get any errors. hit enter after each):
Code:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
NOTE: You should have the "#" sign instead of the "$". If you do, you have temporary root, and can continue on.
Code:
/data/local/tmp/misc_version -s 1.31.405.3
exit
Note: If you get an error while running the step before exit, try using 1.31.405.6 instead of .3.
5- Type adb reboot bootloader and hit enter. Your phone will be switched into the white bootloader screen. Wait for the bootloader screen.
6- Hit the power button to select bootloader from the options. It'll automatically find the PD98IMG.zip and start examining it. You'll see a blue progress bar at the top right. Once it finishes it'll ask you to hit volume up if you want to install. Do so. Don't worry if some items are marked "Bypassed" during install.
7- Once its done, it'll ask you to hit the power button to restart. Android should boot up.
8- Set the usb debugging option again. (Refer to Preparation step 2).
B.b Temp Root
Note: As an alternative to this section, you can download and install Visionary on your phone and have it do the temproot, by tapping the Temproot Now option. If you do this, jump straight to section B.d once you're done. If you have trouble doing this, or Visionary shows "rooting" then gets stuck or get a black screen, reboot your phone and follow this section fo the guide.
9- Make sure your SIM card is in when signing in to the Android Market for the next steps, otherwise it'll give you an error saying it can't access the Google server (!?! wtf, btw...)
10- Copy the files from the "Step 10 - Temp Root" folder to the "Common files" folder.
11- Go to the "Common files" folder and double click Start Here.
12- In the new command window that opens, type the following commands (you shouldn't get any errors. hit enter after each):
Code:
adb push su /sdcard/su
adb push Superuser.apk /sdcard/Superuser.apk
adb push rage /data/local/tmp/rage
adb push busybox /data/local/tmp/busybox
adb push root /data/local/tmp/root
adb shell chmod 0755 /data/local/tmp/*
13- On the HTC Desire HD, install the Android Terminal Emulator (by Jack Palevich) app from the Android Market.
14- Launch the Terminal Emulator, and run the following command: /data/local/tmp/rage
15- After a minute or so, you will see the following message on the phone Forked #### childs. Press the Menu button & select Reset Term. The Terminal Emulator will exit out.(If you don't see this after a few minutes, something is wrong. Retrace your steps).
16- Launch Terminal Emulator. It will force close. Launch it a second time, and you'll have a root shell (i.e. you'll see a # sign instead of the $ sign in the console).
B.c Permanent Root
Note: It turns out this section (B.c) is actually unnecessary as its taken care of later in the process already. You can safely skip this section and go straight to section B.d.
17- Copy the files from the "Step 17 - Permanent Root" folder to the "Common files" folder.
18- Go to the "Common files" folder and double click Start Here.
19- In the new command window that opens, type the following commands (you shouldn't get any errors. hit enter after each):
Code:
adb push gfree /data/local
adb shell chmod 777 /data/local/gfree
20- Launch the Terminal Emulator on your phone and run the following commands:
Code:
/data/local/gfree -f
sync
/data/local/tmp/root
NOTE: You may see an error that states mkdir: /system/xbin already exists, if you do, simply ignore and continue on.
Code:
sync
21- Wait for this to finish. Once done, restart the HTC Desire HD.
B.d Unlock phone for flashing ROMs and carrier unlocking
Note: The order of these steps has been changed, but the folder names haven't been updated. Please pay good attention to the instructions here.
22- Run Easy Radio Tool (in the "Step 23 - Easy Radio Tool" folder), select the first option (especially if you want to SIM unlock, if not the Radio S-OFF option is sufficient). Follow the directions in the program. Make sure to accept the SuperUser request on the phone when it pops up (keep your phone unlocked so you see it). It may fail at one point and your phone will restart. If it does, thats ok just run it again and it'll finish successfully this time.
23- Run EasyS-OFF (in the "Step 24 - EasyS-OFF" folder) and follow the instructions.
B.e Flash ClockworksMod Recovery
24- Download and run ROM Manager from the Android Market and have it install ClockworksMod Recovery.
24.I If you're not flashing a Gingerbread-based ROM (like CM7), please choose the last option in the list "All ClockworkMod Recoveries" then choose 2.5.1.3.
24.II If your installing a CyanogenMod or any other Gingerbread-based ROM you must have ClockworkMod Recovery 3.0 and above, so just choose the first option in the list, "Flash ClockworkMod Recovery".
If this fails with a message about permissions, it means you haven't rooted correctly, retrace your steps.
----
C. Flashing a new ROM:
1- Download the ROM of your choice (I recommend Android Revolution HD, available here: http://forum.xda-developers.com/showthread.php?t=840040, but feel free to chose any). Copy the zip for the ROM to your SD card. Inside ROM Manager, click Install ROM from SD Card and select the ROM that you put on your SD card. Select wipe data and cache and optionally the backup checkbox. Let it finish installing and rebooting your device.
