Database Info

[Q][Solved] Downgrade from 2.00.0002 and root HTC Desire S, install recovery

Hello,
I have HTC Desire S. I did HTCDev.com unlock, but again and again there are problems to root this device. I can't flash recovery via fastboot, hangs on sending files etc. Went through many guides and nothing:
http://forum.xda-developers.com/showthread.php?t=1194488
http://forum.xda-developers.com/showthread.php?t=1318919
http://forum.xda-developers.com/sho...m.xda-developers.com/showthread.php?t=1399331
Always there is something like adb shell /data/local/tmp/zergRush > Cannot copy boomsh: Permission diened etc. problems.
I am totally lost. can you give me few hints how to or downgrade to 0.98.00000 or whatever to install custom recovery. Please! :s
Can you please help me root this device, install clockwork recovery and rom to MIUI? I have rooted another, my old HTC Desire before, but there anything went fine.
***Unlocked***
SAGA PVT SHIP S-ON RL
HBOOT-2.00.0002
RADIO-3822.10.08.04_M
eMMC-boot
Aug 22 2011, 15:22:13

Guys, really need your help, please! Will pay dollars for help.
This is such a huge pain in the ass! Sorry for 2xpost.
I have followed this guide: http://forum.xda-developers.com/showthread.php?t=1399331
I really managed to get to this point with success:
5. now type
adb shell /data/local/tmp/misc_version -s 1.27.405.6
--> this will change your version information
Click to expand...
Click to collapse
and problem starts on:
6. now you can doubleclick on the privous downloaded RUU and follow the steps. it may tell you from going down from version 2.xx to 1.xx but it is possible.
7. phone reboots and when it is up again you should have android 2.3.3 hboot 0.98.0000 S-ON
8. now just download revolutionary from http://revolutionary.io and create a beta key and start programm
Click to expand...
Click to collapse
RUU installer simply freezes on "Sending" data to phone. I am stuck there, sometimes it gives error [171], sometime shows that ''battery less than 30% remaining''. What the heck is going on? (I have locked bootloader before RUU install, because I have read that it should be like that.) (HTC Sync installed before RUU install)

You need to relock the bootloader with the command "fastboot oem lock"
So boot the phone into fastboot, then in cmd run above command, then re try the RUU.

Already did that, but with no success. Still the same problem. RUU installer freezes on "Sending".
---
As I enter bootloader ***Unlocked*** on the top is changed to ***Relocked***, so command "fastboot oem lock" did the job.

Try extracting the rom.zip file from the RUU, then renaming it to PG88IMG.zip then place that file on your SDcard root then apply the update in hboot.

I have dowloaded RUU file which is .exe, is there any RUU what you would recommend for me? (phone is not branded, Europe: Latvia) Maybe I am using wrong RUU also?
And as I will put PG88IMG.zip in to SD card, how should I apply the update in hboot, by running some command in cmd?

@Forwox
To get the ROM.zip from the RUU and to install via PG88IMG.zip
Start the RUU and once at the main page go to Start>Run and type in %temp%
Next find the newest folder and in there will be file called rom.zip. Copy this file to the desktop and rename it to PG88IMG.zip
Now copy this file to your SD card and start the phone in HBOOT (turn it on whilst holding volume down). It will find the file and start the update.
If that fails please run this fastboot command "fastboot getvar all" and post its results and the RUU you are trying to install.

Well, I got that rom.zip from %temp%, newest folder found rom.zip (rom.zip date modified is 2011.03.15) , put it into SD card, then entered HBOOT and it gave me:
SD Checking...
Loading... [PG88DIAG.zip]
No image!
Loading... [PG88DIAG.nbh]
No image or wrong image!
Loading...[PG88IMG.zip]
No image!
Loading... [PG88IMG.nbh]
No image or wrong image!
As I enter into cmd and run "fastboot getvar all" it gives me:
(bootloader) version: 0.5
(bootloader) version-bootloader: 2.00.0002
(bootloader) version-baseband: 3822.10.08.04_M
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 1.27.405.68
(bootloader) serialno: SH17CTJ03677
(bootloader) imei: 356708045855945
(bootloader) product: saga
(bootloader) platform: HBOOT-7230
(bootloader) modelid: PG8810000
(bootloader) cidnum: HTC__032
(bootloader) battery-status: good
(bootloader) battery-voltage: 4177mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: ebd3df7d
(bootloader) hbootpreupdate: 12
(bootloader) gencheckpt: 0
all: Done!
finished. total time: 0.016s
Click to expand...
Click to collapse
I am trying to install RUU_Saga_HTC_Europe_1.28.401.1_Radio_20.28b.30.0805U_38.03.02.11_M_release_177977_signed
When I tried this: http://forum.xda-developers.com/showthread.php?t=1399331 method before, I went so far and got stuck with RUU...exe installing: (see attachemen 1.)
EDIT!!!
I have managed to flash RUU by copying it to SD card (writing .zip was the problem), flashed via HBOOT, but nothing have changed!)
(see attachement 2. when flashing 3., 4. when RUU is flashed)

Try to install the 1.47... (dont remember the exact number) using the installer... I've downgraded it with that version following the same tut as u did. Dont know if it makes a difference but give it a try... or maybe there's someone else who could help u (im not really a pro ^^)
Sent from my HTC Desire S

Forwox said:
Guys, really need your help, please! Will pay dollars for help.
This is such a huge pain in the ass! Sorry for 2xpost.
I have followed this guide: http://forum.xda-developers.com/showthread.php?t=1399331
I really managed to get to this point with success:
and problem starts on:
RUU installer simply freezes on "Sending" data to phone. I am stuck there, sometimes it gives error [171], sometime shows that ''battery less than 30% remaining''. What the heck is going on? (I have locked bootloader before RUU install, because I have read that it should be like that.) (HTC Sync installed before RUU install)
Click to expand...
Click to collapse
are u'r phone already have firmware version 1.27.405.6, if that..u can try uninstall HTCsync first and leave the driver..n now u can try run RUU upgrade again..n see..
i hope this help u..

