Database Info

110 Error RUU 1.56 Fix - 100% unroot too!

Update - 2/21/2011
If you have bricked an HTC EVO this will likely NOT work for you and this is the wrong info to be reading. I have gotten a few emails from this link about EVO 110 errors.
12/26/2010 - This thread is super old now:
If you ran the 1.56 RUU and your phone no longer turns on visit htc.com, go to support, choose Hero (Sprint) and download the 2.1 system update.
Remove battery from your phone and start it up again, then run the exe file that you just downloaded -
http://member.america.htc.com/downlo...2.27.651.6.exe
------All the info below is kept for reference -------
(As of 3/31/2010 - I am 10 for 10 for getting these back and working!! 3/3 of going back to 100% stock)
Edit: I have no longer kept track... its been over a month and I know personally I've done about 15 more of these... with about half being return to stock.
If you need to contact me, PLEASE EMAIL instead of using private messages, it'll probably turn into a google talk chat anyways, so add me on there, [email protected] (Its just easier than having to log in here and reply to private messages, since I get emails on the go as well.)
So you just ran the 1.56 RUU and got a 110 error. Now your screen turns on and stays black and if you plug the phone into USB you see the HTC logo. Unplug it and see the RUU menu.
Like you, I decided to attempt to roll back using the RUU 1.56. I was hit with the 110 error, and nothing but fastboot would work, I was able to launch ./fastboot-mac oem boot to get into the system.
I tried ./fastboot-mac boot image/bootname.img and a billion other things like everyone else who is having the issue, but just like them I had no success. In the second post below are the steps to resolve this issue. This will either take you to your first Nandroid backup or to whatever ROM you choose to flash once you get recovery back. I have not found a way to get back to 100% stock, but at least your phone wont be a brick.
EDIT:As of 3/30/2010 @ 8:30 PM I was able to get my phone completely 100% to stock. I was able to do this by retrieving a Nandroid restore from someone who used flashrec to make their initial backup. This restore does not touch the recovery image but I was able to boot into my recovery then write the HTC recovery back on top of it. I now have 100% un-rooted phone. See Post number 2 for the right way to do this.?
I've helped a few people over log me in now.
I'm willing to continue doing this but it is cutting into my family time, I will do this for a "respectable" amount of money.
Feel like I've helped you??
Buy me some coffee!

(Zip attached includes fix and stock folders. Use the fix folder FIRST to get completely booted. You can use the stock folder if you want to get 100% stock after you have a running unrooted system but have RA recovery.)
Steps to resolve:
(You SHOULD have a Nandroid backup of some sort, if not download a ROM... Fresh1.1??)
1) Boot the phone to black screen
2) Plug phone into PC/MAC - The HTC logo should appear at this point
---- If you've been doing anything else, rerun the RUU and let it fail and reboot to the HTC logo.
3) PC - fastboot oem boot | MAC - ./fastboot oem boot
(Make sure you turn on USB Debugging under Settings --> Applications --> Developer)
4) Root your phone using asroot2
Code:
adb push asroot2 /data/local/
adb shell chmod 0755 /data/local/asroot2
adb shell
/data/local/asroot2 /system/bin/sh
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4775 su
5) This is where your Nandroid backup comes into play.
(Browse to your nandroid folder, find your first backup and copy all of the .img files except system and cache to your SD card root directory)
NOTE: At this point you should dismount the SD card if you mounted inside of Android OS(Sense/Launcher)
6) run adb shell (PC - adb shell | Mac - ./adb shell)
7) type su
8) Run the following commands (if you get out of memory errors, type su again and try once more)
NOTE: Do not copy the "#"'s in the commands, the # just means you are running as SU, as opposed to the "$"
Code:
# flash_image recovery /sdcard/recovery.img
# flash_image boot /sdcard/boot.img
# flash_image misc /sdcard/misc.img
9) now... type reboot recovery
This time you should get your recovery menu, should have been RA or whatever you used... from there I did a complete nandroid restore and my system booted.
Also, after I did this I did try to let it boot without doing a recovery and it wouldnt go anywhere... but I'm fairly impatient... it may have wanted to load. I figured it best to do an entire Nandroid restore though.
-------------------------------------------------------------
100% Stock Configuration Work Around
-------------------------------------------------------------
Non-Rooted Nandroid Backup:
nandroid.7z
I was able to get my phone completely 100% to stock. I was able to do this by retrieving a Nandroid restore from someone who used flashrec to make their initial backup. This restore does not touch the recovery image but I was able to boot into my recovery then write the HTC recovery back on top of it. I now have 100% un-rooted phone. I'm not sure how to go about posting a 127MB file, what do you think it the best place?
After restoring the Nandroid backup I tried this:
Code:
Dustan-Bonneys-MacBook:tools dustanbonney$ ./adb shell
$ su
su: permission denied
Then I rebooted to recovery (I used RA 1.5.2)
Code:
Dustan-Bonneys-MacBook:tools dustanbonney$ ./adb remount
remount succeeded
Dustan-Bonneys-MacBook:tools dustanbonney$ ./adb shell
/ # mount -a
mount: mounting /dev/block/mmcblk0p2 on /system/sd failed: No such file or directory
/ # cd /sdcard
/sdcard # flash_image recovery /sdcard/Stock/recovery.img
flashing recovery from /sdcard/Stock/recovery.img
/sdcard # reboot recovery
I was booted to the Triangle and exclamation mark... I pulled the battery and booted up normally.
Stock Kernel - 2.6.27-533ce29d [email protected] )
Stock Build - 1.56.651.2 CL85027 release-keys