Note: If you are flashing to a ROM other than a stock Telus ROM (Raidroid Stockify is a stock Telus ROM), you will have to enter your APN settings manually. If you're using your phone on a different network than Telus, you will have to enter your APN settings.
Note:If you want CyanogenMod, it's available inside ROM Manager and you dont need to do this part and you can skip to the very last step. If you want to install CyanogenMod 7 or any Gingerbread-based ROM, you must first update your ClockworkMod Recovery to 3.0 and above. Please note that you can't restore from a backup or install a non-Gingerbread ROM from ClockworkMod Recovery 3.0 and above. If you need to restore from backup or downgrade, install ClockworkMod Recovery 2.5.1.3 (ROM Manager -> All ClockworkMod Recoveries -> 2.5.1.3) then proceed to flash or restore as needed.
2- Copy Telus Kernel.zip to your SD card from the "Step 2 - Telus Kernel" folder.
3- Run Kernel Update Utility (in the "Step 3 - Kernel Update Utility" folder) and click "Select a cwm zip", then click next, then click Go to fastboot, wait for the white bootloader screen on your phone, then click Flash. Once it's done, it'll reboot back into Android.
4- Once that's done click next, wait for the USB connection and USB debugging mode notification.
5- Click flash button in Kernel Update Utility and once that's done click finish.
Your done! Sound works perfectly and so does Wi-Fi!
--------------------------
Guide Credits:
This guide and package was pieced together from various other guides and packages after exploring the various posts and methods on the topic, mostly from Xda-Developers. I've listed them here:
Gold Card Guide: http://www.droid-den.com/android-guides/android-guide-how-to-create-a-gold-card
CyanogenMod Downgrade and Rooting guide: http://wiki.cyanogenmod.com/index.php?title=HTC_Desire_HD:_Full_Update_Guide#Downgrade_to_1.32.405.6
How to downgrade: http://forum.xda-developers.com/showthread.php?t=905003
One click Radio S-OFF tool: http://forum.xda-developers.com/showthread.php?t=857537
One click ENG S-OFF: http://forum.xda-developers.com/showthread.php?t=855403
Desire HD, no sound thread (thanks jkoljo): http://forum.xda-developers.com/showthread.php?t=949909&page=10
Thanks to everyone who wrote those guides and these programs and made it possible for us to flash the Telus Desire HD, specifically jkoljo, who put his own time into it.
Instead of gfree and rage, you can just use Visionary and Radio S-OFF Tool, saves a lot of time
Sent from my Desire HD using Tapatalk
True. I was personally having some trouble with Visionary though... after hitting temproot now or temproot on boot it'd show the rooting screen, then hang there and turn black. The whole phone would get slow too.
I'll probably add that as alternative steps tomorrow morning when I wake though. Thanks for the feedback!
Sent from my Desire HD using XDA App
Alex, thanks so much. I don't yet have the device, but was looking for a fool-proof rooting/sound-maintaining guide before purchasing. I knew it would come in good time
I also had tons of trouble using Visionary to temp/perm root my Desire Z. I would definitely shy away from that method, especially if you're comfortable with ADB. Your method, while it may take longer, works great.
Does this also provide a SIM Unlock like it does the G2?
Does flashing the Telus Kernel from the Kernel Update Utility yield a different result than flashing it from Clockwork?
Thanks Guys. Guide worked Perfect!
You should remove the gfree part of your guide, Easy Radio Tool does exactly the same, but in one click. In the current form, you are Radio S-OFFing two times.
Gfree does not give you permanent root.
jkoljo said:
You should remove the gfree part of your guide, Easy Radio Tool does exactly the same, but in one click. In the current form, you are Radio S-OFFing two times.
Gfree does not give you permanent root.
Click to expand...
Click to collapse
So you mean the entire part B.c, right? Thanks again for your feedback!
Yes, entire B.c section, and flashing ClockworkMod should be the last step of all.
jkoljo said:
Yes, entire B.c section, and flashing ClockworkMod should be the last step of all.
Click to expand...
Click to collapse
Thanks, updated as such.
I'm getting this error:
mmap<> failed. Operation not permitted
On section B a -4 on the command
adb shell /data/local/tmp/psneuter adb shell
Anyone know what's causing it?
Hey guys, has anyone been successful in getting sound on the cm7 nightly ROM?
omegacell said:
I'm getting this error:
mmap<> failed. Operation not permitted
On section B a -4 on the command
adb shell /data/local/tmp/psneuter adb shell
Anyone know what's causing it?
Click to expand...
Click to collapse
I'm sorry, there was a mistake. It should be:
adb shell /data/local/tmp/psneuter
<hit enter>
adb shell
<hit enter>
Instead of:
adb shell /data/local/tmp/psneuter adb shell
I've updated the guide to reflect that.
sound and other stuff
plasticdarlow said:
Hey guys, has anyone been successful in getting sound on the cm7 nightly ROM?