YESSSS, FINALLY DID IT!!!
What were my problems? RUU was the incorrect versions, few problems with PC drivers, that's why fastboot recovery flashing didn't worked and the only way to go was Revolutionary, but it does not work on 2.00.xxxx HBOOT version, that's why downgrade was needed.
My HTC Desire S now:
-Revolutionary-
SAGA PVT SHIP S-OFF RL
HBOOT-6.98 1002
RADIO-3805.06.02.03_M
eMMC-boot
Mar 10 2011, 14:58:38
Click to expand...
Click to collapse
Before:
***LOCKED***
SAGA PVT SHIP S-ON RL
HBOOT-2.00.0002
RADIO-3822.10.08.04_M
eMMC-boot
Aug 22 2011, 15:22:13
Click to expand...
Click to collapse
What have I done:
*HTCDev.com Unlock and then Relock, downgrade from HBOOT-2.00.0002 to HBOOT- 0.98.0002 is done, RUU installed, S-OFF made via revolutionary, MIUI ROM installed.*
Here is a little walkthrough from *pain in the ass* to total success how it was in my case :
------------
1. Installed all necessary android related drivers to PC.
2. In Desire S phone turned off "fastboot" option in Settings/power/fastboot. Turned on USB debugging Settings/Applications/Development/USB debugging
3. Switched on and connected phone to PC (Charge only).
3.1 If your HTC Desire S in HBOOT shows pink ***LOCKED*** go to HTCDev.com and unlock it.
4. Downloaded files from this topic: http://forum.xda-developers.com/showthread.php?t=1399331 (zergRush and misc_version ONLY!!!)
Unziped the downloaded files in a folder (e.g. c:/Users/yourName/Downloads)
5. In Windows went to Start>Run and typed cmd. Now you needed to relock the bootloader with the, so typeed command "fastboot oem lock" in terminal just just I opened. "I recommend to restart the phone and after that connect to Charge only again as before."
3. Run the Terminal again and changed into the folder where I unzipped files before (change folder with 'cd')
4. Now typed to the terminal (every line is one command!)
adb push zergRush /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/zergRush
adb shell chmod 777 /data/local/tmp/misc_version
adb shell
(IF THERE IS ANY PROBLEM WITH zergRush or BOOMSH, and only $ shows up, type this):
4.1 rm /data/local/tmp/boomsh
4.2 rm /data/local/tmp/sh
4.3 cd /data/local/tmp/
IF NO PROBLEM EXPLAINED ABOVE, THEN KEEP TYPING AFTER PREVIOUS adb shell THIS:
cd /data/local/tmp/
./zergRush
5. Then typed
adb shell /data/local/tmp/misc_version -s 1.27.405.6
"This will change your version information, but you need the same RUU version!"(don't type this in cmd, of course)
6. Now found appropriate RUU for device. I used RUU_Saga_HTC_Europe_1.47.401.4_Radio_20.28I.30.085AU_3805.06.02.03_M_release_199410_signed and it worked like a charm!!! I have tried two other with no success on downgrade. My Desire S is non-branded!
7. Run that downloaded RUU .exe file, went to Start>Run and typed in %temp% Now clicked "Date modified" and found the newest folder and in there will be file called rom.zip. Copied this file to the desktop and renamed it to PG88IMG (adding .zip extension was the trouble maker for me! But you can try)
8. Copied this file to my SD card and start the phone in HBOOT (turn it on whilst holding volume down). The phone found the file and started the update.
9. Phone restarted and you I saw HBOOT- 0.98.0002 instead of HBOOT-2.00.0002 as it was before. If it is like that, then you have successfully downgraded your HTC Desire!
8. Now just download revolutionary from http://revolutionary.io and create a beta key and start programm. It will do S-OFF on your device.
DONE!
Now you can install any ROM by your choice.
Good luck and don't give up! It took me 3 days, but I didn't gave up.
I hope this report somehow helps users like me, who faces the same problems and storyline.
Many thanks to foX2delta and SuperKid who helped, and topics in this forum.

Glad it worked out, never heard of a RUU not working in this way (want main version, wasnt CID related). Only thing I can think of is maybe the RUU's (v1.28/1.47) each respond differently to the later versions (v2.10) or luck of the gods or a bad download of the RUU.

As foX2delta said
foX2delta said:
or a bad download of the RUU.
Click to expand...
Click to collapse
So remember always checking md5 sums, even if it was not necessarily because of that.
Sent from my HTC Desire S

This worked for me too. If you've unlocked the bootloader though htcdev though, you HAVE to relock it, otherwise flashing the older RUU will give an error message. This makes me wonder if unlocking it is even needed at all.

You know what??? you're a life saver!
I followed your steps and managed to make it .... phew!!
I used the RUU directly though, it worked fine once the bootloader is locked again
Thanks!

ahmedsalahais said:
You know what??? you're a life saver!
I followed your steps and managed to make it .... phew!!
I used the RUU directly though, it worked fine once the bootloader is locked again
Thanks!
Click to expand...
Click to collapse
At least, glad this worked for you. Enjoy it.

HELP! ok i unlocked my desire s using HTCdev.
and i download both zergRush and misc_version and unzip it on c:\users\user\downloads
so i go to cmd and type in those commands but i got this
c:\Users\user\Downloads>adb push zergRush /data/local/tmp
'adb' is not recognized as an internal or external command,
operable program or batch file.
need to downgrade it from 2.00.0002.
*latest update. now it says
c:\Android>adb push zergRush /data/local/tmp
error: device not found
**latest update.
C:\Users\user>cd c:\Android
c:\Android>adb push zergRush /data/local/tmp
1152 KB/s (14157 bytes in 0.012s)
c:\Android>adb push misc_version /data/local/tmp
644 KB/s (15837 bytes in 0.024s)
c:\Android>adb shell chmod 777 /data/local/tmp/zergRush
c:\Android>adb shell chmod 777 /data/local/tmp/misc_version
c:\Android>adb shell /data/local/tmp/zergRush
/data/local/tmp/zergRush: /acct: permission denied
acct: permission denied
acct: permission denied
acct: permission denied
acct: permission denied
/data/local/tmp/zergRush: 6: Syntax error: "(" unexpected
--------------------solve---------------

No htcdev needed?
I'm a newbie, but I think you do not need to unlock then relock bootloader via htcdev. Doing this is basically telling HTC you are voiding your warranty. I am trying this method tonight and will report if HTC unlock is needed.

