[INFO] Downgrading firmware - AT&T, Rogers HTC One X, Telstra One XL

Before I start, you do this at your OWN RISK!
For this to work you need to have ADB and an understanding of how to use it and you need root privileges (although I didn't test this). You also need a hex editor of some sort like HxD.
Ok, enough of that. Here goes:
1. Go to the directory that you have adb in.
2. Plug your device in and make sure that debugging is enabled.
3. Type "adb shell" and hit enter.
4. Once at the shell prompt type "su" and hit enter.
5. Then type "dd if=/dev/block/mmcblk0p23 of=/sdcard/misc" and hit enter. It should say "blah records in, blah records out, blah in blah seconds . This will put a file on your "sdcard" that you will need to edit.
6. Next type "exit" and hit enter. Type "exit" and hit enter again.
7. Type "adb pull /sdcard/misc"
8. Now, open your hex editor and browse to the directory that adb is in. Open the misc file that you just pulled from your device.
9. Look for offset 000000A0. It should have 1.xx.xxx.x or something like that.
10. Change this to 1.00.000.0 and save the file as miscMOD.
11. Go back to your command prompt and adb directory. Type "adb push miscMOD /sdcard/miscMOD" and hit enter.
12. Now go back to the android shell. Type "adb shell" and hit enter then type "su" and hit enter again.
13. Now type "dd if=/sdcard/miscMOD of=/dev/block/mmcblk0p23" and hit enter. It should say "blah records in, blah records out, blah in blah seconds . This will overwrite the misc partition with your edited file and effectively tell it that it is version 1.00.000.0.
14. To make sure that this worked you can restart the phone, go to settings, about phone, and software information. Software number should say 1.00.000.0.
15. You can now downgrade your software via RUU.
Enjoy!

easier than expected ... tks for the writeup...

Cheers!!! hope this works for the Rogers HOX

edit will post back shortly

wow! nice to see this.Thanks for your contribution .

Probably not the place for this, but just saw this on JCase twitter feed:
Justin Case ‏@TeamAndIRC
If you are stuck on the 1.85.x.x firmware for the HTC One X (AT&T), have ADB setup, and are fairly confident hit me up
Collapse
Reply
Retweet
Favorite
12:54 PM - 24 May 12 via TweetDeck · Details

Great write up, this will help a lot of people

No go for me. Software number stayed the same.

akvtiger said:
No go for me. Software number stayed the same.
Click to expand...
Click to collapse
Were you trying to do it as root?

grankin01 said:
Were you trying to do it as root?
Click to expand...
Click to collapse
Correct as root. I did another pull and can confirm that change is there. It's just not showing up under Software number.

This process may be made obsolete. Have you tried the bootloader unlock yet. That was the only reason the I even tried to downgrade but I don't think it will affect the way I did the other process at all.

This does not work for some reason. The file was pushed correctly. I pull it back down and the hex was changed to show 1.0.000.0. However, the software still stays 1.82. Any ideas? I also tried using the complete file path to include the two other sub dicrectories /dev/block/platform/msm_sdcc.1. This made no difference as well.

The number should be in this format: 1.00.000.0
That may be your problem.

I have not tried to bootloader unlock. I was just trying to get it back to stock.

akvtiger said:
Correct as root. I did another pull and can confirm that change is there. It's just not showing up under Software number.
Click to expand...
Click to collapse
Same thing for me earlier
Sent from my HTC One X using XDA

That's a typo from me. How do you downgrade even if you unlock the bootloader?

I would say you still need to make it think the main version is lower than the RUU version. I'm not exactly sure what is going wrong with your. :O

odd, this didn't work when I was testing out the first leak and trying to downgrade to the shipped ruu.

Ok two things I figured out. First you need to put your CID back to CWS rather than Rogers. Or use superCID . This fixed my problem. Also if you follow the directions here you dint need to check the software version. Just ADB reboot bootloader and run RUU . It will tell you there which revision you are on. I went from 1.82 to 1.73.

At the top of my "misc" file in my hex editor it says;
CWS__001..
--
Or however many periods. I already unlocked my bootloader [changed to SuperCID(11111111)] so I found that odd that it remained CWS and not 111.
Anywho, I just unlocked my BL and ran the 1.73 [shipping RUU] installer to hopefully downgrade. It went as far as to the "waiting for bootloader" message on the 1.73 installer then displayed an error. I'm not really in the mood to mess around with it, But I'm just sharing my results here. The CWS at the top of my copied over "misc" file still seems odd..