Other things that should be mentioned:
If you used RA 1.6.2 - I was unable to get my boot.img or the stock boot.img from the RUU's rom.zip to flash back to the recovery partition. I had to use the RA 1.6.2.img and "flash_image recovery /sdcard/recoverynamegoeshere.img"
It seems that if you've flashed the radio update, the RUU does not write the radio back successfully. Others have had issues going back to the stock radio using the upgrade.zip option as well.
I attempted to use the boot.img, recovery.img, from the RUU's rom.zip with no success. I might try it again. I was able to get to stock recovery (Triangle and exclamation) and to the Hboot menu... but from hboot I had to run the RUU and rebrick the device cause I couldnt get anything at that point, even fastboot oem boot wouldnt load.
There have been times when I get weird issues writing the flash recovery, boot, or misc and when you reboot and load "fastboot oem boot" it wont look like it goes anywhere.... check "adb devices" and your device should be listed. From there do an "adb remount" and then "adb shell" and reflash once more and then "reboot recovery".
If all else fails, I'm available for a small fee.
[email protected]

Anxiously waiting your news. Just encountered this problem today.

Updated ...
imekul said:
Anxiously waiting your news. Just encountered this problem today.
Click to expand...
Click to collapse

Wow! If you've fixed this, I think you're everyone's hero now. We won't have to worry about using the RUU now

I was going to try something similar to this today, but i was unable to brick my phone using the 1.56.651.2 RUU. I was running Flipz updated radio and DamageControl v2.0r2.. The RUU completed successfully..
I was reading over the forum post in http://forum.xda-developers.com/showthread.php?t=645002 and i read that you could boot the system using the command 'fastboot oem boot' I was going to try to use FlashRec to do the work of Flashing the recovery, then booting into recovery and use nandroid.. but you beat me to it! Good work!

I attempted flashing a new recovery image this way with no avail... I also attempted only
Code:
flash_image recovery /sdcard/recovery.img
and still was unable to boot the phone into recovery. I think it had to have been something with doing boot.img and recovery.img at the same time... I dont know what the misc.img does and I'm assuming data.img is userdata... but I did them all and then it worked...
Other users also tried flashrec and with no success... right track though.
chavo2005 said:
I was going to try something similar to this today, but i was unable to brick my phone using the 1.56.651.2 RUU. I was running Flipz updated radio and DamageControl v2.0r2.. The RUU completed successfully..
I was reading over the forum post in http://forum.xda-developers.com/showthread.php?t=645002 and i read that you could boot the system using the command 'fastboot oem boot' I was going to try to use FlashRec to do the work of Flashing the recovery, then booting into recovery and use nandroid.. but you beat me to it! Good work!
Click to expand...
Click to collapse

What do u mean by 3) PC - fastboot oem boot | MAC - oem boot?

blankd3ckskat3r said:
What do u mean by 3) PC - fastboot oem boot | MAC - oem boot?
Click to expand...
Click to collapse
if your using a pc type fastboot oem boot
if your using a mac type ./fastboot oem boot

This!
Thanks Regaw
regaw_leinad said:
if your using a pc type fastboot oem boot
if your using a mac type ./fastboot oem boot
Click to expand...
Click to collapse

Trying this right now.
So far, am getting lots of "mtd: write error" and "mtd: re-read error" Out of memory errors for flashing the recovery image. Guess I'll give this some time, and try to su again and reflash? Or should I kill it as soon as the Out of memory errors pop up and try again?