Click to expand...
Click to collapse
Nope I cant get any sound and if youflash the telus zip I just get stuck at htc logo, funny thing is I can get sound through fm radio only, i get sound oon fm radio through headset and through speaker but not on anything else.
I'm getting stuck during root process....any ideas???
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb push psneuter /data/local/tmp
2490 KB/s (0 bytes in 557962.000s)
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb push misc_version /data/local/tmp
15 KB/s (0 bytes in 15837.001s)
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb shell chmod 777 /data/local/tmp/psneuter
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb shell chmod 777 /data/local/tmp/misc_version
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>adb shell /data/local/tmp/psneuter
mmap() failed. Operation not permitted
C:\Documents and Settings\waycoy\Desktop\Telus Desire HD\Common files>
I loaded cm 6 and got no sound at all either. Which roms are people having good luck with?
Sent from my Nexus One using XDA App
Step Ba6 when applying PD98IMG.zip I recieve a "Model ID incorrect!" and "Update Fail!". Any suggestions? There were no errors up to that point. My scree is currently sitting at Press POWER to reboot. Not wanting to brick - am I ok to POWER. Model on the packing box shows A9192 if that means anything.
dr_pepper said:
Step Ba6 when applying PD98IMG.zip I recieve a "Model ID incorrect!" and "Update Fail!". Any suggestions? There were no errors up to that point. My scree is currently sitting at Press POWER to reboot. Not wanting to brick - am I ok to POWER. Model on the packing box shows A9192 if that means anything.
Click to expand...
Click to collapse
you can reboot my phone had the same problem i was unable to downgrade i was stuck at that point for a while. i dont know if there is a fix for this yet.
Bummer. Thanks for the reply
gold card
Did you guys use a gold card. Did you follow everything from the start down. I did it last night and had no problems. The only problem you will have if you get it done is with roms. At this point it is probably best just to get root and wait for some roms that use the right kernel, some roms sound tinny, some just don't work. CM7 doesn't work with sound at all and if you apply the TELUS kernel it locks up at HTC boot screen.
Before I start this thread, I should say that all credit goes to otaking71 for finding this crack.
The two original threads are here
http://forum.xda-developers.com/showthread.php?t=1255043
http://forum.xda-developers.com/showthread.php?t=1255360
All of the work was done in the #htc_evo_shift channel on freenode irc.
Table of contents:
1. Hboot information about the exploit.
2. Downgrading
2.1 Notes
3. Full root(Updated 2.2 root)
4. Links
5. Credits/donation links
I will aim to make it so this mod can be ported to other devices to help downgrade bootloaders and software. Please read the entire thread before flashing anything and trying this.
Hboot
Hboot uses a hidden partition to check everything it flashes against, this partition is "misc", or hboot -1, or on the shift mmcblk0p17(hboot itself is at mmcblk0p18).
Some raw dumps of this partition using strings to filter ascii strings brings out this type of dump.
Locked bootloader for the evo shift's dump
"SPCS_001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
2.76.651.4
FNOC
FNOC"
Unlocked bootloader for the verizon thunderbolt
"VZW__001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
1.02.605.6
FNOC
FNOC"
Eng spl unlocked evo shift
"FN0C
FN0C
FN0C"
Now the place to focus at is the version numbers, 2.76.651.4. Hboot will check all items you try to flash via hboot or ruu utility against this number and if it is lower than what you are trying to flash, it will allow you to proceed in flashing through hboot, or ruu. If the number is higher, it will reject the flash. If the number doesn't exist(like in the eng spl) it will assume it is able to flash it(ONLY TESTED ON ENG SPL, not locked bootloaders). So by dumping the TB's misc partition into our own, we made it so the locked hboot would accept flashes. Either by RUU or hboot.
We believe the package you flash still needs to be signed though so that only leaves you with official ruu's and extracted ruu zips.
Joeykrim's history(Located on the second page of this thread)
joeykrim said:
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)
Click to expand...
Click to collapse
How to downgrade your device
For the shift, will be different on other devices with a bit of modding.
1. Temproot(With Fre3vo for the shift) http://forum.xda-developers.com/showthread.php?t=1185243
2. Move the file misc.img to the root of your sdcard, and PG06IMG.zip too if you plan on flashing through hboot.
3. Modify the misc partition to bypass the version check, type the following in an adb shell or a terminal emulator on your phone.
Code:
dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
Note for other devs: misc.img is the image from the TB, could be other images as long as it has a lower version number.
4. This is up to you, you can either use the ruu utility to revert or the PG06IMG.zip in hboot. I'll include links to both. Since both utilities check the misc partition, both are able to flash =)
5. Reboot and then full root like normal on your downgraded device.
Notes
1. When flashing hboot/using this exploit it always flashes twice/stops early and recontinues. Don't worry about it, this is normal(Sometimes it looks like more than 2 but just chill out).