Related

[ROOT][GUIDE] HBoot 2.02/2.10 SOFF - Goodbye Stranger - Upd. 02.25.11

I am sad to say the time has come to retire this post....Now before you get all panicky and ****, just sit your **** down, take your adderall and relax, damn antsy ass people. Anywho, with people our there like xHausx and others that have automated all of this there really isnt a need for me to keep this updated. I will keep the post here for archival purposes but, I will not be updating it, any further. I may pop into the thread here and there but probably not. I would like to thank all those that helped and supported me during this threads run. With out you we would still be stuck.
In the mean time if your looking to root your phone, check out xHausx's thread
here: http://forum.xda-developers.com/showthread.php?t=838448
And no I still dont recommend Clockwork or Unrevoked.
Till next time...Super Tramp - Goodbye Stranger
Archive of the guide as of 2/14/11
READ THIS GUIDE CAREFULLY SEE POST TWO FOR FAQ OR SEARCH THE THREAD.
Presenting the ONE AND ONLY surefire root method that backs up your RSA KEYS prior to rooting !!!!
Also I am aware that unrevoked has out their new tool. However while I was sitting in IRC, I saw many that it wasnt working for. So Until there is a surefire, easy method, I will keep this thread updated.
Credit goes to:
amoamare (Initial method)
toast (fake recovery and script)
unrevoked (thanks for your app)
amon_ra (fixed custom recovery)
chris1683 (thanks for the rom) (sprintlovers)
ryanza (z4root)
illogos, epicroot, xHausx, TrevE, Chubbzlou (Testing)
BooDaddy (RSA Backup Info)
and who ever else I missed
Help me finance my Vette!
zikronix
Disclaimer and well a little fun:
This has been tested on many phones and it worked fine...but if it breaks your **** dont come cry to me about it...you knew the risks! No one here is responsible if you break, brick, set fire, punch, smash, stab, destroy, your self, computer or your phone. The only person responsible is you! Just because it worked for me and others does not mean it will for you. Anytime you flash something its a risk.
Ladies and gentlemen... I've traveled over half our forum to be here tonight. I couldn't get away sooner because I had a POST coming in and I had to see about it. That phone is now rooted at and running well. I have two others comming in and this method has rooted many on the board. So, ladies and gentlemen... if I say my guide works you will agree. You have a great chance here, but bear in mind, you can lose it all if you're not careful.
Out of all methods that beg for a chance to root your phone, maybe one in twenty will work; the rest will be trolls-that's posters trying to get between you and the guide-to get some of the root action that ought by rights come to you. Even if you find one that has a simpler guide, and means to root, he'll maybe know nothing about helping. This is... the way that this works. This method is reliable like no other in this field and that's because its been tested and tested time and time again. I assure you, whatever the others promise to do, when it comes to the showdown, they won't be there...
Downloads
================================================== ====
STOP HERE READ THIS
This Method soley uses Amon_RA Recoveries....Period. A poor soul that lost his RSA keys (broken 4g forever) by recent clock work shenanaigans here
VX - Updated Amon Ra Recovery. Download Here: hboot_2.xx_soff-VX.zip
MD5: 27eb4a36ba01078193975fc93723dd60 <---VERIFY YOUR MD5, IF ITS NOT THIS REDOWNLOAD
Lets Get Rooted!
======================================================
Prerequsites:
Extract only the main zip file to a folder of your choice. I recommend the root of C:\ into a folder of your choice or on the desktop. Make sure you have the drivers installed for your phone (recommended: SDK Drivers or unrevoked hboot drivers) and USB debugging is on. This was setup for people running windows, if you have access to it do it on a 32bit version. I can't stress this enough you must use the adb.exe included with the package This is command line based do NOT double click the exe. Assume nothing, and cut and paste or type the commands EXACTLY as listed, they are case sensitive and each line is a seperate command. Oh and Read the FAQ and Warnings for f-sakes
1) Connect your phone to the computer (Rear USB Port Perferred) make sure the computer detects the phone (DO NOT MOUNT USB) If it doesnt install the drivers. Now master Reset your Phone (Menu>settings>Sd & Phone Storage>Factory Data Reset). Your phone will reboot. While your phone is rebooting it ctrl+alt+delete on your computer and open up task manager and click the processes tab look for anything that says adb.exe click it and hit end process.
2) Your phone should be booted and in the rom. You can skip the setup. On your phone enable install applications from unknown sources.(menu>settings>applications>unknown sources) and turn on usb debugging.
3) Open a command prompt (do NOT click adb.exe) and change to where ever you extracted the files to.
4)Type the following (this must be excuted from the folder you extracted to)
adb push root/unrevoked-forever.zip /sdcard/
adb push root/mtd-eng.img /sdcard/
adb push pc36img/PC36IMG-ENG.zip /sdcard/PC36IMG.zip
adb push pc36img/PC36IMG-MR.zip /sdcard/PC36IMG-MR.zip
adb push root/flash_image /data/local/
Click to expand...
Click to collapse
5) Now were gonna install z4root. When its done look at your phone z4root should be running. Select temporary root... It will go thru the process will eventually come to a white screen *Wait* after a sec or so screen will come up saying temp root was a success. Ok so now type the following
adb -d install -r root/z4root.apk
adb shell am start -a android.intent.action.MAIN -n com.z4mod.z4root/com.z4mod.z4root.z4root
Click to expand...
Click to collapse
6) Your command should still be open and you should be in the directory where you extracted the files. Once you have typed "su" command below look at your phone and click allow for SuperUser...Ok so now type the following from the command prompt
adb shell
su
Click to expand...
Click to collapse
6A) REQUIRED RSA BACKUP This will back up your RSA keys just in case something goes wrong in that department. You should still be in your command window inside the shell with a #. (The following came from this thread)
mkdir -p /sdcard/nandroid/RSA-PR-BACKUP
cat /dev/mtd/mtd0 > /sdcard/nandroid/RSA-PR-BACKUP/wimax.img
This saves it in a file that can actually be restored. This next step is another type of backup just for good measure
busybox sed -n '/BEGIN CERTIFICATE/,$p' /dev/mtd/mtd0 > /sdcard/rsa_OEM.key
This will dump the RSA keys to a text file on your SD Card named rsa_OEM.key
Mine was about 4575 KB in size, but the size could vary. Go ahead and switch the phone's USB connection over to "Disk Drive" and then browse to your SD Card and verify that the file rsa_OEM.key is indeed on the card.
Proceed to Step 7
Click to expand...
Click to collapse
7) You Should still be at a "#". This means you have root if you see a "$" or some other error message. Reboot your phone, check your drivers, usb debugging and cable and start over. If you got a "#" You can Proceed. You should still be in the shell at a "#" If not start over...Otherwise
chmod 0755 /data/local/flash_image
./data/local/flash_image misc /sdcard/mtd-eng.img
sync
Click to expand...
Click to collapse
8) Now we are going to reboot your phone into the boot loader to flash the first PC36IMG.zip. You should still be in the shell So Type:
reboot bootloader
Click to expand...
Click to collapse
9) Once your phone is in the boot loader highlight bootloader, and press the power button. It will load the PC36IMG File...When it ask you to flash press VOL-UP. You will notice that it says bootloader bypassed and maybe some other errors. Dont worry this is normal. Once the flash of the file is done it will ask to reboot, Select NO by Pressing VOL-DOWN. Now some people have gotten some errors here and there during the flashing just continue as normal.
10) You should still be in the boot loader at this point. Scroll down to recovery and press the power button. It Should take you to a red triangle. If not and you get stuck at a white htc screen pull the battery and then repower the phone with power + vol down and select recovery. When you see the red triangle. Type the following (IF YOU GET STUCK HERE CHECK THE FAQ):
adb push recovery /
adb shell busybox --install /sbin
adb shell nohup /sbin/recovery &
Click to expand...
Click to collapse
With any luck you should be at a recovery (green screen with text)
11) Select enable USB-MS. This will mount your sdcard. Look in the root of your sdcard and you should have two files. One named PC36IMG.zip and one named PC36IMG-MR.zip. Rename the file named PC36IMG.zip to PC36IMG-ENG.zip and then rename PC36IMG-MR.zip to PC36IMG.zip when your done follow the instructions on your phone to disable usb (press power) then proceed to step 12
12) Now Select flash zip from the menu and choose unrevoked-forever.zip. Wait for it to complete. Select Reboot from the menu.
Now pay attention. It might kick you back into:
BOOT LOADER: See 12A
ROM: See 12B
WHITE HTC SCREEN: See 12C
12A) Ok so you got kicked to the boot loader. It should scan your card and find the PC36IMG.zip chose yes to flash this file and when it ask you to reboot....reboot by pressing vol-up....Proceed to step 13
12B) Ok so the phone booted into a rom. Power the phone off. Then repower the phone on pressing power and vol-down at the same time. It should take you into the bootloader and scan your card and find the PC36IMG.zip chose yes to flash this file and when it ask you to reboot....reboot by pressing vol-up....Proceed to step 13
12C) Ok so the phone is stuck at a white htc screen. Power the phone off by pulling the battery. Then repower the phone on pressing power and vol-down at the same time. It should take you into the bootloader and scan your card and find the PC36IMG.zip chose yes to flash this file and when it ask you to reboot....reboot by pressing vol-up....Proceed to step 13
13) Ok your phone is rooted now, and you should be inside the rom. The rom you just flashed is Sprint Lovers rom with the modified recovery. Download a rom of your choice copy it to the root of your sd card and flash it. But type the following first
adb shell mv /sdcard/PC36IMG.zip /sdcard/PC36IMG-MR.zip
adb reboot recovery
Click to expand...
Click to collapse
14) You Should be in the recovery menu now (green text screen). Do a backup by navigating to backup/restore press power to select then do a Nand backup in the next menu. Once thats done, select return, then reboot or flash a rom of your choice. If you flashed a different custom rom than the one thats included in the package cool. If not no big deal eitherway. Do a PRL/Profile update while in the rom after the phone is done rebooting. Your Done.