If you get errors like...
adb shell
su
flash_image recovery .........
(out of memory... etc)
Then...
just su again... so you really su twice
its what I had to do.
imekul said:
Trying this right now.
So far, am getting lots of "mtd: write error" and "mtd: re-read error" Out of memory errors for flashing the recovery image. Guess I'll give this some time, and try to su again and reflash? Or should I kill it as soon as the Out of memory errors pop up and try again?
Click to expand...
Click to collapse

Trying it a second time, and so far am getting a bunch of Out of memory errors. After the first one "finished," I did as you recommended and typed "su" a second time, and then typed the "flash_image recovery /sdcard/recovery.img" command.
So far, looks like it's giving the same errors the second time around.

This second attempt, it ended with "error writing recovery: No space left on device."
Just to be sure, I checked the SD card, and that has over 1 GB of free space.

If you're willing to allow something like logmein.com or some way for me to remote assist you, I would like to try. [email protected] if you're in.
imekul said:
This second attempt, it ended with "error writing recovery: No space left on device."
Just to be sure, I checked the SD card, and that has over 1 GB of free space.
Click to expand...
Click to collapse

Sounds awesome. Thanks. I'll e-mail you now.

Dun Dun Dun... The results are in!
imekul said:
Sounds awesome. Thanks. I'll e-mail you now.
Click to expand...
Click to collapse

dfbonney is the man!!
After a friendly little session on LogMeIn Express, I am good as new! How awesome!!

imekul said:
dfbonney is the man!!
After a friendly little session on LogMeIn Express, I am good as new! How awesome!!
Click to expand...
Click to collapse
We ended up just needing to run
Code:
adb shell
reboot
fastboot oem boot
adb shell
su
//flash commands here
that seemed to do it. so make sure if you're having issues to restart the device and try again!
Edit: Also, we didnt get data.img to work so we only did boot, recovery, and misc.img's

[Guide] How to gain root on 2.2 for Mac

*******UPDATED 8/31/10 *******
This rooting method was adapted from regaw_leinad's method and toastcfh's method. By following these steps you will successfully downgrade your phone back to android 2.1 in order to gain root.
I don't trust unrevoked as I have had problems with it in the past.

I am not responsible for any damages to your phone.
special thanks to:
regaw_leinad
Sebastian Krahmer
Toastcfh
amon_ra
FILES YOU WILL NEED:
copy and paste into browser
Code:
sdx-downloads.com/sdx/evo/troot/eng-PC36IMG.zip
evo4g.me/downloads//count.php?target=evo-root.zip
files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
developer.android.com/sdk/index.html
You will need the Android SDK in order to communicate between your computer and your phone. Download it (last link above) and follow the setup instructions that it comes with.
Unzip the contents of the evo-root.zip and put all the files from it into the tools folder located in the android sdk folder.
Rename the eng-PC36IMG.zip to PC36IMG.zip and then put it the tools folder located in the android sdk folder. DO NOT UNZIP IT!

******* PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738 *******
Move the recovery-RA-evo-v1.8.0.img into the android sdk folder as well.
Make sure usb debugging is enabled on your device. To do so go to Settings > Applications > Development > and make sure the check box is checked.
Plug your phone into the computer. Select "Charge Only" from the notifications bar.
Open up terminal and navigate your way into the android sdk folder.
Code:
cd /
cd asdk
Push all the files onto your phone.
Code:
tools/adb push /asdk/tools/flash_image /sdcard/
tools/adb push /asdk/tools/rageagainstthecage-arm5.bin /data/local/tmp/
tools/adb push /asdk/tools/mtd-eng.img /sdcard/
tools/adb push /asdk/tools/PC36IMG.zip /sdcard/
tools/adb push /asdk/tools/recovery-RA-evo-v1.8.0.img /sdcard/
Note that the PC36IMG.zip will take longer than the other files to transfer to the sdcard because it is a large file.

Now we will make rageagainstthecage.bin executable.
Code:
tools/adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
You should see this (below) after it has made the change.
Code:
$
Now to use the rooted shell.
Code:
cd /data/local/tmp
./rageagainstthecage-arm5.bin
You will now see some text on your terminal screen describing the exploit. 

