Related
Ok guys I noticed a lot of people are getting stuck with this myself included and for me it was because the information I needed was fragmented all over the place, So here is all the information that I used some parts have been edited to fit the purpose of rooting 1.01 as there is no definative guide at the minute.
1st thing to do is make a goldcard even if you already have a working goldcard make it again mine was working for other phones but wouldnt work for this.
All credit for the goldcard guide goes to BlaY0
BlaY0 said:
Here are few easy steps on how to make Goldcard without taking it out of your phone but you have to be root (VISIONary temproot is fine).
You will be doing this from command prompt:
Code:
adb shell
su
First you need to find out sdcard's CID:
Code:
cat /sys/class/mmc_host/mmc0/mmc0:*/cid
...copy it into text box on http://hexrev.soaa.me/. Now go to http://psas.revskills.de/?q=goldcard and put in the reversed CID you have got on previous web page. Push goldcard.img to your phone via 2nd command prompt:
Code:
adb push goldcard.img /data/local/
...unmount sdcard via Settings, go back to 1st command prompt and make a backup then make goldcard:
Code:
dd if=/dev/block/mmcblk0 count=1 of=/data/local/sdcard_backup.img
cat /data/local/goldcard.img > /dev/block/mmcblk0
sync
exit
You may also pull that backup to your PC:
Code:
adb pull /data/local/sdcard_backup.img .
Click to expand...
Click to collapse
The 2nd guide you will need to use is also by BlaY0
BlaY0 said:
Preface
Because there are too many ppl without any knowledge spreading false findings and statements I decided to write this HOWTO.
Audience
This HOWTO is primarily ment for those who already have rooted Legends but they recently experienced problems flashing CM's or new Vodafone FroYo boot.img.
Background
HBOOT is like a BIOS in our PCs and to cut a long story short it also contains partition table for phone's internal storage. That means it has info on where exactly certain partition starts and how big it is.
At HTC they decided to partition Legend's internal storage this way:
misc 640 kB
recovery 4,375 MB
boot 2,5 MB
system 240 MB
cache 40 MB
data 185 MB
...but as we found out (first with CM nightly) boot partition was a little short for the boot.img to fit in if we had one or more bad cells (sectors) on it. Eventually we found out that quite some Legend's had bad cell on boot partition and those unfortunate souls that owned such phone were unable to upgrade to Vodafone FroYo rooted ROM too.
I think that HTC also recognized that Legend's boot partition was kinda small so they rearanged partition table in HBOOT 1.00 a bit making boot partition bigger (now it is 3 MB) by shrinking recovery partition a little.
So now we know that some of us actually need HBOOT 1.00 in order to flash FroYo's boot.img without a problem. But how do we keep root then?
Prerequirements
Android SDK (primarily adb)
working USB drivers (for adb to work)
goldcard (in case you are trying to flash ROMs with different CID than your phone has)
ClockWorkMod recovery (if your Legend is already rooted)
Rerequirements
Vodafone FroYo OTA update (actually just firmware.zip from OTA)
Legend rooting tools (just testimage.zip)
Hack 4 Legend v5(just misc1-2.img and flash_image)
VISIONary r13(r14 is out also but i haven't tested it yet)
Instructions
I will split instructions into two parts... for already rooted phones and phones that were already updated with Vodafone OTA thus they lost root.
Already OTA updated with HBOOT 1.00
That one is relatively easy. You could also follow Paul's guide but I like my approach better
Connect your phone to your PC. Second you have to install VISIONary r13 into your phone and do the "temproot" procedure. After a successful "temproot" you should be able to adb shell and then su. Fire up command prompt and issue:
Code:
adb shell
su
...you should have root privileges now (showing #). Next thing is backing up misc partition and replacing it with one from hack4legend-v5.zip. Extract this zip somewhere and fire another command promt there. Now you should upload flash_image binary and misc1-2.img:
Code:
adb push flash_image /data/local/
adb push misc1-2.img /data/local/
...switch back to 1st command prompt and change permission of flash_image_binary:
Code:
chmod 755 /data/local/flash_image
...and backup your current misc partition:
Code:
cat /dev/mtd/mtd0 > /sdcard/misc_backup.img
Now flash misc1-2.img:
Code:
/data/local/flash_image misc /data/local/misc1-2.img
exit
...and you are set to downgrade retaining HBOOT 1.00.
Unzip r4-legend-root.zip and find testimage.zip in it. Put it on your phone's sdcard renaming it to LEGEIMG.zip. You can then reboot into bootloader issuing:
Code:
adb reboot bootloader
...from command prompt. Phone will reboot and find LEGEIMG.zip on your sdcard, copy it into RAM and check it. If you get CID error at this point, then you don't have goldcard. Make your sdcard gold and try again. After successful flash and reboot you may remove LEGEIMG.zip from sdcard. Next step is upgrading of rooted FroYo ROM. Put FroYo update ROM zip to your sdcard and install it via ClockworkMod recovery. You may also flash backed up misc partition after that. Still in recovery mode and hooked with your PC switch to command prompt and restore it back:
Code:
adb shell
flash_image misc /sdcard/misc_backup.img
exit
...and reboot.
Click to expand...
Click to collapse
So by now you will be on an unrooted Eclair rom. The third guide I used was by David Cogen
David Cogen said:
I. Before You Begin
1. YOU MUST BE ON VERSION 1.31 IN ORDER TO ROOT THE LEGEND, IF YOU ARE NOT YOU CAN DOWNGRADE USING THIS PROCEDURE.
2. This will erase all the data on your phone so please at least sync your contacts with Google before continuing.
3. You must have HTC Sync version 2.0.33, not a newer version. Uninstall HTC Sync and install this version instead.
1. Download the Rooting Tools
Legend Rooting Tools
2. Unzip them to the C: drive on your computer (so the file path is C:\r4-legend-root\)
3. Turn off your phone and turn it back on by holding down Back and Power until you see Fastboot come up on the screen. Push the Power button while highlighting Fastboot on the phone and Fastboot should show up in red now on the phone (if it doesn’t push Power again until it does).
4. Plug the phone in via USB cable to the computer.
5. Open the folder you extracted to the C drive and double click “step1-windows.bat” and wait for it to finish.
6. Once you see the menu on the phone come back up, navigate to BOOTLOADER and push power, then navigate to RECOVERY using the volume buttons to navigate and the power button to select and the phone should boot to the ! screen.
7. Now on the computer double click the “step2-windows.bat” file and wait for it to finish. (UPDATE 12.13.10 – You MUST have HTC Sync version 2.0.33 not a newer version for step2 to work. Please uninstall HTC Sync and download and install this version instead, unplug then plug your phone back in, then rerun step2-windows.bat).
8. Now you should see a custom recovery screen, using the optical trackpad navigate to Wipe and push on the trackpad to select it. Then navigate to Wipe data/factory reset and select that.
9. Once that is done, push volume down to go back to the main menu and select Flash zip from sdcard and select the rootedupdate.zip file and wait for it to flash. All done, you have root access and can use any root required app! Enjoy!
