Database Info

[Q] Explain (not with a HOWTO!) Goldcard, Bootloader, SPL, RUU, CID to me

Ok, so I'm not all that new to this rooting thing, I've rooted several HTC Magics, a Nexus One, helped out on a Legend, rooted a Hero and managed to install Android on an HTC Tytn II.
I'm getting used to the different terms about rooting and I'll recite them for you so you know where I'm at.
My Question/Request for you all is to help me figuring out what all these words mean and how they correspond/correlate/work together.
=== Things I have understood almost completely ===
Root
As in Linux, gives a user or script the permission to write to otherwise protected partitions and file systems of the handset.
Recovery
A partition(?) that manages some tasks involved with the basic building blocks of the system, such as installing/flashing different partitions/parts of the handset. Also has the ability to wipe the data-partition as well as Dalvik-cache.
Bootloader/HBOOT/SPL
A partition(?) that fires up the basic buildingblocks on the handset. Such as recovery, OS, and whatnot. With Fastboot-commands it's possible to flash partitions, as long as the bootloader allows remote writing through command-line.
=== Things I've almost completely understood ===
CID
CarrierID. This is when a mobile phone network carrier "locks" the phone to a specific network. But this also means that the carrier hands out updates to the Android-system installed on the handset? And the only way of updating a factory-state handset is by getting hold of updates from the carrier?
RUU
ROM Update Utility. Used by HTC to update their manufactured handsets. There might be other manufacturers who use this abbreviation, but I've seen it used almost exclusively in regards to HTC. There are checks being made when trying to install a RUU-package on the handset. These are/could be(?)
* Current RUU version already installed (if the RUU-package that is being installed is older, the installation quits)
* Current CID (If the CID in the RUU doesn't match the CID on the handset, the installation quits)
=== Things that confuse me ===
Goldcard
This is a modified SD card that supposedly bypasses the CID/RUU-check. Now, this to me sounds like I can install any RUU no matter what version I currently have installed on my handset and no matter what CID my handset came with.
This also sounds to me that I can potentially install a Desire RUU on my HTC Magic, if it is true that the RUU/CID-check is bypassed by the goldcard.
This also sounds to me that the requirement for a newer RUU-version of the package I'm installing is bypassed. For instance, I will, if I use a goldcard, be able to install a RUU-package with the version 1.28 on a handset that currently have version 1.31 installed?
Reverting a root
Is it as easy as grabbing the latest official RUU-update from HTC:s website and install that? Does it contain all the partitions and system-files necessary to restore the handset to a factory-state? Or will there be complications because of the root and different custom-ROM:s and custom-recoveries that are on the handset?

Shameless bump. SOMEONE has to know this. Or this is such common knowledge that there is a wikipedia article and I missed it?
If I only get an answer to my Goldcard questions I'd be real thankful.

Sounds to me like you have a very good grasp of all these things. It's nice, but rare, to see people doing their own research and learning this much before posting questions!
There's nothing i can add really but to confirm that ,yes...flashing a stock ROM will revert changes although some devices can be picky with which stock ROM is best.
As an aside, have you considered doing development work yourself, perhaps ROM building? You're obviously capable, interested and 'have the right stuff'!

DirkGently1 said:
Sounds to me like you have a very good grasp of all these things. It's nice, but rare, to see people doing their own research and learning this much before posting questions!
Click to expand...
Click to collapse
Well, thank you. I'm slowly beginning to get used to doing as much research as I can get by with and provide what I know, or at least think I've been able to conclude, and then ask a question about it.
DirkGently1 said:
There's nothing i can add really but to confirm that ,yes...flashing a stock ROM will revert changes although some devices can be picky with which stock ROM is best.
Click to expand...
Click to collapse
When you say flashing a stock ROM, would this also apply for RUU-packages? As an example; If I have an HTC Hero and I manage to downgrade it through som root-method, will I be able to run an official HTC-provided RUU to get it back to a factory state?
The only way I have been able to return my Nexus One to a factory state is by the use of a PASSIMG.zip-file, but then I would have to make sure that I am using the stock recovery. One reason for my question is that I'd also like to know if it's possible to run an RUU-package on a rooted, and/or custom recovery-flashed and/or engineering SPL-flashed handset and have it returned to a factory state.
DirkGently1 said:
As an aside, have you considered doing development work yourself, perhaps ROM building? You're obviously capable, interested and 'have the right stuff'!
Click to expand...
Click to collapse
Well, sure, the thought has struck me once or twice. I'm currently in my last months of my education in becoming a Master in Software Engineering, but at the moment I'm into getting to know more about how Android works on different handsets and how the different parts are connected to each other. I will very soon dive into Android development as it's the only really interesting area for handsets/mobile communication, that doesn't have the price of a whole Apple Macintosh to even be able to begin programming for it.
I'm sure I will get an Apple suite later on, I like the diversities of different manufacturers but for the time being I'm price conscious.

Is there anyone who knows a thing or two about Goldcards?
One of my questions in the first post was about the CID/RUU-relation to the Goldcard.
I have read from one or maybe two people on random forums, stating that the Goldcard is _only_ needed when the handset is carrier-locked. I'm very interested in getting to know more about the Goldcard and when it is supposed to be used and/or required.
Because a lot of the times when dealing with rooting HTC handset it boils down to having a Goldcard or not. But at times I hear about methods where Goldcards aren't needed. But the statements differ from "You need a goldcard" to "You only need a Goldcard when your handset is CID-locked" to "You need a Goldcard to be able to flash an RUU that is older than the one you currently have on your handset." to "You need a Goldcard if you want to flash an RUU with a different CID" to "You don't need a Goldcard at all".
Somehow I think there are some kind of specific combinations, for instance something like this;
CID-locked handset => Needs a Goldcard to be able to root
RUU-version on the handset is new => Needs a Goldcard to be able to flash older RUU-version
RUU/CID-combination is X and Y => Needs a Goldcard to be able to flash an RUU that has the RUU/CID-combination A and B
...
...
There are times when some rooting methods do not require a Goldcard at all, but it seems to me they are pretty rare when compared to those who require a Goldcard.
Someone out there should have the whole story about this and I'm very interested to know how these things work and I'm also grateful for sharing this with me.

