Related
Here's a custom Ubuntu LiveCD made with ADB and the Linux sbf_flash script for sbf flashing your Droid 2 if you've failed in Windows with RSDlite or just want to have the convenience of flashing with only two Linux commands.
PLEASE READ ENTIRE POST BEFORE FLASHING ANYTHING!
If you want to follow this tutorial on your existing linux setup the sbf_flash file can be found on Google
READ OR RISK BRICK If you don't have the 2.3.2 update then you can sbf with EITHER the 2.2.0 (stock) or the 2.3.2(OTA update) but only if you don't have the update yet. Once you have the 2.3.2 update (through sbf or update.zip) you can ONLY sbf with the 2.3.2.sbf
Please have your phone charged up if not completely near complete or risk dealing with the consequences
Thanks Androidnite
1. Download 2.2.0.sbf file (for Droid 2 without 2.3.2 update only) or 2.3.20 HERE (for Droid 2's that have the 2.3.20 update) and put it on a flash drive. Yes even if you have one that you used with RSDlite.(this way we know you have the right one and it's all there)
2. Download the LiveCD ISO via torrent file attached below and unzip it and open the file with your choice of torrent program then BURN the downloaded file to a blank CD with your favorite burning software(I like DVD Decrypter or Imgburn). I recommend no faster than 4x in order to prevent burning "coasters".
3. Make sure your computer's BIOS is set to boot from the CD Drive then start your computer with the Disk in the drive.
4. Wait for the language list to pop up select "English". Then select "Try Ubuntu without installing"
5. Take the flash drive you put the .sbf file on and put it in your computer’s USB port and copy it to the same directory as the sbf_flash file. It will be the “Home” folder.
6. Plug your phone in via USB now and turn it off then hold the ‘up’ arrow on the keyboard and power on the phone to go into the bootloader.
NOTE: If your phone is not in operating condition Hold the 'UP' arrow on your keyboard and power on your phone for it to be recognized by your computer by entering the bootloader.
7. Open a command prompt by ‘CTRL+ALT+T’ or Applications>Accessories>Terminal
8. Type the first command then press enter and then do the same with one of the last two commands depending on the sbf you are trying to flash.
For both sbf's
Code:
chmod +x sbf_flash
Then
For the 2.2.0 sbf ONLY*OLD SBF*
Code:
sudo ./sbf_flash DROID2_X6_2.2.20_SHADOW_BP_C_01.09.05P_P2_USERBLD_SECURE.sbf
Or
For 2.3.2 sbf ONLY
Code:
sudo ./sbf_flash VRZ_A955_2.3.20_1FF_01.sbf
NOTE: every space in the .sbf's title should be taken by an underscore "_" and shouldn't contain other spaces or the command will not be recognized because it doesn't follow the command's syntax.
Now your phone should start flashing. Let it go and it should reboot in 20-30 minutes.
That should be it let me know what problems you have.
Boot Loop?
facelessuser said if you get a boot loop after flashing wipe your data and cache in recovery.
Instructions:
1. Pull your Battery.
2. Replace battery and power on while holding down the X key.
3. Wait for the android triangle to load.
4. Press the Search key (the magnifying glass)
5. Use down arrow and navigate to wipe data/factory reset and press OK.
6. Reboot phone.
Click to expand...
Click to collapse
These instructions are by theecho.
Not getting the updated baseband? From BP_C_01.09.05P to BP_C_01.09.07P
NOTE: Be sure to update your baseband before you load a custom ROM as the update needs to see the blur on your phone.(If you root it before updating you might not be rooted afterward I don't know).
After you sbf with the 2.3.20 sbf file above and you don't see and updated baseband then you can use the Update.zip
to update your baseband by:
1. Download the update.zip and put it in the /sdcard/ folder or the root of the sdcard (same thing)
2. Shutdown D2
3. While you hold the 'X' button on the keyboard, turn on the D2
4. You should be in Stock recovery not Clockwork Recovery.
5. Press the 'magnifying glass' (search) button on keyboard to bring the menu up
6. Use the volume buttons to scroll and the Camera button to Select 'apply sdcard:update.zip'
7. Then choose 'reboot system now' and you should have an updated baseband.
Click to expand...
Click to collapse
Thanks for the info Quackers
Thanks:
First, thanks Matt4542 for putting the flashing in Linux tutorial which the commands I used were adapted from.
Next, a thanks to theecho for hosting the files for everybody’s access and making this really easy for me as I am a newbie to file hosting.
Last, but not least the inspiration for the custom Ubuntu ISO and help while making it...shad0wf0x from the XDA HTC Aria section(s) needs a thank you as well.
Please keep issues on this thread to allow faster responses.
Even if you used the RSDlite method by Darkonion first. RSDlite related posts should go there and Ubuntu method posts stay here.
Thanks and may your Droid 2 live on!
This sounds convenient. I am going to add this to the information directory.
I just want to say Thank you from the bottom of my heart for un-bricking my Droid 2 with the Ubunta Live CD program you created. I truly thought my phone was dead! I would very much like to send a donation your way for all the hard work you put into this. Please let me know by PM on how I can send the donation. Again, Thank you Thank you Thank you!!!!
Sent from my DROID2 using XDA App
lol no problem but i just enabled you to get to the flashing it was matt4542 and his linux tutorial that really fixed your phone....but if you really want to donate just head to the site where the files are hosted http://Droid2files.com and click on the donate button under my pic (yes that's what I really look like lol).
I thank you for wanting to thank me and for wanting to contribute to my well being!
p.s. think about thanking matt4542 and TheEcho for hosting the files (for FREE) and shad0wf0x for inspiring the LiveCD.
newk8600 said:
lol no problem but i just enabled you to get to the flashing it was matt4542 and his linux tutorial that really fixed your phone....but if you really want to donate just head to the site where the files are hosted http://Droid2files.com and click on the donate button under my pic (yes that's what I really look like lol).
I thank you for wanting to thank me and for wanting to contribute to my well being!
p.s. think about thanking matt4542 and TheEcho for hosting the files (for FREE) and shad0wf0x for inspiring the LiveCD.
Click to expand...