IV. Load a Custom ROM etc (Optional)
1. Head over to our How To Load a Custom ROM on the HTC Legend procedure and continue with that to load custom ROMs and other fun stuff!
Thanks to Paul at Modaco for his awesome scripts!
Click to expand...
Click to collapse
By now you should have HBOOT 1.01 with a rooted Ecclair ROM and Clockwork Recovery Mod So you can flash any custom rom that you like although I would recommend you try B 0.2
If you use this guide, you do so at your own risk.
wow...nice tutorial
I've requested that this goes in the stickies. Well done mate
FeaRThiS said:
The 2nd guide you will need to use is also by http://forum.xda-developers.com/member.php?u=609649
So by now you will be on an unrooted Eclair rom.
Click to expand...
Click to collapse
Question: So the second guide is to downgrade Froyo 3.5 to Eclair 1.3?
smartsreenath said:
wow...nice tutorial
Click to expand...
Click to collapse
Thanks glad it helped.
TheGrammarFreak said:
I've requested that this goes in the stickies. Well done mate
Click to expand...
Click to collapse
Cheers m8 Might not be the best way but it was the only way I managed to root mine on 1.01.
nxdu said:
Question: So the second guide is to downgrade Froyo 3.5 to Eclair 1.3?
Click to expand...
Click to collapse
Fist FroYo is 2.2 not 3.5 and Eclair is 2.1 not 1.3 but yes it is to downgrade to Eclair so that you can root and then upgrade back to FroYo so you end up with rooted FroYo.
FeaRThiS said:
Fist FroYo is 2.2 not 3.5 and Eclair is 2.1 not 1.3 but yes it is to downgrade to Eclair so that you can root and then upgrade back to FroYo so you end up with rooted FroYo.
Click to expand...
Click to collapse
FroYo is HTC WWE 3.x, and éclair is 1.x and 2.x
Thank you!, so it doesn't matter which version of Froyo you're on but what the Hboot version of your phone is on that varies what guide you'll be using ? mine is asia's 3.15.707.3
Yes , one last thing;o how do I check whether all my contacts are properly syncd with Google ? As gmail does not display any of my contacts, if so how would I go about doing it ?._.
Sent from my HTC Legend using XDA App
TheGrammarFreak said:
FroYo is HTC WWE 3.x, and éclair is 1.x and 2.x
Click to expand...
Click to collapse
Ahh I was talkin Android version not HTC version more confusion.
Sent from my HTC Legend using XDA App
FeaRThiS said:
You will be doing this from command prompt:
Code:
adb shell
su
Click to expand...
Click to collapse
Creating a goldcard procedure
What I did, installed visionary r13, clicked on "temproot now"
Access the adb shell via "cd c:\windows-anroid-sdk\platform-tools\adb shell"
however I got the $ sign and when I typed su it says "permission denied" what might be the problem? sorry._. new to this
Hi Folks,
If you don't mind me asking, do you reckon this will work for HTC Wildfire running 2.2 RUU from shipped ROMs with Hboot of 1.01? TIA.
First I was like... but then I was like
Hey Guys,
I hope someone can help me. I followed some tutorials about rooting the HTC Legend. I followed some steps but when I had to downgrade my HTC Legend it went wrong, whatever I try every methode keeps saying, permission denied. And when I use the RUU Bootloader it says some kind of error:S I really want my Legend to get rooted! Can anyone help me?
Kind Regards Tom
After rebooting the bootloader in the second guide, it can't find LEGEIMG.zip. It says image is wrong. I have the LEGEIMG.zip in goldcard root. please help!
haha123 said:
After rebooting the bootloader in the second guide, it can't find LEGEIMG.zip. It says image is wrong. I have the LEGEIMG.zip in goldcard root. please help!
Click to expand...
Click to collapse
Format your SD card in a card reader, as FAT32, then create the Goldcard as described in the first post in this thread.
Make sure you get a NEW goldcard.img as Blay0 describes in the quoted post, my old Goldcard image I used with the 2.1-update1 no longer worked and I needed to get a new one. I think the CID changed when upgrading to 2.2.
This was my problem and doing what I described above solved my problem.
TheLegendaryJay said:
Format your SD card in a card reader, as FAT32, then create the Goldcard as described in the first post in this thread.
Make sure you get a NEW goldcard.img as Blay0 describes in the quoted post, my old Goldcard image I used with the 2.1-update1 no longer worked and I needed to get a new one. I think the CID changed when upgrading to 2.2.
This was my problem and doing what I described above solved my problem.
Click to expand...
Click to collapse
What about this?:
What I did, installed visionary r13, clicked on "temproot now"
Access the adb shell via "cd c:\windows-anroid-sdk\platform-tools\adb shell"
however I got the $ sign and when I typed su it says "permission denied" what might be the problem?
justcookiesncream said:
What about this?:
What I did, installed visionary r13, clicked on "temproot now"
Access the adb shell via "cd c:\windows-anroid-sdk\platform-tools\adb shell"
however I got the $ sign and when I typed su it says "permission denied" what might be the problem?
Click to expand...
Click to collapse
you could try visionary r14 but r13 worked fine for me and many others.
Is this safe?
(or safe as it can be?)
I was previously rooted, but then the microphone on my handset broke, and I replaced it under warranty.
I now have a new handset, but it's back to the stock Vodafone UK Froyo build, with HBOOT 1.0
I'm really liking the look of Blay0's ROM, but fearful of breaking the phone...
brypie said:
Is this safe?
(or safe as it can be?)
I was previously rooted, but then the microphone on my handset broke, and I replaced it under warranty.
I now have a new handset, but it's back to the stock Vodafone UK Froyo build, with HBOOT 1.0
I'm really liking the look of Blay0's ROM, but fearful of breaking the phone...
Click to expand...
Click to collapse
I would say its as safe as it can be and BlaY0's rom is amazin 1500+ score on quadrant with data2ext
I have personally used this method to root my phone without any problems but if you are on hboot 1.00 there may be a easier/safer way of rooting but I am unsure about that.
Trying it now...
In the 2nd guide, I can't crete the misc_backup.img --> "read-only file system".
Is this the S-ON / S-OFF thing?
How can I get around this?
Thanks.
brypie said:
Trying it now...
In the 2nd guide, I can't crete the misc_backup.img --> "read-only file system".
Is this the S-ON / S-OFF thing?
How can I get around this?
Thanks.
Click to expand...
Click to collapse
Nothing to do with s-on looks like you dont have root when you type su in adb do you get a # ?
FeaRThiS said:
Nothing to do with s-on looks like you dont have root when you type su in adb do you get a # ?
Click to expand...
Click to collapse
Yep - tempRoot using Visionary
EDIT - just figured it out - I still had the SD Card connected as a disk drive to my PC D'oh!
BEFORE YOU BEGIN
As always, mucking with your device at this level is risky. If you follow this process, you do so entirely at your own risk. I accept no responsibility for any detrimental effects resulting from following this process, or for any problems associated with the updated files. Only if you accept these risks should you use these instructions.