Wait for the adb shell to finish the process. At this point it may or may not terminate the current shell session in terminal. If it does then it should look like this:
Code:
users-iMac:asdk user$
If it doesn't it will return to
Code:
$
in that case you need to exit the current session. To do so type
Code:
exit

Now we need initiate a new shell which should now have root permissions.
Enter the following:
Code:
tools/adb shell
and you will see you now have a
Code:
#
instead of
Code:
$
Now we need to flash the mdt-eng.img in order for it to let us install a custom recovery
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
That will flash your misc partition with Toast's mtd-eng.img


This should return you to
Code:
#
Now boot into hBoot
Code:
reboot bootloader
This will reboot your phone into hBoot. It will scan for the PC36IMG.img. When it asks yes or no, select yes.
It should then reflash your phone into the engineering build.
When it asks to reboot select yes.
You will need to flash custom recovery in order to be able to flash other custom roms or modifications. I use Amon_RA's recovery because it works great and has NEVER caused me any problems.
Now, open up terminal and get back into the android sdk folder
Code:
cd /
cd asdk
Since we have already pushed the recovery onto the sdcard we only need to flash the recovery onto the phone so that we can use it
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery-RA-evo-v1.8.0.img
Now lets rename that PC36IMG.zip file again
Code:
mv /sdcard/PC36IMG.zip /sdcard/eng-PC36IMG.zip
that way your phone doesn't try to flash it when you go into recovery each time
And last but not least we need to boot into it to flash a custom rom
Code:
reboot recovery
Your phone should then reboot into Amon_RA's recovery and you may now head over to the dev forum to find your new favorite custom rom.

very nice! can anyone confirm this? my buddy wants me to root his 2.2 and i would like to try this.

To make life easier for some people add this to your post mate, and apply it yourself if you would like.
Here is how to add your sdk/tools directory to your .bash_profile file so you won't have to navigate to the folder each time.
Download this so you'll be able to see your hidden files http://www.mediafire.com/?diimft1ninn Run it, check "Show Hidden Files" then click Restart finder. Now, navigate to your home folder (/Users/UserName/) and see if there's a .bash_profile already there. If not, create with textedit.
Now add this to the file: export PATH=${PATH}:/Path/Of/Your/Sdk/Tools/Folder
Mine is /Users/bmxrider4444/Documents/Android/SDK/tools
Now do not save it as rich text. If yours is in rich text, click on "Format" in the menu bar, and click "make plain text". Now save it as .bash_profile and uncheck "if no extension is provided, use .txt".
Now you can go back to Ghost and uncheck "Show all hidden files" and restart finder again (special thanks to ajones7279 for these steps)
Enjoy!
Just as clarification as to what this does, it enables you to run adb commands and other commands without having to navigate to the /android/tools/ folder every time you want to run adb or whatever.

does this work?

seekis said:
At this point we need to push the recovery onto the sdcard
Code:
tools/adb push "location of recovery-RA-evo-v1.8.0.img" /sdcard/
Click to expand...
Click to collapse
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.

^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am

seekis said:
I don't trust unrevoked as I have had problems with it in the past.

I am not responsible for any damages to your phone.
Click to expand...
Click to collapse
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.

randymac88 said:
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
Click to expand...
Click to collapse
Thats not the exact code no. I just put that as a place holder you are suppose to put in the location of where you have the recovery.img. For example, the exact command for me would be:
Code:
/Users/seekis/Downloads/recovery-ra-evo-v1.8.0.img
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
Click to expand...
Click to collapse
As far as using unrevoked, I stated that I, ME, MYSELF, has had issues with it. not that anybody else has. By all means go and use it if you would like. I will not. It is true that you will loose PRI 1.40, but seeing as how even after installing the OTA from HTC my phone still didn't update it to 1.40, I don't see the issue.

rsage said:
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
Click to expand...
Click to collapse
i believe it does unlock nand seeing as how i adapted it from toasts method

Hey Seekis - question, I'm stuck here. I keep getting "permission denied", or "operation not permitted" when trying to make the exploit executable at this step:
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Am I missing something? I've tried a million times and can't seem to get past this. I've successfully pushed all the files onto the sdcard.
I've also have had some trouble finding the exact root path to these files. I've been able to navigate, but I would think a lot of users would have some trouble.
Regardless, many thanks for getting this posted...
EDIT: I pushed the rageagainstthecage file to the sdcard by mistake. Will try again tomorrow.

ok i got rid of that step by moving the file into the android sdk and pushing it with all the other files

Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!

The wife's EVO is now fully rooted running Baked Snack 1.5 w/Netarchy's kernel. Touch and go there for a minute, but it all worked out. No 1.40 PRI, but I don't really care about that right now.
Woot! Thanks Seekis!!

do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?