15) Read the FAQ for questions
==========================================
FIX BROKEN RECOVERY
This is really only needed if you rooted with one of the previos guides version 6 or lower or if you installed a different recovery like I told you not to. It installs amon_ra 2.2.1
1) Download File PC36IMG_Recovery.zip and Rename to PC36IMG.zip.
copy to the root of your SDCard and power off phone
2) Power your phone back on into the boot loader by holding power and vol-down until your presented with a white screen. It will read the pc36img.zip and as you if you want to flash. Say yes. Then it will ask if you want to reboot, VOL+UP for yes.
3) If your rom gets tossed in the process. Reboot your phone into bootloader select recovery, and reflash your rom....DONE
================================================
UNROOT GUIDE
NOTE: This will erase all data on the phone. (Will not erase data on the SDCard)
1) If your on Hboot 2.10 Download the PC36IMG.zip Here. If your on Hboot 2.02 Download the PC36IMG.zip here then Unrevoked s-on here rename the pc36img file to pc36img.zip copy that and the unrevoked s-on tool to the root of your sd
2) Power your off. Power the Phone back on into the boot loader by holding power and vol-down until your presented with a white screen.
3) It will scan for the pc36img.zip. Select no to flash. Select recovery from the menu. Once in recovery choose flash zip from the menu, and select unrevoked forever s-on.
4) When its done flashing select reboot from the menu.
5) From here either run the official ruu or boot back into the boot loader (see step 2). When it scans and ask you to flash the pc36img.zip select yes then yes to reboot.
Click to expand...
Click to collapse
FAQ
FAQ:
Your here cause something went wrong right? Ok thats fine. This list isnt extensive but its here to provide quick answers to some weird or common questions. New questions and problems are added to the bottom.
Q: Will this downgrade my hboot
A: No. I used to have an hboot downgrade but it was bricking peoples phones. However is you want to risk bricking your device, visit this thread here. I I advise against this. This bricked alot of phones which is why I pulled it.
Q: How do I install the Hboot Drivers
A: Check this here
Q: I get "error: more than one device and emulator"
A: kill the adb.exe tasks in task manager or reboot your computer
Q: Step #9 my phone does read the PC36IMg.zip
A: If you renamed the zip file make sure it doesn't say PC36IMG.zip in the name remember that xp and up on windows doesn't show the file ext by default so if you see PC36IMG.zip chances are its named PC36IMG.zip.zip
Q: Why cant I use Clockwork Recovery
A: At the moment its not coded for the new partitions. Just read the first few pages of this thread or check this here
Q: What Hardware does this work for
A: All currently known hardware 0001-0004
Q: What Hboot's does this work for
A: It was built for 2.02 and 2.10 however it will work for all version its just there are easier ways for those
Q: I think I messed up can I just start over.
A: Yes. Its recommended if you want to start over run the official ruu.
Q: This is very complicated
A: It is...thats why there is instructions
Q: Will this erase my data
A: Yes but not from the SDCARD
Q: Can I deleted the files off my SDCARD when done
A: Yes, except for RSA_OEM.KEY and WIMAX.IMG
Q: I get permission denied or device offline when trying to step 10
A: Check here or here or here this might work for you
Q: I used clockwork it seems to work fine.
A: It might but considering the partition information is not correct. You may have just over wrote your wimax keys and broke 4G. Have fun with that like this poor guy here
Q: This uses unrevoked in one of its steps? Explain?
A: There have been some concerns that this uses unrevoked-forever in one of its steps. As far as we know that Unrevoked 3 (not to be conufused with unrevoked-forever) is causing some radio issues with hardware in general and new hardware. Unrevoked-forever does not appear to bork the radio like unrevoked 3 does. This is apparent by the many success stories. However Unrevoked3 could very well possibly destroy your radio/wimax/brick if used.
Q: I get device not found
A: Install the drivers for your phone, (Unrevoked, ADB)
Q: Camera doesnt work after doing this
A: Flash a new rom thats current. Like SteelRom, Fresh, Stock Rooted. The issue here is the Hardware is different. NO CUSTOM KERNELS
A2: Reports say they changed the camera provider/hardware. And the drivers are different! Using a rom based off the latest release and kernel should fix it As Discussed here and here and here
Q: When I go to recovery. I get a red triangle.
A: See Step 10
Q: This doesnt work!
A: Yes it does if you follow the directions, Unless some other bull**** decided to popup!
Q: CM6.x doesnt work
A: See Question 7....Nothing I can do about that if the kernel doesnt support your camera/device.
Q: My phone boot loops now...You broke my ****!
A: I didnt break your ****. You broke your own ****! Its not broken so chill out (well it might be but probably not). What rom did you flash? Did you flash a custom kernel? Did your rom come with a custom kernel? I bet your using a custom kernel. Try a rom like Steel Rom, Sprint Lovers
Q: How do I back up my RSA Keys
A: Check here for the latest up to date information. Or run this command from the shell
cat /dev/mtd/mtd0 > /sdcard/wimax.img
Click to expand...
Click to collapse
Q: My 4g Doesnt work
A: Was it broken prior to the s-off, what steps did you take. Are you running AOSP ROM or Another kernel?, Did you try a different rom? What version is your phone? Do you have SwitchPro Widget installed? (uninstall it), Did you try to run unrevoked3 prior to this? After flashing the radios and stock kernel based rom did you do a data and prl update? Does the mac behind your battery match whats in about phone (4g has to be on to see mac) Also try the tree.xml fix posted
adb shell
ls /data/misc/wimax/
look for a file with your macaddress ending in .tree.xml. you want to move that to another location so it gets regenerated. (the following command basically renames it.)
mv /data/misc/wimax/(Your-mac-address).tree.xml /data/misc/wimax/(Your-mac-address).tree.xml.old
4. Start 4G may not connect
5. Do a prl/profile update
6. Power off the phone and power it back on. Try it
7. PRL/Profile. Try it
Click to expand...
Click to collapse
Q: 4G is still broke.
A: Check your RSA keys
adb shell
cat /dev/mtd/mtd0 | grep RSA
returned output show appear as this:
# cat /dev/mtd/mtd0 | busybox grep RSA
cat mtd0 | busybox grep RSA
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA-REQUEST
RSA-REPLY
RSA-REJECT
RSA-ACK
RSA-1024
RSA
ReRSA
RSA requests
RSA replies
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
#
It should look just like the above
the important lines are BEGIN RSA PRIVATE KEY and END RSA PRIVATE KEY.
If you have those two lines, your keys are still likely to be intact.
If those two lines are missing, your keys are likely missing.
/dev/mtd/mtd0 is where the wimax image is stored.
Click to expand...
Click to collapse
Q: OK I think My Keys are tossed. We made a backup right? So how do I restore it?
A: This post or post should do it for you
Q: My Phone says its not rooted.
A: If you have s-off your rooted. Simple as that. Try a different rom if you want. The second pc36img.zip file you flashed is Sprint Lovers and is a very nice rooted rom.
Q: When I try to get into Fastboot by pressing VOLUME UP and booting the phone, my phone instead buzzes three times and acts dead. What happened?
A: The S-OFF update also enables Qualcomm Diagnostics mode on your phone, which is entered by doing what you just did. You can exit this mode (and boot normally) by removing the battery and USB cable.
Q: Can you tell me what this does?
A: Read the guide? Basically your downgrading the phone, so you can flash unrevoked because htc "comically fixed" the phone. Then your re upgrading the phone back to shipping radios, system, pri, nv, kernel...all the while with keeping s-off
Q: How did you get to be so cool
A: If you have it, you don’t need it. If you need it, you don’t have it. If you have it, you need more of it. If you have more of it, you don’t need less of it. You need it to get it. And you certainly need it to get more of it. But if you already don’t have any of it to begin with, you can’t get any of it to get started. Which means you really have no idea how to get it in the first place, do you? You can share it, sure. You can even stockpile it if you like. But you can’t fake it. Wanting it, needing it, wishing for it. The point is, if you’ve never had any of it, ever, people just seem to know.
Q: Do you really own a vette?
A: Yes, and a backpack with jets!
Q: Whats with you and the dots ...
A: ...
Q: Your Kind of an Cocky Asshole
A: Yea...I Get that. Oh well. I cant fix stupid or ignorant.
What is the point of getting the new HBoot?
sorry, wrong question
abiezer said:
What is the point of getting the new HBoot?
Click to expand...
Click to collapse
there is no point in getting a new hboot....this tool is for those that have phones with the new hboot....that unrevoked wont work on.
this is not the new hboot
Oh I see so this is basically for people who couldn't root to be able to root. Got it. Thanks.
Dumb question, sorry trying to keep up with this while at work. Once I do this, then I still need to run Unrevoked, correct?
shepkc said:
Dumb question, sorry trying to keep up with this while at work. Once I do this, then I still need to run Unrevoked, correct?
Click to expand...
Click to collapse
its included in the script it tells you how to do it.
update failed, said main version is older...
its working for some but not others...i dont know why the main version is older thing...
i think we have ironed out the mainversion deal...
looking into it now.
Should be fixed now...so try it I guess.
v2
Looks like your V2 is working, I didn't run into the main version failure. Flashing as I type, I hope slyder got this to work.
Confirmed, V2 works
alright brotha your v2 of the batch file works like a charm. S-OFF confirmed on HBOOT 2.02. Thanks to everyone involved in making this happen.
Outstanding
Sent from my PC36100 using XDA App
On a brand new fresh 2.2 out of the box running HBOOT 2.02 I got "Main version is older". Are there any prerequisites i have to run to get this to work? I just reinstalled 2.2 and ran the script and got main version is older.
did you download version 2
do you have gtalk
I did download v2, and I do have gtalk.
b0r0b said:
I did download v2, and I do have gtalk.
Click to expand...
Click to collapse
you got PM....i want to know exactly whats happening.
Main version is older
I have also tried with V2 and get the "Main version is older".
Baseband
2.15.00.09.01
Software
3.30.651.2
PRL
60671