Click to collapse
Okay, donation just sent to you and TheEcho!
Now I just need a way to send Matt4542 and shad0wf0x their donation
Well Matt4542's donate link is here and I'm checking with shad0wf0x about his.
And thanks again for your donation(s)!
Got Ubuntu installed - files transferred to "home"/ubuntu directory - phone connected in bootloader - first chmod flash command didn't seem to do anything (returned to $ prompt), 2nd sbf flash gives command not found error - what am I doing wrong?
Jacklad said:
Got Ubuntu installed - files transferred to "home"/ubuntu directory - phone connected in bootloader - first chmod flash command didn't seem to do anything (returned to $ prompt), 2nd sbf flash gives command not found error - what am I doing wrong?
Click to expand...
Click to collapse
Click on the browser icon and navigate to this page. Then try using the copy/paste feature rather than typing it in yourself.
Sent from my DROID2 using XDA App
newk8600 said:
Well Matt4542's donate link is here and I'm checking with shad0wf0x about his.
And thanks again for your donation(s)!
Click to expand...
Click to collapse
You are more than welcome!
Matt's donation has been made, and patiently waiting to make donation to shad0wf0x
Jacklad said:
chmod flash command didn't seem to do anything (returned to $ prompt), 2nd sbf flash gives command not found error - what am I doing wrong?
Click to expand...
Click to collapse
The first command changes permissions (chmod) for 'sbf_flash' giving it the ability to execute (-x) so you won't see anything unless you change directory (cd) to the file and then list it with it's permissions with ('ls -l' both being lowercase L's)
For the second one can you tell me which command it can't find.
Is it troubled with 'sudo' (do with super user priveleges) or with sbf_flash. You might not have typed it in correctly. Remember the space between 'sudo' and './'
Sent from my DROID2 using XDA App
Terri M said:
You are more than welcome!
Matt's donation has been made, and patiently waiting to make donation to shad0wf0x
Click to expand...
Click to collapse
No donation necessary, happy to have helped, if you really want to donate to somebody, donate to the EFF (http://www.eff.org/).
I agree with shad0wf0x the EFF is helping with litigation on behalf of the Yes Men. If you don't know who they are I'd wiki them. They do some pretty amazing things.
Sorry I got off topic. lol
Jacklad said:
Got Ubuntu installed - files transferred to "home"/ubuntu directory - phone connected in bootloader - first chmod flash command didn't seem to do anything (returned to $ prompt), 2nd sbf flash gives command not found error - what am I doing wrong?
Click to expand...
Click to collapse
Alright, I'm having the same problem. I have bootloader up and the files transferred, here is what i typed in the terminal and what it gave me:
[email protected]:~$ chmod +x sbf_flash
[email protected]:~$ sudo ./sbf_flashDROID2_X6_2.2.20_SHADOW_BP_C_01.09.05P_P2 _USERBLD_ SECURE.sbf
sudo: ./sbf_flashDROID2_X6_2.2.20_SHADOW_BP_C_01.09.05P_P2: command not found
[email protected]:~$
I copied and pasted it directly from the post, so I don't know what is going wrong here. Please help.
Sudo ./sbf_flash droid2...... The problem is the lavk of a space netween sbf_glash and the filename
Sent from my DROID2 using XDA App
zibrah3ed said:
Sudo ./sbf_flash droid2...... The problem is the lavk of a space netween sbf_glash and the filename
Sent from my DROID2 using XDA App
Click to expand...
Click to collapse
Failed again, but in a new way.
[email protected]:~$ chmod +x sbf_flash
[email protected]:~$ sudo ./sbf_flash DROID2_X6_2.2.20_SHADOW_BP_C_01.09.05P_P2 _USERBLD_ SECURE.sbf
SBF FLASH 1.08 (mbm)
DROID2_X6_2.2.20_SHADOW_BP_C_01.09.05P_P2: No such file or directory
!! failed
im guessing that the file in the home folder has a slightly different name with spaces n stuff? I know my name doesnt have the spaces around the _USERBLD_ would that mess it up?
im guessing that the file in the home folder has a slightly different name with spaces n stuff? I know my name doesnt have the spaces around the _USERBLD_ would that mess it up?
Click to expand...
Click to collapse
Yes if the file name isn't exaclty the same it will show an error. Go to the file and right click it and select the filename and copy it. Then put it in place of the filename that registered the error. I'll check into the filename problem.
Sent from my DROID2 using XDA App
Sweet! It's finally started flashing. Hopefully it won't run into anymore weird things. Thanks a ton for the help!!
mgalceran said:
Thanks a ton for the help!!
Click to expand...
Click to collapse
No problem thanks for pointing out the name difference.
Sent from my DROID2 using XDA App
trying to unbrick my cousin's droid 2...i followed the directions carefully and I keep getting "waiting for phone" message in terminal, but I already have the phone plugged in and it is in bootloader mode, why won't it detect?
Thanks a lot for the help! My phone was doing the boot loop so I followed your guide. Now everything is just like it was when I got the phone. When everything was done and the computer said the phone was rebooting I still had the boot loop issue. I then saw where facelessuser said you have to clear the cache, so I did and she booted up normally.
Something funny to note, in the terminal it said Droid X found, I thought that would be an issue but everything worked fine.
Thanks again, you saved me!
Warning! I don't recommend this to users who are new to Android since there is a possibility of bricking your device. I will not be responsible if this happens.
It will downgrade everything even the HBoot using a HTC signed ROM. I've downgraded RUU_Saga_Telstra_WWE_1.36.841.3 with HBoot 0.98.0002 to Hboot 0.98.0000 of RUU_Saga_HTC_Thailand_1.35.1113.2.
First you need below tools and applications. I will not explain everything since I'm assuming you already know how to use it and make it.
1. ADB tool to access you device thru shell.
2. ADB driver - you may install HTC Sync since it has ADB driver in it.
3. HEX Editor - I used HxD.
4. Spare micro SD with Goldcard.
5. Card reader to make your life easier.
6. Update.zip ROM you will use to downgrade(rename it to PG88IMG.zip).
6. GingerBreak-v1.20.apk to temp root our device.
Step 1: Copy GingerBreak-v1.20.apk to your spare micro SD and insert it into your phone.