2. Some SDcards are not recognized by hboot, so you will either have to switch cards for this operation or use the ruu utility method.
3. Remove the PG06IMG from your sdcard after flash, or hboot will pick it up next time.
Full root for downgraded 2.2
Flash ENG bootloader
1. Download these files and extract them to the root of your sdcard: www.thebcblends.com/shift/Shift-root.zip
2. Obtain temproot from z4Root, visionary, OR CM's temproot wiki
3. Flash hboot with Engineer SPL:
Code:
dd if=/sdcard/Shift/hboot_eng.nb0 of=/dev/block/mmcblk0p18
4. Boot into bootloader and check for S-OFF
Flashing a recovery
1. Grab latest shift recovery from: http://www.koushikdutta.com/2010/02/clockwork-recovery-image.html
2. Make sure you're temprooted(may have to temp root again)
3. Install recovery from rom manager
Alternative install can be done if you grab another recovery's recovery.img and do one of the following below.
a. Okay this is for those with fastboot - flash the recovery with fastboot: fastboot flash recovery recovery.img
b. This is for those where fastboot doesn't work or they don't have it - 1. Place recovery.img on the root of your sdcard, then type the command below.
Code:
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21
Full root/Rom flashing
Well I know you don't have anything you want to save from the 2.2 ruu since it's just a stock flash, so I am going to leave it off here as flash whatever rom you want over the new system via recovery and you should end up with a fully rooted android.
Just remember to wipe data/factory reset after flash.
Links - MD5Sums aren't terribly important here as the files will not flash if they are not correct due to the signatures.
Fre3vo temp root for GB - http://forum.xda-developers.com/showthread.php?t=1185243
misc.img for the misc partition - http://dl.dropbox.com/u/41040697/misc.img MD5Sum: c88dd947eb3b36eec90503a3525ae0de
Misc.img mirror(You guys took down my second dropbox.....trying a different site now): http://www.box.net/shared/0l8ex73zne0tfr10ob69
Second mics.img mirror: http://dl.dropbox.com/u/15373824/misc.img
Another mirror for misc.img: http://dev-host.org/a9dbnuzgb9qv/misc.zip (Thanks Fdxrider)
Official ruu file for downgrading to 2.2 - http://www.multiupload.com/15N2D30H6C MD5SUM: a4b880954d2ac29d5bdf0dade9dede3c
PG06IMG for hboot downgrading to 2.2 - http://dl.dropbox.com/u/41040697/PG06IMG.zip MD5SUM: d20be478fd860b80f5e800c958f79077
Mirror for PG06IMG(First link went down temporarily due to generating too much traffic on my account, good job guys xD) - http://dl.dropbox.com/u/15373824/PG06IMG.zip
Mirror for PG06IMG: http://dev-host.org/xmlaaco0s2ph/PG06IMG.zip
2.2 root [Bcnice guide]- http://forum.xda-developers.com/showthread.php?t=932153
Cm's rooting method(For those without z4root or visionary) - http://wiki.cyanogenmod.com/wiki/HTC_Evo_Shift_4G:_Full_Update_Guide
Credits
Otaking71 - Discoverer of this exploit for the shift and working throughout the night to establish it as a working downgrade.
Bcnice20 & other 2.2 root devs - I borrowed your root methods for this guide, and linked to them. Just had to update it for recovery basically.
Stuke00 - Fre3vo temp root for 2.3.3
Joeykrim - Donating that history for the curious minds.
Donation links:
Otaking71 - Main driver of this discovery/creator and came up with this theory
http://forum.xda-developers.com/donatetome.php?u=1762836
Should we vote this to the front or try to keep it on the downlow?
^ Shift Faced
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Something of that sort, you can obtain full root through this exploit. Though it's through downgrading the firmware you use old 2.2 rooting methods.
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
YoungCorruption said:
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
Click to expand...
Click to collapse
sounds like its time to change your siggy there youngcorruption!
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
halrulez said:
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
Click to expand...
Click to collapse
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Nice write up, thanks to otaking and scary you all saved the shifters from a horrible ota update
Sent from my Supreme Shift using Tapatalk
Scaryghoul said:
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Click to expand...
Click to collapse
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
halrulez said:
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
Click to expand...
Click to collapse
Either one, you can either mount your phone on usb and move the misc.img to your sdcard then type the command in terminal on your phone.
OR
You can adb push the file to your sdcard then adb shell the command.
I'll make the instructions more detailed in a bit.
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
I just did it and it worked perfectly. Back on 2.2, ready to root. Thanks again to otaking and scary for all your hard work.
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
halrulez said:
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
Click to expand...