PREREQUISITES
Unlocked bootloader (see my guide to do this)
Working fastboot (also see my guide )
Patience
NOTES
I developed and followed this process on Ubuntu Natty, 64bit. I see no reason why it should not work on any other platform, since the only tool used is fastboot and the syntax for fastboot is the same on any platform. if you need to know how to get fastboot working, there are already many guides for that (see my how to unlock your bootloader thread, for example)
BUTTON CONFUSION
When in landscape mode, with the camera at the top, the power button is on the left 'vertical' side of the tab. On the top is the volume rocker. In this orientation:
- The LEFT side of the volume rocker is VOLUME DOWN
- The RIGHT side of the volume rocker is VOLUME UP
This might seem obvious, but to anyone who is used to phones, this is the opposite, since they were designed to be used in Portrait mode.
PREPARE
1) With your Tab in fastboot mode (step 1 of "GETTING ROOT" below), make sure you have a working fastboot implementation:
Code:
fastboot devices
If all is well, you should see your device serial number. If there is a problem, you won't get any response.
2) Downlad View attachment skitzandroid-10-1v-root_0.2.zip and View attachment skitzandroid-stock-recovery.zip
3) Create a folder on your desktop called "root"
Code:
mkdir ~/Desktop/root
for Ubuntu or
Code:
md %userprofile%\desktop\root
for Windows
This will be referred to as the working directory throughout the rest of this guide
4) Copy skitzandroid-10-1v-root.zip to your working directory (DO NOT UNZIP!)
5) Extract the skitzandroid-recovery.img file from skitzandroid-stock-recovery.zip to your working folder. Your working folder should now have 1 IMG file and one ZIP file.
6) This was an afterthought - Make sure fastboot is somewhere in your path (ie can be executed from anywhere). To test, 'cd' to any random folder and type 'fastboot' and make sure it runs.
7) Copy the skitzandroid-10-1v-root.zip file to the root of your sdcard. You can eithe drag/drop, or run:
Code:
adb push skitzandroid-10-1v-root.zip /sdcard/
from your working directory
...now the easy part
GETTING ROOT
1) Power off your Tab and power it back on, while holding the VOLUME DOWN button.
2) When the DOWNLOAD / FASTBOOT icons appear, press VOLUME DOWN again to select FASTBOOT icon (the one with the USB logo) and press VOLUME UP to confirm selection.
3) Confirm you are now in fastboot mode and do a:
Code:
fastboot devices
If all is well, you should see your device serial number.
4) Open a terminal / CMD prompt and CD to your working folder
Code:
cd ~/Desktop/root
for Ubuntu or
Code:
cd %userprofile%\desktop\root
for Windows
5) Run the following command:
Temp Root:
Code:
fastboot boot skitzandroid-recovery.img
..and wait. It might not look like anything is happening but it is.
Permanent Root:
Code:
fastboot flash recovery skitzandroid-recovery.img
6) You should now have a recovery menu. Use the volume rocker (up/down navigates menu options) to select "Install zip from SDCARD" (or something like that - if someone can post the exact menu item wording, I will update the guide). Press (tap!) the POWER button to confirm the menu selection
7) Navigate to the root of your internal storage (/sdcard), select the skitzandroid-10-1v-root.zip file and press (tap!) the POWER button to confirm selection.
8) Once complete, use the Volume rocker to select "REBOOT" from the menu and press (tap!!!) the POWER button to confirm selection.
9) You're done! Press the thanks button on this thread to continue
TESTING
1) Once your Tab boots up, check your apps menu to confirm the existence of SuperUser app.
2) With the Tab attached to your PC via USB cable, do the following:
Code:
adb shell
su
..and watch the screen on your Tab for a SuperUser prompt. If you see this, congratulations!
If you have never rooted a phone/tablet before, go get Titanium Backup Pro and ROM Manager from the market. As soon as the custom ROMs start flowing in, you'll be all set to go.
Edit: How about thanking smaskell who was very patient and persistent in dumping the image from his Google IO 10.1 - for the good of his fellow XDA members. Without his help, this would not be possible.
Note that the above process doesn't flash the recovery, just loads it.
If you want to flash the recovery permanently, all you need to do is follow the guide above and then, in step 5, use this command instead:
Code:
fastboot flash recovery skitzandroid-recovery.img
You will then have a permanent recovery which you can get to by doing:
Code:
adb shell
su
reboot recovery
at any time.
Note that doing just
adb reboot recovery
Click to expand...
Click to collapse
...for some bizarre reason does not boot to recovery. Open up a shell first, as shown above.
I will also give you credit in the guide for having "Balls of Steel" to steal a phrase from PaulObrien
EDIT:
...and the Balls of Steel award goes to *drumroll*
Egan
...for having the balls to flash the recovery. Thanks egan. If I was in a battle, I'd definitely want you in our squad
FAQ
Does it need unlocked bootloader? Yes, see my other guide for this.
Do I need to wipe, or will it wipe my device? No and No.
Can I return my device to factory default config? Yes. This process does not flash the partition unless you follow the process in post 2 which is optional.
Changelog
0.2 - Added busybox (can be flashed over the top of 0.1 without wipe)
0.1 - Initial Relase
Factory Voda Tab Images
Recovery
Boot
System
Awesome news! Thanks to everyone who worked on this - I can't wait!
Great, great job you guys! This thing needs root so it can grow
Thanks a lot bcmobile and smaskell! Ill give it a go around launch.
Sent from my LG-P990 using XDA Premium App
Thank you guys, it's working great on my 10.1v
I'm pretty sure I know the answer to this already - but is there anyway of getting temp root on these devices so I can backup all my apps and data (properly) before unlocking / flashing recovery / rooting??
This wont make any changes to the partitions. You could undo the whole process by just deleting a few files.
The process in my second post would actually flash the image, and would be permanent if you had no 'factory' recovery image to flash back.
The 'standard' process in post 1 is normally used for testing and doesn't overwrite the recovery partition
Thanks a lot. Works like a charm
Now to make a full "original" fastboot flashable restore fileset:
Boot: dd if=/dev/block/mmcblk0p5 of=/sdcard/boot.img
System: dd if=/dev/block/mmcblk0p4 of=/sdcard/system.img
Would this be enough to have a proper "original" image? (With the small addition of root offcourse)
(Did a dd of dd if=/dev/block/mmcblk0p1 of=/sdcard/efs.img too, just to have a backup
Will see if I can make a full nandroid back-up now
Before flashing any recovery images etc..
gjroeleveld said:
Thanks a lot. Works like a charm
Now to make a full "original" fastboot flashable restore fileset:
Boot: dd if=/dev/block/mmcblk0p5 of=/sdcard/boot.img
System: dd if=/dev/block/mmcblk0p4 of=/sdcard/system.img
Would this be enough to have a proper "original" image? (With the small addition of root offcourse)
(Did a dd of dd if=/dev/block/mmcblk0p1 of=/sdcard/efs.img too, just to have a backup
Will see if I can make a full nandroid back-up now
Before flashing any recovery images etc..
Click to expand...
Click to collapse
That's all the backup I have done so I hope so
Just uploading a new version of the update zip (v0.2) which includes busybox
bcmobile said:
This wont make any changes to the partitions. You could undo the whole process by just deleting a few files.