Step 2: Enable USB debugging in your device and connect it to your PC(Charge only). Make sure the drivers are installed properly. If not, install HTC Sync.
Step 3: Install and run GingerBreak-v1.20.apk. It will force close other apps(this is normal just close it). The gingerbreak application will promp that something goes wrong with the rooting(can't remember the actual spiel) but actually we already have our temp root.
Step 4: Run you ADB tool and issue command su to have root access. You can now see in your device that Superuser app is prompting you to allow the ADB root access. Accept it.
Step 5: On the # prompt, issue command dd if=/dev/block/mmcblk0p17 of=/mnt/sdcard/mmcblk0p17.img (to copy mmcblk0p17 to your SDcard). Power off your device and copy mmcblk0p17.img to your PC.(You can also use the command shell to copy it into your PC if you know how to do it).
Step 6: Open mmcblk0p17.img using your Hex editor. On the 11th line(I think), modify the current version to 1.28.401.1(since this is the lowest version I know). Save it and copy back to SDcard. Insert the sdcard and turn your phone on.
Step 7: Run GingerBreak-v1.20.apk again and follow step 3 to 4.
Step 8: On the # prompt, issue command dd if=/mnt/sdcard/mmcblk0p17.img of=/dev/block/mmcblk0p17 (to copy back mmcblk0p17.img to your phone). Do this as quickly as possible since the temp root access sometimes loose its effect.
Step 9: Power off your device and remove your SDcard. Using your card reader, delete everything(not format) in your microSD(with Goldcard) and paste your PG88IMG.zip.
Step 10: Hold volume down + power to boot to recovery and the phone will do the installation itself. Wait until you have your downgraded ROM.
This is how I do it. Hope you won't encounter any problem with this procedure. Good luck!
I want to give thanks to all the XDA members for the knowledge I acquired for this procedure and to the developer of Gingerbreak.
You may also check sonikz procedure on post #4. I think his procedure is faster. You may use which one is easier for you to follow.
Downgrade to what?To Froyo?
And for what reason?
Sorry for that noob question...
panosfx said:
Downgrade to what?To Froyo?
And for what reason?
Sorry for that noob question...
Click to expand...
Click to collapse
Good question i think, if i remember well, on the desire (or HD?) sometimes downgrading was a way of getting to a version of software where you then could get root again !From that point on you could get a recovery installed and install some nice roms. I dont know if thats whats going on here, i wouldn't dare to hope that ...?
Me n00b me downgrade
Newrad67, I have compiled a n00b way to achieve very similar results:
First off you need to create a Gold Card
Use the memory card that came with the phone, may as well hey!
Install Goldcard helper from market, run it and copy the CID for MMC2
This number has already been reversed so go to here, fill out the required fields.
That will then email you an image file. You can then using Gold Card Tool flash your image file to your phones SD card via the phones USB cable.
Next for the actual downgrade
You'll need this unzipped
in a command prompt, goto the directory you unzipped to
connect the phone via USB
then:
adb push misc_version /data/local/tmp
adb push GingerBreak /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/GingerBreak
Click to expand...
Click to collapse
This copies the files to the phone and changes the permissions so they will function
adb shell
Click to expand...
Click to collapse
This will enter the terminal for the phone
./data/local/tmp/GingerBreak
Click to expand...
Click to collapse
This will then temp root the phone you should now have # at the terminal prompt instead of $, which means you have higher privileges
From this point you can then run misc_version (Thanks to Blezz for the version number) This changes the version reported by the phone to 1.27.405.6, you cannot check this on the phone tho, as it will still report the other number.
cd /data/local/tmp
./misc_version -s 1.27.405.6
Click to expand...
Click to collapse
From here you can then install the update/downgrade from the exe, no need to dump zip files or anything. As with anything here, results may vary and I won't be buying new hardware if it breaks yours! But it works a treat on mine.
This can be used with paulobriens test signed RUU HTC update to get root/boot/recovery installed on s-on .
If it just were public
Sent from my HTC Desire S using XDA Premium App
panosfx said:
Downgrade to what?To Froyo?
And for what reason?
Sorry for that noob question...
Click to expand...
Click to collapse
This is why I recommend this only to advance users.
Our Desire S with S-On was released with Gingerbread ROM and Hboot that still not possible(as of now) to have custom boot recovery. Since we are on S-On, it is still not possible to be rooted and use custom ROM.
As far as I know, we don't have any official ROM except for Gingerbread. Correct me if I'm wrong. The list can be seen in this post. http://forum.xda-developers.com/showthread.php?t=1002506
I'm just sharing this to people who wants to change their ROM if they want to change to a different one. Like me who installed the latest ROM from TELSTRA and find the bloatware annoying. I've done this to get back to the ROM I'm more comfortable using.
Yeah I'm pretty much with you mate, no way to do anything more practical than flash a clean European Rom currently..... Not really a vast amount of progress either. Anything we should be doing to help get permanent root? Anyone?
Sent from my HTC Desire S using XDA App
Thankkssssss
It works on my s-on DS
Thanks a lot
i really like it how sonikz is doing now like it was his idea how to downgrade it using adb gingerbreak and misc_version lol
i'm gonna stop my rooting tries + supporting here for the desire s, hating such people like him
I never said it was my idea and I have in a posted my thanks to the relevant people in other threads, I didn't mean to rub anyone the wrong way... I hadn't seen a adb version of gingerbreak until Friday and I'm sure you know the apk is very unpredictable or at least it is on my phone so I couldn't use misc_version, it just kept kicking errors.... Hey I just threw it out there, my bad
okay
no it isnt the apks fault, maybe u forgot to use "su" in adb shell after using the apk, which u dont need for the command line version
anyway, maybe there is a way to get past the s-offf
in titanium backup there's a recovery exploit to remove files from s-on phones
we just need to know how the exploit is working and if it still working with 2.3
2nd option is i am getting a 2nd desire s soon.. it's a bugged on, radio destroyed and he don't get it repalced so he gives it me
maybe i can get the desire hd bootloader running somehow.. even if i am sure it will be a lot of work to get in
Plz guys... Get a grip.. we share.. whocares about credit.. come on..