Click to collapse
you might need to install htc sync to run ruu's. http://www.htc.com/managed-assets/support/software/htc-sync/setup_3.0.5557.exe
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Best day ever!!!!!!!!!!!!!!!!!!!!!!!!!
strapped365 said:
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Click to expand...
Click to collapse
provide link to said drivers?
riggsandroid said:
provide link to said drivers?
Click to expand...
Click to collapse
kinda cant provide an actual link directly to the drivers because i had to set up unrevoked just like i was rooting an evo, so i just hinted they were in the tool
http://unrevoked.com/recovery/
thats where you can get the tool from to setup your drivers if you have issues with sync not playing well or your pc just dont want to read the drivers right
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
blakeatl said:
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
Click to expand...
Click to collapse
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)
UPDATED as of 18 DEC 2012 clarified and fixed some things..
Worldwide disclaimer not held responsible if something went wrong blah blah blah goes here..
Click to expand...
Click to collapse
THIS GUIDE WILL VOID YOUR WARRANTY BECAUSE OF THE HTC-DEV UNLOCK METHOD!!! And you can only use this guide if you are on HBOOT v2.xx
Click to expand...
Click to collapse
This guide may also be used for DEBRANDING your phone..
Click to expand...
Click to collapse
Check my sig first, then these for proper and additional information:
[GUIDE] Possible FIX for the infamous eMMC problem..
[Q] Bricked my phone?
NOTE:
RUUs with v1.xxx have HBOOTs with v0.98.000, while v2.xxx have HBOOTs with 2.00.002, and the ICS RUU has the only HBOOT v2.02.002
Click to expand...
Click to collapse
I will not supply the necessary files that is needed, you MUST know how to use SEARCH. I also suggest to give THANKS to those who originally made/uploaded the files.
Requirements:
Common Sense
- it helps A LOT
HTC Sync for Desire S - Installed
- for its drivers and such, or you may just install the "naked" drivers
Android Windows Tools - Installed
- for adb, fastboot commands
HTC-Dev unlocked
- to change recovery and ROM
Custom recovery
- to flash Root Access
SuperSU or SuperUser flashable zip
- to have Root Access
Root Access
- to change phone version
misc_version file (attached)
- file needed to change phone version
GoldCard
- to flash any version of RUUs
RUU executable file
- to DOWN/UPgrade
Click to expand...
Click to collapse
Quick tip:
Copy-Paste the cmd codes for you to not have any problem. 1 typo error (extra digit on misc_version) will render your phone unable to RUU.
Click to expand...
Click to collapse
Preparations
a. Create a folder "downsaga" on your C:
b. Copy misc_version, recovery.img(custom) on that folder.
c. Copy SuperSU's or SuperUser's flashable zip to your SD card.
Click to expand...
Click to collapse
Creating a Gold Card (use below or attn1's GoldCard Method)
a. Install Goldcard Helper from the market on your phone
b. Run it and copy the CID for MMC2, or email the info to yours
c. This number has already been reversed so go to http://psas.revskills.de/?q=goldcard, fill out the required fields.
d. Download the image file that was emailed to you.
e. Connect phone as a "Disk drive" using USB cable.
f. Use Gold Card Tool to flash your image file to your phone's SD card. (you might need to reformat it first with Panasonic's SD Formatter)
g. Disconnect safely from the PC.
NOTE:Your sd card is now a GoldCard unless you reformat it again. You should now be able to RUU to any version you would like given that the bootloader is LOCKED.
Click to expand...
Click to collapse
Unlocking the bootloader
a. Go to htcdev.com/bootloader
b. Proceed and follow every step on the guide
c. You just need to install Android Windows Tools files for it. No need to download the SDK and JAVA.
d. Once done, boot on bootloader and you should be able to notice if its UNLOCKED.
Click to expand...
Click to collapse
Flashing Custom Recovery
a. The phone must be on bootloader, then go to fastboot
b. Open up command prompt then type:
Code:
fastboot flash recovery C:\downsaga\recovery.img
fastboot reboot-bootloader
d. Access recovery
Click to expand...
Click to collapse
Flashing Root Access
a. Flash SuperSU or SuperUser
b. Reboot the phone normally
Click to expand...
Click to collapse
Modifying the version of your phone
a. Connect the phone using USB cable using "Charge ONLY" and USB Debugging is ON.
b. Open command prompt and input these codes:
Code:
adb push C:\downsaga\misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell
su
cd /data/local/tmp
./misc_version -s 1.27.405.6
exit
adb reboot-bootloader
c. Your phone should now be read as the version you've placed there (but not visible to settings)
Click to expand...
Click to collapse
Locking the bootloader
a. You should be on fastboot
c. In cmd use this command to lock the bootloader:
Code:
fastboot oem lock
c. You might receive an error message on your CMD but don't mind it. The phone should restart itself automatically on bootloader, and you should be able to notice at the top saying "***RE-LOCKED***", and might also has *Security Warning*. Just ignore.
Click to expand...