The process in my second post would actually flash the image, and would be permanent if you had no 'factory' recovery image to flash back.
The 'standard' process in post 1 is normally used for testing and doesn't overwrite the recovery partition
Click to expand...
Click to collapse
Sorry, I realise that applying the root won't wipe anything, but unlocking the bootloader comes with a nice factory reset if I'm not mistaken..
gjroeleveld said:
Now to make a full "original" fastboot flashable restore fileset:
Boot: dd if=/dev/block/mmcblk0p5 of=/sdcard/boot.img
System: dd if=/dev/block/mmcblk0p4 of=/sdcard/system.img
Click to expand...
Click to collapse
Sorry for the ignorance, but are these fastboot or a adb commands?
Good work!
You should mention that you can't unlock and flash the Root-Update in one step.
The recovery complains then that /data/media is missing
Regards
EDIT:
black beard said:
Sorry for the ignorance, but are these fastboot or a adb commands?
Click to expand...
Click to collapse
These are adb commands you need to do with su!
black beard said:
Sorry, I realise that applying the root won't wipe anything, but unlocking the bootloader comes with a nice factory reset if I'm not mistaken..
Click to expand...
Click to collapse
That is part of the recovery image, not the unlocked bootloader.
You can always put back a stock image using fastboot which is one of the really nice things about fastboot unlocking vs bootloader exploits. "fastboot oem unlock" can then be undone by "fastboot oem lock" and nobody would know the diff.
seraphimserapis said:
Good work!
You should mention that you can't unlock and flash the Root-Update in one step.
The recovery complains then that /data/media is missing
Click to expand...
Click to collapse
Thanks!
Yeah, oem unlock doesn't actually do anything until the next boot
Egan said:
Thanks a lot bcmobile and smaskell! Ill give it a go around lunch.
Sent from my LG-P990 using XDA Premium App
Click to expand...
Click to collapse
Works like a charm! Now lets backup the original recovery and then flash the stock recovery .
Egan said:
Works like a charm! Now lets backup the original recovery and then flash the stock recovery .
Click to expand...
Click to collapse
Are you going to flash it?
You will earn the official "Balls of steel" badge
Thanks,
Also remember to enable USB debugging after you have done the unlocked bootloader, took me 5 min to to realize why adb did not want to work, 5 scary min after the reboot.
I've tried to make a proper nandroid backup but haven't been able too.
Tried with romdump 0.72 but that crashes :-(
Most tutorials use Rom Manager, but that needs some work from @koush before we can use it.
I'll google on
Sent from my GT-I9000 using XDA Premium App
Hey all,
A few of us are attempting to put together a solution to unlock the bootloader of the N4 without wiping, and we need your help.
We need dumps of the misc partition of the N4 both in a bootloader locked and unlocked state. I've explained below what we need and how to do it.
Note, this will require you to re-lock and unlock your bootloader, (which will cause your data to be wiped) so do a nandroid and copy it off your device for a later restore.
Novice instructions:
1) You need to start off with an unlocked bootloader.
2) Boot into fastboot mode and plug into your PC.
3) If you don't have ADB and fastboot on your PC, download the attachment from this post and extract the contents to a directory.
4) If you don't have CWM or TWRP flashed, download CWM from here and save as cwm.img in the same directory as in step 3.
5) Open a command prompt in the same directory as in step 3 (i.e., hold the shift key and right click in a blank space in that folder).
6) Flash CWM: fastboot flash recovery cwm.img
7) On your phone, navigate with the volume buttons to "recovery mode" and select with the power button.
8) Once CWM is booted, type the following commands into the command prompt:
Code:
adb shell
dd if=/dev/block/mmcblk0p19 of=/sdcard/misc-unlocked.img
exit
adb pull /sdcard/misc-unlocked.img
adb reboot bootloader
fastboot oem lock
fastboot reboot-bootloader
9) On your phone, navigate with the volume buttons to "recovery mode" and select with the power button.
10) Once CWM is booted, type the following commands into the command prompt:
Code:
adb shell
dd if=/dev/block/mmcblk0p19 of=/sdcard/misc-locked.img
exit
adb pull /sdcard/misc-locked.img
11) Now you have two files (misc-unlocked.img and misc-lock.img) in the directory you created in step 3. Zip them up and upload them in this thread.
12) Your bootloader is now locked. If you want it unlocked, unlock it using the normal method of "fastboot oem unlock" which will wipe your data, but all you have to do is restore your nandroid, and you will be back to where you started.
Advanced user instructions:
1) Start with an unlocked bootloader
2) Dump the misc partition: dd if=/dev/block/mmcblk0p19 of=/sdcard/misc-unlocked.img
3) Lock your bootloader
4) Dump the misc partition again: dd if=/dev/block/mmcblk0p19 of=/sdcard/misc-locked.img
5) Upload the files to this thread.
For advanced users only (this has not yet been tested), if you want, you can try flashing the unlocked misc partition:
Code:
adb shell "dd if=/sdcard/misc-unlocked.img of=/dev/block/mmcblk0p19"
to see if it will unlock your device without wiping. But as I said, this has not been tested yet, so do the last step at your own risk.
Edit: nvm
Here is the dump. Thanks for your work.
KyraOfFire said:
Does it wipe sdcard? It need to know if I have to copy everything to the computer.
Thanks,
Click to expand...
Click to collapse
To be safe, you should copy everything to your computer.
Our theory is, once you lock your bootloader with "fastboot oem lock", you should be able to unlock it again without wiping anything just by flashing the misc partition that you dumped when your device was unlocked.
So, the steps themselves will not wipe anything. But, if you use "fastboot oem unlock" to unlock your bootloader (once you have completed all the steps), then it will wipe everything including /sdcard. If you use the command in the "advanced users instructions", the idea is that it won't wipe anything.
KyraOfFire said:
Edit: nvm
Here is the dump. Thanks for your work.
Click to expand...
Click to collapse
Great thanks!
Did you try re-flashing the unlocked misc.img (while you were locked) to see if it unlocked?
I can't flash the misc-unlocked.img
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb shell "dd if=/sdca
rd/misc-unlocked.img of=/dev/block/mmcblk0p19"
dd: can't open '/sdcard/misc-unlocked.img': No such file or directory
Click to expand...
Click to collapse
What is the command prompt code to flash it from my computer?
Edit: I did boot to Android and copy the file to SDcard, but I still got the error above.
KyraOfFire said:
I can't flash the misc-unlocked.img
What is the command prompt code to flash it from my computer?
Edit: I did boot to Android and copy the file to SDcard, but I still got the error above.
Click to expand...
Click to collapse
Try this:
1) Copy the file to /sdcard
2) Reboot into CWM
3) Type in the command
I still got the same error.
Also, the directories seem to be messed up again, the classic orphaned back up folders in that CWM/system doesn't seem to recognized anymore....
KyraOfFire said:
I still got the same error.
Also, the directories seem to be messed up again, the classic orphaned back up folders in that CWM/system doesn't seem to recognized anymore....