I had unlocked bootloader via htcdev.com and installed a custom rom. now i need to go back to stock rom so i downloaded old RUU
I tried the steps above and iam getting the following message.
/system/bin/sh: 4.3: not found
C:\Android>adb push zergRush /data/local/tmp
351 KB/s (23060 bytes in 0.064s)
C:\Android>adb push misc_version /data/local/tmp
694 KB/s (589849 bytes in 0.829s)
C:\Android>adb shell chmod 777 /data/local/tmp/zergRush
C:\Android>adb shell chmod 777 /data/local/tmp/misc_version
C:\Android>
C:\Android>adb shell
[email protected]:/ $ 4.1 rm /data/local/tmp/boomsh
4.2 rm /data/local/tmp/sh
4.3 cd /data/local/tmp/4.1 rm /data/local/tmp/boomsh
/system/bin/sh: 4.1: not found
127|[email protected]:/ $ 4.2 rm /data/local/tmp/sh
/system/bin/sh: 4.2: not found
127|[email protected]:/ $ adb shell /data/local/tmp/misc_version -s 1.27.405.6
hell /data/local/tmp/misc_version -s 1.27.405.6
/system/bin/sh: 4.3: not found
127|[email protected]:/ $
Pls help

Leave the 4.1, 4.2 and 4.3 aside. In case you didn't put attention - they're just step numbers, and aren't part of the commands.
You're making an awful mess.

[Q] Cache partition problem, HELP!

Hi,
I am trying to change my rom using CWM. I made my phone S-off. Than installed CWM. While trying to wipe all user data before rom install, it stuck. So I took the battery off. Now it gives error in CWM screen:
E: Can't mount /cache/recovery/command
E: Can't mount /cache/recovery/log
E: Can't open /cache/recovery/log
E: Can't mount /cache/recovery/last_log
E: Can't open /cache/recovery/last_log
So I read a bit and tried to format the cache partition from mounts and storage section. It gives
Error formatting /cache!
message.
I can go into fastboot, CWM and hboot.
I can install rom zip from sdcard.
I have a backup created with CWM.
I can't boot into Android, I can't restore my backup.
I tried to push recovery again using fastboot but it freezes there too.
I used recovery-clockwork-5.0.2.0-saga.img file while installing CWM on the first place. Now it is the installed one.
I have SDK and tools like adb and fastboot.
Please help!

1. Download Android Flasher to your PC
2. Download 4EXT Recovery image
3. Reboot the phone to bootloader (there should be FASBOOT USB written somewhere on the screen)
4. Flash the image with the Android flasher (check the "already in fastboot" box)
5. Wipe all partitions and try to install a custom ROM
If not working see the "before eMMC replacement" guide in my signature

Thank you very much for your detailed and quick response. I really appreciate it
I did what you told but, android flasher froze so I shut it down. After that I went to the topic on your signature and checked if the emmc is fried but it is not and responding well. Then I went to the post that is about the partition size. I ran
cat /proc/mtd
command in adb shell and got no partitions listed at all.
Now what should I do?
Again I can not install the recovery you mentioned. Is there anything that I can do with CWM which is already installed and working?
Also as far as I read from other topics, some are mentioning about putting the PG88DIAG.zip file which hboot is searching for in the bootloader startup to the phone and making it un rooted and re root it afterwards. But I could not find the zip file named PG88DIAG.zip so I could not try that. Is there anything you can say about it?
Regards;
y.

ysayita said:
Thank you very much for your detailed and quick response. I really appreciate it
I did what you told but, android flasher froze so I shut it down. After that I went to the topic on your signature and checked if the emmc is fried but it is not and responding well. Then I went to the post that is about the partition size. I ran
cat /proc/mtd
command in adb shell and got no partitions listed at all.
Now what should I do?
Again I can not install the recovery you mentioned. Is there anything that I can do with CWM which is already installed and working?
Also as far as I read from other topics, some are mentioning about putting the PG88DIAG.zip file which hboot is searching for in the bootloader startup to the phone and making it un rooted and re root it afterwards. But I could not find the zip file named PG88DIAG.zip so I could not try that. Is there anything you can say about it?
Regards;
y.
Click to expand...
Click to collapse
Freezing during fastboot command execution is not a good sign at all. Nevertheless if the eMMC check is stating that your card is initializing properly then you should be able to restore your phone.
Desire S in not mounting in /mnt so you cannot see partitions there
Rename the image from my previous post to recovery.img and try to flash it with fastboot (be sure that you have your serial as output of the "fastboot devices" command): fastboot flash recovery recovery.img
If not working go through the eMMC guide again - especially point 4. Note your hboot version - if it is the Revolutionary one you have to change it

amidabuddha said:
Freezing during fastboot command execution is not a good sign at all. Nevertheless if the eMMC check is stating that your card is initializing properly then you should be able to restore your phone.
Desire S in not mounting in /mnt so you cannot see partitions there
Rename the image from my previous post to recovery.img and try to flash it with fastboot (be sure that you have your serial as output of the "fastboot devices" command): fastboot flash recovery recovery.img
If not working go through the eMMC guide again - especially point 4. Note your hboot version - if it is the Revolutionary one you have to change it
Click to expand...
Click to collapse
Again thank you.
I did the procedure from the fastboot directly as you told but when it sends the file and begins the write procedure, it freezes. So I went to the eMMC topic again to step 4 and tried to change the hboot version to 0.98.2000 from current 6.98.1002 which is revolutionary by the way. But in android flasher I have this log output
Code:
sending 'hboot' (1024 KB)...
OKAY [ 0.196s]
writing 'hboot'...
(bootloader) image update is bypassed!
OKAY [ 0.029s]
finished. total time: 0.225s
also in the screen I see
Code:
Can not roll back hboot version
message at the bottom in red.
So I tried to do it again with fastboot and in command prompt I wrote
Code:
fastboot flash bootloader <img file>
but this time I got this output
Code:
fastboot flash bootloader ..\hboot_0.98.000
0_361a7ba6_0310.img
sending 'bootloader' (1024 KB)... OKAY [ 0.197s]
writing 'bootloader'... FAILED (remote: partition does not exist!)
finished. total time: 0.222s
Then I renamed the zip file to PG88DIAG.zip and pushed it to /sdcard/ using adb. After rebooting hboot, it asked if I wanted to start the update and I chose yes. But again at the end it gave the same message with the android flash:
Code:
Can not roll back hboot version
at the bottom in red.
I can not change hboot version to the required 0.98.2000 version with the methods mentioned.
Is there anything else I can do?