Keep sharing.
Sent from my HTC Desire S using XDA Premium App
Worked
Sent from my HTC Desire S using XDA Premium App
@Rexton270: what worked?
@brokenworm: what you meant by the paulobriens test RUU?
@brokenworm:
it's not paul's ruu, the files he published been released 1 day before at 911snipers blog
sadly without ruu too
what ROM to get root
after doing that, what ROM is it better to download in order to become root ?
thanks
pdaGeek13 said:
after doing that, what ROM is it better to download in order to become root ?
thanks
Click to expand...
Click to collapse
If you are on S-ON, none as of now.
Sent from my HTC Desire S using XDA Premium App
> 2 hours
running for more than 2 hours now, normal ?
sonikz said:
Newrad67, I have compiled a n00b way to achieve very similar results:
First off you need to create a Gold Card
Use the memory card that came with the phone, may as well hey!
Install Goldcard helper from market, run it and copy the CID for MMC2
This number has already been reversed so go to here, fill out the required fields.
That will then email you an image file. You can then using Gold Card Tool flash your image file to your phones SD card via the phones USB cable.
Next for the actual downgrade
You'll need this unzipped
in a command prompt, goto the directory you unzipped to
connect the phone via USB
then:
This copies the files to the phone and changes the permissions so they will function
This will enter the terminal for the phone
This will then temp root the phone you should now have # at the terminal prompt instead of $, which means you have higher privileges
From this point you can then run misc_version (Thanks to Blezz for the version number) This changes the version reported by the phone to 1.27.405.6, you cannot check this on the phone tho, as it will still report the other number.
From here you can then install the update/downgrade from the exe, no need to dump zip files or anything. As with anything here, results may vary and I won't be buying new hardware if it breaks yours! But it works a treat on mine.
Click to expand...
Click to collapse
no not normal, restart your phone and try again
cause it's s-on nothing can happen to your system so don't worry and just restart
Blezz said:
no not normal, restart your phone and try again
cause it's s-on nothing can happen to your system so don't worry and just restart
Click to expand...
Click to collapse
same thing with this log:
$ ./GingerBreak
./GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 s
[**] (C) 2010-2011 The Android Exploid Crew. All rig
[**] Kudos to jenzi, the #brownpants-party, the Open
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0xafd17fd5 strcmp: 0xafd38065
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 25104 GOT start: 0x00014360 GOT end: 0x000
[*] vold: 25104 idx: -1024 fault addr: 0xfffb2284
[*] vold: 25162 idx: -2048 fault addr: 0xfff4e284
[*] vold: 25212 idx: -3072 fault addr: 0xffeea284
[*] vold: 25262 idx: -4096 fault addr: 0xffe86284
[*] vold: 25312 idx: -5120 fault addr: 0xffe22284
[*] vold: 25363 idx: -6144 fault addr: 0xffdbe284
[*] vold: 25414 idx: -7168 fault addr: 0xffd5a284
[*] vold: 25466 idx: -8192 fault addr: 0xffcf6284
etc ....
and sometimes:
[+] fault address in range (0x000132b4,idx=-3072)
[+] Calculated idx: -2005
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
:-(
Before I start this thread, I should say that all credit goes to otaking71 for finding this crack.
The two original threads are here
http://forum.xda-developers.com/showthread.php?t=1255043
http://forum.xda-developers.com/showthread.php?t=1255360
All of the work was done in the #htc_evo_shift channel on freenode irc.
Table of contents:
1. Hboot information about the exploit.
2. Downgrading
2.1 Notes
3. Full root(Updated 2.2 root)
4. Links
5. Credits/donation links
I will aim to make it so this mod can be ported to other devices to help downgrade bootloaders and software. Please read the entire thread before flashing anything and trying this.
Hboot
Hboot uses a hidden partition to check everything it flashes against, this partition is "misc", or hboot -1, or on the shift mmcblk0p17(hboot itself is at mmcblk0p18).
Some raw dumps of this partition using strings to filter ascii strings brings out this type of dump.
Locked bootloader for the evo shift's dump
"SPCS_001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
2.76.651.4
FNOC
FNOC"
Unlocked bootloader for the verizon thunderbolt
"VZW__001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
1.02.605.6
FNOC
FNOC"
Eng spl unlocked evo shift
"FN0C
FN0C
FN0C"
Now the place to focus at is the version numbers, 2.76.651.4. Hboot will check all items you try to flash via hboot or ruu utility against this number and if it is lower than what you are trying to flash, it will allow you to proceed in flashing through hboot, or ruu. If the number is higher, it will reject the flash. If the number doesn't exist(like in the eng spl) it will assume it is able to flash it(ONLY TESTED ON ENG SPL, not locked bootloaders). So by dumping the TB's misc partition into our own, we made it so the locked hboot would accept flashes. Either by RUU or hboot.
We believe the package you flash still needs to be signed though so that only leaves you with official ruu's and extracted ruu zips.
Joeykrim's history(Located on the second page of this thread)
joeykrim said:
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)
Click to expand...
Click to collapse
How to downgrade your device
For the shift, will be different on other devices with a bit of modding.
1. Temproot(With Fre3vo for the shift) http://forum.xda-developers.com/showthread.php?t=1185243
2. Move the file misc.img to the root of your sdcard, and PG06IMG.zip too if you plan on flashing through hboot.
3. Modify the misc partition to bypass the version check, type the following in an adb shell or a terminal emulator on your phone.
Code:
dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
Note for other devs: misc.img is the image from the TB, could be other images as long as it has a lower version number.
4. This is up to you, you can either use the ruu utility to revert or the PG06IMG.zip in hboot. I'll include links to both. Since both utilities check the misc partition, both are able to flash =)
5. Reboot and then full root like normal on your downgraded device.
Notes
1. When flashing hboot/using this exploit it always flashes twice/stops early and recontinues. Don't worry about it, this is normal(Sometimes it looks like more than 2 but just chill out).