Something's wrong...

So I tried rooting the phone and it wouldn't do it. After a restart its just getting stuck at the "MY" logo
Did i brick it?
Edit: its working now but I can't get it rooted. I got the root.rar file unzipped into the sdcard/root but it says its not permited, what am I doing wrong?

That gives us nothing to go on. There are several rooting methods out there. Which are you using?

http://forum.xda-developers.com/showthread.php?t=858021&highlight=operation
That one
When i get to c. Type "sh root.sh" + enter.
it gives me an error and it tells me to restart and check if s=off but when i reboot and hold down the volume button nothing happens. It just reboots normally

That's the best guide out there and the one that I used.
Before attempting to run the script, did you successfully gain temp root using Visionary and set system to R/W?

Try the method here: http://forum.xda-developers.com/showthread.php?t=858996
It is newer and better in my opinion. Try it from the beginning step-by-step and see if it works.

TeeJay3800 said:
That's the best guide out there and the one that I used.
Before attempting to run the script, did you successfully gain temp root using Visionary and set system to R/W?
Click to expand...
Click to collapse
It asked me for super user permission so i'm pretty sure I got temp root.
I finally got something it rebooted and I checked but it still says s-on.
I'll try the script again and post what I get but this is very weird, I had no problems with my G2.
Edit:
my terminal output is
Inserting kernel module
ismod: init_module '/sdcard/root/wpx.ok' failed (Function not implemeneted)
Duplicatiing hboot
2048+0 records in
2048+0 records out
1048576 bites transferred in 0.721 secs (1454335 bytes/sec)
Synchronizing
Powerdown and reboot into hboot to check if s+off
when I reboot i get
GLACIER PVT SHIP S-ON
HBOOT-0.86.0000
MICROP-0429
RADIO-26.03.02.26_M
eMMC-boot
OK Last edit:
It seems my Hboot being 0.86.0000 had something to do with it, I tried the other method with adb and it worked I finally got S-off. This was harder to do than on my G2 that's for sure.
Thanks to those who tried helping and thanks to kmdub for suggesting the alternate method.

For some reason, you are not writing the proper hboot image. Try to re-download or find another source, because the one you are writing, according to your output, is not the right one.
OR...you could try the method I posted above, which does not require a new hboot and actually turns the radio S=OFF. Seriously though, why not use a different (read newer and better) method if the one you are using is not working?

Evofusion said:
It seems my Hboot being 0.86.0000 had something to do with it, I tried the other method with adb and it worked I finally got S-off. This was harder to do than on my G2 that's for sure.
Thanks to those who tried helping and thanks to kmdub for suggesting the alternate method.
Click to expand...
Click to collapse
While there are other rooting methods out there, there is nothing wrong with the guide you are following. Like I said, it worked great for me. The only thing I can think of is the version of Visionary you are using. r11 is supposed to work better than r14 on the MT4G. The script you run in the beginning flashes the engineering bootloader (0.85.2007), so that's way to tell if the script was successfully run. Just make sure you actually get root access after typing 'su' (so make sure Visionary gets temp root and system is set to R/W first).

Glad you finally got it working.
It seems my Hboot being 0.86.0000 had something to do with it, I tried the other method with adb and it worked I finally got S-off.
Click to expand...
Click to collapse
That's because the method you were trying first requires the ENG hboot as an essential part of the rooting process. It would have worked, but for some reason it seemed like the one you were writing was the same as what you already had. I don't know if you used the other method I posted or another "other" method, but the one I linked to actually turns the radio's security off (S=OFF) among other things, if you so choose. The older method replaces the stock bootloader with one that does not enforce/ignores the radio's set security. Whereas the newer method actually turns that security flag off, so you can use either bootloader. Both can use Visionary and effectively allow you to "root" the device, but the newer method is more permanent, so to speak.

kmdub said:
I don't know if you used the other method I posted or another "other" method, but the one I linked to actually turns the radio's security off (S=OFF) among other things, if you so choose. The older method replaces the stock bootloader with one that does not enforce/ignores the radio's set security. Whereas the newer method actually turns that security flag off, so you can use either bootloader. Both can use Visionary and effectively allow you to "root" the device, but the newer method is more permanent, so to speak.
Click to expand...
Click to collapse
So even though I have the engineering bootloader and my S status is "OFF", the radio security is still on? Does that only matter if for some reason I switch back to the stock bootloader, and as long as I keep the eng SPL the difference in methods is inconsequential?

Evofusion said:
http://forum.xda-developers.com/showthread.php?t=858021&highlight=operation
That one
When i get to c. Type "sh root.sh" + enter.
it gives me an error and it tells me to restart and check if s=off but when i reboot and hold down the volume button nothing happens. It just reboots normally
Click to expand...
Click to collapse
Just a quick FYI on this, did you uncheck Fast Boot in the settings?

So even though I have the engineering bootloader and my S status is "OFF", the radio security is still on? Does that only matter if for some reason I switch back to the stock bootloader, and as long as I keep the eng SPL the difference in methods is inconsequential?
Click to expand...
Click to collapse
That is the impression I got from reading grankin01's method at the link I posted earlier; that yes, the security flag controlling the security is still set to on. Flashing the ENG bootloader is what actually gives you a label that says S=OFF on the older methods, since that bootloader either ignores the security flag or overrides it somehow. I am not certain about exactly how this takes place. What we do know however, is that security is not enforced regardless since it does allow you to effectively root the device, and you obviously have it working with the older method. The benefit of the newer method is outlined in his post. It allows you to retain the original bootloader and truly be S=OFF. I guess one could say that the older method provides an easier return to complete stock (warranty, return, etc.), since all one would have to do is use the PD15IMG to return to a completely stock state, bootloader and all. However, with the newer method, one would have to reverse the steps done with gfree in order to return to S=ON. So I would think that as long as you have the ENG bootloader you are ok, and it may make no difference. I do not know that from experience however, since I have only ever used the newer method with stellar results.