GUIDE - How to flash radio.img OS X

I couldn't find a guide for this anywhere, so after a lot of trial and error, I worked out this method from various write ups on the web.
Preq's:
Make sure your battery is fully charged (I have no idea why, but it seems to be a must do thing)
You'll need the Android SDK, so make sure you have this and you'll be needing Fastboot for Mac, which you can find here Fastboot
And you need to boot your phone in fastboot mode.
Drop the Fastboot file into to the tools directory of the SDK.
Download your desired radio image and put it in the same same folder.
To make sure Fastboot is working, open Terminal and type "fastboot devices"
(without the speech marks) and hit return. You should see:
List of devices attached
HXXXXXXXXXX device
Click to expand...
Click to collapse
XXXXXXXXXX = the unique number of your phone.
If it doesn't display anything, you need to re-check SDK and Fastboot are installed properly.
If you do, carry on.
Now, the nervous part.
1. Open the tools directory of the SDK in a Finder window and the open a Terminal window.
2. Now, drag the 'fastboot-mac' file in to the Terminal window.
3. Type this (make sure you hit the space bar after typing) :
flash radio
Click to expand...
Click to collapse
4. Now, drag the radio.img to the Terminal window
(It should read something like this)
/Users/Liam/SDK/tools/fastboot flash radio /Users/Liam/SDK/tools/radio.img
Click to expand...
Click to collapse
5. Hit the return key and wait. Make sure you touch nothing.
6. When terminal has given you the "Okay" message twice, check you phone screen and make sure there isn't a red loading bar on the top left hand side of your phones screen. When this is done, type:
fastboot reboot
Click to expand...
Click to collapse
And hit return.
7. Your phone will reboot and you're done.
If I've missed anything, let me know and I'll add it.
been trying for a few days now heads gone all i get it adbwinapi.dll is missing tried several reinstalls now need help please guys system is win 7 ultimate
steve36 said:
been trying for a few days now heads gone all i get it adbwinapi.dll is missing tried several reinstalls now need help please guys system is win 7 ultimate
Click to expand...
Click to collapse
Wrong thread. But the thread you want, and the answer, is here: http://forum.xda-developers.com/showpost.php?p=10113370&postcount=91
Do some searching first..
Anyways, yeah, now I can use my MacBook.
This seems to be an odd way of doing it.
Just download the fastboot-mac binary from the htc developer page. Drop it in the platform-tools folder of the androd SDK.
Start a Terminal and run:
/path/to/platform-tools/fastboot-mac flash radio radio.img
make sure you have radio.img in the current directory where you invoke the script.
I found it easier to drag and drop the files. Saves lots of typing and does the same job.
liam08 said:
I couldn't find a guide for this anywhere, so after a lot of trial and error, I worked out this method from various write ups on the web.
Preq's:
Make sure your battery is fully charged (I have no idea why, but it seems to be a must do thing)
You'll need the Android SDK, so make sure you have this and you'll be needing Fastboot for Mac, which you can find here Fastboot
And you need to boot your phone in fastboot mode.
Drop the Fastboot file into to the tools directory of the SDK.
Download your desired radio image and put it in the same same folder.
To make sure Fastboot is working, open Terminal and type "fastboot devices"
(without the speech marks) and hit return. You should see:
XXXXXXXXXX = the unique number of your phone.
If it doesn't display anything, you need to re-check SDK and Fastboot are installed properly.
If you do, carry on.
Now, the nervous part.
1. Open the tools directory of the SDK in a Finder window and the open a Terminal window.
2. Now, drag the 'fastboot-mac' file in to the Terminal window.
3. Type this (make sure you hit the space bar after typing) :
4. Now, drag the radio.img to the Terminal window
(It should read something like this)
5. Hit the return key and wait. Make sure you touch nothing.
6. When terminal has given you the "Okay" message twice, check you phone screen and make sure there isn't a red loading bar on the top left hand side of your phones screen. When this is done, type:
And hit return.
7. Your phone will reboot and you're done.
If I've missed anything, let me know and I'll add it.
Click to expand...
Click to collapse
Hi i did not notice your guide so i created one last night >>>>here<<<<
I use this:
http://qtadb.wordpress.com/
I cannot get terminal to respond to "fastboot devices"
I think i've installed it all ? I've run the adk with android in the tools folder, and I have the platform tools folder. i've run fastboot-mac, i don't know what else to do?
P1xelVandal said:
I cannot get terminal to respond to "fastboot devices"
I think i've installed it all ? I've run the adk with android in the tools folder, and I have the platform tools folder. i've run fastboot-mac, i don't know what else to do?
Click to expand...
Click to collapse
Use my guide downloaded the zip file read all of first post sorted
E=Mc2
leith51 said:
Use my guide downloaded the zip file read all of first post sorted
E=Mc2
Click to expand...
Click to collapse
it's a shame all the files are .exe and .bat *sigh* thanks anyway.
P1xelVandal said:
it's a shame all the files are .exe and .bat *sigh* thanks anyway.
Click to expand...
Click to collapse
localhost:~ Mac$ /fastboot/fastboot-mac flash radio /fastboot/radio.img
sending 'radio' (24832 KB)... OKAY
writing 'radio'... FAILED (remote: not allowed)
localhost:~ Mac$
what am i doing wrong? (no i will not switch to PC))
This guy used my thread his problem was he didn't have eng s-off
E=Mc2