FoxHound630 said:
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
Click to expand...
Click to collapse
You can mount the card on your system and copy paste it over as well, yes.

randymac88 said:
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
Click to expand...
Click to collapse
Had the same issue. When i first booked into the bootloader i had to select recovery then flash PC36IMG.zip. Then boot loop. Then i went back into the bootloader and it automagically read in the PC36IMG.zip and flashed it, then i got stock 2.1 root. Just a few minutes of "oh crap"

I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!

atom_jack said:
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
Click to expand...
Click to collapse
i dont know what to tell you other than try again. this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.

seekis said:
i dont know what to tell you other than try again.
Click to expand...
Click to collapse
So after you flash PC36IMG.zip you should automatically get a root (#) prompt when going into the shell? ie, I'll have rooted 2.1 yes?
seekis said:
this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
Click to expand...
Click to collapse
Aha. Ok, I will keep trying til it gives me a root shell, I guess. I also tried unrevoked3 but that didn't seem to work.

Success!! So, I stupidly assumed that all PC36IMG.zip's were the same, and was using the one from the original 2.2 PC thread. Once I got the correct one, voila!
You might want to post the md5 of the one you are using, so there's no confusion for others. Also, you missed a tiny step when you first start up hboot - you have to select fastboot for it to start scanning for PC36IMG.zip.
Thanks!

[Q] adb shell "exec '/system/bin/sh' failed: No such file or directory (2)"

Hey,
Ok so a little backstory before my problem: So I was in the middle of putting a new ROM on my captivate. I had one before but i wanted to change so I put the rom in update.zip and installed it will clockworkmod recovery. It installed fine I think but then when I tried to boot it gets stuck on the boot screen. So i tried to boot in recovery mode. I geld down both the volume buttons and the power button until it reboots twice, then I let go of the power button. but it still gets stuck on the boot screen and does not go into recovery mode. So i plugged it into my computer and using
Code:
adb devices
it shows up under recovery mode. So far so good. I can use the
Code:
adb reboot
and
Code:
adb push
commands fine. but when i try to use
Code:
adb shell
it says
Code:
exec '/system/bin/sh' failed: No such file or directory (2)
So i can not reflash the recovery image. I read that I just needed to mount the /system file. But i do not know how to do this. the "mount" command does not work with adb. I would appreciate anything to help me to either reflash the rom or restore to factory or anything where i can work off of. thanks

I have exactly the same problem.
Did you get to a solution to this?
Good luck, dude.

Is there a solution to this without using a Motorola Factory cable? I don't have the resources to make one and I don't have money to buy one.

I'm not sure putting the rom into "update.zip" was the right choice.
adb shell could fail because the partition is not mounted, the sh binary is not installed, or not at the correct location
If you can still get the captivate into download mode, you could use odin/heimdall to flash a working ROM.

First of all...thanks to everyone that has EVER posted in the XDA forums! I've spent days reading them and I came across one that had a suggested solution for my problem. So let's start...
1) Bricked
2) ADB is finally working again...so..not a problem any longer
(Don't ask me how I got it to work again....I have no idea. System was wiped while using TWRP from a bootloop)
3) Now...with system wiped I have no '/system/bin/sh'
4)adb shell will not work because of this. adb root does not work because of production model. adb remount is not permitted.
Now....I came across a thread that suggest using r2.6.2.kindlefire.boot.insecure.img and zergRush. I have the zergRush file, but I need the r2.6.2.kindlefire.boot.insecure.img to push with adb.
Does anyone know where I can get the r2.6.2 at? Filesonic is disabled and Multiupload will not return page.
Link I came across: addictivetips /mobile/gain-root-adb-access-with-insecure-boot-image-for-kindle-fire/

[Q] Question about removing system/bin/recovery?

OK, in the middle of writing up this topic, my situation has suddenly changed. (And changed again.)
The story begins: an old AT&T Samsung Infuse 4G, still on Froyo. Put it through a factory-reset and began to fiddle with how to install Clockwork Mod recovery. So there's the guide to upload a modified 3e recovery.
I run adblinux to push the modified recovery over the stock 3e at "system/bin/recovery" -- but "system/bin" was only in read-only mode and adblinux can't run "mount" and doesn't have permission to enter shell and run "su" (or enter shell as root) and File Manager HD (with Super User privledges) can't modify read-only folder "system/bin".
I managed to find a go around by pushing the modified-recovery into the sdcard's root and going through a terminal emulator on the phone to overwrite the file... but I rebooted the phone without running "chmod" on the newly overwritten file and the Infuse bricked so bad that even the battery in off-state refused to refresh.
I understand and accept what I did should be labelled as 'idiotic', but I did manage to wait at the Samsung logo until adblinux recognized the device and eventually restored the original recovery back to "system/bin" (I also found out adblinux didn't have permission to run chmod in the "system/bin" directory).
So... A few questions before I continue:
Why did (pushing the old recovery) work? ADB initially did not recognized the phone, but then the Infuse came up as "I997ae56e13f recovery" -- why was the name now 'recovery?'
And why does running "./adblinux reboot recovery" brings back the bootloop? (In fact, I cannot enter recovery mode, so something is still wrong -- the recovery file is not 755 and I can't chmod a read-only file-system either from adb or via super-user terminal. The temp-root method times out.)
OK, now I'm going home. I'll probably still try to re-install SuperUser. Maybe that will allow adblinux to run "su" in shell, but I'm not going to try anything too extreme.