kmdub said:
The benefit of the newer method is outlined in his post. It allows you to retain the original bootloader and truly be S=OFF. I guess one could say that the older method provides an easier return to complete stock (warranty, return, etc.), since all one would have to do is use the PD15IMG to return to a completely stock state, bootloader and all. However, with the newer method, one would have to reverse the steps done with gfree in order to return to S=ON. So I would think that as long as you have the ENG bootloader you are ok, and it may make no difference. I do not know that from experience however, since I have only ever used the newer method with stellar results.
Click to expand...
Click to collapse
Thanks for the info. My understanding of one method versus the other was pretty much what you explained, but it's good to have it clarified.
I used fastboot way back in my G1 days.....first with the original EngSPL, then HardSPL, and finally when haykuro released DangerSPL. Since I would want the engineering bootloader anyway, I suppose there's no disadvantage to using the method I used. For those that want the stock bootloader, I can see why the newer method is advantageous to them.

Sensation Fully Rooted with HTCdev

I guess I will start by saying that I have been a long time 'lurker.' I started coming around XDA back when the original Dash was new and have used all the information pumping out since then.
I tried looking around as best as I could to see if there were any other threads regarding a full root with the HTCdev bootloader but could only find discussion and debates around it.
I mostly am just confirming that it can be done. Not sure if I am a lucky one or if it was even a very risky process, but it took me all of about 15 minutes so I'm not complaining.
All I did was follow the instructions from HTCdev to unlock my sensation. After that I followed this guide from Step 2.
I currently have S-OFF, superuser access, installed a new rom, and reverted to my original rom. Everything seems to be properly working without a hitch.
Also, for clarity on this part in HTCdev FAQ:
What does this mean for me?
Unlocking the bootloader means that you now have the ability to customize software on your device. Please note that changing your bootloader can cause significant issues with your device and once you have unlocked your device, you have agreed to the disclaimer that states a change in warranty status such that in the event you render your device unusable, you are responsible for the recovery of your device, whether by repair or by other means.
Click to expand...
Click to collapse
All that means is that if you brick your device through unlocking or flashing new roms that HTC will not warranty your device. If everything works properly but you end up with other issues, i.e. touch screen no longer is responsive, then you are covered. I actually spoke to an HTC rep about it and that is what I got. Now they may try to say that unlocking may have caused it, but that isn't anything new.

Hmmm -_-
Sent from my HTC Sensation 4G using XDA App

hmmmm hmmmm cough choke cough

kleanblade said:
I guess I will start by saying that I have been a long time 'lurker.' I started coming around XDA back when the original Dash was new and have used all the information pumping out since then.
I tried looking around as best as I could to see if there were any other threads regarding a full root with the HTCdev bootloader but could only find discussion and debates around it.
I mostly am just confirming that it can be done. Not sure if I am a lucky one or if it was even a very risky process, but it took me all of about 15 minutes so I'm not complaining.
All I did was follow the instructions from HTCdev to unlock my sensation. After that I followed this guide from Step 2.
I currently have S-OFF, superuser access, installed a new rom, and reverted to my original rom. Everything seems to be properly working without a hitch.
Also, for clarity on this part in HTCdev FAQ:
All that means is that if you brick your device through unlocking or flashing new roms that HTC will not warranty your device. If everything works properly but you end up with other issues, i.e. touch screen no longer is responsive, then you are covered. I actually spoke to an HTC rep about it and that is what I got. Now they may try to say that unlocking may have caused it, but that isn't anything new.
Click to expand...
Click to collapse
Not trying to antagonize here but can you supply us with some screen shots of your "About" section and kernel and ROM part...??? No disrespect meant but if you say this is true then I would like to visualize the outcome. Thanks!

I understand anyone's skepticism. So I will provide, as best I can, whatever information I can. Have a couple screens attached. Soon as I can find a camera or get my hands on someone's phone I will take a picture of the HBOOT screen.
I'm not trying to do anything other than a "Hey, this actually worked for me." HTC's method just gave me the unlock and S-OFF. I understand it hasn't been the case for everyone. In fact I even had issues with HTC's method once I got the prompt to actually unlock the device. It wouldn't accept my input the first few tries (choosing yes or no yielded nothing).

Very legitimate. You should do a tutorial video on youtube and post it here.
kleanblade said:
I understand anyone's skepticism. So I will provide, as best I can, whatever information I can. Have a couple screens attached. Soon as I can find a camera or get my hands on someone's phone I will take a picture of the HBOOT screen.
I'm not trying to do anything other than a "Hey, this actually worked for me." HTC's method just gave me the unlock and S-OFF. I understand it hasn't been the case for everyone. In fact I even had issues with HTC's method once I got the prompt to actually unlock the device. It wouldn't accept my input the first few tries (choosing yes or no yielded nothing).
Click to expand...
Click to collapse
Sent from my HTC Sensation 4G using XDA App

hmmm
why use this and not the alpharev solution?

my question exactly...
reddoni said:
why use this and not the alpharev solution?
Click to expand...
Click to collapse
What is the difference between the two unlocking methods? Does one let you go back to S-on should you want to revert back? Are more internals accessible with one over the other (like radio's)? Just curious. When I do root I want to make sure I am using the best one with optimal features. Thanks in advance.

I personally have not seen a distinct advantage with using either method. If the phone bricks with either method you are out in the cold no matter what. Both are relatively easy to do. With HTC's method your warranty will at least be intact for any issues they deem not responsible from being rooted w/o having to 'hide' that you rooted your device. HTC's method may be easier to 'relock' your device as well. After I locked my device and rebooted, I locked it again and it was as simple as a short command. Any deeper than that I will say it's beyond my ability to know.
I feel like its as simple as an apples and oranges approach or an OEM vs after market. HTC has tested and checked their method and put their stamp of approval on it. For some 'consumers' it gives them a better sense of security. AlphaRev method works just as well but will never have the clout a large corporation, such as HTC, has.
If there is an interest for Snipes' request I could try to put a guide together. I know I don't command much credibility yet. So I don't want to do something know one would trust. However, it really isn't much different then the current guide available.
Also, HBOOT picture attached. As far as locking up your device again, with the HTC method it puts **** RELOCKED **** as the header and S-ON. I believe (not sure since I haven't done it) with the revolutionary method it simply replaces the hboot screen to the original.