2. Some SDcards are not recognized by hboot, so you will either have to switch cards for this operation or use the ruu utility method.
3. Remove the PG06IMG from your sdcard after flash, or hboot will pick it up next time.
Full root for downgraded 2.2
Flash ENG bootloader
1. Download these files and extract them to the root of your sdcard: www.thebcblends.com/shift/Shift-root.zip
2. Obtain temproot from z4Root, visionary, OR CM's temproot wiki
3. Flash hboot with Engineer SPL:
Code:
dd if=/sdcard/Shift/hboot_eng.nb0 of=/dev/block/mmcblk0p18
4. Boot into bootloader and check for S-OFF
Flashing a recovery
1. Grab latest shift recovery from: http://www.koushikdutta.com/2010/02/clockwork-recovery-image.html
2. Make sure you're temprooted(may have to temp root again)
3. Install recovery from rom manager
Alternative install can be done if you grab another recovery's recovery.img and do one of the following below.
a. Okay this is for those with fastboot - flash the recovery with fastboot: fastboot flash recovery recovery.img
b. This is for those where fastboot doesn't work or they don't have it - 1. Place recovery.img on the root of your sdcard, then type the command below.
Code:
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21
Full root/Rom flashing
Well I know you don't have anything you want to save from the 2.2 ruu since it's just a stock flash, so I am going to leave it off here as flash whatever rom you want over the new system via recovery and you should end up with a fully rooted android.
Just remember to wipe data/factory reset after flash.
Links - MD5Sums aren't terribly important here as the files will not flash if they are not correct due to the signatures.
Fre3vo temp root for GB - http://forum.xda-developers.com/showthread.php?t=1185243
misc.img for the misc partition - http://dl.dropbox.com/u/41040697/misc.img MD5Sum: c88dd947eb3b36eec90503a3525ae0de
Misc.img mirror(You guys took down my second dropbox.....trying a different site now): http://www.box.net/shared/0l8ex73zne0tfr10ob69
Second mics.img mirror: http://dl.dropbox.com/u/15373824/misc.img
Another mirror for misc.img: http://dev-host.org/a9dbnuzgb9qv/misc.zip (Thanks Fdxrider)
Official ruu file for downgrading to 2.2 - http://www.multiupload.com/15N2D30H6C MD5SUM: a4b880954d2ac29d5bdf0dade9dede3c
PG06IMG for hboot downgrading to 2.2 - http://dl.dropbox.com/u/41040697/PG06IMG.zip MD5SUM: d20be478fd860b80f5e800c958f79077
Mirror for PG06IMG(First link went down temporarily due to generating too much traffic on my account, good job guys xD) - http://dl.dropbox.com/u/15373824/PG06IMG.zip
Mirror for PG06IMG: http://dev-host.org/xmlaaco0s2ph/PG06IMG.zip
2.2 root [Bcnice guide]- http://forum.xda-developers.com/showthread.php?t=932153
Cm's rooting method(For those without z4root or visionary) - http://wiki.cyanogenmod.com/wiki/HTC_Evo_Shift_4G:_Full_Update_Guide
Credits
Otaking71 - Discoverer of this exploit for the shift and working throughout the night to establish it as a working downgrade.
Bcnice20 & other 2.2 root devs - I borrowed your root methods for this guide, and linked to them. Just had to update it for recovery basically.
Stuke00 - Fre3vo temp root for 2.3.3
Joeykrim - Donating that history for the curious minds.
Donation links:
Otaking71 - Main driver of this discovery/creator and came up with this theory
http://forum.xda-developers.com/donatetome.php?u=1762836
Should we vote this to the front or try to keep it on the downlow?
^ Shift Faced
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Something of that sort, you can obtain full root through this exploit. Though it's through downgrading the firmware you use old 2.2 rooting methods.
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
YoungCorruption said:
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
Click to expand...
Click to collapse
sounds like its time to change your siggy there youngcorruption!
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
halrulez said:
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
Click to expand...
Click to collapse
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Nice write up, thanks to otaking and scary you all saved the shifters from a horrible ota update
Sent from my Supreme Shift using Tapatalk
Scaryghoul said:
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Click to expand...
Click to collapse
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
halrulez said:
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
Click to expand...
Click to collapse
Either one, you can either mount your phone on usb and move the misc.img to your sdcard then type the command in terminal on your phone.
OR
You can adb push the file to your sdcard then adb shell the command.
I'll make the instructions more detailed in a bit.
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
I just did it and it worked perfectly. Back on 2.2, ready to root. Thanks again to otaking and scary for all your hard work.
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
halrulez said:
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
Click to expand...
Click to collapse
you might need to install htc sync to run ruu's. http://www.htc.com/managed-assets/support/software/htc-sync/setup_3.0.5557.exe
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Best day ever!!!!!!!!!!!!!!!!!!!!!!!!!
strapped365 said:
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Click to expand...
Click to collapse
provide link to said drivers?
riggsandroid said:
provide link to said drivers?
Click to expand...
Click to collapse
kinda cant provide an actual link directly to the drivers because i had to set up unrevoked just like i was rooting an evo, so i just hinted they were in the tool
http://unrevoked.com/recovery/
thats where you can get the tool from to setup your drivers if you have issues with sync not playing well or your pc just dont want to read the drivers right
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
blakeatl said:
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
Click to expand...
Click to collapse
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)
UPDATED as of 18 DEC 2012 clarified and fixed some things..
Worldwide disclaimer not held responsible if something went wrong blah blah blah goes here..
Click to expand...
Click to collapse
THIS GUIDE WILL VOID YOUR WARRANTY BECAUSE OF THE HTC-DEV UNLOCK METHOD!!! And you can only use this guide if you are on HBOOT v2.xx
Click to expand...
Click to collapse
This guide may also be used for DEBRANDING your phone..
Click to expand...
Click to collapse
Check my sig first, then these for proper and additional information:
[GUIDE] Possible FIX for the infamous eMMC problem..
[Q] Bricked my phone?
NOTE:
RUUs with v1.xxx have HBOOTs with v0.98.000, while v2.xxx have HBOOTs with 2.00.002, and the ICS RUU has the only HBOOT v2.02.002
Click to expand...