Click to expand...
Click to collapse
Not sure why your directories are messed up.
Find where the file is saved, and use that path for the "if" part of the command. For example, if it is saved in /storage/emulate/0, then use this command:
adb shell "dd if=/storage/emulate/0/misc-unlocked.img of=/dev/block/mmcblk0p19"
Confirmed!
Flashing misc-unlocked.img unlocked my bootloader.
Note: I copy the file to /system, mounted /system in CWM then
adb shell "dd if=/system/misc-unlocked.img of=/dev/block/mmcblk0p19"
Click to expand...
Click to collapse
I have no idea why /sdcard or /storage/emulate/0/ doesn't work. But I think you should take a look into this when you cook up the new root method
KyraOfFire said:
Confirmed!
Flashing misc-unlocked.img unlocked my bootloader.
Note: I copy the file to /system, mounted /system in CWM then
I have no idea why /sdcard or /storage/emulate/0/ doesn't work. But I think you should take a look into this when you cook up the new root method
Click to expand...
Click to collapse
Great, thanks for the confirmation.
Very strange that /sdcard did not work. It worked fine on mine, but we will certainly look into it.
Thanks again.
Glad I could help. Now folks have less things to worry about when they decide to root
KyraOfFire said:
Edit: nvm
Here is the dump. Thanks for your work.
Click to expand...
Click to collapse
After looking at your dumps, it seems like you are running an old version of Android. Is it possible that you are still on JVP15Q? If so, I don't think that will help us too much. I dumped mine when I was on JOP40C (and I will do so again with JOP40D). If you do upgrade, then new dumps would be appreciated.
By the way, could you list the following from your device:
ROM version:
Bootloader:
Radio:
Thanks.
EDIT: If you want to follow the progress, you can have a look at this thread.
efrant said:
After looking at your dumps, it seems like you are running an old version of Android. Is it possible that you are still on JVP15Q?
Click to expand...
Click to collapse
Well that is totally weird
Build Number:JOP40D
Baseband version:M92615A-CEFWMAZM-2.0.1700.33
Bootloader version:MAKOZ101
is there anything look wrong?
When I get some wifi later today, I'll return to stock and dump the misc partition for JOP40C, possibly redo JOP40D too.
KyraOfFire said:
Well that is totally weird
Build Number:JOP40D
Baseband version:M92615A-CEFWMAZM-2.0.1700.33
Bootloader version:MAKOZ101
is there anything look wrong?
When I get some wifi later today, I'll return to stock and dump the misc partition for JOP40C, possibly redo JOP40D too.
Click to expand...
Click to collapse
Hmm. Thanks for the offer, but don't bother going through the hassle. If you are already running JOP40D, then it should be ok. Weird that your dump had JVP15Q in it. I'll wait until a couple of the other guys have a look at it (in this thread).
For science
KyraOfFire said:
For science
Click to expand...
Click to collapse
Thanks! Still mentions JVP15Q for some reason but I don't think that's a big deal. Found some interesting stuff already so we might be on to something. You've been very helpful.
osm0sis said:
Thanks! Still mentions JVP15Q for some reason but I don't think that's a big deal. Found some interesting stuff already so we might be on to something. You've been very helpful.
Click to expand...
Click to collapse
I have a feeling that it has something to do with history/logging. My N4 came with JOP40C out of the box, and I would bet that KyraOfFire's came with JVP15Q out of the box.
Update 1: Before following this guide, you should try using the tool from http://firewater-soff.com to obtain S-OFF. If it does not work then proceed with the following guide.
I do NOT take any credit for this guide.
You can thank BD619 for walking me through all this and the updated command, Indirect for the original commands, benny3 for his awesome ROM, O.M.J for his 3.04.651.2 RUU and for his 3.05.651.6 Firmware, and RumRunner for their awesome S-Off tool!
Also, if anything goes wrong I can try to help you, but the only person responsible is yourself for not following the guide 100%. I have done this all myself and it worked like a charm.
After 3.04.651.2, attempting to achieve S-Off with rumrunner will fail every time after the pouring 8 stage. This guide will show you how to change your version number in order to install an older RUU. After installing the older RUU, then you can proceed to unlock the bootloader, download benny3's Stock ROM (Link Below), flash it after a full wipe, and finally run rumrunner again with success. From there you can optionally update your firmware (Link Below) and flash a ROM of your choice. Once official kitkat is released this guide will not work because the hboot will be different than the one found in the RUU
Changing the Mainver
Before doing all of this, you should backup all your applications and other data with Titanium Backup which can be found in the Play Store. Once your backup is complete, you must copy the titanium backup folder found on your internal storage to your computer because the RUU will wipe the entire storage. Copy any other things you may need including Photos, Music, and Downloads to your computer so you can restore them later. Also, make sure you are on hboot 1.55. I have not tested this with any other hboot but it is confirmed working on hboot 1.55.
1. Make sure the ADB drivers are set up properly in recovery. I used TWRP but other recoveries should be fine.
2. Boot into recovery and connect the phone to the computer.
3. Open the command prompt, and type in adb devices A string of letters and numbers should pop up. This is only to test the ADB drivers and make sure they are working properly.
4. Now type adb shell and press enter.
5. Now type this exactly as it is here echo "3.04.651.2" | dd of=/dev/block/mmcblk0p19 bs=1 seek=160 with the quotes around the version number. After entering the command, it will say failed in the window but just ingnore that.
^^^I recommend you copy and paste to avoid typos.
6. Now enter adb reboot bootloader into the prompt. Your phone will now reboot bootloader and you should see your version number changed to 3.04.651.2.
7. As most of you may know, in order to install a RUU you must relock the bootloader, so click on fastboot on the phone and make sure it says fastboot usb. From here type in fastboot oem lock. Now the bootloader is locked.
Essentially, all we did up to this point is change the version number in order to trick the RUU into installing, and lock the bootloader also for the RUU to work.
Installing the RUU
8. Now you have to download the 3.04.651.2 RUU from http://forum.xda-developers.com/showthread.php?t=2508907. The zip or exe is fine. Do not use the decrypted version.
9. Once downloaded, put the phone into fastboot usb mode, and run the exe. If you downloaded the zip, follow the instruction in the link above to install it.
Flashing the custom ROM
10. Once the RUU is complete you will have to download benny3's ROM from http://forum.xda-developers.com/showpost.php?p=47048176&postcount=2. Either odexed or deodexed is fine. I personally chose odexed but it does not matter. Once downloaded make sure the ROM is not corrupt by matching the MD5 codes, or simply opening the zip.
11. We cannot install yet however because the RUU restored the stock recovery and the bootloader is locked.
12. Unlock the bootloader by following the instructions at http://www.htcdev.com/bootloader
13. Once the bootloader is unlocked we can now flash a custom recovery. Download TWRP 2.6.3.0 from http://techerrata.com/browse/twrp2/m7wls Once it finished put phone into fastboot usb, copy the TWRP img you just downloaded into the fastboot command prompt folder, open fastboot command prompt, and type in fastboot flash recovery recovery.img Replace recovery.img in the command with the actual name of the file.