How did you S-OFF? Using the same adb command as those with the Nexus One did?

I simply followed HTC's method to unlock the boot loader and it gave me S-OFF.
This gist of HTC's process is that you use go through fastboot, get your device token code, submit your token code to HTC, they email you an unlock_code.bin file, and you finish up with flashing your device with the unlock code. It is not difficult and took me about 3 minutes, maybe. The only extra thing that I am not even sure you need, is to have htcsync installed (it was listed as a requirement by htc).

Also,
The only two commands you use in the process are:
fastboot oem get_identifier_token (to get the token you need to submit)
fastboot flash unlocktoken Unlock_code.bin (flash your unlock code on the device)
If you want to relock your device you simply use:
fastboot oem lock

I just tried the HTCdev way, and I did get unlock, but did not get S-OFF

Billyvnilly said:
I just tried the HTCdev way, and I did get unlock, but did not get S-OFF
Click to expand...
Click to collapse
same here, it says unlocked but still s-on... and i get an error when trying to flash recovery (step 2) what to do?

I'll get my hands on another Sensation and see what results I get.
Odd that I would be the only one with a sensation that has s-off.

miroxlava said:
same here, it says unlocked but still s-on... and i get an error when trying to flash recovery (step 2) what to do?
Click to expand...
Click to collapse
Just start with step one then. I was able to follow all steps (except i dont need supercid) after doing htcdev. took maybe 45 minutes from start to finish, including downloads, restarts, and getting new ROM installed. Which btw, the CM7 alpha is out... trying it out soon.

Ok the HTCdev site says this. Not to mention they know you S-offed cause you did it via their website and tools.
Please understand that you will not be able to return your device to the original state
Click to expand...
Click to collapse
And in the [Guide] to Installing S-off, ClockWork, Root, SuperCID & S-on [03/AUG/11](noobproof) thread it says.
For Warranty Purposes/Returns:Follow Step 4 below for removing Clockwork and Root FOLLOW STEP 5 TO CHANGE BACK TO S-ON - CONFIRMED TO BE WORKING- USE WITH CAUTION
Click to expand...
Click to collapse
Now my question is this, if you S-off your Sensation via the HTCdev site and then S-on your Sensation via the method mentioned in the guide. Does your Unlit go back like it was originally, and not say " **** RELOCKED ****" at the top of the screen. Or is the to methods of S-offing your Sensation compatible with one another. I mean will combining the two brick the device. I would like some feed back from some devs that know more about what is actually going on when you switch from S-on to S-off, or from S-off to S-on.
Edit: Also the HTCdev site says this.
going forward your device may not be held covered under the warranty for all claims resulting from the unlocking of the bootloader. HTC bears no responsibility if your device is no longer usable afterwards.
Click to expand...
Click to collapse
So this is at the OP, just cause you use the HTCdev site to S-off your bootloader. It does not mean it does not void your warranty. And it does not mean HTC will fix your device if things go wrong and your device is rendered usless. You have to remember it is HTCdev, key word being dev not HTC.

[dev] thread to attempt downgrade S-on to S-offable state. misc_version tool added

As it seems even if HTCdev unlock tool is going to work to unlock devices, even then S-On is going to block us from flashing kernels, and use ICS roms.
Blue6ix is quite much on this stuff, thought we could start a thread brainstorming about this, how to do it, how was it done on other devices.
Generally, as blue6ix and I see, (and i did this based on howtos for g2, downgrading the g2 to get to a version where S-off was possible - a howto: http://forum.xda-developers.com/showthread.php?t=905261 )this is how it can be done:
- Temp root or permroot (htcdev tool will work)
- Go root in terminal or adb shell
- Then somehow set the Version number in Misc partition (/dev/block/mmcblk0p31 this time) to a lower number
- Flash and older RUU (full system update exe from HTC)
- use revolutionary to perm root and s-off on the old hboot etc.
Question one: is this (mmcblk0p31) really the misc partition? I read it in our guides that it is.
Now till we will be sure how to do this, thought to start a thread. Here, i'll attach my misc partition image and quote the starting bytes of it. Otherwiset the whole misc partition is full of Zeroes, maybe somewhere there's a CRC in it as well.
My start of the image (you know i used dd to grab it):
Code:
T-MOB010 DeviceWarmBoot ˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙˙
CE Serial InUse Debug Cable Ena CE USB InUse
ClearAutoImage 1.28.531.9
I'd like to know, what this version exactly is. 1.28.531.9 . Maybe we should check new devices version. And compare the misc partitions of newer S-on devices. Also try to get knowledge if theres a CRC or not in this partition. and also, if this time it will or will not be enough to write this partition.
Pls, don't use this image in the zip, you might brick yourself.
===
UPDATE: check this, theory, but might work if someone SOn-Unlocked is brave enough to risk bricking.
http://forum.xda-developers.com/showpost.php?p=22649895&postcount=12
===
UPDATE2:
Indirect has been able to modify the misc partitions that contain version number!
http://forum.xda-developers.com/showpost.php?p=24012875&postcount=99
http://forum.xda-developers.com/showpost.php?p=24015957&postcount=100