Click to collapse
Downgrading
a. Make sure you are still on fastboot with the above message.
b. Open the RUU that you've chosen to install on your phone
c. The RUU must detect your phone version as 1.27.405.6
d. If you have received errors, then you've done something wrong. Review everything that you've done and check the guide again.
Click to expand...
Click to collapse
If everything went well, you should have successfully downgraded your phone and your HBOOT.
Hey man it seems you did it! So HTC official unlocker can be handy after all.
Great job! I assume that now you will use Revolutionary to gain S-OFF and back to flashing?
amidabuddha said:
Hey man it seems you did it! So HTC official unlocker can be handy after all.
Great job! I assume that now you will use Revolutionary to gain S-OFF and back to flashing?
Click to expand...
Click to collapse
yes sir'ree!
And howto flash your hboot in recoverymode
Use flash_image to flash your hboot to older version.
flash_image /dev/block/mmcblk0p18 )(path to an older hboot file)
NikMel said:
Use flash_image to flash your hboot to older version.
flash_image /dev/block/mmcblk0p18 )(path to an older hboot file)
Click to expand...
Click to collapse
You wouldn't be able to do that on an official, latest S-ON HBOOT. I have already tried that but will just give you an INFOsignature error.
Skanob said:
Step 1: Creating a Gold Card
a. Install Goldcard Helper from the market
b. Run it and copy the CID for MMC2, or email the info to yours
c. This number has already been reversed so go to http://psas.revskills.de/?q=goldcard, fill out the required fields.
d. Download the image file that was emailed to you.
e. Connect phone as a "Disk drive" using USB cable.
f. Use Gold Card Tool to flash your image file to your phone's SD card. (you might need to reformat it first with Panasonic's SD Formatter and then format it with the Gold Card Tool again)
g. Disconnect safely from the PC, and disconnect the cable.
Click to expand...
Click to collapse
Why would you use such an obsolete method to make a gold card?
after temproot,
windows batch script ( example filename: gc.cmd ):
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid > tcid
set/p cid= < tcid
del tcid
adb shell /data/local/tmp/goldcard -c %cid% -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
Linux shell script (example filename: gc.sh ):
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
cid=`adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid`
adb shell /data/local/tmp/goldcard -c $cid -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
get the android goldcard binary here:
Thanks to Revskills for the algorythm and to GenePoole for the Android binary.
With this, the entire process can be scripted.
Skanob said:
You wouldn't be able to do that on an official, latest S-ON HBOOT. I have already tried that but will just give you an INFOsignature error.
Click to expand...
Click to collapse
You can do that in recoverymode within adb shell #
I use 4ext recoverymode
attn1 said:
Why would you use such an obsolete method to make a gold card?
after temproot,
windows batch:
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid > tcid
set/p cid= < tcid
del tcid
adb shell /data/local/tmp/goldcard -c %cid% -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
Linux Shell:
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
cid=`adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid`
adb shell /data/local/tmp/goldcard -c $cid -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
get the android goldcard binary here:
Thanks to Revskills for the algorythm and to GenePoole for the Android binary.
With this, the entire process can be scripted.
Click to expand...
Click to collapse
well, that obsolete-method for me is a hell-of-a-lot easier and noob-proof. no code needed. and also leaves you a copy of your goldcard.img
NikMel said:
You can do that in recoverymode within adb shell #
I use 4ext recoverymode
Click to expand...
Click to collapse
That didn't worked for me. Prior to downgrading, check my sig. I'm using the official S-ON, not the ENG S-OFF leaked.
Skanob said:
well, that obsolete-method for me is a hell-of-a-lot easier and noob-proof. no code needed. and also leaves you a copy of your goldcard.img
Click to expand...
Click to collapse
No way is it easier or noob proof. When I used this method on the Ace Hack Kit goldcard errors dropped to none. Since you are already running adb commands and pushing crap to the phone, what's the big deal with this?
With this, there is no need for hacky tools, not mounting/dismounting the sdcard (risking corruption from unflushed write buffers and improper dismounts), and no need to go to the revskills website.
This runs in about a second and it's done.
attn1 said:
No way is it easier or noob proof. When I used this method on the Ace Hack Kit goldcard errors dropped to none. Since you are already running adb commands and pushing crap to the phone, what's the big deal with this?
With this, there is no need for hacky tools, not mounting/dismounting the sdcard, and no need to go to the revskills website or copy files back from email. This runs in about second and it's done.
Click to expand...
Click to collapse
I believe that that is based on your preference. Which I observed really knows a lot about adb.
And what is in the guide is based on my own preference. Which for me does not know much about adb.
They still can follow which ever method they would like.
Well, it would still give us the same result. Having a GoldCard.
Skanob said:
I believe that that is based on your preference. Which I observed really knows a lot about adb.
And what is in the guide is based on my own preference. Which for me does not know much about adb.