The proper command is
Code:
fastboot flash hboot hboot.img
but this is what the Andorid FLasher did
try the following: boot to Recovery, connect to PC, copy the hboot.img file to your SDcard, open command prompt and type:
Code:
adb devices [I](your device serial number should be displayed)[/I]
adb shell [I](there should be a command prompt with the # symbol in front if not type "su" without the quotes)[/I]
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18[I][/I]
if not working try to unmount/mount the SDcard:
Code:
adb devices [I](your device serial number should be displayed)[/I]
adb shell [I](there should be a command prompt with the # symbol in front if not type "su" without the quotes)[/I]
umount /sdcard [I](not a typo the command is umount, not u[B]N[/B]mount)[/I]
mount /sdcard
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18[I][/I]

I copied the file to the SDCard. Then in adb shell
Code:
~ # ls /sdcard/
ls /sdcard/
~ # umount /sdcard
umount /sdcard
umount: can't umount /sdcard: Invalid argument
~ # exit
exit
adb push ..\hboot.img /sdcard/
1627 KB/s (1048576 bytes in 0.629s)
adb shell
~ # ls sdcard
ls sdcard
hboot.img
~ # dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
2048+0 records in
2048+0 records out
1048576 bytes (1.0MB) copied, 11.191921 seconds, 91.5KB/s
~ # reboot bootloader
reboot bootloader
It still has the same hboot.
After that;
Code:
fastboot flash hboot ..\hboot.img
sending 'hboot' (1024 KB)... OKAY [ 0.201s]
writing 'hboot'... INFOimage update is bypassed!
OKAY [ 0.028s]
finished. total time: 0.231s
Again result is same with AndroidFlasher or installing with zip file from hboot.
Code:
Can not roll back hboot version.
Is there a some kind of write protection? Is there a possibility of mmcblk0p18 not being the right partition section?
Again, thanks a lot!

Yes there is a write protection and this is the reason why I always recommend to change it right after the S-OFF procedure.
Anyway search in the forum for hboot over alpharevx or 2.00.2002 and try them with dd. This is you only way to restore with RUU. But for me this is an indication of bad eMMC and I am surprised that you have positive output of the dmesg command. Also you can push the hboot.img to /data/temp and dd from there
Sent from my Desire S using Tapatalk

How about RUU-ing your way back to stock, re-rooting it, and restoring your backup? Assuming there is later RUU.exe with higher HBOOT version, compatible with your CID.
And when I say RUU-ing, I mean stock HTC RUU.exe, not Android Flasher.
And if RUU fails, you can be sure it's your eMMC...

amidabuddha said:
Yes there is a write protection and this is the reason why I always recommend to change it right after the S-OFF procedure.
Anyway search in the forum for hboot over alpharevx or 2.00.2002 and try them with dd. This is you only way to restore with RUU. But for me this is an indication of bad eMMC and I am surprised that you have positive output of the dmesg command. Also you can push the hboot.img to /data/temp and dd from there
Sent from my Desire S using Tapatalk
Click to expand...
Click to collapse
I found something that may be relevant. The problem is that, before dd'ing I need to get su rights so every guide I read requires to enter the su command and acquire those rights on before the dd command. But the problem is that, when I enter the adb shell, it seems that I already have the su rights (I have the # mark on the command line) and if I enter su again, it says it is not recognized. So could this be the reason why the partition seems to be overwritten and it is not, me not having su rights while dd'ing? If that's the case, how could make the su command work?
Thanks a lot.
Regards;
y.

Jack_R1 said:
How about RUU-ing your way back to stock, re-rooting it, and restoring your backup? Assuming there is later RUU.exe with higher HBOOT version, compatible with your CID.
And when I say RUU-ing, I mean stock HTC RUU.exe, not Android Flasher.
And if RUU fails, you can be sure it's your eMMC...
Click to expand...
Click to collapse
As far as I learned today, because that my bootloader is s-off'ed by revolutionary, the bootloader contained in RUU cannot overwrite it. So installing RUU without getting the stock bootloader with hboot 0.98 is not an option. But thanks anyway, any tiny bit of help is really precious.
Regards,
y.

ysayita said:
I found something that may be relevant. The problem is that, before dd'ing I need to get su rights so every guide I read requires to enter the su command and acquire those rights on before the dd command. But the problem is that, when I enter the adb shell, it seems that I already have the su rights (I have the # mark on the command line) and if I enter su again, it says it is not recognized. So could this be the reason why the partition seems to be overwritten and it is not, me not having su rights while dd'ing? If that's the case, how could make the su command work?
Thanks a lot.
Regards;
y.
Click to expand...
Click to collapse
# prompt means root privileges, so this should not be the case. The strange is that you do not have any I/O errors.
Try this and this
also post here the output of
Code:
fastboot getvar all
(hide your IMEI)

amidabuddha said:
# prompt means root privileges, so this should not be the case. The strange is that you do not have any I/O errors.
Try this and this
also post here the output of
Code:
fastboot getvar all
(hide your IMEI)
Click to expand...
Click to collapse
(bootloader) version: 0.5
(bootloader) version-bootloader: 6.98.1002
(bootloader) version-baseband: 3805.06.02.03_M
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 1.47.468.2
(bootloader) serialno:
(bootloader) imei:
(bootloader) product: saga
(bootloader) platform: HBOOT-7230
(bootloader) modelid: PG8810000
(bootloader) cidnum: HTC__M27
(bootloader) battery-status: good
(bootloader) battery-voltage: 4198mV
(bootloader) partition-layout: Generic
(bootloader) security: off
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: 361a7ba6
(bootloader) hbootpreupdate: 12
(bootloader) gencheckpt: 0
all: Done!
finished. total time: 0.025s
First guide seems to be pulled off. First, trying the other one.
Thanks.
y.