Click to collapse
I will not supply the necessary files that is needed, you MUST know how to use SEARCH. I also suggest to give THANKS to those who originally made/uploaded the files.
Requirements:
Common Sense
- it helps A LOT
HTC Sync for Desire S - Installed
- for its drivers and such, or you may just install the "naked" drivers
Android Windows Tools - Installed
- for adb, fastboot commands
HTC-Dev unlocked
- to change recovery and ROM
Custom recovery
- to flash Root Access
SuperSU or SuperUser flashable zip
- to have Root Access
Root Access
- to change phone version
misc_version file (attached)
- file needed to change phone version
GoldCard
- to flash any version of RUUs
RUU executable file
- to DOWN/UPgrade
Click to expand...
Click to collapse
Quick tip:
Copy-Paste the cmd codes for you to not have any problem. 1 typo error (extra digit on misc_version) will render your phone unable to RUU.
Click to expand...
Click to collapse
Preparations
a. Create a folder "downsaga" on your C:
b. Copy misc_version, recovery.img(custom) on that folder.
c. Copy SuperSU's or SuperUser's flashable zip to your SD card.
Click to expand...
Click to collapse
Creating a Gold Card (use below or attn1's GoldCard Method)
a. Install Goldcard Helper from the market on your phone
b. Run it and copy the CID for MMC2, or email the info to yours
c. This number has already been reversed so go to http://psas.revskills.de/?q=goldcard, fill out the required fields.
d. Download the image file that was emailed to you.
e. Connect phone as a "Disk drive" using USB cable.
f. Use Gold Card Tool to flash your image file to your phone's SD card. (you might need to reformat it first with Panasonic's SD Formatter)
g. Disconnect safely from the PC.
NOTE:Your sd card is now a GoldCard unless you reformat it again. You should now be able to RUU to any version you would like given that the bootloader is LOCKED.
Click to expand...
Click to collapse
Unlocking the bootloader
a. Go to htcdev.com/bootloader
b. Proceed and follow every step on the guide
c. You just need to install Android Windows Tools files for it. No need to download the SDK and JAVA.
d. Once done, boot on bootloader and you should be able to notice if its UNLOCKED.
Click to expand...
Click to collapse
Flashing Custom Recovery
a. The phone must be on bootloader, then go to fastboot
b. Open up command prompt then type:
Code:
fastboot flash recovery C:\downsaga\recovery.img
fastboot reboot-bootloader
d. Access recovery
Click to expand...
Click to collapse
Flashing Root Access
a. Flash SuperSU or SuperUser
b. Reboot the phone normally
Click to expand...
Click to collapse
Modifying the version of your phone
a. Connect the phone using USB cable using "Charge ONLY" and USB Debugging is ON.
b. Open command prompt and input these codes:
Code:
adb push C:\downsaga\misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell
su
cd /data/local/tmp
./misc_version -s 1.27.405.6
exit
adb reboot-bootloader
c. Your phone should now be read as the version you've placed there (but not visible to settings)
Click to expand...
Click to collapse
Locking the bootloader
a. You should be on fastboot
c. In cmd use this command to lock the bootloader:
Code:
fastboot oem lock
c. You might receive an error message on your CMD but don't mind it. The phone should restart itself automatically on bootloader, and you should be able to notice at the top saying "***RE-LOCKED***", and might also has *Security Warning*. Just ignore.
Click to expand...
Click to collapse
Downgrading
a. Make sure you are still on fastboot with the above message.
b. Open the RUU that you've chosen to install on your phone
c. The RUU must detect your phone version as 1.27.405.6
d. If you have received errors, then you've done something wrong. Review everything that you've done and check the guide again.
Click to expand...
Click to collapse
If everything went well, you should have successfully downgraded your phone and your HBOOT.
Hey man it seems you did it! So HTC official unlocker can be handy after all.
Great job! I assume that now you will use Revolutionary to gain S-OFF and back to flashing?
amidabuddha said:
Hey man it seems you did it! So HTC official unlocker can be handy after all.
Great job! I assume that now you will use Revolutionary to gain S-OFF and back to flashing?
Click to expand...
Click to collapse
yes sir'ree!
And howto flash your hboot in recoverymode
Use flash_image to flash your hboot to older version.
flash_image /dev/block/mmcblk0p18 )(path to an older hboot file)
NikMel said:
Use flash_image to flash your hboot to older version.
flash_image /dev/block/mmcblk0p18 )(path to an older hboot file)
Click to expand...
Click to collapse
You wouldn't be able to do that on an official, latest S-ON HBOOT. I have already tried that but will just give you an INFOsignature error.
Skanob said:
Step 1: Creating a Gold Card
a. Install Goldcard Helper from the market
b. Run it and copy the CID for MMC2, or email the info to yours
c. This number has already been reversed so go to http://psas.revskills.de/?q=goldcard, fill out the required fields.
d. Download the image file that was emailed to you.
e. Connect phone as a "Disk drive" using USB cable.
f. Use Gold Card Tool to flash your image file to your phone's SD card. (you might need to reformat it first with Panasonic's SD Formatter and then format it with the Gold Card Tool again)
g. Disconnect safely from the PC, and disconnect the cable.
Click to expand...
Click to collapse
Why would you use such an obsolete method to make a gold card?
after temproot,
windows batch script ( example filename: gc.cmd ):
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid > tcid
set/p cid= < tcid
del tcid
adb shell /data/local/tmp/goldcard -c %cid% -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
Linux shell script (example filename: gc.sh ):
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
cid=`adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid`
adb shell /data/local/tmp/goldcard -c $cid -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
get the android goldcard binary here:
Thanks to Revskills for the algorythm and to GenePoole for the Android binary.
With this, the entire process can be scripted.
Skanob said:
You wouldn't be able to do that on an official, latest S-ON HBOOT. I have already tried that but will just give you an INFOsignature error.
Click to expand...