They still can follow which ever method they would like.
Well, it would still give us the same result. Having a GoldCard.
Click to expand...
Click to collapse
Mine is based on real results after thousands of uses of the Ace Hack Kit, which formerly did things the obsolete way.
Yours is based on preference.
But you are right, either way will result in a goldcard if executed properly.
attn1 said:
Mine is based on real results after thousands of uses of the Ace Hack Kit, which formerly did things the obsolete way.
Yours is based on preference.
But you are right, either way will result in a goldcard if executed properly.
Click to expand...
Click to collapse
yeah. I'll update the guide with your method aswell. Thanks aswell!
High five!
Skanob said:
yeah. I'll update the guide with your method aswell. Thanks aswell!
High five!
Click to expand...
Click to collapse
You're welcome.
Make a note that those are the contents of a script - .cmd or .sh.
FYI, if you try this to make the goldcard image, the one generated should match the md5 of one you got from Revskills.
Once you do it this way, you will never go back.
@Scanob
Since you change your guide in step 6 to run RUU instead of PG88IMG.zip than the Goldcard is no longer needed isn't it?
misc_version not found error....
I don't know how to find this official recovery.img. (Yes I try to find it...)
Step 4: Flashing official recovery.img
amidabuddha said:
@Scanob
Since you change your guide in step 6 to run RUU instead of PG88IMG.zip than the Goldcard is no longer needed isn't it?
Click to expand...
Click to collapse
You will still need it. Even the PG88IMG.zip method uses checks as exactly the same as doing an RUU.
hekermeker said:
misc_version not found error....
Click to expand...
Click to collapse
barthdvs said:
I don't know how to find this official recovery.img. (Yes I try to find it...)
Step 4: Flashing official recovery.img
Click to expand...
Click to collapse
Re-check the guide after a few
@barthdvs
Getting the Official files
a. Download the HTC_EUROPE_2.10.401.5 RUU file.
b. Run the file and do not close
c. Go to your temp folder on your computer and find the rom.zip file.
d. Copy it somewhere else.
e. Extract the rom.zip and you should now have the official .img files from the RUU.
f. Use the respective files needed for the guide.
or the files is here (files exrtract from HTC_EUROPE_2.10.401.5 RUU file)
Boot.img : http://www.multiupload.com/JME2WRDQEQ
recovery.img : http://www.multiupload.com/MX64VDUICI
There is a new downgrade option released for firmware 1.36.970.1 to 1.15.970.1.
However my Japanese is not perfect and my understanding of hacking is very weak.
If there is someone more in the know could understand what the steps to take are that would be great.
Good luck all. I hope someone can make a guide as well to help other out.
I'll try my best as well.
Here is the link.
http://htcsoku.info/htcsokudev-news/au-deluxe-136to115-downgrade/
link to RUU 1.15.970.1 is dead
I have successfully downgraded my J Butterfly based on those instructions. I have simplified it because the original instructions seems to be overly complicated. It involved tricking a system app with root privileges to run an custom command, only to use run_root_shell later anyway.
I also did not use the run_root_shell supplied by the guide, instead I compiled a newer version direct from the source: https://github.com/android-rooting-tools/android_run_root_shell
You'll need
1. revone.dna-0.2.1
http://forum.xda-developers.com/showthread.php?t=2314582
2. A newer build of run_root_shell (attached)
3. 1.15 ROM: PL99IMG_DLX_WLJ_JB_45_KDDI_JP_1.15.970.1_R_Radio_1.00.10.1127_3_NV_2.28_01C_release_signed.zip
(renamed to rom.zip in this tutorial)
https://mega.co.nz/#!jQtQ0BLS!279lf8k4sbKPTmWHTsPg6hbaGDatpq3xGGv4aE8N1h4
4. firmware.zip extracted from OTA_DLX_WLJ_JB_45_KDDI_JP_1.36.970.1-1.29.970.1_release_330380g3nfgypcfojku8a9.zip:
http://kie.nu/1urK
5. adb and fastboot
6. An HEX editor such as XVI32
THIS WILL WIPE YOUR USER DATA, BACKUP ALL YOUR STUFF FIRST
Steps:
1. Run the following commands in command prompt to push files required by run_root_shell to device:
adb push run_root_shell /data/local/tmp/
adb push device.db /data/local/tmp/
2. Run in command prompt:
adb shell
to access the shell on your device. Run the following commands to run run_root_shell, disregard messages about HTL21 not supported. You will be returned to the command line but with a hash (#) instead of a dollar sign, that means you have temprooted.
cd /data/local/tmp/
chmod 755 *
./run_root_shell
3. Run these commands on device shell:
chmod 666 /dev/msm_acdb
dd if=/dev/block/mmcblk0p21 of=/sdcard/p21
4. Run in another command prompt:
adb pull /sdcard/p21
to pull the file p21 from device, then open it with an HEX editor. Refer to the images on the original Japanese tutorial, change the version number near "ClearAutoImage" to 1.00.000.0 and save the file as p21mod.