Root asus tf300t v10.6.1.27.5 !! Jb4.2.1 [ LOCKED bootloder successfully!~~

Hey guys found out how to ROOT ASUS TF300T latest ROOT for TF300T V10.6.1.27.5 ! locked bl.
just follow the steps
Instruction:
1. Download the rooting application. (This app can root many other devices )
VRoot_1.6.0.3690
http://www.mediafire.com/download/v3...3690_Setup.exe
2. Install the app. This is a Chinese app so I will guide you. Below is a step by step screenshot attached guide.
3. Start VROOT and root now!
4. Now we need to install SuperSU from play store to replace the Chinese root manager called 授权管理 1.0.4.
5. Go to play store and install SuperSU.
6. Start SuperSU and you will be asked for permission by 授权管理 1.0.4, choose 允许(means allow). (Should be the right side option.)
7. SuperSU will prompt to install SU binary, go ahead with OK and it will display successful.
8. Now, freeze 授权管理 1.0.4 in titanium backup, just in case you need it again.
Note: If you uninstall straight away from app manager, you need to make sure SuperSU updated the binary.
9. Re-run SuperSU to make sure everything is alright. You will be prompt again to install SU binary, just do what it asked.
10. After that, you are rooted with SuperSU and 授权管理 1.0.4 will not be there anymore.
Optional
11. If you want to be more assured, in SuperSU app, prepare for a Reinstall in settings. (NOT Full unroot NOT Switch superuser app)
12. SuperSU will be removed and go back to play store to re-download and install.
13. Start SuperSU and SuperSU will prompt to install SU binary, go ahead with OK and it will display successful.
ITS 100% WORKING! PERSONALLY TESTED.
CREDITS:-
zhuhang
oRIGINL tHREAD:- http://forum.xda-developers.com/showthread.php?t=2434453
Ѕlαчєя™(For informing me).
manikkumar20 said:
Hey all please help me.
I just got my Tab repaired..CHANGED MOTHERBOARD after a HARD BRICK.
Now i am running ASUS Transformer Pad TF300T Firmware: V10.6.1.27.5 LOCKED.
i dont wanna unlock at this time. please guys help me how can i root it?
Thanks in advance
BTW Motochopper not working, Unlock Root not working.
Click to expand...
Click to collapse
Hi there,
Have you tried downgrading to .15.3 and rooting with motochopper? See my post in this thread for more information.
Good luck on getting root access.
1337 H4X0R said:
Hi there,
Have you tried downgrading to .15.3 and rooting with motochopper? See my post in this thread for more information.
Good luck on getting root access.
Click to expand...
Click to collapse
Can i downgrade without root and CWM?? i have unlocked bootloader.???
Plz tell me the steps. i cnt find exact guide for Locked bootloader to downgrade 27.5 to 15.3?
thx
manikkumar20 said:
Can i downgrade without root and CWM?? i have unlocked bootloader.???
Plz tell me the steps. i cnt find exact guide for Locked bootloader to downgrade 27.5 to 15.3?
thx
Click to expand...
Click to collapse
So you want to downgrade to .15.3 from .27.5 with a locked bootloader. Okay, thats easy because thats what I did to get root after I lost it to a OTA update.
DO THIS AT YOUR OWN RISK-I TAKE NO RESPONSIBILITY IF YOU ACCIDENTLY BRICK YOUR DEVICE!!!!
Downgrade to .15.2 from .27.5 or similar.
1. Download the .15.3 firmware for your device and region from ASUS' website. MAKE SURE THE SKU IS THE SAME AS YOUR DEVICE. e.g., I have WW, so I used the WW firmware. To find out your SKU, go to about tablet and in the build no., it will tell you your SKU, eg build-stuff-here.WW.10.more-number.27.1.
2. Extract the .zip file you downloaded twice. There is a .zip inside a .zip. You should end up with a blob file and a folder. The blob file is the one we need.
3. Make sure your device is backed up via the ASUS app backup, and that all important stuff is backed up.
4. Make sure you have the correct ADB and fastboot drivers. VERY IMPORTANT.
5. If you don't have the Android SDK or access to the fastboot/adb command line, download and install this. It's what I use.
6. Restart your PC to make sure your drivers and software are installed properly.
7. Get your device into bootloader mode. You can do this by...
7ai. Whilst the device is connected to the pc, type "adb devices" (Without quotes) in adb to see if your device is connected properly. If you see your devices serial no., it's working properly. Or else, make sure you have the right files and the device is connected to your pc.
7aii. Type "adb reboot bootloader" (Without quotes) and hit enter. Your device will boot into the bootloader.
****or****
7b. Press and hold the volume down and power buttons until it goes into bootloader mode.
8. Copy and paste the blob file to the root of where your fastboot is running from. If you used minimalistic adb and fastboot. Right click the shortcut, click properties and then open file location. Copy and paste the blob file to there.
9. Make sure your tablet is the only android device plugged in.
10. Execute "fastboot devices" (Without quotes) to make sure that your device is set up properly. If you see your devices serial no., it's working properly. Or else, make sure you have the right drivers/software and the device is connected to your pc.
11. If all is well, execute this command.
Code:
fastboot -i 0x0B05 flash staging blob
DO NOT INTERRUPT YOUR DEVICE DURING THIS OR YOU WILL HAVE END UP WITH A BRICKED DEVICE!!!!
12. It will send the file to your device. When you see blue progress bar, it is now flashing the blob file.
13. Go make yourself a cup of coffee. This may take a while, and staring at it will only make you anxious. Take this advice seriously.
14. When you get back, it should of successively completed.
15. Run "fastboot reboot" (without quotes" to reboot device.
You should now be downgraded.
You may/may not have a problem with the launcher (this happened to me). But if you do, follow these steps...
1. You should be able to log in, but then as soon as you do so, launcher force closes.
You have two options.
2. Swipe down on the right side of the status bar to reveal the quick settings, and then click on settings to go to the settings app.
3. In settings the settings app, Select apps, then all apps.
4. Navigate to "launcher" then clear cache then data, then finally force close.
5. Hit hit the home button, and everything should work as normal
****or****
6. In setting, choose launcher and switch to the ICS launcher.
7. Reboot as prompted
This post will be updated with more information soon. I'm proofreading for any mistakes now...
If you want root, use mottochoper, and then install and use the XPOSED framework because it makes your stock rom feel like a custom one. Its pretty straightforward from there.
If you have any questions, just ask, and remember...
Hit the "THANKS" button, it's a good habit to get into.
FYI, I won't respond to your queries in the next 12 hours since I need to have my sleep, you know. It's nearing the darkness of the night in my side of the sorld. Thanks for your understanding. Speaking of thanks, hit the "THANKS" button if I helped you. I spent a lot of time typing this up!
1337 H4X0R said:
So you want to downgrade to .15.3 from .27.5 with a locked bootloader. Okay, thats easy because thats what I did to get root after I lost it to a OTA update.
DO THIS AT YOUR OWN RISK-I TAKE NO RESPONSIBILITY IF YOU ACCIDENTLY BRICK YOUR DEVICE!!!!
Downgrade to .15.2 from .27.5 or similar.
1. Download the .15.3 firmware for your device and region from ASUS' website. MAKE SURE THE SKU IS THE SAME AS YOUR DEVICE. e.g., I have WW, so I used the WW firmware. To find out your SKU, go to about tablet and in the build no., it will tell you your SKU, eg build-stuff-here.WW.10.more-number.27.1.
2. Extract the .zip file you downloaded twice. There is a .zip inside a .zip. You should end up with a blob file and a folder. The blob file is the one we need.
3. Make sure your device is backed up via the ASUS app backup, and that all important stuff is backed up.
4. Make sure you have the correct ADB and fastboot drivers. VERY IMPORTANT.
5. If you don't have the Android SDK or access to the fastboot/adb command line, download and install this. It's what I use.
6. Restart your PC to make sure your drivers and software are installed properly.
7. Get your device into bootloader mode. You can do this by...
7ai. Whilst the device is connected to the pc, type "adb devices" (Without quotes) in adb to see if your device is connected properly. If you see your devices serial no., it's working properly. Or else, make sure you have the right files and the device is connected to your pc.
7aii. Type "adb reboot bootloader" (Without quotes) and hit enter. Your device will boot into the bootloader.
****or****
7b. Press and hold the volume down and power buttons until it goes into bootloader mode.
8. Copy and paste the blob file to the root of where your fastboot is running from. If you used minimalistic adb and fastboot. Right click the shortcut, click properties and then open file location. Copy and paste the blob file to there.
9. Make sure your tablet is the only android device plugged in.
10. Execute "fastboot devices" (Without quotes) to make sure that your device is set up properly. If you see your devices serial no., it's working properly. Or else, make sure you have the right drivers/software and the device is connected to your pc.
11. If all is well, execute this command.
Code:
fastboot -i 0x0B05 flash staging blob
DO NOT INTERRUPT YOUR DEVICE DURING THIS OR YOU WILL HAVE END UP WITH A BRICKED DEVICE!!!!
12. It will send the file to your device. When you see blue progress bar, it is now flashing the blob file.
13. Go make yourself a cup of coffee. This may take a while, and staring at it will only make you anxious. Take this advice seriously.
14. When you get back, it should of successively completed.
15. Run "fastboot reboot" (without quotes" to reboot device.
You should now be downgraded.
You may/may not have a problem with the launcher (this happened to me). But if you do, follow these steps...
1. You should be able to log in, but then as soon as you do so, launcher force closes.
You have two options.
2. Swipe down on the right side of the status bar to reveal the quick settings, and then click on settings to go to the settings app.
3. In settings the settings app, Select apps, then all apps.
4. Navigate to "launcher" then clear cache then data, then finally force close.
5. Hit hit the home button, and everything should work as normal
****or****
6. In setting, choose launcher and switch to the ICS launcher.
7. Reboot as prompted
This post will be updated with more information soon. I'm proofreading for any mistakes now...
If you want root, use mottochoper, and then install and use the XPOSED framework because it makes your stock rom feel like a custom one. Its pretty straightforward from there.
If you have any questions, just ask, and remember...
Hit the "THANKS" button, it's a good habit to get into.
FYI, I won't respond to your queries in the next 12 hours since I need to have my sleep, you know. It's nearing the darkness of the night in my side of the sorld. Thanks for your understanding. Speaking of thanks, hit the "THANKS" button if I helped you. I spent a lot of time typing this up!
Click to expand...
Click to collapse
Thanks man.
I ll try it today.
I hope i ll not get Hard Bricked 2 time!
1337 H4X0R said:
So you want to downgrade to .15.3 from .27.5 with a locked bootloader. Okay, thats easy because thats what I did to get root after I lost it to a OTA update.
DO THIS AT YOUR OWN RISK-I TAKE NO RESPONSIBILITY IF YOU ACCIDENTLY BRICK YOUR DEVICE!!!!
Downgrade to .15.2 from .27.5 or similar.
1. Download the .15.3 firmware for your device and region from ASUS' website. MAKE SURE THE SKU IS THE SAME AS YOUR DEVICE. e.g., I have WW, so I used the WW firmware. To find out your SKU, go to about tablet and in the build no., it will tell you your SKU, eg build-stuff-here.WW.10.more-number.27.1.
2. Extract the .zip file you downloaded twice. There is a .zip inside a .zip. You should end up with a blob file and a folder. The blob file is the one we need.
3. Make sure your device is backed up via the ASUS app backup, and that all important stuff is backed up.
4. Make sure you have the correct ADB and fastboot drivers. VERY IMPORTANT.
5. If you don't have the Android SDK or access to the fastboot/adb command line, download and install this. It's what I use.
6. Restart your PC to make sure your drivers and software are installed properly.
7. Get your device into bootloader mode. You can do this by...
7ai. Whilst the device is connected to the pc, type "adb devices" (Without quotes) in adb to see if your device is connected properly. If you see your devices serial no., it's working properly. Or else, make sure you have the right files and the device is connected to your pc.
7aii. Type "adb reboot bootloader" (Without quotes) and hit enter. Your device will boot into the bootloader.
****or****
7b. Press and hold the volume down and power buttons until it goes into bootloader mode.
8. Copy and paste the blob file to the root of where your fastboot is running from. If you used minimalistic adb and fastboot. Right click the shortcut, click properties and then open file location. Copy and paste the blob file to there.
9. Make sure your tablet is the only android device plugged in.
10. Execute "fastboot devices" (Without quotes) to make sure that your device is set up properly. If you see your devices serial no., it's working properly. Or else, make sure you have the right drivers/software and the device is connected to your pc.
11. If all is well, execute this command.
Code:
fastboot -i 0x0B05 flash staging blob
DO NOT INTERRUPT YOUR DEVICE DURING THIS OR YOU WILL HAVE END UP WITH A BRICKED DEVICE!!!!
12. It will send the file to your device. When you see blue progress bar, it is now flashing the blob file.
13. Go make yourself a cup of coffee. This may take a while, and staring at it will only make you anxious. Take this advice seriously.
14. When you get back, it should of successively completed.
15. Run "fastboot reboot" (without quotes" to reboot device.
You should now be downgraded.
You may/may not have a problem with the launcher (this happened to me). But if you do, follow these steps...
1. You should be able to log in, but then as soon as you do so, launcher force closes.
You have two options.
2. Swipe down on the right side of the status bar to reveal the quick settings, and then click on settings to go to the settings app.
3. In settings the settings app, Select apps, then all apps.
4. Navigate to "launcher" then clear cache then data, then finally force close.
5. Hit hit the home button, and everything should work as normal
****or****
6. In setting, choose launcher and switch to the ICS launcher.
7. Reboot as prompted
This post will be updated with more information soon. I'm proofreading for any mistakes now...
If you want root, use mottochoper, and then install and use the XPOSED framework because it makes your stock rom feel like a custom one. Its pretty straightforward from there.
If you have any questions, just ask, and remember...
Hit the "THANKS" button, it's a good habit to get into.
FYI, I won't respond to your queries in the next 12 hours since I need to have my sleep, you know. It's nearing the darkness of the night in my side of the sorld. Thanks for your understanding. Speaking of thanks, hit the "THANKS" button if I helped you. I spent a lot of time typing this up!
Click to expand...
Click to collapse
Found another way...chk OP..
manikkumar20 said:
Found another way...chk OP..
Click to expand...
Click to collapse
Nice!
Confirmed and working on .27.5 WW.
Does it works? Want to upgrade from 27.1 to 27.5 to root
joujou333 said:
Does it works? Want to upgrade from 27.1 to 27.5 to root
Click to expand...
Click to collapse
working for sure..done it personally on 27.5 ROM STOCK AND LOCKED BL.
Not to derail the thread but I rooted my ASUS TF300TG with latest 10.2.6.10 firmware with Kingo from http://www.kingoapp.com successfully on locked bootloader.
chrismine said:
Not to derail the thread but I rooted my ASUS TF300TG with latest 10.2.6.10 firmware with Kingo successfully on locked bootloader.
Click to expand...
Click to collapse
Worked for me. Thanks. 10.6.1.27.5
:good:
the version I have from there site is in English, why this one is in Chinese?
Sent from my ASUS Transformer Pad TF300TG using Tapatalk 4