Click to collapse
You can do that in recoverymode within adb shell #
I use 4ext recoverymode
attn1 said:
Why would you use such an obsolete method to make a gold card?
after temproot,
windows batch:
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid > tcid
set/p cid= < tcid
del tcid
adb shell /data/local/tmp/goldcard -c %cid% -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
Linux Shell:
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
cid=`adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid`
adb shell /data/local/tmp/goldcard -c $cid -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1
get the android goldcard binary here:
Thanks to Revskills for the algorythm and to GenePoole for the Android binary.
With this, the entire process can be scripted.
Click to expand...
Click to collapse
well, that obsolete-method for me is a hell-of-a-lot easier and noob-proof. no code needed. and also leaves you a copy of your goldcard.img
NikMel said:
You can do that in recoverymode within adb shell #
I use 4ext recoverymode
Click to expand...
Click to collapse
That didn't worked for me. Prior to downgrading, check my sig. I'm using the official S-ON, not the ENG S-OFF leaked.
Skanob said:
well, that obsolete-method for me is a hell-of-a-lot easier and noob-proof. no code needed. and also leaves you a copy of your goldcard.img
Click to expand...
Click to collapse
No way is it easier or noob proof. When I used this method on the Ace Hack Kit goldcard errors dropped to none. Since you are already running adb commands and pushing crap to the phone, what's the big deal with this?
With this, there is no need for hacky tools, not mounting/dismounting the sdcard (risking corruption from unflushed write buffers and improper dismounts), and no need to go to the revskills website.
This runs in about a second and it's done.
attn1 said:
No way is it easier or noob proof. When I used this method on the Ace Hack Kit goldcard errors dropped to none. Since you are already running adb commands and pushing crap to the phone, what's the big deal with this?
With this, there is no need for hacky tools, not mounting/dismounting the sdcard, and no need to go to the revskills website or copy files back from email. This runs in about second and it's done.
Click to expand...
Click to collapse
I believe that that is based on your preference. Which I observed really knows a lot about adb.
And what is in the guide is based on my own preference. Which for me does not know much about adb.
They still can follow which ever method they would like.
Well, it would still give us the same result. Having a GoldCard.
Skanob said:
I believe that that is based on your preference. Which I observed really knows a lot about adb.
And what is in the guide is based on my own preference. Which for me does not know much about adb.
They still can follow which ever method they would like.
Well, it would still give us the same result. Having a GoldCard.
Click to expand...
Click to collapse
Mine is based on real results after thousands of uses of the Ace Hack Kit, which formerly did things the obsolete way.
Yours is based on preference.
But you are right, either way will result in a goldcard if executed properly.
attn1 said:
Mine is based on real results after thousands of uses of the Ace Hack Kit, which formerly did things the obsolete way.
Yours is based on preference.
But you are right, either way will result in a goldcard if executed properly.
Click to expand...
Click to collapse
yeah. I'll update the guide with your method aswell. Thanks aswell!
High five!
Skanob said:
yeah. I'll update the guide with your method aswell. Thanks aswell!
High five!
Click to expand...
Click to collapse
You're welcome.
Make a note that those are the contents of a script - .cmd or .sh.
FYI, if you try this to make the goldcard image, the one generated should match the md5 of one you got from Revskills.
Once you do it this way, you will never go back.
@Scanob
Since you change your guide in step 6 to run RUU instead of PG88IMG.zip than the Goldcard is no longer needed isn't it?
misc_version not found error....
I don't know how to find this official recovery.img. (Yes I try to find it...)
Step 4: Flashing official recovery.img
amidabuddha said:
@Scanob
Since you change your guide in step 6 to run RUU instead of PG88IMG.zip than the Goldcard is no longer needed isn't it?
Click to expand...
Click to collapse
You will still need it. Even the PG88IMG.zip method uses checks as exactly the same as doing an RUU.
hekermeker said:
misc_version not found error....
Click to expand...
Click to collapse
barthdvs said:
I don't know how to find this official recovery.img. (Yes I try to find it...)
Step 4: Flashing official recovery.img
Click to expand...
Click to collapse
Re-check the guide after a few
@barthdvs
Getting the Official files
a. Download the HTC_EUROPE_2.10.401.5 RUU file.
b. Run the file and do not close
c. Go to your temp folder on your computer and find the rom.zip file.
d. Copy it somewhere else.
e. Extract the rom.zip and you should now have the official .img files from the RUU.
f. Use the respective files needed for the guide.
or the files is here (files exrtract from HTC_EUROPE_2.10.401.5 RUU file)
Boot.img : http://www.multiupload.com/JME2WRDQEQ
recovery.img : http://www.multiupload.com/MX64VDUICI
This guide will explain how to downgrade chacha from higher RUU version to lower RUU version. Even HBoot downgrade is possible. Mine, I successfully downgraded from HBoot 1.05 to 1.04.
Usually this error msg appears if you try to downgrade your firmware ‘Main Version is Older’, the guide will help solve this.
The guide is based on thread http://forum.xda-developers.com/showthread.php?p=10757949#post10757949
This is not my actual work, I searched thru the forums when I wanted to downgrade my chacha from RUU_Chacha_HTC_Europe_1.33.401.1_Radio_47.17.35.3033H_7.48.35.14_2_release_204385_signed to RUU_Chacha_hTC_Asia_WWE_1.21.707.2_Radio_47.14.35.3030H_7.47.35.17_release_197518_signed and created this guide.
My device is carrier unlocked, S-ON and this method will work on S-ON devices.
Note: Before you proceed, I accept no responsibility if you brick your phone. Do it on your own risk!!!
Things you need
I assume you already have android SDK and HTC sync installed in your system
1) Flash_Image – http://www.android-hilfe.de/attachments/root-hacking-modding-fuer-htc-desire/8835d1275662657-how-rebrand-o2-desire-fertig-flash_image.zip
2) HEX Editor - http://mh-nexus.de/en/downloads.php?product=HxD
3) A gold card – search thru the forums if you need to create one.
Step 1: Achieve temp adb shell root
You can achieve temp adb shell root using zergRush method, if you don’t know how, your can see this thread http://forum.xda-developers.com/showthread.php?t=1296916 or simplest way is to use the batch file created by qzfive http://forum.xda-developers.com/showthread.php?t=1319386
Step 2: copy the mtd0 file to sdcard.