5. Push the modified file back to the device by running in command prompt:
adb push p21mod /sdcard/p21mod
6. Back to the device shell, run these commands to write the modifications to the device and reboot into bootloader.
dd if=/sdcard/p21mod of=/dev/block/mmcblk0p21
reboot bootloader
7. Run in command prompt:
fastboot oem rebootRUU
to boot to RUU.
8. Run in command prompt:
fastboot flash zip firmware.zip
and it willl fail with this error: "FAILED (remote: 90 hboot pre-update! please flush image again immediately)"
9. Run in command prompt:
fastboot flash zip rom.zip
to flash 1.15 ROM. It should take around 6 minutes. This wipes your user data.
10. In command prompt, push run_root_shell to device again. Also push revone.dna-0.2.1 to device.
adb push run_root_shell /data/local/tmp/
adb push device.db /data/local/tmp/
adb push revone.dna-0.2.1 /data/local/tmp/revone.dna
11. Refer to step 2 to temproot again.
12. Run revone.dna on device shell:
./revone.dna -P
and you should see "revone successful - please reboot to continue".
13. Reboot and repeat step 12 again, this time you should see "revone successful - no need to reboot".
14. Run on device shell:
./revone.dna -s 0 -u
and you should see "revone successful".
15. ???
16. PROFIT!
You have now successfully S-OFFed and may proceed to unlocking and SuperCIDing your device as usual.
Corrupted
Phil_123 said:
3. 1.15 ROM: PL99IMG_DLX_WLJ_JB_45_KDDI_JP_1.15.970.1_R_Radio_1.00.10.1127_3_NV_2.28_01C_release_signed.zip
(renamed to rom.zip in this tutorial)
.
Click to expand...
Click to collapse
I have downloaded this file twice and found it corrupted. Can't open it so i can't uncompress and reach firmware.zip either.
:crying:
Could you reupload it?
corrupted
darky4e said:
I have downloaded this file twice and found it corrupted. Can't open it so i can't uncompress and reach firmware.zip either.
:crying:
Could you reupload it?
Click to expand...
Click to collapse
I have "fixed" it by Zip2Fix and made a zip file what can be extracted. But the two zip file size isn't match so i guess its isn't the same and there isn't any firmware.zip in the nem zip file so i guess the program extracted everything.
I have read that some people succesfully used corrupted ruu, and it's made corrupted by reason. I will read more about it and try to find a correct firmware.zip for the method. If you could help me in any means it would be great.
darky4e said:
I have "fixed" it by Zip2Fix and made a zip file what can be extracted. But the two zip file size isn't match so i guess its isn't the same and there isn't any firmware.zip in the nem zip file so i guess the program extracted everything.
I have read that some people succesfully used corrupted ruu, and it's made corrupted by reason. I will read more about it and try to find a correct firmware.zip for the method. If you could help me in any means it would be great.
Click to expand...
Click to collapse
My bad, my instructions were wrong. I wrote them only after successfully doing it myself, I must have mixed some things up while writing.
I looked at the original Japanese guide again, the firmware.zip is in OTA_DLX_WLJ_JB_45_KDDI_JP_1.36.970.1-1.29.970.1_release_330380g3nfgypcfojku8a9.zip and can be downloaded here:
http://kie.nu/1urK
Phil_123 said:
My bad, my instructions were wrong. I wrote them only after successfully doing it myself, I must have mixed some things up while writing.
I looked at the original Japanese guide again, the firmware.zip is in OTA_DLX_WLJ_JB_45_KDDI_JP_1.36.970.1-1.29.970.1_release_330380g3nfgypcfojku8a9.zip and can be downloaded here:
http://kie.nu/1urK
Click to expand...
Click to collapse
Thank you very much! I have succesfully downgraded the phone! Thx for the instructions again!!
run_root_shell and revone.dna-0.2.1 work with HTC Butterfly kddi HTL21 with HBOOT 1.41 ? I'am stuck on run_root_shell and it say's "Error No such file or directory" when I use the command in adb "$ ./run_root_shell"
what can I do ?
dfani511 said:
run_root_shell and revone.dna-0.2.1 work with HTC Butterfly kddi HTL21 with HBOOT 1.41 ? I'am stuck on run_root_shell and it say's "Error No such file or directory" when I use the command in adb "$ ./run_root_shell"
what can I do ?
Click to expand...
Click to collapse
This method can only be used for the software version of the 1.36.970.1, I think your software version 1.39.970.1 is not SOFF
i have 1.39.970.3 ?????????????
OTA ??????????
Nice share, im succesfully unlock soff with this way
Sent from my MITO_A10 using XDA Free mobile app
"htl21 1399703 firmware" I want up because it cannot find the file.