amidabuddha said:
# prompt means root privileges, so this should not be the case. The strange is that you do not have any I/O errors.
Try this and this
also post here the output of
Code:
fastboot getvar all
(hide your IMEI)
Click to expand...
Click to collapse
Now, I read from somewhere that /system should be mounted before dd'ing so I mounted it from recovery's mounts and storage menu. Than I tried to dd again and I got this output:
Code:
~ # dd if=/data/tmp/hboot.img of=/dev/block/mmcblk0p18
dd if=/data/tmp/hboot.img of=/dev/block/mmcblk0p18
dd: writing '/dev/block/mmcblk0p18': I/O error
1+0 records in
0+0 records out
0 bytes (0B) copied, 5.013903 seconds, 0B/s
So what can be the problem? Is it mean that chip is fried?
Edit:
I got dmesg output again and it seems responding well:
Code:
dmesg | grep mmc0
<3>[ 6.956176] mmc0: No card detect facilities available
<6>[ 6.956817] mmc0: Qualcomm MSM SDCC at 0x00000000a0500000 irq 98,0 dma 7
<6>[ 6.956939] mmc0: Platform slot type: MMC
<6>[ 6.957183] mmc0: 4 bit data mode disabled
<6>[ 6.957305] mmc0: 8 bit data mode enabled
<6>[ 6.957427] mmc0: MMC clock 144000 -> 50000000 Hz, PCLK 96000000 Hz
<6>[ 6.957672] mmc0: Slot eject status = 0
<6>[ 6.957794] mmc0: Power save feature enable = 1
<6>[ 6.958038] mmc0: DM non-cached buffer at ffa0f000, dma_addr 0x0ba0d000
<6>[ 6.958160] mmc0: DM cmd busaddr 0x0ba0d000, cmdptr busaddr 0x0ba0d300
<6>[ 7.111846] mmc0: new high speed MMC card at address 0001
<6>[ 7.113494] mmcblk0: mmc0:0001 M4G2DE 2.10 GiB
y.

Your eMMC is fine according to this command but it may be failed by another reason...
The first guide is pulled off but there is an attachment at the first post..try it as well as 2.00.2002
Mount data before "dd", not system, or mount them all. Try all possible combinations, because in general you should change the hboot first. You cannot proceed otherwise. Then take a look here, because you will not be able to find a RUU for your version.
You can try falshing hboot with a Goldcard as well

amidabuddha said:
Your eMMC is fine according to this command but it may be failed by another reason...
The first guide is pulled off but there is an attachment at the first post..try it as well as 2.00.2002
Mount data before "dd", not system, or mount them all. Try all possible combinations, because in general you should change the hboot first. You cannot proceed otherwise. Then take a look here, because you will not be able to find a RUU for your version.
You can try falshing hboot with a Goldcard as well
Click to expand...
Click to collapse
I tried both and result is the same.
Also I mounted data and tried. Again same error with I/O.
When I try to mount /system first and then /data, I got error mounting /data. And when /data first and then /system, I got error mounting /system. So I could not try with both of them mounted.
I read about creating Goldcard but I can not get the CID with this code
Code:
cat /sys/class/mmc_host/mmc1/mmc1:*/cid
So I can not move further in gold card creation.

Goldcard without device
Also wipe all and try a custom rom again

amidabuddha said:
Goldcard without device
Also wipe all and try a custom rom again
Click to expand...
Click to collapse
I had a goldcard at last. Then I tried to install the RUU with goldcard in device. But it keeps freezing at rebooting bootloader phase.
So I tried to flash with fastboot again but result is as below:
Code:
sending 'hboot' (1024 KB)...
OKAY [ 0.185s]
writing 'hboot'...
(bootloader) image update is bypassed!
OKAY [ 0.029s]
finished. total time: 0.214s
And I get
Code:
Can not roll back hboot version
message again.
Then I tried putting P88IMG.zip to goldcard and tried to flash from there in hboot but again the same cannot rollback message appeared and froze.
So I went back to adb shell and tried dd'ing from /sdcard/hboot.img but I/O error persists.
So I am aware that I am running out of choices but, please keep suggesting.
Thanks,
y.

This was mentioned at the first hboot link that I gave you. There is a problem sometimes with region specific or branded devices.
But honestly I have no idea why you cannot replace it via dd. Sorry, but out of suggestions
Maybe you should try at the Revolutionary freenode IRC channel - they are the experts in this field after all....

amidabuddha said:
This was mentioned at the first hboot link that I gave you. There is a problem sometimes with region specific or branded devices.
But honestly I have no idea why you cannot replace it via dd. Sorry, but out of suggestions
Maybe you should try at the Revolutionary freenode IRC channel - they are the experts in this field after all....
Click to expand...
Click to collapse
Thank you for your deep interest and kind efforts, I really appreciate it. As you suggested, I contacted with the guys in Revolutionary freenode IRC channel and they helped me. But there were no solution for it right now. I am going to try my chance with HTC Service. Hope they can do something about it.
Regards;
y.