Open command prompt, change your directory to ADB directory (usually the folder where ADB.exe resides).
In the command prompt type, adb shell
You should see ‘#’ at the prompt, if you see ‘$’ then you didn’t achieved temp root, redo step-1.
In the command prompt type
cat /dev/mtd/mtd0 > /sdcard/misc.img
Step 3: now change the USB connection type to ‘disk drive’ and copy the ‘misc.img’ to your pc or laptop. Use HxD as administrator and open ‘misc.img’
Step 4: The current version number can be located at 11th line, change it to the version number of RUU you want to downgrade to. I have changed mine from 1.33.401.1 to 1.25.709.1 and save. Be sure to back up the file before any updates.
Step 5:
copy the flash_image (which you downloaded at the start) and misc.img back to your root of sdcard
Step 6: change the USB connection type to ‘charge only’ and execute the below commands in the adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/misc.img
Step 7:
Copy the rom.zip from RUU which you wanted to flash to the root of the goldcard and rename to PH06IMG.zip. Power off the phone, insert goldcard to the phone – press volume down + power on, the phone will flash the rom.
I'm quite happy to see that this ChaCha section is getting more and more used. This goes straight to the ChaCha guide that I made. Congratulations!
Thank you, i was trying my luck for s-off as in this forum http://forum.xda-developers.com/showthread.php?t=1317960 so downgraded my phone. and unfortunately no s-off!
Ok, this could be modified with a s-off hboot in the zip to achieve s-off, I'm sure of it. Anyone have an engineering s-off Hboot around?
It wouldn't work - if you modify a signed HTC .zip, the bootloader won't take it if it's S-ON
@#$%. I do feel this is is the start of an exploitable loophole. Now how to use it is the key.
as qzfive said, if the rom.zip in RUU is modified it cannot be flashed, i tried to modify the rom.zip using zip utility to change the CID information once, but the flashing was not successful. Believe HTC uses some special technique to build the zip
if any one can direct to information on building RUU may be we can give it a try
ajeevlal said:
as qzfive said, if the rom.zip in RUU is modified it cannot be flashed, i tried to modify the rom.zip using zip utility to change the CID information once, but the flashing was not successful. Believe HTC uses some special technique to build the zip
if any one can direct to information on building RUU may be we can give it a try
Click to expand...
Click to collapse
It has a digiotal signature that you are modifying by packing it with a normal zip program. Instead, use 7zip this way:
- extract the files you want to edit
- edit them (for text editor use notepad++ as others like normal notepad\word\wordpad are creating unneeded newline chars)
- open the zip with 7zip again and drag and drop the files you want to replace into 7zip.
Alex C. said:
It has a digiotal signature that you are modifying by packing it with a normal zip program. Instead, use 7zip this way:
- extract the files you want to edit
- edit them (for text editor use notepad++ as others like normal notepad\word\wordpad are creating unneeded newline chars)
- open the zip with 7zip again and drag and drop the files you want to replace into 7zip.
Click to expand...
Click to collapse
I'm guessing it's only possible to modify the CID of the .zip this way? I got an idea of replacing recovery.img in the zip to a CWM.img, guessing it wouldn't work?
EDIT: I pulled the rom.zip from the 1.33.401.1 RUU and it wouldn't let me put my modified android-info.txt back into the .zip, 7zip gave me a "Not implemented/Operation not supported" error :/
qzfive said:
I'm guessing it's only possible to modify the CID of the .zip this way? I got an idea of replacing recovery.img in the zip to a CWM.img, guessing it wouldn't work?
EDIT: I pulled the rom.zip from the 1.33.401.1 RUU and it wouldn't let me put my modified android-info.txt back into the .zip, 7zip gave me a "Not implemented/Operation not supported" error :/
Click to expand...
Click to collapse
7zip said "Not implemented"? Weird.. So you are simply using drag and drop, eh?
As a side note, remove the first 256 bytes of the file, which is the RSA signature (for example using HxD) to get a "proper" zip file. All modifications of the file will invalidate the signature anyway, you won't be able to flash it unless you're S-OFF or through an exploit.
Yup, Drag and Drop gives the error "Not Implemented", and clicking the Add icon gives the error "Operation is not supported"
Funnily enough, WinRAR says "C:\Users\James\Desktop\PH06IMG.zip: The archive is corrupt" when trying to add files to it
I'm guessing HTC made their .zips pretty secure then :/
xdbg said:
As a side note, remove the first 256 bytes of the file, which is the RSA signature (for example using HxD) to get a "proper" zip file. All modifications of the file will invalidate the signature anyway, you won't be able to flash it unless you're S-OFF or through an exploit.
Click to expand...
Click to collapse
I've edited with 7zip and the signature was not invalidated. The files were then flashed.
do i have to buy xtc clip to get gold card or what ?
cause i cant find any other way to do it
Search on Google: gold card creator. You can also search "gold card" on XDA.
It worked Thanks....
what to do if i cant get adb shell root?
zergRush doesnt work saying Hellions with blue flames
the 2nd link is dead, and i guess its based on the same exploit
all i need is to flash europe 1.33.401.1 on top of 1.57.707.2
s-on
aZzz.bZzz said:
what to do if i cant get adb shell root?
zergRush doesnt work saying Hellions with blue flames
the 2nd link is dead, and i guess its based on the same exploit
all i need is to flash europe 1.33.401.1 on top of 1.57.707.2
s-on
Click to expand...
Click to collapse
facing similar issue... ok got adb shell working (already rooted) but failed at last command and says not enough memory ... card empty and phone got abt 80mb free.
my phone is s-on, and factory unlocked. Do i still need goldcard? read reviews long time ago that unlocked phone dont need that, only branded one need goldcard.
wish the xtc clip were cheaper ...
thank you , you were right it just wants a post on my wall.
I am sorry for the off topic but is there any easy tutorial how to Sim Carrier unlock MY HTC chacha S-ON, if there is one ?
I have USA Version CHACHA , with firmware 1.60.xxx
Really downgrade firmware? And do S-OFF?
With gold card not have downgrade