14. Once the custom recovery is installed boot into Android and copy the downloaded ROM into the internal storage, boot into recovery and do a full wipe (Dalvik Cache, Cache, Data, System). Do NOT wipe the internal storage!
15. Go back and tap install. Select the ROM you placed in the internal storage in step 11. Once it is flashed clear the dalvik cache and reboot the system.
Running RumRunner
16. Before you run RumRunner, confirm all drivers are working correctly by testing adb and fastboot commands in recovery, fastboot, and the OS. Enable USB Debugging in developer options. Set auto sleep to the maximum of ten minutes. Go to personalize, and choose the no lockscreen setting. Go to settings, power, and make sure fastboot is NOT checked. Disable firewall and anti virus programs on your computer. Run the SuperSu app and make sure all SU Binaries are updated.
17. Once you've done everything above, you can download RumRunner 0.5 from http://rumrunner.us/downloads-2/ Make sure phone is connected to PC in ADB mode, and run soju.exe as administrator. Follow the onscreen instructions.
18. Once RumRunner is complete your phone will reboot to bootloader and report S-Off.
Updating Firmware
19. Now that you are S-Off, we can move on and update the firmware. Download the Full unmodified Firmware (fastboot flashable) from http://forum.xda-developers.com/showthread.php?t=2576995 Follow the instructions in the link for a guide on how to flash the firmware.
20. Once your firmware is updated if you reboot into the OS, your touchscreen may not respond. Do not worry about that it will be fixed soon.
Flashing A Custom ROM
21. Find a ROM of your choice in the android development section or the android original development section. The ROM you choose MUST be a Sprint ROM.
22. Copy the ROM to your internal storage, reboot to recovery. and do a full wipe (Dalvik Cache, Cache, Data, System). Again, do NOT wipe the internal storage!
23. Once the wipe is complete, flash the ROM you chose and clear the dalvik cache. Reboot system and you should be good to go. Remember, the first boot takes a bit longer than usual. Give it a good ten minutes before getting worried.
24. At this point you could copy your titanium backup folder back into the internal storage. Install titanium backup from the Play Store, open it, go to menu>preferences, scroll down to backup folder location, tap it and find the backup folder you just copied to your storage. Now you can restore all the apps and data you backed up. Also, you can copy all the other things you backed up to the computer.
I know this is a long guide, but the process above works 100%, and I tried to include as many details as possible. If you have any suggestions, please let me know. Also, if anyone runs into any problems, post it in the comments and maybe someone can help you.
Nicely done
This is the command you should copy and paste into your cmd window for step 5
Code:
echo "3.04.651.2" | dd of=/dev/block/mmcblk0p19 bs=1 seek=160
As stated below please use at your own risk this is a VERY dangerous command if you don't know what you are doing!!!
Thanks!
Light a fire for a man and you`ll warm him for a few hours...Light a man on fire and you`ll warm him for the rest of his life
jluca98 said:
I do NOT take any credit for this guide.
You can thank BD619 for walking me through all this and the updated command, Indirect for the original commands, benny3 for his awesome ROM, O.M.J for his 3.04.651.2 RUU and for his 3.05.651.6 Firmware, and RumRunner for their awesome S-Off tool!
Also, if anything goes wrong I can try to help you, but the only person responsible is yourself for not following the guide 100%. I have done this all myself and it worked like a charm.
After 3.04.651.2, attempting to achieve S-Off with rumrunner will fail every time after the pouring 8 stage. This guide will show you how to change your version number in order to install an older RUU. After installing the older RUU, then you can proceed to unlock the bootloader, download benny3's Stock ROM (Link Below), flash it after a full wipe, and finally run rumrunner again with success. From there you can optionally update your firmware (Link Below) and flash a ROM of your choice. Once official kitkat is released this guide will not work because the hboot will be different than the one found in the RUU
Changing the Mainver
Before doing all of this, you should backup all your applications and other data with Titanium Backup which can be found in the Play Store. Once your backup is complete, you must copy the titanium backup folder found on your internal storage to your computer because the RUU will wipe the entire storage. Copy any other things you may need including Photos, Music, and Downloads to your computer so you can restore them later.
1. Make sure you are on hboot 1.55. I have not tested this with any other hboot but it is confirmed working on hboot 1.55.
2. Make sure the ADB drivers are set up properly in recovery. I used TWRP but other recoveries should be fine.
3. Boot into recovery and connect the phone to the computer.
3. Open the command prompt, and type in <code>adb devices</code> A string of letters and numbers should pop up. This is only to test the ADB drivers and make sure they are working properly.
4. Now type <code>adb shell</code> and press enter.
5. Now type this exactly as it is here echo "3.04.651.2" | dd of=/dev/block/mmcblk0p19 bs=1 seek=160 with the quotes around the version number. After entering the command, it will say failed in the window but just ingnore that.
^^^I recommend you copy and paste to avoid typos.
6. Now enter adb reboot bootloader into the prompt. Your phone will now reboot bootloader and you should see your version number changed to 3.04.651.2.
7. As most of you may know, in order to install a RUU you must relock the bootloader, so click on fastboot on the phone and make sure it says fastboot usb. From here type in fastboot oem lock. Now the bootloader is locked.
Essentially, all we did up to this point is change the version number in order to trick the RUU into installing, and lock the bootloader also for the RUU to work.
Installing the RUU
8. Now you have to download the 3.04.651.2 RUU from http://forum.xda-developers.com/showthread.php?t=2508907. The zip or exe is fine. Do not use the decrypted version.
9. Once downloaded, put the phone into fastboot usb mode, and run the exe. If you downloaded the zip, follow the instruction in the link above to install it.
Flashing the custom ROM
10. Once the RUU is complete you will have to download benny3's ROM from http://forum.xda-developers.com/showpost.php?p=47048176&postcount=2. Either odexed or deodexed is fine. I personally chose odexed but it does not matter. Once downloaded make sure the ROM is not corrupt by matching the MD5 codes, or simply opening the zip.
11. Boot up current ROM and copy the downloaded ROM into the internal storage. We cannot install yet however because the RUU restored the stock recovery and the bootloader is locked.
12. Unlock the bootloader by following the instructions at http://www.htcdev.com/bootloader
13. Once the bootloader is unlocked we can now flash a custom recovery. Download TWRP 2.6.3.0 from http://techerrata.com/browse/twrp2/m7wls Once it finished put phone into fastboot usb, copy the TWRP img you just downloaded into the fastboot command prompt folder, open fastboot command prompt, and type in fastboot flash recovery recovery.img Replace recovery.img in the command with the actual name of the file.
14. Once the custom recovery is installed boot into recovery and do a full wipe (Dalvik Cache, Cache, Data, System). Do NOT wipe the internal storage!
15. Go back and tap install. Select the ROM you placed in the internal storage in step 11. Once it is flashed clear the dalvik cache and reboot the system.