Justin20 said:
OK, in the middle of writing up this topic, my situation has suddenly changed. (And changed again.)
The story begins: an old AT&T Samsung Infuse 4G, still on Froyo. Put it through a factory-reset and began to fiddle with how to install Clockwork Mod recovery. So there's the guide to upload a modified 3e recovery.
I run adblinux to push the modified recovery over the stock 3e at "system/bin/recovery" -- but "system/bin" was only in read-only mode and adblinux can't run "mount" and doesn't have permission to enter shell and run "su" (or enter shell as root) and File Manager HD (with Super User privledges) can't modify read-only folder "system/bin".
I managed to find a go around by pushing the modified-recovery into the sdcard's root and going through a terminal emulator on the phone to overwrite the file... but I rebooted the phone without running "chmod" on the newly overwritten file and the Infuse bricked so bad that even the battery in off-state refused to refresh.
I understand and accept what I did should be labelled as 'idiotic', but I did manage to wait at the Samsung logo until adblinux recognized the device and eventually restored the original recovery back to "system/bin" (I also found out adblinux didn't have permission to run chmod in the "system/bin" directory).
So... A few questions before I continue:
Why did (pushing the old recovery) work? ADB initially did not recognized the phone, but then the Infuse came up as "I997ae56e13f recovery" -- why was the name now 'recovery?'
And why does running "./adblinux reboot recovery" brings back the bootloop? (In fact, I cannot enter recovery mode, so something is still wrong -- the recovery file is not 755 and I can't chmod a read-only file-system either from adb or via super-user terminal. The temp-root method times out.)
OK, now I'm going home. I'll probably still try to re-install SuperUser. Maybe that will allow adblinux to run "su" in shell, but I'm not going to try anything too extreme.
Click to expand...
Click to collapse
I am curious how adblinux differs from the linux compiled version of adb. Usually it's just called adb.
Anyway, if you are using a Linux OS, and you pulled the original recovery to your PC before overwriting it, it should maintain it's permissions. Likewise, a push would set the permissions like they were on the host PC as well. They say to chmod afterward, because if you are using a windows packaged/downloaded file, or pushing with a Windows PC, the permissions could be anything in the end (rarely what you really want).
As to why the device name changes, not sure. Device names change based on the ROM installed (not always serial number), so it's not out of the question that recovery could tack on something else.
With above, problem is, even with Linux, it doesn't always line up so permissions can be influenced in a push but you may not get what you were asking for. Try chmod 755 the recovery on the local side and adb push the recovery again, after making a backup of the recovery that is there and see if it continues to bootloop.
If all else fails, as long as you have download mode, you can always use ODIN (or Heimdall) to go back to stock (albeit newer Gingerbread). Option A gives you root only, option D, root + recovery (CWM).
Hope this helps.