Thanks for making the thread man.
I am out and about on my mobile, and won't be back at my dev station until midnight or tomorrow, so let me throw this out for now:
If you want to dump your partitions, what you have to do is pop open terminal or an adb shell and type:
Code:
su
...grant superuser permissions, then:
Code:
dd if=/dev/block/mmcblk0 of=/sdcard/mmcblk0.img
...and give it some time to run.
This will dump all your partitions to a single image file, where individual ones can be extracted later.
The file will be on your sdcard, and be named mmcblk0.img
If you want to dump a specific partition, after superuser permissions type instead:
Code:
dd if=/dev/block/mmcblk0p31 of=/sdcard/mmcblk0p31.img
... and this will give you the partition 31 as an image on your sdcard named mmcblk0p31.img
You can find the list of partitions here:
doubleshot Partitions and Mounts
Which is post 3 of my dev reference stickied here in development.
----
I already have my S-OFF partitions from the retail launch, and the latest OTA update.
We need the partitions from an S-ON UNLOCKED device, and also from an S-ON LOCKED device.
The single image dump of everything will be big, and have things we don't need like system and data (blocks 22 and 23 respectively). It may be difficult for people to upload but the individual partitions are not so bad.
----
Getting them from an S-ON LOCKED device will be a bit more difficult but with tacoroot you might be able to get some or all of them if you don't reboot first.
----
If anyone can contribute the files we need it would help the cause tremendously and shave a lot of time off making this happen - though i've got enough for us to muck through it so far.
----
This is the sole focus of my attention until we win and get all the S-ON devices to S-OFF status - the full range of limitations for the supposedly UNLOCKED devices has been brought to my attention now and that's just not gonna cut it.
I don't know if it's something to do with the messed up unlock or what, but the UNLOCK people can't do some things right, including flashing my ROM and that's just not acceptable. If I can't bring it up to workable for S-ON devices, then those devices will just have to be made S-OFF instead.
When I get home tonight/tomorrow i'll be working on this around the clock until it breaks or I need sleep - but my whole life is for nothing but this S-ON to S-OFF victory until it's accomplished once I get back to my dev station.
Thanks in advance for any thoughts or files we don't have that can be provided, I wish I could explain more but am just about out of time for now.
Also - we will need more then just the misc partition but I don't have the two more minutes needed to list them now.

heres a source code version of misc_version tool:
http://cmw.22aaf3.com/common/misc_version_02.zip
from here http://wiki.cyanogenmod.com/wiki/HTC_Desire_HD:_Firmware_Downgrade_(Gingerbread)
going to take a peak on this c code. Might as well help us a lot.

tbalden said:
heres a source code version of misc_version tool:
http://cmw.22aaf3.com/common/misc_version_02.zip
from here http://wiki.cyanogenmod.com/wiki/HTC_Desire_HD:_Firmware_Downgrade_(Gingerbread)
going to take a peak on this c code. Might as well help us a lot.
Click to expand...
Click to collapse
relevant code:
Code:
while(!feof(fdin)) {
ch = fgetc(fdin);
if(ferror(fdin)) {
printf("Error reading backup file.\n");
exit(1);
}
// CID
if ((j>=0x0 && j<=0x7)&& (cid!=0)) {
ch = s_cid[j];
}
// VERSION
if ((j>=0xa0 && j<=0xa9)&& (set_version!=0)) {
ch = s_set_version[j-0xa0];
}
if(!feof(fdin)) fputc(ch, fdout);
if(ferror(fdout)) {
printf("Error writing output file.\n");
exit(1);
}
j++;
}
if(fclose(fdin)==EOF) {
printf("Error closing backup file.\n");
exit(1);
}
if(fclose(fdout)==EOF) {
printf("Error closing output file.\n");
exit(1);
}
Seems it simply replaces the Version number in the partitions appropriate position in the Partition. I cannot see CRC recoding, which means it was quite safe to do on the HTC desire Z/dhd/g2. Lets hope its the same with our devices Misc partition...
I will try to get the right position in the Partition image, mod the C code, and create the tool. I think then we will need brave S-on folks and the S-offable RUU exe for them...lol or if noone wants to risk bricking, maybe community could try raise money donating to blue6ix to let him buy a new phone for trying S-on -> S-off stuff. (i cannot do this, im in europe, but i will donate money to blue6ix for an S-on phone, if this method will prove viable theoretically)
basically process will be:
Unlock S-on, install Root on your official rom then command line adb:
adb shell
~ su
# misc_version -s 1.00.000.0 (maybe this version is okay, but we should look up a proper one)
Then copy the older S-offable RUU's PDxxxIMG zip to sdcard, reboot to bootloader, it should flash the older RUU and then you can use Revolutionary S-off.
Process will be rather similar to the one detailed here http://wiki.cyanogenmod.com/wiki/HTC_Desire_HD:_Firmware_Downgrade_(Gingerbread)
and on the g2 thread ive linked in OP

hey guys, i posted in the Bulletproof thread before seeing this thread, but just wanted to throw this in here:
http://htcdev.com/bootloader/faq
the htc unlocker does seem to let you write to boot, system, and recovery partitions.

What about a pd....img.zip for an soffable ruu? Does anyone have that? We will need one for this method outlined. Ill put up a misc_version tool for mt4gs soon here...experimental
sent from HTC Doubleshot pyroiced

tbalden said:
What about a pd....img.zip for an soffable ruu? Does anyone have that? We will need one for this method outlined. Ill put up a misc_version tool for mt4gs soon here...experimental
sent from HTC Doubleshot pyroiced
Click to expand...
Click to collapse
We have one, the stock restore image - I tried to modify it to be the right version for the new hboot & system to accept, but some people tried it and no dice.
I could try again, in the time between I figured another way I could try - but it'll have to wait until I get back.
( also I replied in the bulletproof thread that people can only write part of boot, it'll flash the part for insecure access but not overwrite the ramdisk, so being able to write to boot is only partially true as determined by trial and error)
Sent from my Bulletproof_Doubleshot using xda premium

Blue6IX said:
We have one, the stock restore image - I tried to modify it to be the right version for the new hboot & system to accept, but some people tried it and no dice.
I could try again, in the time between I figured another way I could try - but it'll have to wait until I get back.
( also I replied in the bulletproof thread that people can only write part of boot, it'll flash the part for insecure access but not overwrite the ramdisk, so being able to write to boot is only partially true as determined by trial and error)
Sent from my Bulletproof_Doubleshot using xda premium
Click to expand...
Click to collapse
We won't need that modified. Pls post here the zip here linked.ill post the tool misc version later today, and we can try that plus the unmodified zip. That's the point of my plan.
sent from HTC Doubleshot pyroiced

ok, got a working tool based on guhls misc_version tool that perfectly modifies the version in misc partition. soon i'll upload and we'll need someone brave with S-On unlocked, who wanna try, and we need the PD...IMG zip on this brave mans sdcard, so pls link it here. Also we need a root installable for those who have S-On unlocked.