Running RumRunner
16. Before you run RumRunner, confirm all drivers are working correctly by testing adb and fastboot commands in recovery, fastboot, and the OS. Enable USB Debugging in developer options. Set auto sleep to the maximum of ten minutes. Go to personalize, and choose the no lockscreen setting. Go to settings, power, and make sure fastboot is NOT checked. Disable firewall and anti virus programs on your computer. Run the SuperSu app and make sure all SU Binaries are updated.
17. Once you've done everything above, you can download RumRunner 0.5 from http://rumrunner.us/downloads-2/ Make sure phone is connected to PC in ADB mode, and run soju.exe as administrator. Follow the onscreen instructions.
18. Once RumRunner is complete your phone will reboot to bootloader and report S-Off.
Updating Firmware
19. Now that you are S-Off, we can move on and update the firmware. Download the Full unmodified Firmware (fastboot flashable) from http://forum.xda-developers.com/showthread.php?t=2576995 Follow the instructions in the link for a guide on how to flash the firmware.
20. Once your firmware is updated if you reboot into the OS, your touchscreen may not respond. Do not worry about that it will be fixed soon.
Flashing A Custom ROM
21. Find a ROM of your choice in the android development section or the android original development section. The ROM you choose MUST be a Sprint ROM.
22. Copy the ROM to your internal storage, reboot to recovery. and do a full wipe (Dalvik Cache, Cache, Data, System). Again, do NOT wipe the internal storage!
23. Once the wipe is complete, flash the ROM you chose and clear the dalvik cache. Reboot system and you should be good to go. Remember, the first boot takes a bit longer than usual. Give it a good ten minutes before getting worried.
24. At this point you could copy your titanium backup folder back into the internal storage. Install titanium backup from the Play Store, open it, go to menu>preferences, scroll down to backup folder location, tap it and find the backup folder you just copied to your storage. Now you can restore all the apps and data you backed up. Also, you can copy all the other things you backed up to the computer.
I know this is a long guide, but the process above works 100%, and I tried to include as many details as possible. If you have any suggestions, please let me know. Also, if anyone runs into any problems, post it in the comments and maybe someone can help you.
Click to expand...
Click to collapse
Thank you and Big Daddy! Only thing I noted in instructions mentioned to copy downloaded ROM to internal storage and then to unlock bootloader. However this will erase everything and therefore ROM needs to be copied after doing unlock and twrp flash after unlock. I sincerely thank you for helping me achieve S-Off.
Doc
SOLID.
Great guide you guys. Very concise and easy to understand steps. :good:
Anyone who does not have S-OFF yet I highly suggest getting it before KitKat drops...HTC has a habit of making things harder with every OTA. Rumrunner may not work afterwards.
Docarut said:
Thank you and Big Daddy! Only thing I noted in instructions mentioned to copy downloaded ROM to internal storage and then to unlock bootloader. However this will erase everything and therefore ROM needs to be copied after doing unlock and twrp flash after unlock. I sincerely thank you for helping me achieve S-Off.
Doc
Click to expand...
Click to collapse
Ok guide was updated with proper instructions. Thanks for letting me know. I'm glad the guide worked for you!
What am I doing wrong?
D:\Users\Android\HTC One\HTC Unlock>adb devices
adb server is out of date. killing...
* daemon started successfully *
List of devices attached
FA37SSxxxxxx recovery
D:\Users\Android\HTC One\HTC Unlock>adb shell
adb server is out of date. killing...
ADB server didn't ACK
* failed to start daemon *
error:
[try again]
D:\Users\Android\HTC One\HTC Unlock>adb shell
adb server is out of date. killing...
* daemon started successfully *
error: device not found
Windows 8.1 / TWRP / unlocked / fastboot works fine / etc
echo "3.04.651.2" | dd of=/dev/block/mmcblk0p19 bs=1 seek=160
you need to bold "echo" it took me a bit to figure I needed to copy that part of the string
That command is very, very dangerous if you screw up even a little -- could easily brick a device. OP, the guide is really useful for folks, but please put all the parts folks need to copy in quote blocks.
Most of the readers don't even know what the dd command is because they don't use any Unix type OS (e.g., Linux) and they are using it with full root level access.
[Edit: adding a little explanation]:
The 'dd' command is a 'direct dump' and it takes whatever you tell it from the 'if' parameter (input file) or if no 'if' flag is provided, from the standard input. The 'echo' command puts whatever you specify to the standard output (a.k.a., stdout in unix/linux terms). The vertical bar is a 'pipe' specifier and pipes the stdout of the last command to the input of the next -- in this case the 'dd' command.
So how can this all to really, really badly? Imagine, just by happenstance, the recovery shell you use sends error output to stdout (by a mistaken bug, instead of stderr which is the norm). Whatever the shell would print as the error message is going to go to the dd command as stdin and it will write that to your device where you tell it. In short, brick city.
Just by luck, imho, the user above who failed to add the "echo" was using a recovery that (very luckily) sent nothing to stdout, so dd didn't have anything to write. I'm telling you, folks, @BD619 and I both have stated on multiple occasions the raw danger here.
Be careful and DO NOT RUSH INTO THESE THINGS -- IF YOU ARE NOT SURE, EVEN IF ONLY 0.000000001% UNSURE ASK! WE WILL GET YOU SET.
jluca98 said:
I do NOT take any credit for this guide.
You can thank BD619 for walking me through all this and the updated command, Indirect for the original commands, benny3 for his awesome ROM, O.M.J for his 3.04.651.2 RUU and for his 3.05.651.6 Firmware, and RumRunner for their awesome S-Off tool!
Also, if anything goes wrong I can try to help you, but the only person responsible is yourself for not following the guide 100%. I have done this all myself and it worked like a charm.
After 3.04.651.2, attempting to achieve S-Off with rumrunner will fail every time after the pouring 8 stage. This guide will show you how to change your version number in order to install an older RUU. After installing the older RUU, then you can proceed to unlock the bootloader, download benny3's Stock ROM (Link Below), flash it after a full wipe, and finally run rumrunner again with success. From there you can optionally update your firmware (Link Below) and flash a ROM of your choice. Once official kitkat is released this guide will not work because the hboot will be different than the one found in the RUU
Changing the Mainver
Before doing all of this, you should backup all your applications and other data with Titanium Backup which can be found in the Play Store. Once your backup is complete, you must copy the titanium backup folder found on your internal storage to your computer because the RUU will wipe the entire storage. Copy any other things you may need including Photos, Music, and Downloads to your computer so you can restore them later. Also, make sure you are on hboot 1.55. I have not tested this with any other hboot but it is confirmed working on hboot 1.55.
1. Make sure the ADB drivers are set up properly in recovery. I used TWRP but other recoveries should be fine.
2. Boot into recovery and connect the phone to the computer.
3. Open the command prompt, and type in <code>adb devices</code> A string of letters and numbers should pop up. This is only to test the ADB drivers and make sure they are working properly.
4. Now type <code>adb shell</code> and press enter.
5. Now type this exactly as it is here echo "3.04.651.2" | dd of=/dev/block/mmcblk0p19 bs=1 seek=160 with the quotes around the version number. After entering the command, it will say failed in the window but just ingnore that.
^^^I recommend you copy and paste to avoid typos.