Downgrade htc rhyme

Hi. sorry for bad english
this guide for downgrade htc rhyme on stock rom 1.29.401.3 (RST)
because when you unlocked bootloader, rom increases on 2.0.0.3.....
Recover the full Stock except Relock bootloader.
all the responsibility on you. All personal data will certainly be affected
This procedure will consist of several steps
1 Changing the version number, in order to downgrade firmware was possible.
2 Downgrade device
condition: device must be unlock and have root
Step 1: Changing the version number
condition: bootloader unlock, device is loaded and connected, debugging on.
1. Put the files downloaded from here (aks me) in the tools folder in the root of drive C:
2.Open a command prompt and enter the following code (after each line enter):
cd c:\tools
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell
/data/local/tmp/misc_version -s 1.00.000.0
After the introduction of these commands, you should have the following:
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...
Note: If you will have an error «Error opening backup file.», Make sure that your memory card is inserted into the phone, not in the computer (make sure the phone is not switched to USB Storage).
3. Enter the code:
# sync
Double-check back to write code and make sure that all the work you have done correctly with the code:
dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
After entering the code should appear:
1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.001 secs (10000 bytes/sec)
STEP 2:
1. At the command prompt, type the following command to restart the boot menu (bootloader):
adb reboot bootloader
1.1 Open another command window (not the previous close) and lock bootloader using the instructions from htcdev
1.2 After the locking bootloader device will be reboot ..... hold the lower volume button to enter the bootloader and select the power button fastboot
and back to the first command line window
2. Make sure that your device is recognized by entering the following command:
fastboot-windows devices
3. If your device is properly recognized, it is necessary to return the serial number. Use the code:
fastboot-windows oem rebootRUU
4. Your phone will now restart. The screen of your phone will be black with a gray-silver logo «HTC».
5. After that, we need to reinstall the original firmware. It may take a few minutes, as the transfer of distribution firmware from PC to phone is not fast. Enter the code:
fastboot-windows flash zip StockRom.zip
In rare cases, the installation stops and the user pops up a warning that it is necessary to immediately repeat the installation. Do not panic, just type «fastboot-windows flash zip StockRom.zip» again and it will work.
7. Once it's over, wait a few minutes, then restart your phone, using the code:
fastboot-windows reboot
it's all
You have to be installed in the phone firmware version 1.29.401.3
Is performed on the RST(Russia) rhyme. But there is a chance that this can return any stock rom on any cid. just before it in the folder TOOLS needed to replace an existing zip StockRom, your original zip

download tools from where?

ezab said:
download tools from where?
Click to expand...
Click to collapse
You can get misc_version from here: http://forum.xda-developers.com/showthread.php?t=1399331

hi
actually i have followed all of ur step
but this error always occured
about hboot version is older
C:\Android>fastboot flash zip rom.zip
sending 'zip' (407580 KB)...
OKAY [ 56.535s]
writing 'zip'...
(bootloader) adopting the signature contained in this image...
(bootloader) signature checking...
(bootloader) zip header checking...
(bootloader) zip info parsing...
(bootloader) checking model ID...
(bootloader) checking custom ID...
(bootloader) checking main version...
(bootloader) checking hboot version...
FAILED (remote: 44 hboot version check fail)
finished. total time: 127.671s

[Q] Problem with rooting HTC Sensation

Hi.
I am new to rooting and flashing roms, but i have managed to at least get my phone S-OFF now.
I had some problems because i've had the motherboard replaced, but managed to solve it using JuopunutBear (without HTC Dev Unlock).
PYRAMID PVT SHIP S-OFF RL
I also installed ClockworkMod Recovery v5.8.0.9, and tried various zip-files for su (ie. su-2.3.6.3-efgh-signed.zip).
When I installed, it looked successful, but Root Checker Basic says I do not have proper root access.
I ran Root Checker Pro, so that hopefully someone with a bit more experience can make sense of it.
When i tried to access /system/bin/su from adb shell, i got permission denied.
Super User Applications Status:
Superuser application - version 2.3.6.3 - is installed!
SuperSU application - version 1.04 - is installed!
System File Properties for Root Access:
Alternative Location
Check Command: ls -l /sbin/su:
Result: /sbin/su: Permission denied
Analysis: File system permissions restricted and denied access.
Standard Location
Check Command: ls -l /system/bin/su:
Result: ---sr---wt root root 26324 2008-08-01 14:00 su
Analysis: Setuid attribute present and root user ownership present. Root access is correctly configured for this file! Executing this file can grant root access!
Alternative Location
Check Command: ls -l /system/xbin/sudo:
Result: /system/xbin/sudo: No such file or directory
Analysis: File /system/xbin/sudo does not exist.
Standard Location
Check Command: ls -l /system/xbin/su:
Result: lrwxrwxrwx root root 2013-02-06 16:09 su -> /system/bin/su
Analysis: File: su is a symbolic link pointing to another file: /system/bin/su
Root User ID and Group ID Status:
SU binary not found or not operating properly
System Environment PATH: /sbin /vendor/bin /system/sbin /system/bin /system/xbin
ADB Shell Default User:
ADB shell setting for standard access, stored in default.prop, is configured as: shell (non root) user - ro.secure=1
Click to expand...
Click to collapse
I also included some extra info from fastboot, in case it matters:
version: 0.5
version-bootloader: 1.27.1111
version-baseband: N/A
version-cpld: None
version-microp: None
version-main: 1.24.401.1
serialno: *****
imei: ****
product: pyramid
platform: HBOOT-8260
modelid: PG5813000
cidnum: HTC__Y13
battery-status: good
battery-voltage: 4192mV
partition-layout: Generic
security: off
build-mode: SHIP
boot-mode: FASTBOOT
commitno-bootloader: 617f0a98
hbootpreupdate: 11
gencheckpt: 0
Click to expand...
Click to collapse
Hopefully, with your help I can get passed this
If I left out some important information, please let me know.

This can be marked as solved
I changed to 4EXT recovery, and flashed Android_Revolution_HD_Root_and_BusyBox.zip.
This changed my Superuser application to version 3.0.7 and i got root access.