I will be posting an image for the misc partition tonight if I'm unable to get an image of my entire phone uploaded properly. 4shared has been a huge pain in the ass and keeps disconnecting while I'm uploading.

Limewirelord said:
I will be posting an image for the misc partition tonight if I'm unable to get an image of my entire phone uploaded properly. 4shared has been a huge pain in the ass and keeps disconnecting while I'm uploading.
Click to expand...
Click to collapse
4shared if used on the !!folder!! view, upload can be continued if it disconnected. So go into My account and there use the upload

THIS IS FOR S-On Unlocked. -- WE STILL NEED THE PD...IMG.ZIP, Blue6ix will provide it here later, then ill modify this guide.
OKAY, so what I write here is all theory, but i've created a tool that really modifies the MISC partition to fake a lower version number for your device, so that older system update zip can be tried to be flashed from Bootloader on your device, downgrading to a system which can be S-Offed by the Revolutionary method.
Noone tried this yet, I only can assure that this tool worked on my MISC image, set the version number in the correct position of the MISC partition.
BUT IN ANY CASE, IF YOU ARE BRAVE ENOUGH TO TRY THIS METHOD, BE PREPARED THAT YOU MIGHT BRICK YOUR PHONE. NOONE ELSE TRIED THIS ON AN S-ON DEVICE YET.
But methods similar to this one were succesful with other HTC devices like Desire Z/DHD for downgrading...
Okay, so ...
Here's the misc_version tool modified for mt4gs. It will write directly into your /dev/block/mmcblk0p31 partition, but before it is going to create a backup of it on your sdcard.
http://www.4shared.com/zip/ZFKef2Fq/misc_version_02_mt4gs.html
First make sure that you have an SDCard with a PD...IMG.zip (soon to have the link from Blue6ix) copied onto it to its root, like this:
adb push PD...IMG.ZIP /sdcard
After that IMG.zip is in place, download this zip named misc_version_mt4gs.zip, unzip it, and push misc_version binary to you device
Code:
adb push misc_version /system/bin
adb shell
~ su
# chmod 775 /system/bin/misc_version
Then to use it actually:
Code:
adb shell
~ su
# misc_version -s 1.00.000.0
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 31...
#
This is what you should see if everything went right.
After that you'll need the PD....IMG.zip Blue6ix might soon link here. (Read the first part where we pushed that Zip to sdcard)
So if thats in place you will need to power off, and do the boot into bootloader with Power + VolDown. Then Bootloader will see that the Zip is on the sdcard root directory, and hopefully it will patch successfully your device back to the S-Offable version. (After that take the sdcard off, possibly delete the update zip before you reinsert it to your phone.)
If the update was succesfull, start your phone, see if boots (lets hope so )) if everything is right (check About Software after booting/setting up) proceed to Revolutionary method and S-Off your device.
AGAIN I can't assure you that after running misc_version, it will boot after that modification on an S-On Unlocked device, but we all hope for that.
AGAIN, we need the pd...img.zip yet, and you must be S-On unlocked/with su installed.
ALSO IT WILL CREATE A BACKUP OF YOUR partition 31 on your sdcard, which you can 'dd' back if something went wrong. (If something went wrong but your phone is still bootable to recovery, like Clockworkmod, you can use adb shell to get to a shell and there you can 'dd' the backup to the partition, but lets hope it wont be needed)
AGAIN YOU CAN BRICK YOUR PHONE. THIS IS ALL THEORY, THAT WORKED ON HTC G2 (Desire Z) and Desire HD. Read the thread, ive linked those howtos for those other devices. (like this: http://wiki.cyanogenmod.com/wiki/HTC_Desire_HD:_Firmware_Downgrade_(Gingerbread) )

I got a replacement with S-ON and Locked, I managed to Unlock it and install the latest recovery.
If you wish for me to test something feel free to ask, just cannot risk bricking it again lol

Sinfamy said:
I got a replacement with S-ON and Locked, I managed to Unlock it and install the latest recovery.
If you wish for me to test something feel free to ask, just cannot risk bricking it again lol
Click to expand...
Click to collapse
Well, thanks! Let's see what blue6ix has to tell us about this. There's a chance of bricking, all I can say this is how its done on htc desire hd/z, and the tool is modified to work with mt4gs. We need someone who could risk this with s-on, unlocked or a community donation to get one new phon s-on for blue6ix so he can try.
sent from HTC Doubleshot pyroiced

tbalden said:
Well, thanks! Let's see what blue6ix has to tell us about this. There's a chance of bricking, all I can say this is how its done on htc desire hd/z, and the tool is modified to work with mt4gs. We need someone who could risk this with s-on, unlocked or a community donation to get one new phon s-on for blue6ix so he can try.
sent from HTC Doubleshot pyroiced
Click to expand...
Click to collapse
For the s-on ppl if you brick and have insurance just dunk that sh#t in a lake and chalk it up as lost lol
Sent from my myTouch_4G_Slide using Tapatalk

I don't know if this is of any help to anyone, but one of the problems with the HTC Unlock/S-On combo is that kernels need to be flashed separately. Basically, you need to manually push the boot.img.