[GUIDE] How To S-Off; Permanent Root; Custom Recovery

How to Achieve Permanent Root and S-Off:​
To get permanent root, you need to S-Off. So lets start with that first. This process will NOT wipe your device. It also works for OS X users. This guide will work on software version 1.55.605.2 (which as of 04/19/2014 is the latest OTA) and below.
--- S-OFF Instructions ---​First, you'll need to download adb, enable its use and setup debugging.
adb is part of the android SDK. You can download it here (OS X users must scroll down and download the OS X version). It does not need to be installed, just unzip it into its own folder. You can also download a zip that contain only adb and fastboot.
once you have adb, you'll need to download the drive for your M8, which can be had from HTC's driver page:
http://www.htc.com/us/software/htc-sync-manager/.
Then install it. It will install the driver necessary for adb to work. After the installation is finished, uninstall HTC Sync immediately (do this regardless of whether or not you need it; you can reinstall it later if you still want it). This will leave the driver package installed, but remove HTC sync.
Now, back to the phone. Disable all security you have on, including PINs, Pattern Locks, passwords, etc. If you have an exchange forced security policy, you will need to disable the account. You can readd it later.
Enable access to developer options. Jump into the Settings. Then you’re going to scroll down to the bottom and tap on ‘About’, next tap on ‘Software Information’. Now you’ll need to tap on ‘More’, which will give you a new menu. Now just tap on the build number 9 times and you’ll enable Developer options.
Go into developer options menu and enable USB Debugging.
Next, go to Security page and enable "Unknown sources".
Now install weaksauce from here:
http://forum.xda-developers.com/showthread.php?t=2699089
If you followed the directions correctly, you should have SuperSU installed and root access. (You can use superuser as well).
Plug in your phone into your computer. Its best to use the factory cable provided with the phone. Use a USB 2.0 type port if possible (USB3.0 ports typically have a blue tab; I have personally used a USB 3.0 Device on Windows 8.1u to perform this without any problems, but your mileage may vary).
Your phone will ask if you if you trust your computer (RSA). Choose "Always Allow".
Ensure adb is working by opening a command prompt (terminal on OS X), navigate to the adt-bundle-[XXXXX]/sdk/platform-tools and typing "adb devices" without quotes. Your phone should show up. Ensure the working directory is the directory that adb is in. Otherwise, transferring firewater may fail. On Windows, you can shift-right-click inside the folder adb is in and click open command prompt to open a cmd in that directory.
Now go download firewater from here:
http://firewater-soff.com/instructions/ Make sure to use the weaksauce method (second method). Do NOT use the temproot method.
The firewater file should be called "firewater" without any quotes or extensions (like .bin). Ensure your browser did not partially download or corrupt it.** Make sure its in the same folder as adb. Then follow directions on the firewater site. Be aware the yes/no prompt is case sensitive, so make sure to answer it with an uppercase Y as in "Yes" not "yes". During the process, you will need to enable adb shell to get root. Make sure your phone screen is on so you can see the root request. Grant it and the S-Off process will continue. Otherwise, it will hang there and eventually time out. Sometimes, the process will fail and the phone will reboot. This is okay. Just restart the process. It can sometimes take multiple tries.
When completely successfully, you now have S-OFF. Your phone's bootloader is also unlocked in the process; you do NOT need to perform any additional steps to unlock the bootloader. However, you do not have permanent root. The root that weaksuace provides goes away on reboot and must be reapplied again on startup.
**The filesize seems to vary depending on what OS/browser is used to download it. It should be around 4,519,496 (on disk) in size. If you can't execute firewater, try redownloading it.
Getting permanent root:
-Flash a custom recovery and flash a zip with su.
-[Optional] Return to stock recovery This option is for people who don't want a custom recovery.
Be aware, once rooted and S-Off'ed, you do NOT need the kernel module that enables system write access*. All system changes will survive hard reboots (adb reboot).
-- Recovery Rooting: --​
Move the supersu zip onto your internal sdcard. It can be downloaded here:
http://forum.xda-developers.com/showthread.php?t=1538053
You can use Superuser as well. Its your preference, but this guide uses SuperSU.
Uninstall weaksauce. It's no longer needed.
Uninstall SuperSU. It will be reinstalled when you flash the supersu zip. If you have SuperSU Pro installed, you can leave that in place, as that app only holds a key.
From adb, type:
adb reboot bootloader
Flash a custom recovery. CWM and TWRP are available. Use the fastboot method. Follow the directions here:
TWRP - http://teamw.in/project/twrp2/226
CWM - http://forum.xda-developers.com/showthread.php?t=2708520
Reboot into Recovery
Flash the supersu zip you downloaded.
Reboot and you're done. You have s-off and permanent root.
You can delete the downloaded supersu zip off your internal sdcard; its not longer needed.
-- Manual Root --​Perform all steps noted in section "Recovery Rooting" above.
-Download the stock recovery:
http://forum.xda-developers.com/showthread.php?t=2723112
-Ensure the stock recovery img file is in the same folder as fastboot.
-Run the following command from command line: "fastboot flash recovery stockrecovery.img" without the quotes.
-Wait for the process to finish
-Reboot the phone. You now have the stock recovery along with root. With the stock recovery installed, you can now accept OTAs provided you haven't modified/deleted any stock system files. Any new OTAs you take will remove any files/folders you added to the system partition and will remove your root. However, with S-off, this can be undone. If you lost loot after taking an OTA, simply start from the beginning of the section "Recovery Rooting".
-- Common Tweaks --
All of these are optional and are NOT required. However, you may find some benefit to them.​-- Wifi Tether Enabled --​This is unnecessary if you are on a More Everything plan or are paying for hotspot/tethering. You can force enable the native tethering application:
http://forum.xda-developers.com/showthread.php?t=2708548
-- Device Wipe after ten attempts --​I really dislike this "feature". Here is how to disable it. This works regardless if you enabled the security or its mandated by an exchange policy.
I use Root Explorer to make this change, but you can use any text editor. Make sure to mount system as R/W. Root explorer can do this from within the app.
Edit this file:
/system/customize/ACC/default.xml
change this:
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">10</item>
to this
Code:
<item type="integer" name="devicepolicy_max_fail_passwords_for_wipe">0</item>
Reboot and its disabled.
-- Power Saver Mode --​Enable "Power Saver" mode using these directions. It's disabled and hidden by default.
http://forum.xda-developers.com/showthread.php?t=2701909
-- *Unsecured Kernel --​By default, the stock kernel prevents write access to /system. S-off and root should allow you to makes changes to system. However, some people have reported difficulties using ROM toolbox and other mods (like changing boot animations). In some cases, these issues can be resolved by flashing an insecure kernel:
http://forum.xda-developers.com/showthread.php?t=2708686
-- HTC Sense Broswer --​The stock ROM now includes Chrome as the default browser and omits the Sense Browser. Users who prefer the Sense Browser can download it here:
http://forum.xda-developers.com/showthread.php?t=2708597
-- HTC Flashlight --​The stock HTC flashlight app.
http://forum.xda-developers.com/showthread.php?t=2697025
-- Disable HTC Sync Virtual CDROM --​This disables the virtual CD-ROM from mounting.
http://forum.xda-developers.com/showthread.php?t=2709386
-- Donations --​Don't forget to donate to the developers involved in getting you here. Donations for firecracker go to [email protected] (paypal). Donations for weaksuace go to [email protected] (paypal). If I missed anyone, let me know.
FAQ​Been getting some interesting PMs. Here is some of the popular questions.
Do I need a Java card for this?
No. You just need a PC/Mac, a USB 2.0 cable and the M8. Since a public S-off method is now available, that method is obsolete and its not recommended anymore.
Do I have to change or reset my CID?
No, that is only necessary for people who s-off'ed via a Javacard.
Do I need to do any of this if I S-off'ed via Javacard?
No, this method ends with the same result.
Can I reverse this and return to completely stock?
Yes, absolutely none of the stuff done here is permanent. You can unroot, relock the bootloader, and S-On as many times as you want. You can flash an HTC RUU to return to completely stock in one go. Note: Be careful with S-On'ing a device. If you S-On a device via a newer RUU and that RUU has no known exploits, you may not be able to S-Off again until an exploit is found.
Do I need to unlock my bootloader after this?
No, the firewater exploit will S-Off and unlock your bootloader.