[SOLVED] [TWRP] Restore data of a damaged and encrypted Nexus5 (to a new Nexus5)

update: SOLVED - thread can be closed
Hi!
My phone got physically damaged while it was at a shop getting its display changed.
My setting was (as I reconstructed from my last backup):
TWRP 2.8.7.1 (or maybe 3.0.0.0)
Cyanogenmod cm-13.0-20160214-NIGHTLY-hammerhead-recovery (or maybe higher)
encrypted
I am trying to access the phone information and had it examined from a data recovery expert.
This is all the data I got on a USB:
data.emmc.win
system.ext4.win
system.ext4.win.md5
system.info
I don't know if the information stored in those file containers is still encrypted as I provided the data recovery expert with my encryption key.
My idea was to get a new Nexus5, install TWRP and try to restore the partitions. I would then have been able to use the new phone as a 1:1 replacement of the old one.
Unfortunately it didn't work (out of the box).
Maybe this would work? [TUTORIAL] Create Flashable Zip From CWM/TWRP Backup (MTK)
My other idea is to access the different files directly, but that failed too (I renamed system.ext4.win to system.ext4 and unzipped it with 7-Zip on Windows10). When opening the unzipped folder every files content is: "50 RHT.security.selinux=ubject_r:system_file:s0"
So, I do really need help.
Do you have any ideas?

fivel_ said:
Hi!
My phone got physically damaged while it was at a shop getting its display changed.
My setting was (as I reconstructed from my last backup):
TWRP 2.8.7.1 (or maybe 3.0.0.0)
Cyanogenmod cm-13.0-20160214-NIGHTLY-hammerhead-recovery (or maybe higher)
encrypted
I am trying to access the phone information and had it examined from a data recovery expert.
This is all the data I got on a USB:
data.emmc.win
system.ext4.win
system.ext4.win.md5
system.info
I don't know if the information stored in those file containers is still encrypted as I provided the data recovery expert with my encryption key.
My idea was to get a new Nexus5, install TWRP and try to restore the partitions. I would then have been able to use the new phone as a 1:1 replacement of the old one.
Unfortunately it didn't work (out of the box).
Maybe this would work? [TUTORIAL] Create Flashable Zip From CWM/TWRP Backup (MTK)
My other idea is to access the different files directly, but that failed too (I renamed system.ext4.win to system.ext4 and unzipped it with 7-Zip on Windows10). When opening the unzipped folder every files content is: "50 RHT.security.selinux=ubject_r:system_file:s0"
So, I do really need help.
Do you have any ideas?
Click to expand...
Click to collapse
These are partition dumps (at least I think they are, maybe they are empty and just appeared on the USB flash drive out of thin air), not zip files.
In theory you should be able to flash them to another phone (using dd) and be ready to go, however the N5 might use the quallcomm hardware key storage method in which case the only way to access your data seems to be decrypting it on the device. What part of your device is damaged? Maybe you can still access the recovery via adb and then decrypt it even iff your screen is destroyed.

Thanks a lot!
My old phone is rendered unusable without any chance of using it again.
So I bought an used Nexus5 and am looking for ways to recreate the partitions etc exactly the same way they were on the old phone.
I stored the files
data.emmc.win
system.ext4.win
system.ext4.win.md5
system.info
on the new Nexus5 and accessed the folder via TWRP and told it to use it as recovery/restore from backup. Unfortunately this didn't work (at the first time).
Whats next??

fivel_ said:
Thanks a lot!
My old phone is rendered unusable without any chance of using it again.
So I bought an used Nexus5 and am looking for ways to recreate the partitions etc exactly the same way they were on the old phone.
I stored the files
data.emmc.win
system.ext4.win
system.ext4.win.md5
system.info
on the new Nexus5 and accessed the folder via TWRP and told it to use it as recovery/restore from backup. Unfortunately this didn't work (at the first time).
Whats next??
Click to expand...
Click to collapse
@nailyk helped me a lot this github thread Issue 863. Thanks!

hi @fivel_
How goes your experiments? Where you able to restore the dump of the broken device?
Does the broken device start into fastboot mode?

hi @nailyk!
I think what I have from my old phone is the image of the two major partititions - system and data (I don’t know where the others like boot or recovery are - maybe they are sub-partititions or something like that in the big data partition (13GiB)?).
edit: the partitions of a regular nexus5 can be seen here:
guide-repartition-nexus5
i think a regular „fastboot flash parition“ would not work. But I don’t know what can work and I do not exactly know where and what to search. so I am still left in the dark - did not know that there was so much to know regarding phone storage and partition.
ps: my old broken phone was not able to be recognized from windows. I will try again after making sure it is completeley charged.

If you have the same rom on your new device, that on the old one, and the data dump isn't broken, fastboot flash userdata -S 512M <your dump> should work.

okay, so the correct would be to
1. restore new phone from backup (in order to get the old rom on the new phone)
2. flash userdata.
right?

ok, I managed to connect to the old device via fastboot:
Is it maybe not as dead after all? The screen is not working, sadly
what can I do next?
Code:
C:\Users\fivel\Documents\Android\platform-tools-latest-windows\platform-tools>fastboot getvar all
(bootloader) version-hardware: rev_11
(bootloader) version-baseband: M8974A-2.0.50.2.28
(bootloader) version-bootloader: HHZ11k
(bootloader) version-cdma: N/A
(bootloader) variant: hammerhead D821(E) 16GB
(bootloader) serialno: 065f8e4100746380
(bootloader) carrier: None
(bootloader) secure-boot: yes
(bootloader) unlocked: yes
(bootloader) product: hammerhead
(bootloader) partition-size:aboot: 80000
(bootloader) partition-type:aboot: emmc
(bootloader) partition-size:boot: 1600000
(bootloader) partition-type:boot: emmc
(bootloader) partition-size:recovery: 1600000
(bootloader) partition-type:recovery: emmc
(bootloader) partition-size:system: 40000000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:userdata: 3321fa800
(bootloader) partition-type:userdata: ext4
(bootloader) partition-size:cache: 2bc00000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:persist: 1000000
(bootloader) partition-type:persist: ext4
all:
finished. total time: 0.211s
And I managed to go to recovery-mode, blindly, and get ADB working. Does the result look damaged?
Code:
~ # ls
boot res
cache root
charger sbin
data sdcard
default.prop seapp_contexts
dev selinux_version
etc sepolicy
file_contexts service_contexts
firmware sideload
fstab.hammerhead supersu
init sys
init.rc system
init.recovery.hammerhead.rc tmp
init.recovery.usb.rc twres
license ueventd.hammerhead.rc
persist ueventd.rc
proc usb-otg
property_contexts vendor
recovery