Hey, taking a quick break and glad to see how it's going - I'll be getting home in about 5 hours, I'm definitely gonna sit down and start working on this asap, you can count on me for a good 12hours starting around midnight eastern.
Can't wait!
Sent from my Bulletproof_Doubleshot using xda premium

strapped365 said:
For the s-on ppl if you brick and have insurance just dunk that sh#t in a lake and chalk it up as lost lol
Sent from my myTouch_4G_Slide using Tapatalk
Click to expand...
Click to collapse
DO NOT DO THIS IT COSTS $130 TO REPLACE THROUGH INSURANCE. Why are you saying this without even knowing what you're talking about.
For people with insurance and/or premium handset replacement plan (I believe they are one and the same), try this, and if it causes a brick, it is very unlikely that t mobile would be able to ascertain what caused the brick. You can therefore call it in under normal warranty procedures and they will send you a working replacement phone for $5. Please check and confirm your plan first, before you try this.

dung8604 said:
DO NOT DO THIS IT COSTS $130 TO REPLACE THROUGH INSURANCE. Why are you saying this without even knowing what you're talking about.
For people with insurance and/or premium handset replacement plan (I believe they are one and the same), try this, and if it causes a brick, it is very unlikely that t mobile would be able to ascertain what caused the brick. You can therefore call it in under normal warranty procedures and they will send you a working replacement phone for $5. Please check and confirm your plan first, before you try this.
Click to expand...
Click to collapse
Im just giving an option, theres def no need to jump down on me like im to stupid to know what an insurane claim costs, or like im to stupid to realize tmobile WILL know why you bricked its on you tho what you do my device is s-off already, im just trying to jump in to help yall out, i have no problems keeping to myself working for myself and doing the rest of what i enjoy for my other devices community
Sent from my myTouch_4G_Slide using Tapatalk

Has anyone actually ever tried to send in a bricked phone for repair?
Maybe HTC will just go ahead and reset the phone.
A bit different, but many moons ago I sent in my Motorola Cliq rooted with a custom rom, for repair and they simply reset the device before sending it back (even though I sent it in for a hardware issue)

So what do I do now?

firstly, Im not asking for a detailed explanation of what to do here.. I can read up on various sections, but I do need steps to follow. This phone is the most complicated thing to flash, give me ODIN and a galaxy S any day.
Im trying to upgrade to the latet open Europe.HTC-SAGA 401_9 not a custom rom, my DS is the same Radio Version so thats ok.
After following the various guides, What I have so far is:
1) the Stock HTC 401_9 Rom from File Factory.
2) Ive downloaded Goldcard Helper, fitted my 2GB SD and gotten the reverse ID
3) Ive d/l'd the GoldCard Image for my DS reverse ID
4) Ive d/l'd the HexD editor for making the goldcard.
5) I know about having FastBoot OFF, USB debugging ON and the phone USB set to Disk Mode for making the Goldcard and the USB to "Charge only" when flashing.
So, now what. Can I just flash the HTC Stock 401, or do I root it first. My Hboot is 2.000.002 and its S-ON.
The phone has Virgin UK Software, but its not Locked.. Ive had both O2 and Orange sim cards in and they work fine.
I just need to know the 1, 2, 3 .. steps for flashing this stock rom
Thanks in advance

Always helps to write your full bootloader screen.

ben_pyett said:
Always helps to write your full bootloader screen.
Click to expand...
Click to collapse
Im all for protecting your product against time wasting "bricked" returns, but Whoever at HTC thought of this system wants slapped... hard, Bootloader says:
### Locked ###
SAGA PVT SHIP S-ON RL
HBOOT-2.00.0002
RADIO-3822. 10. 08. 04_M
eMMC-boot
Aug 22 2011, 15:22:11
HBOOT
Then it lists on screen:
FASTBOOT
RECOVERY
FACTORY RESET
SIMLOCK
IMAGE CRC
Hope that helps and hope you can give some steps. Seriously, Ive looked on here for days but there seems to be so many questions about different aspects and parts of the flashing, its confusing.
Thanks in advance

First of all, forget all about radios you know from Samsung.
At htc you can use every radio on every rom, there are only 3 possibilities you need to change radio:
It is shipped with a ruu you want to use
You face issues with radio related hardware
You want to be up to date
Ok, now to your question.
At HTC the bootloader version is important (only at stock roms).
If your bootloader has the same or a smaller version than the one from the ruu and your device had no branding, just reboot to bootloader plug it to your pc, enable fastboot usb and start the ruu.
If a branding is present and you want to stay with it, do the same with the fitting ruu.
If your version is higher or you want to remove a branding , you need a goldcard first and maybe the extracted rom.zip from the ruu, if the ruu fails with goldcard only, because you need to put it at the root of your sd renamed to PG88IMG.zip and flash it directly with your bootloader.
(also to change misc_version can be needed, but i guess not here because you don't want to downgrade)
For both cases are guides at the index (see my or bens signature).

Tectas said:
If your version is higher or you want to remove a branding , you need a goldcard first and maybe the extracted rom.zip from the ruu, if the ruu fails with goldcard only, because you need to put it at the root of your sd renamed to PG88IMG.zip and flash it directly with your bootloader.
(also to change misc_version can be needed, but i guess not here because you don't want to downgrade)
For both cases are guides at the index (see my or bens signature).
Click to expand...
Click to collapse
Ok I used this guide for the goldcard:
http://www.addictivetips.com/mobile...gold-card-for-htc-desire-without-hex-editing/
So, because Im not changing anything about the kernel, just debranding to an offical ROM, once I set up my Goldcard, I activate debugging, copy the RUU 401_9 to SD Root of my Goldcard, click "Image CRC" from bootloader menu and it should install it.
Is that correct?.

Ive just checked..
Wait and It detects the new ROM "update" automatically in bootloader menu
Yes?

NightOrchid said:
Ive just checked..
Wait and It detects the new ROM "update" automatically in bootloader menu
Yes?
Click to expand...
Click to collapse
Image crc just checks your rom, got nothing to do with updating.
The ruu itself is a exe, means a windows program , do the steps i described before with fastboot, the only difference is that you need to create the goldcard before, otherwise the bootloader won't allow (if your lucky) you to flash the ruu with the different branding.
If it fails that way run the ruu without attached device as far as you can go without closing, don't close it and search for the rom.zip at your temp folder, copy it to another folder and close the ruu, rename it, copy it to the root of your sd and reboot to bootloader and let it flash it directly, just to say it, you also need a goldcard before you do it this way.
One additional thing, be sure you got a ruu for the desire s, i just say it, because your goldcard guide is for the desire, what is no real problem there, but a wrong ruu will always fail and if it won't lead to a brick at worst case.