Thanks for replying!
joel.maxuel said:
I am curious how adblinux differs from the linux compiled version of adb. Usually it's just called adb.
Click to expand...
Click to collapse
I.. have no idea actually. I don't know how to configure Wine to properly emulate an environment for the Windows ADB and I can't get the correct phone-drivers for my WinXP system. (Kleis won't recognize the rooted phone, though if I leave the phone plugged in while installing Kleis, it will interrupt with a "Samsung Mobile Device connected" message.)
joel.maxuel said:
They say to chmod afterward, because if you are using a windows packaged/downloaded file, or pushing with a Windows PC, the permissions could be anything in the end (rarely what you really want).
With above, problem is, even with Linux, it doesn't always line up so permissions can be influenced in a push but you may not get what you were asking for. Try chmod 755 the recovery on the local side and adb push the recovery again, after making a backup of the recovery that is there and see if it continues to bootloop.
Click to expand...
Click to collapse
Unfortunately I can't chmod and push at the same end.
-I tried changing the permissions of recovery file on my PC, but I wouldn't be able to push it onto the "system/bin" directory in the phone.
-I tried changing the permissions on the existing "/system/bin/recovery" file, but the phone says it's a read-only filesystem.
-I tried chmod from the phone in a different directory, but I can't move the file into the "system/bin" directory (cross-device link), delete the existing recovery file (read-only filesystem), and.. why don't I have the copy command?
joel.maxuel said:
If all else fails, as long as you have download mode, you can always use ODIN (or Heimdall) to go back to stock (albeit newer Gingerbread). Option A gives you root only, option D, root + recovery (CWM).
Click to expand...
Click to collapse
I thought flashing with Odin/Heimdall required access to recovery (to wipe all user data and cache folders either before or after the flash).
Without a recovery mode to boot into, won't I be sunk if things go wrong?
Also, I seem to have a different Heimdall frontend, one that doesn't have slots for PDA. It might be because I'm using an newer/older (1.3.1) edition from Ubuntu 12.04 (the official downloads page only has it for 12.10~13.04 editions of my OS), so I'm probably going to have to command-line it.
Code:
heimdall --verbose flash --factoryfs factoryfs.rfs --cache cache.rfs --modem modem.bin --kernel zImage
Look about right? (No partition image table from the tarball found in that forum link?)

Justin20 said:
I.. have no idea actually. I don't know how to configure Wine to properly emulate an environment for the Windows ADB and I can't get the correct phone-drivers for my WinXP system. (Kleis won't recognize the rooted phone, though if I leave the phone plugged in while installing Kleis, it will interrupt with a "Samsung Mobile Device connected" message.)
Click to expand...
Click to collapse
There is adb for Linux, I think adb is natively Linux anyway (the Windows version being the port). Don't have to worry about drivers if in Linux, due to the native support. If using Debian, Ubuntu (or any other Debian derivative), just need to run:
Code:
sudo apt-get install adb
But judging by immediately below, a different version of ADB probably won't change much.
Justin20 said:
Unfortunately I can't chmod and push at the same end.
-I tried changing the permissions of recovery file on my PC, but I wouldn't be able to push it onto the "system/bin" directory in the phone.
-I tried changing the permissions on the existing "/system/bin/recovery" file, but the phone says it's a read-only filesystem.
-I tried chmod from the phone in a different directory, but I can't move the file into the "system/bin" directory (cross-device link), delete the existing recovery file (read-only filesystem), and.. why don't I have the copy command?
Click to expand...
Click to collapse
'cp' should exist, be interesting if it did not. A different ADB could change the outcome (#1), but as pointed out before, you probably won't get the permissions you wanted in the end. Outcomes 2 and 3 would end up being the same, as the device is mounted read only.
You may get lucky with this:
Code:
adb shell mount -o remount,rw system
If root has any influence with this ADB session, it will remount your /system so you can chmod your recovery file on the device end.
Justin20 said:
I thought flashing with Odin/Heimdall required access to recovery (to wipe all user data and cache folders either before or after the flash).
Without a recovery mode to boot into, won't I be sunk if things go wrong?
Click to expand...
Click to collapse
My understanding is that it is completely separate, as the process will replace recovery to stock as well. But just in case, keep this one as a last resort.
I never used Heimdall, just ODIN through a WinXP Virtual Machine (only heard about Heimdall later), but when I used ODIN, I never had any problem with these generic drivers (adbsetup-1.3):
http://dottech.org/21534/how-to-ins...ows-computer-for-use-with-your-android-phone/

Wow, I wish I took better notes last week. I had to go elsewhere and come back to this project and whatever progress I had made, I think I'm starting over from scratch.
I still can't mount/remount the system folder from anywhere (via ADB under Win/XP and Linux/Ubuntu 12.04); running "su chmod" from the phone still gives a permission denied, changing from Superuser to SuperSU didn't do anything (both programs did find the SU binary to be outdated), and adding a Busybox APK did not add a 'copy' function to my terminal emulator (on the phone) so running an ADB shell would be limited in that regard as well.
I'm going to have to take the phone to a McDonald's and attach a Google account to it. (I would have liked to have done all this offline somehow.)
joel.maxuel said:
when I used ODIN, I never had any problem with these generic drivers (adbsetup-1.3):
http://dottech.org/21534/how-to-ins...ows-computer-for-use-with-your-android-phone/
Click to expand...
Click to collapse
How did you manage to get your virtual OS to go "online?" When I tried installing the Google device drivers that came with adbsetup, a big red "X" popped up (Install failed).
I saw that there was a Java-based ODIN, but it's Java 8.0. Should I be using a later/earlier version of Odin/Heimdall? The latest versions don't support my OS (surprising since they support the latest, 14.04, and 12.10 but not anything between or 12.04, the other big release). The existing XDA threads all use Odin/Heimdall 1.1 -- the 1.3 version I have does NOT look like that (and does not have the "PDA" options in the GUI).