fivel_ said:
ok, I managed to connect to the old device via fastboot:
Is it maybe not as dead after all? The screen is not working, sadly
what can I do next?
Code:
C:\Users\fivel\Documents\Android\platform-tools-latest-windows\platform-tools>fastboot getvar all
(bootloader) version-hardware: rev_11
(bootloader) version-baseband: M8974A-2.0.50.2.28
(bootloader) version-bootloader: HHZ11k
(bootloader) version-cdma: N/A
(bootloader) variant: hammerhead D821(E) 16GB
(bootloader) serialno: 065f8e4100746380
(bootloader) carrier: None
(bootloader) secure-boot: yes
(bootloader) unlocked: yes
(bootloader) product: hammerhead
(bootloader) partition-size:aboot: 80000
(bootloader) partition-type:aboot: emmc
(bootloader) partition-size:boot: 1600000
(bootloader) partition-type:boot: emmc
(bootloader) partition-size:recovery: 1600000
(bootloader) partition-type:recovery: emmc
(bootloader) partition-size:system: 40000000
(bootloader) partition-type:system: ext4
(bootloader) partition-size:userdata: 3321fa800
(bootloader) partition-type:userdata: ext4
(bootloader) partition-size:cache: 2bc00000
(bootloader) partition-type:cache: ext4
(bootloader) partition-size:persist: 1000000
(bootloader) partition-type:persist: ext4
all:
finished. total time: 0.211s
And I managed to go to recovery-mode, blindly, and get ADB working. Does the result look damaged?
Code:
~ # ls
boot res
cache root
charger sbin
data sdcard
default.prop seapp_contexts
dev selinux_version
etc sepolicy
file_contexts service_contexts
firmware sideload
fstab.hammerhead supersu
init sys
init.rc system
init.recovery.hammerhead.rc tmp
init.recovery.usb.rc twres
license ueventd.hammerhead.rc
persist ueventd.rc
proc usb-otg
property_contexts vendor
recovery
Click to expand...
Click to collapse
Perfect. You are where I would bring you
For the next time: download your twrp, go into fastbootmode and fastboot boot twrp.img
It will download and boot into twrp.
Then you should be able to decrypt with twrp decrypt <your password>
Maybe <your password> need to be typed in hexa.
fivel_ said:
okay, so the correct would be to
1. restore new phone from backup (in order to get the old rom on the new phone)
2. flash userdata.
right?
Click to expand...
Click to collapse
Exactly, use the same rom, flash your userdata reboot.
Now you have two way to get your data back. Good luck

nailyk said:
Perfect. You are where I would bring you
Click to expand...
Click to collapse
Great thanks!!
For the next time: download your twrp, go into fastbootmode and fastboot boot twrp.img
Click to expand...
Click to collapse
ok, done!
Code:
C:\Users\fivel\Documents\Android\platform-tools-latest-windows\platform-tools>fastboot boot twrp.img
downloading 'boot.img'...
OKAY [ 0.748s]
booting...
OKAY [ 0.114s]
finished. total time: 0.868s
It will download and boot into twrp.
Then you should be able to decrypt with twrp decrypt <your password>
Maybe <your password> need to be typed in hexa.
Click to expand...
Click to collapse
ok, how do I perform this command?
twrp decrypt - in ADB, in Fastboot, else?

ok, one more step:
1. i got to adb in recovery mode again.
2. i startet a shell via adb shell
3. decrypt:
~ # twrp decrypt ********
Attempting to decrypt data partition via command line.
Data successfully decrypted, new block device: '/dev/block/dm-0'
Click to expand...
Click to collapse
and now?
edit:
now I performed,
4. adb pull /dev/block/dm-0 /data.img
and it is running... we will see what is inside

so, now I have the data.img on my pc.
do I first need it to transfer to the new phone, or can I just type:
fastboot flash userdata -S 512M data.img
thanks a lot for all your help @nailyk!

fivel_ said:
ok, one more step:
1. i got to adb in recovery mode again.
2. i startet a shell via adb shell
3. decrypt:
and now?
edit:
now I performed,
4. adb pull /dev/block/dm-0 /data.img
and it is running... we will see what is inside
Click to expand...
Click to collapse
o0 Data successfully decrypted
So the data.img you catch is the full filesystem without encryption
you can mount loop it in any linux
fivel_ said:
so, now I have the data.img on my pc.
do I first need it to transfer to the new phone, or can I just type:
fastboot flash userdata -S 512M data.img
Click to expand...
Click to collapse
yes this will put your data (unencrypted it seems) into your old device
thanks a lot for all your help @nailyk!
Click to expand...
Click to collapse
No pbm Glad you solve it.

hi!
I had not got the time to apply your advice to my phone... today I did.
when I type: fastboot flash userdata -S 512M e:mypathtolocation/data.img
i get: Invalid sparse file format at header magi
I guess this is a small error, as I was able to open the image and it looks like the userdata.
the folders inside the image are: adb, anr, app, app-asec, app-lib, app-private, backup, bootchart, dalvik-cache, data, dontpanic, drm, local, lost+found, media, etc.
What do I do now? @nailyk your help and advice is always appreciated!

fivel_ said:
hi!
I had not got the time to apply your advice to my phone... today I did.
when I type: fastboot flash userdata -S 512M e:mypathtolocation/data.img
i get: Invalid sparse file format at header magi
I guess this is a small error, as I was able to open the image and it looks like the userdata.
the folders inside the image are: adb, anr, app, app-asec, app-lib, app-private, backup, bootchart, dalvik-cache, data, dontpanic, drm, local, lost+found, media, etc.
What do I do now? @nailyk your help and advice is always appreciated!
Click to expand...
Click to collapse
Reboot ?
Also if your new dump isn't encrypted anymore you can mount loop it into any linux distro. If you don't have one, look for FWUL into my signature.
Glad your problem is now solved

thanks again, I have recovered ALL the lost data

Glad it worked
When there is a shell, there is a way
P.S.: please change title of first post to mark it as solved. Then asks Moderators for closing.