Sorry Tectas.. Just wont work.. I created my goldcard, extracted the RUU, changed the rom name from "disk1" to PG88IMG as you said, copied to root of goldcard, selected Fastboot then bootloader, but it just doesnt detect any image or file.
I am struggling a little with your english because you are telling me too many different ideas, Im confused... instead of telling me.. just 1, then do 2, then do.. 3, but Thank you for trying, i appreciate your help..
I will try again later..

Small thing the file you copy to the sd card must be called (case sensitive) PG88IMG.zip
Swyped form ym Dersie S unsig XAD Permuim

First method:
1. Create goldcard
2. plug in your device
3. Reboot to bootloader and enable fastboot
4. Start the ruu at your desktop and follow the instructions
5. Enjoy
If it fails make sure the drivers are installed, by downloading and installing htc sync, but uninstall it straight after you installed it, the drivers will still be present but the program itself can cause problems with ruus and/or adb.
If it still fails, try the second method.
Second method:
1. Create goldcard
2. Start the ruu without attached device
3. Go on till the only remaining possibility is to close the program, but don't close it
4. hit the windows button + r, a window should pop up
5. Type %TEMP% into the textbox of this window and hit enter, the explorer should open up and show your temporary folder
6. Search for the rom.zip (make sure hidden files are down if you can't find it)
7. Copy it to another folder i.e. the desktop
8. Close the ruu
9. Rename the rom.zip to PG88IMG.zip (case sensitive)
10. Copy it to the root of your sd
11. Reboot to bootloader
12. Choose bootloader
13. Confirm the update with vol +
14. Let it update
15. Reboot by hitting power
16. remove the PG88IMG.zip, otherwise it will update your device every time you access the bootloader
17. Enjoy

Thank you very much tectas for taking the time to sort and explain this. The 2nd methord worked just fine. However, at the end of the update flash, bootloader said:
"image on device is newer, update aborted"..
It does say that my virgin software is 2.13.351... the image is 2.10.401, so, in computer world, the numbers 2.13 is newer than 2.10. This may not be the case of the ROM itself, becasue the date is 22 Aug 11, but theyve engineered it that way probably so you cant flash it Open Europe.
The great thing is, youve taught me about the desire s and how the flash updater works, plus I have a 2GB goldcard out of it for future custom roms.. so all is not lost.. thanks for the lesson, its much appreciated.. Im gonna have a go at routing next.
It would be great to sticky this or copy it as a very Basic guide to flashing an HTC Rom.
Many Thanks again Tectas

This can also be solved, you need to change the misc_version for it as first step and afterwards do the same as this time.
About customs, you need to unlock or s-off your bootloader first.
For all three things are guides in the index thread.

I have now found that my phone is actually Locked to Virgin Mobile (has a Virgin media splash screen on boot up). Sorry for the confusion about that:
I followed the advice of Tectas and followed this:
http://forum.xda-developers.com/showthread.php?t=1399331
everything went great until I got to the end of the procedure and I only go the
"$" which after typing line 5: adb shell /data/local/tmp/misc_version -s
said "access denied" then mentioned "blue flames".
On page 6 or 7 of that thread, someone mentions this "blue flames" as being a new security mod that HTC have implemented to stop modding at all.
Is this true?.
Also, Virgin mobile and other places have quoted me £15 to unlock my DS. £15 seems alot of money, but would an unlock help (would it be worth it) for me being able to flash both Stock and custom ROMS.
I do enjoy the challenges of modding, so to me this is frustrating.
cheers

The $ indicates you have no root access, i must confess i never heard about the blue flame before, but also have to say, i never got deep into the downgrade stuff, because i used xtc clip to unlock my device, which made my device s-off and debranded.
If those Sellers use the same method, your good to go and spend the money, it saves you from a few traps you can run into with other methods (i paid €20 about a year ago), but you need to be aware that this is a hardware unlock which is irreversible, what can bring problems at warranty purpose (but must not).
Your second choice would be to use htcdev at first step and get root and so on afterwards, the downside here is also warranty, because your device is stated as unlocked at the htc database and if you leave it this way and won't use it to gain full s-off you also need to flash the kernel for each new ROM yourself with fastboot, because the recovery got no write permissions there.
If the seller would also use htcdev, safe the money, you can do it yourself, at xtc i can recommend it, but it's your choice.

Thanks for the advice Tectas. The guy in the street said it would take about 1 hour.. not sure if that helps to know. I suppose with Virgin, theyll be removing their own locks, so the virgin way might be better.
Also, the phone was bought from a 2nd hand shop, it was an unwanted upgrade someone just traded in without using it, the box it came in and the outer shell of the phone has no branding whatsoever.. thats why i was confused about it being locked.
Anyway, Ill have a think about who to go with and ill ask which methord they use before I hand it over.
Thanks again.

Tectas said:
This can also be solved, you need to change the misc_version for it as first step and afterwards do the same as this time.
About customs, you need to unlock or s-off your bootloader first.
For all three things are guides in the index thread.
Click to expand...
Click to collapse
Its Done.. phew.. hehe. After I got back to Virgin 1.31, just used the goldcard with rom.zip and it worked fine. 1 thing though, doing it this way flashes the rom in 7 stages, so what ever you do, when it reboots after the 1st install, do not think its repeating itself.. leave it. i Nearly did that, anyway, I sorted things using this thread:
http://forum.xda-developers.com/showthread.php?t=1443636
As long as you follow it to the letter, it all goes fine, the whole thread is really good support as well, so if anyones interested, read through the whole 13 pages (so far).
Also had access to the phones Recovery menu, so wiped Cach partition and did a factory reset, also probably not necessary, but backed up my SD card and formated it under the new OS.. I find this is always good on a new rom, for the file table and prevents app errors.
Happy i now know how to flash a rom, didnt quite root it yet, just flashed a stock RUU first.. which is what you should do if, like me, your new to this.
Anyway, Open Eu 2.10.401.9 is sweet and slick smooth.
Have a good one all, Thanks Tectas.