Will this work on a Mac?
Yes, please read the directions more carefully.
Will this work on USB 3.0 ports as that is all I have?
Usually. On OS X, I've had success using a USB 3.0 port (since recent MBPs only include USB 3). On Windows, the answer seems to be maybe, depending on your OS. Your best bet would be to try on a Windows 8,8.1,8.1u1 machine as that OS includes native support for USB 3.0; that way you aren't relying on vendor specific driver support like on Win7 or below. I have personally done this exploit on USB3 on a Surface Pro.
Will this brick my phone?
There is always a chance, but I have honestly never heard of such a thing happening. Worst case is usually a full reset of the phone.
Will this wipe/format the external SDcard?
No.
How do I flash this via ODIN?
This has absolutely nothing to do with ODIN. That is for Samsung devices. You should not even have ODIN running when do any part of this guide.
How to I convert to a Google Play edition ROM?
Wait for a developer to make one. I will post a link here if/when that happens.
See here:
http://forum.xda-developers.com/showthread.php?t=2716306
Does this affect Google Wallet or ISIS?
Yes and no. Google wallet works just fine. ISIS will detect its rooted and refuse to work. You'll need to shield root from ISIS to use it. Directions on how to do that can be found via google.
Will this work on non-Verizon HTC M8's?
Yes, though you will need to use a different recovery.
Will this unlock my device for other carriers?
No....because your device is already unlocked in its stock form. AWS band rules force Verizon to keep all their LTE devices unlocked.
Will this jailbreak my device?
No. Wrong type of phone.
I can get red triangle exclamation mark with a black screen. How do I fix this?
You are in the stock recovery. Hold power and volume up and you will get a menu. You can choose reboot system now to get out of there.
appreciate the write up. ill check back here when i find a reason to unlock it
Has anyone done it yet? It's just sitting at "adb wait-for-device push firewater /data/local/tmp" for at least 5 minutes now.
sfreemanoh said:
Has anyone done it yet? It's just sitting at "adb wait-for-device push firewater /data/local/tmp" for at least 5 minutes now.
Click to expand...
Click to collapse
I have done everything mentioned in this guide. And it works just fine.
Make sure you are connected via USB2. Also make sure your phone is on and unlocked (as in, no security PIN, pattern, password etc.). Is USB debugging on?
When you type "adb devices" from command prompt, is your device listed?
Yeah, nvm, it's fine now. When I first connected it via debugging, I didn't hit the "Always allow" option on my phone, so after the adb reboot it wasn't allowed to reconnect. Just had to disable debugging and re-enable it, it's all set now.
sfreemanoh said:
Yeah, nvm, it's fine now. When I first connected it via debugging, I didn't hit the "Always allow" option on my phone, so after the adb reboot it wasn't allowed to reconnect. Just had to disable debugging and re-enable it, it's all set now.
Click to expand...
Click to collapse
Cool. I'll add that to the guide.
I have not had time to thank and will.
At work and going to hook it up when I get home this morning so I hope no one screws with you guys and gets it pulled.
Very much appreciate all the work they put into it.
Thank you very much for the dummy proof write up
These guys around here are getting to good.
Thank you thank you thank you.
Worked Perfect! Thank you guys!
thank you so much! now i can sleep at night knowing that verizon doesn't have control of my device anymore haha!!
Im happy to see that s-off was achieved and Im going to unlock my phone right now
but quick question, I'm new to this s-off stuff so I don't know how it works entirely.
But once we unlock the bootloader
is there any way to lock it again in case we need to send the phone to HTC?
sorry for the noob question but just a question that popped into mind.
So I don't quite understand. I am S-off with the Unofficial CMWR from InvisibleK and I flashed SuperSU zip v1.94. Do I need the system write access kernel module to write to system or no?
Great guide by the way. Thanks
I have been trying for the past hour, but I cannot get adb to connect. Am I missing a step?
I downloaded the htc synch, installed the drivers, uninstalled synch. I already had weaksauce root. I downloaded sdk, extracted the bundle. I downloaded firewater, moved it to the same folder with adb.
Everytime I try to run adb it just scrolls and then closes almost immediately. I thought it was my java at first. I updated that. The computer says I'm connected through HTC drivers. I'm debugged/unknown sources...
Running windows 8.1 64bit. I don't know what else to do at this point.
blacknet101 said:
Im happy to see that s-off was achieved and Im going to unlock my phone right now
but quick question, I'm new to this s-off stuff so I don't know how it works entirely.
But once we unlock the bootloader
is there any way to lock it again in case we need to send the phone to HTC?
sorry for the noob question but just a question that popped into mind.
Click to expand...
Click to collapse
Absolutely. Everything in this guide can be reversed. You can return everything back to stock via an RUU.
nicholi2789 said:
So I don't quite understand. I am S-off with the Unofficial CMWR from InvisibleK and I flashed SuperSU zip v1.94. Do I need the system write access kernel module to write to system or no?
Great guide by the way. Thanks
Click to expand...
Click to collapse
You do not. I have modified and added a few system files and they have persisted through several hard reboots.
MultiDev said:
Absolutely. Everything in this guide can be reversed. You can return everything back to stock via an RUU.
Click to expand...
Click to collapse
Hmmm! Thanks for the reply buddy! may i ask? Where can we find these RUU files? In case we need to go back to Stock?
JelloB said:
I have been trying for the past hour, but I cannot get adb to connect. Am I missing a step?
I downloaded the htc synch, installed the drivers, uninstalled synch. I already had weaksauce root. I downloaded sdk, extracted the bundle. I downloaded firewater, moved it to the same folder with adb.
Everytime I try to run adb it just scrolls and then closes almost immediately. I thought it was my java at first. I updated that. The computer says I'm connected through HTC drivers.
Running windows 8.1 64bit. I don't know what else to do at this point.
Click to expand...
Click to collapse
Java has nothing to do with adb. You don't need it installed to any of this guide.
You need to use adb from a shell. On, windows, you need to open a command prompt. Type "cmd" with the start screen open and hit enter. Then at the prompt, use the "cd" command to navigate to the correct directory where adb is located.
When i run the "adb wait-for-device push firewater /data/local/tmp" command it come back with "failed to copy 'firewater' to '\data\local\tmp': Read-only file system". I'm lost. I have root access and everything.
MultiDev said:
Java has nothing to do with adb. You don't need it installed to any of this guide.
You need to use adb from a shell. On, windows, you need to open a command prompt. Type "cmd" with the start screen open and hit enter. Then at the prompt, use the "cd" command to navigate to the correct directory where adb is located.
Click to expand...
Click to collapse
I knew I was missing something simple. It's been a while since I've used adb. Will try now...thanks.
trying to modify the default.xml to get rid of the 10 try's and wipe pattern lock and it doesn't appear I have access to read write from it still... trying with the ES note editor when going to the file with ES File Explorer. I've ran the wp_mod.ko as directed and I haven't rebooted.
I'm wondering if I'm missing something, or maybe there's a better way to do it via command line?
blacknet101 said:
Hmmm! Thanks for the reply buddy! may i ask? Where can we find these RUU files? In case we need to go back to Stock?
Click to expand...
Click to collapse
They are available from HTC. I'll have to find the exact links. Also, many android sites will host them too.
Slimfast35 said:
When i run the "adb wait-for-device push firewater /data/local/tmp" command it come back with "failed to copy 'firewater' to '\data\local\tmp': Read-only file system". I'm lost. I have root access and everything.
Click to expand...
Click to collapse
You need root access to write there, shell does not normally have access. Beaware that weaksauce takes a minute or two before after a restart before enabling root again. So wait till you have access again before trying it.
meest said:
trying to modify the default.xml to get rid of the 10 try's and wipe pattern lock and it doesn't appear I have access to read write from it still... trying with the ES note editor when going to the file with ES File Explorer. I've ran the wp_mod.ko as directed and I haven't rebooted.
I'm wondering if I'm missing something, or maybe there's a better way to do it via command line?
Click to expand...
Click to collapse
You do not need the kernal module actually; I have removed that from the guide. I haven't used ES Note before, but no matter what, you must mount system as R/W before you can change anything. Its by default R/O or Read Only. Root explorer has a button that auto mounts it and then you can make your edit.