Justin20 said:
How did you manage to get your virtual OS to go "online?" When I tried installing the Google device drivers that came with adbsetup, a big red "X" popped up (Install failed).
Click to expand...
Click to collapse
Did the adbsetup binary change? I remember a DOS install process, so there shouldn't have even been a setup wizard (graphical anyway).
Anyway, to get the virtual OS to recognize, need to right click on the devices icon on the bottom status bar (at least in VirtualBox), looks like a USB drive, and select Android, or whatever pops up.
Hope this helps. Also, did the shell remount mentioned earlier have any effect (using adblinux)?
Sent from my Asus MeMO Pad 8"

joel.maxuel said:
Did the adbsetup binary change? I remember a DOS install process, so there shouldn't have even been a setup wizard (graphical anyway).
Click to expand...
Click to collapse
The DOS prompt process begins a driver install. From there, the Setup Wizard popped up.
joel.maxuel said:
Anyway, to get the virtual OS to recognize, need to right click on the devices icon on the bottom status bar (at least in VirtualBox), looks like a USB drive, and select Android, or whatever pops up.
Click to expand...
Click to collapse
Another bad sign: nothing pops up.
As for using mount/remount, the option "remount" was not found. (It would scroll down the whole list of options and switches.)
I think it's time for me to give up the ghost on fixing this issue. I still don't know how I managed to foul it up in the first place because I tried repeating it (entering the command-prompt from the phone, entering superuser, and moving files into "/system/bin") to no avail. So there is a modified 3e recovery file in "/system/bin" without the correct permissions that's preventing the phone from entering recovery mode (and slowing up the boot-up process and "battery recharge" icon when powered off), but other than that the device works, so that's something.
I still would like to try flashing the entire thing with ODIN/Heimdall if I could get either to work. (I ran the latest Heimdall, 1.4.0 32-bit, under WinXP only to find it was not a valid binary. The various Open Disk-Imager in a Nutshell (ODIN) apps out there, but nothing looks like those used on these forums (and did not include a PDA option).

Justin20 said:
The DOS prompt process begins a driver install. From there, the Setup Wizard popped up.
I still would like to try flashing the entire thing with ODIN/Heimdall if I could get either to work. (I ran the latest Heimdall, 1.4.0 32-bit, under WinXP only to find it was not a valid binary. The various Open Disk-Imager in a Nutshell (ODIN) apps out there, but nothing looks like those used on these forums (and did not include a PDA option).
Click to expand...
Click to collapse
The correct version of ODIN will be packaged with whatever image you choose. Just find a windows machine lying around, install the adbsetup drivers, and flash away. Hope this helps.

build.prop restore - rooted phone but cannot gain SU or root in adb.

Hi all,
I have been through douzens of threads and forums looking for a solution to this.
I followed some instructions to modify the build.prop file on my Huawei G535-L11 to disable Huawei theme manager in order to get Xsposed working fully (changed ro.config.hwtheme: 0). I did a backup of my original build.prop before hand, and my phone was rooted and unlocked but running the stock rom.
Unfortunately, it rebooted but won't go past the first 'EE' splash screen (just turns off again).
I can inconsistently get in to both fastboot and Android recovery, so I have been trying to use adb to push the original build.prop to /system/ on the phone.
However, this fails as /system/ is apparently RO. I have now discovered that I can't get SU permissions despite my phone being rooted.
If I try:
adb shell
$ su
nothing happens and it goes back to a $ prompt.
If I try:
adb root
I get the message (paraphrased):
adb cannot run as root in production builds.
So I can't push or do any adb method of restoring the build.prop file?! I don't understand why it is acting as if it is not rooted. I had Link2sd, Gravity Box, No Frills Cpu Controller all set up and working before, so I'm fairly sure I did truly have root.
I have also tried flashing a TWRP recovery, which apparently is successful, but when I go in to recovery it is still the Android Recovery.
Does anyone have any ideas what I could do to get my phone working again please?! This is my last gasp before the phone gets filed under 'B' in the cylindrical cabinet in the corner of the room! :crying:
Any assistance greatly appreciated!

Bumpty bump?

So what ro.debuggable should be 0 with ro.secure