Unlocked bootloader

I have my Samsung note 3, and it will never be unlocked. So i was thinking about moving to this. Is the Verizon edition unlocked for custom roms?
Sent from my SM-N900V using XDA Free mobile app
scoreboard said:
I have my Samsung note 3, and it will never be unlocked. So i was thinking about moving to this. Is the Verizon edition unlocked for custom roms?
Sent from my SM-N900V using XDA Free mobile app
Click to expand...
Click to collapse
It doesn't come unlocked, but you can unlock it. That's why are a lot of us are on this phone. I had an S5 ordered, but decided against it, when I saw there wasn't any progress being made on it. I cancelled my order, bought my M8, and haven't looked back. Give me an unlocked bootloader, or give me death.
You can S-OFF (which unlocks bootloader) & root it immediately after getting it.
I came from a locked Galaxy S4 and have to say this phone is snappier than an iPhone & as unlockable as a door thats compatible with all keys ;D. Love love loveeee this phone and highly recommend it! Go for it!
I unlocked mine the moment I got home with it, no OTA update required as some people have said to do before unlocking it & as far as I've seen no ones had an actual "Oh no! They made it impossible to unlock like Sammysung!" moment.
Ive tried a for the last two days to root my htc m8..but i can not get it to work...tried htc unclock tried setting up adb...but the first gives me an mid error and the second does not recognize my phone...i did install the newest update before i tried to s-off....any help would be great...
Frausbite77 said:
Ive tried a for the last two days to root my htc m8..but i can not get it to work...tried htc unclock tried setting up adb...but the first gives me an mid error and the second does not recognize my phone...i did install the newest update before i tried to s-off....any help would be great...
Click to expand...
Click to collapse
Have u tried the weak sauce app for root then fire water to s-off?
Sent from my Insanely powered M8 using Tapatalk
holla420 said:
Have u tried the weak sauce app for root then fire water to s-off?
Sent from my Insanely powered M8 using Tapatalk
Click to expand...
Click to collapse
I set up adb using the method from root junky. but my computer won't recognize my device. I must have tried it like 50 times, so i tried the htcdev unlock method...my computer recognizes by device but after i copy the token i get the mid 160 error.
Frausbite77 said:
I set up adb using the method from root junky. but my computer won't recognize my device. I must have tried it like 50 times, so i tried the htcdev unlock method...my computer recognizes by device but after i copy the token i get the mid 160 error.
Click to expand...
Click to collapse
U must not being in the right directory
Sent from my Insanely powered M8 using Tapatalk
Frausbite77 said:
I set up adb using the method from root junky. but my computer won't recognize my device. I must have tried it like 50 times, so i tried the htcdev unlock method...my computer recognizes by device but after i copy the token i get the mid 160 error.
Click to expand...
Click to collapse
What that guy above me said, if you using Windows make sure you right click+shift in the platform tools directly then see if it shows up with adb devices, if not check your drivers.
Frausbite77 said:
Ive tried a for the last two days to root my htc m8..but i can not get it to work...tried htc unclock tried setting up adb...but the first gives me an mid error and the second does not recognize my phone...i did install the newest update before i tried to s-off....any help would be great...
Click to expand...
Click to collapse
HTCDEV unlock doesn't work for the Verizon variant. To s-off just follow this step by step guide:
http://forum.xda-developers.com/showthread.php?t=2708628
PRO TIPS: Let's say that your adb and fastboot files are located in C:\Program Files\Android. Add this directory to your system path by pressing the Windows key and typing "environment". After a few letters you'll see an option called "Edit the System Environment Variables". Click on this option. The system properties windows will open to the Advanced tab. Click the Environment Variables button. In the System Variables field you'll see a variable called Path. Click on it and choose edit. In the variable value field you'll see a list of paths separated by semi colons. We want to add the path of your adb and fastboot files to the system Path variable so that adb and fastboot commands can be executed anywhere. For the example location I used above you would add the following to the end of the list:
;C:\Program Files\Android
To test, open a command prompt and type "adb". This should launch adb with no parameters. Now you can use adb and fastboot commands anywhere. When you download the firewater script file, you can just leave it in the Downloads directory. If you use Chrome you could click the arrow next to the file and choose "show in folder". Then shift+right click an empty portion of the Downloads directory window and choose "open command window here" (you can also shift+right click on folders icons to accomplish this). Should be easy to s-off now.
NOTES:
*Once adb is setup issue the command "adb devices" to ensure your phone is recognized. The first time you will get a popup on your phone asking if you want to allow the PC adb access. Make sure you check "always allow".
*Before you issue the "su" command wait about 30 seconds to allow WeakSauce to root the phone after reboot. If you get an error saying "su not found" it's because WeakSauce has not yet rooted the phone. Wait 10 seconds and try again.
*When you issue the "su" command wake your phone's display and look for a SuperSu request. Allow it obviously.
*It's possible that the process may fail. If it does just try again. If it keeps failing try a different USB 2.0 port. Also make sure you're using the best USB cable that you have. The one that came with the phone should work.
Doc Ames said:
HTCDEV unlock doesn't work for the Verizon variant. To s-off just follow this step by step guide:
http://forum.xda-developers.com/showthread.php?t=2708628
PRO TIPS: Let's say that your adb and fastboot files are located in C:\Program Files\Android. Add this directory to your system path by pressing the Windows key and typing "environment". After a few letters you'll see an option called "Edit the System Environment Variables". Click on this option. The system properties windows will open to the Advanced tab. Click the Environment Variables button. In the System Variables field you'll see a variable called Path. Click on it and choose edit. In the variable value field you'll see a list of paths separated by semi colons. We want to add the path of your adb and fastboot files to the system Path variable so that adb and fastboot commands can be executed anywhere. For the example location I used above you would add the following to the end of the list:
;C:\Program Files\Android
To test, open a command prompt and type "adb". This should launch adb with no parameters. Now you can use adb and fastboot commands anywhere. When you download the firewater script file, you can just leave it in the Downloads directory. If you use Chrome you could click the arrow next to the file and choose "show in folder". Then shift+right click an empty portion of the Downloads directory window and choose "open command window here" (you can also shift+right click on folders icons to accomplish this). Should be easy to s-off now.
NOTES:
*Once adb is setup issue the command "adb devices" to ensure your phone is recognized. The first time you will get a popup on your phone asking if you want to allow the PC adb access. Make sure you check "always allow".
*Before you issue the "su" command wait about 30 seconds to allow WeakSauce to root the phone after reboot. If you get an error saying "su not found" it's because WeakSauce has not yet rooted the phone. Wait 10 seconds and try again.
*When you issue the "su" command wake your phone's display and look for a SuperSu request. Allow it obviously.
*It's possible that the process may fail. If it does just try again. If it keeps failing try a different USB 2.0 port. Also make sure you're using the best USB cable that you have. The one that came with the phone should work.
Click to expand...
Click to collapse
Thank you for letting me know about the HTC Dev...I have a mac and set up ADB...it shows my phone off line...i get the message that says allow this computer and check always...i run adb devices and now it just returns blank...i reinstall drivers which is htc sync but the problem persists....
Frausbite77 said:
Thank you for letting me know about the HTC Dev...I have a mac and set up ADB...it shows my phone off line...i get the message that says allow this computer and check always...i run adb devices and now it just returns blank...i reinstall drivers which is htc sync but the problem persists....
Click to expand...
Click to collapse
Try 'adb kill-server' then issue 'adb start-server' then try 'adb devices'. If that doesn't work, try a different USB port. If still no joy try a different USB cable. If that doesn't work try restarting the Mac, restarting the phone, spinning around in an office chair three times, and blowing into a Nintendo cartridge. If that doesn't work I don't know what else to suggest besides trying it on a different computer or maybe in Windows. I've never had an issue with ADB so if somebody else has any ideas for Frausbite77 please chime in.
Edit: I googled this Mac ADB guide. I don't know if it really matters, but it says to have ADB/fastboot in the /usr/bin directory. Check it out. There's a script file and when run it installs the Android SDK tools to the appropriate folder. Also check the comments. Somebody else has probably had the same problem as you:
http://htc-one.wonderhowto.com/how-...-mac-os-x-send-commands-your-htc-one-0151178/
Edit 2: After reading a user's comment that the script was broken I looked at the script and it was, in fact, broken. I fixed it. Follow the guide but use this zip instead:
Doc Ames said:
Try 'adb kill-server' then issue 'adb start-server' then try 'adb devices'. If that doesn't work, try a different USB port. If still no joy try a different USB cable. If that doesn't work try restarting the Mac, restarting the phone, spinning around in an office chair three times, and blowing into a Nintendo cartridge. If that doesn't work I don't know what else to suggest besides trying it on a different computer or maybe in Windows. I've never had an issue with ADB so if somebody else has any ideas for Frausbite77 please chime in.
Edit: I googled this Mac ADB guide. I don't know if it really matters, but it says to have ADB/fastboot in the /usr/bin directory. Check it out. There's a script file and when run it installs the Android SDK tools to the appropriate folder. Also check the comments. Somebody else has probably had the same problem as you:
http://htc-one.wonderhowto.com/how-...-mac-os-x-send-commands-your-htc-one-0151178/
Edit 2: After reading a user's comment that the script was broken I looked at the script and it was, in fact, broken. I fixed it. Follow the guide but use this zip instead:
Click to expand...
Click to collapse
Ok, well so I never got adb to show my device on line....but when i typed ./adb reboot, the device actually responds to the commands...taking a risk i went ahead and pushed the firewater files and the process worked. I was able to unlock my device and install twrp...so i figured out that for and to work i have to type in ./ before i type in any commands...i don't if i messed something up along the way or what...but in the end i have gotten i was able to root and get s off....maybe i got lucky lol...thanks so much for the help!!
Frausbite77 said:
Ok, well so I never got adb to show my device on line....but when i typed ./adb reboot, the device actually responds to the commands...taking a risk i went ahead and pushed the firewater files and the process worked. I was able to unlock my device and install twrp...so i figured out that for and to work i have to type in ./ before i type in any commands...i don't if i messed something up along the way or what...but in the end i have gotten i was able to root and get s off....maybe i got lucky lol...thanks so much for the help!!
Click to expand...
Click to collapse
That's the proper command line for using Adb on a Mac. It won't work without using ./ before the command.
Sent from my HTC6525LVW using Tapatalk
Frausbite77 said:
Ok, well so I never got adb to show my device on line....but when i typed ./adb reboot, the device actually responds to the commands...taking a risk i went ahead and pushed the firewater files and the process worked. I was able to unlock my device and install twrp...so i figured out that for and to work i have to type in ./ before i type in any commands...i don't if i messed something up along the way or what...but in the end i have gotten i was able to root and get s off....maybe i got lucky lol...thanks so much for the help!!
Click to expand...
Click to collapse
My bad. I should have mentioned that to execute a file in a Unix-like operating system you need to enter the full or relative path if it's not in your $Path environment variable. That's why you needed to add a './' before the command. The './' indicates that the file is in the current directory. That's probably why that guide recommended putting adb and fastboot in /usr/bin. If you want to fix it so that adb and fastboot commands can be run from anywhere open a terminal, change to the directory where adb and fastboot are located, and issue the following commands:
sudo mv adb /usr/bin
sudo mv fastboot /usr/bin
That will move adb and fastboot into /usr/bin which is in your $Path so you can issue the commands anywhere without using './'. I'm glad you got your M8 s-offed and recovery installed. If you're looking into custom ROMs, I can personally recommend ViperOne as a great stock option and LiquidSmooth as an AOSP option. Try em' out. Now that you have recovery you can just restore a backup if you don't like your current ROM.
Doc Ames said:
My bad. I should have mentioned that to execute a file in a Unix-like operating system you need to enter the full or relative path if it's not in your $Path environment variable. That's why you needed to add a './' before the command. The './' indicates that the file is in the current directory. That's probably why that guide recommended putting adb and fastboot in /usr/bin. If you want to fix it so that adb and fastboot commands can be run from anywhere open a terminal, change to the directory where adb and fastboot are located, and issue the following commands:
sudo mv adb /usr/bin
sudo mv fastboot /usr/bin
That will move adb and fastboot into /usr/bin which is in your $Path so you can issue the commands anywhere without using './'. I'm glad you got your M8 s-offed and recovery installed. If you're looking into custom ROMs, I can personally recommend ViperOne as a great stock option and LiquidSmooth as an AOSP option. Try em' out. Now that you have recovery you can just restore a backup if you don't like your current ROM.
Click to expand...
Click to collapse
Thanks for the advice...actually i was just going to ask about some roms...just flashed viper rom and gonna give it a go...thanks for all the help...
Frausbite77 said:
Thanks for the advice...actually i was just going to ask about some roms...just flashed viper rom and gonna give it a go...thanks for all the help...
Click to expand...
Click to collapse
You'll love it. A couple thing to note though. For some reason the 1.6 download doesn't actually contain the 1.6 OTA so you'll want to go to 'About phone' and update to 1.6. Also I believe that ViperOne defaults to power saver mode. You can change this by using the toggle in the notification drawer. If you want to add power saver and extreme power saver to the settings menu follow this guide:
http://forum.xda-developers.com/showthread.php?t=2710946
Doc Ames said:
You'll love it. A couple thing to note though. For some reason the 1.6 download doesn't actually contain the 1.6 OTA so you'll want to go to 'About phone' and update to 1.6. Also I believe that ViperOne defaults to power saver mode. You can change this by using the toggle in the notification drawer. If you want to add power saver and extreme power saver to the settings menu follow this guide:
http://forum.xda-developers.com/showthread.php?t=2710946
Click to expand...
Click to collapse
wow, man viper rom is insane, thanks for the update heads up...i wouldn't have even thought to do that...guess i have tons of reading to catch up on...thanks...

Categories

Resources