6. Now enter adb reboot bootloader into the prompt. Your phone will now reboot bootloader and you should see your version number changed to 3.04.651.2.
7. As most of you may know, in order to install a RUU you must relock the bootloader, so click on fastboot on the phone and make sure it says fastboot usb. From here type in fastboot oem lock. Now the bootloader is locked.
Essentially, all we did up to this point is change the version number in order to trick the RUU into installing, and lock the bootloader also for the RUU to work.
Installing the RUU
8. Now you have to download the 3.04.651.2 RUU from http://forum.xda-developers.com/showthread.php?t=2508907. The zip or exe is fine. Do not use the decrypted version.
9. Once downloaded, put the phone into fastboot usb mode, and run the exe. If you downloaded the zip, follow the instruction in the link above to install it.
Flashing the custom ROM
10. Once the RUU is complete you will have to download benny3's ROM from http://forum.xda-developers.com/showpost.php?p=47048176&postcount=2. Either odexed or deodexed is fine. I personally chose odexed but it does not matter. Once downloaded make sure the ROM is not corrupt by matching the MD5 codes, or simply opening the zip.
11. We cannot install yet however because the RUU restored the stock recovery and the bootloader is locked.
12. Unlock the bootloader by following the instructions at http://www.htcdev.com/bootloader
13. Once the bootloader is unlocked we can now flash a custom recovery. Download TWRP 2.6.3.0 from http://techerrata.com/browse/twrp2/m7wls Once it finished put phone into fastboot usb, copy the TWRP img you just downloaded into the fastboot command prompt folder, open fastboot command prompt, and type in fastboot flash recovery recovery.img Replace recovery.img in the command with the actual name of the file.
14. Once the custom recovery is installed boot into Android and copy the downloaded ROM into the internal storage, boot into recovery and do a full wipe (Dalvik Cache, Cache, Data, System). Do NOT wipe the internal storage!
15. Go back and tap install. Select the ROM you placed in the internal storage in step 11. Once it is flashed clear the dalvik cache and reboot the system.
Running RumRunner
16. Before you run RumRunner, confirm all drivers are working correctly by testing adb and fastboot commands in recovery, fastboot, and the OS. Enable USB Debugging in developer options. Set auto sleep to the maximum of ten minutes. Go to personalize, and choose the no lockscreen setting. Go to settings, power, and make sure fastboot is NOT checked. Disable firewall and anti virus programs on your computer. Run the SuperSu app and make sure all SU Binaries are updated.
17. Once you've done everything above, you can download RumRunner 0.5 from http://rumrunner.us/downloads-2/ Make sure phone is connected to PC in ADB mode, and run soju.exe as administrator. Follow the onscreen instructions.
18. Once RumRunner is complete your phone will reboot to bootloader and report S-Off.
Updating Firmware
19. Now that you are S-Off, we can move on and update the firmware. Download the Full unmodified Firmware (fastboot flashable) from http://forum.xda-developers.com/showthread.php?t=2576995 Follow the instructions in the link for a guide on how to flash the firmware.
20. Once your firmware is updated if you reboot into the OS, your touchscreen may not respond. Do not worry about that it will be fixed soon.
Flashing A Custom ROM
21. Find a ROM of your choice in the android development section or the android original development section. The ROM you choose MUST be a Sprint ROM.
22. Copy the ROM to your internal storage, reboot to recovery. and do a full wipe (Dalvik Cache, Cache, Data, System). Again, do NOT wipe the internal storage!
23. Once the wipe is complete, flash the ROM you chose and clear the dalvik cache. Reboot system and you should be good to go. Remember, the first boot takes a bit longer than usual. Give it a good ten minutes before getting worried.
24. At this point you could copy your titanium backup folder back into the internal storage. Install titanium backup from the Play Store, open it, go to menu>preferences, scroll down to backup folder location, tap it and find the backup folder you just copied to your storage. Now you can restore all the apps and data you backed up. Also, you can copy all the other things you backed up to the computer.
I know this is a long guide, but the process above works 100%, and I tried to include as many details as possible. If you have any suggestions, please let me know. Also, if anyone runs into any problems, post it in the comments and maybe someone can help you.
Click to expand...
Click to collapse
OK command fixed in step 5.
Light a fire for a man and you`ll warm him for a few hours...Light a man on fire and you`ll warm him for the rest of his life
pbassjunk said:
What am I doing wrong?
D:\Users\Android\HTC One\HTC Unlock>adb devices
adb server is out of date. killing...
* daemon started successfully *
List of devices attached
FA37SSxxxxxx recovery
D:\Users\Android\HTC One\HTC Unlock>adb shell
adb server is out of date. killing...
ADB server didn't ACK
* failed to start daemon *
error:
[try again]
D:\Users\Android\HTC One\HTC Unlock>adb shell
adb server is out of date. killing...
* daemon started successfully *
error: device not found
Windows 8.1 / TWRP / unlocked / fastboot works fine / etc
Click to expand...
Click to collapse
I'm not sure, maybe try another PC with windows 7, USB 2.0, and drivers installed correctly.
Light a fire for a man and you`ll warm him for a few hours...Light a man on fire and you`ll warm him for the rest of his life
jluca98 said:
I'm not sure, maybe try another PC with windows 7, USB 2.0, and drivers installed correctly.
Light a fire for a man and you`ll warm him for a few hours...Light a man on fire and you`ll warm him for the rest of his life
Click to expand...
Click to collapse
After some more testing, this seems to be an 8.1 specific issue. Not sure if it's an HTC driver issue, an 8.1 USB 2/3 driver issue or something with ADB (up to date), but I tried it on an 8 laptop (USB 3 only) along with a 7 desktop (USB 2 only, older imac in bootcamp heh) and things worked as expected.
Not scientific but as close as I could get with the hardware I have. Pretty sure it's an 8.1 problem.
Looks a little complicated as much as I would love to go s-off not sure if could handle this
Sent from my HTCONE using xda app-developers app
androidforeve said:
Looks a little complicated as much as I would love to go s-off not sure if could handle this
Sent from my HTCONE using xda app-developers app
Click to expand...
Click to collapse
Its not really that hard. If you follow instructions properly and meet the prerequisites in the OP then you will be fine. I know of multiple people who followed this guide with no problems. Try it and if you run into any issues post a comment and we will try to help you.
Light a fire for a man and you`ll warm him for a few hours...Light a man on fire and you`ll warm him for the rest of his life
androidforeve said:
Looks a little complicated as much as I would love to go s-off not sure if could handle this
Sent from my HTCONE using xda app-developers app
Click to expand...
Click to collapse
Thanks for the input but do I really need to be s-off? So far I can flash everything fine with no problem of course I have not tried flashing firmware or radios because I have latest ones I'm assuming that's the problem I will have but I thought I read somewhere that you can still flash firmware and radios even with s-on but I could be wrong
Sent from my HTCONE using xda app-developers app
You can read this guide to understand more about s-off. http://android-revolution-hd.blogspot.com/2013/06/do-we-really-need-s-off.html?m=1
Light a fire for a man and you`ll warm him for a few hours...Light a man on fire and you`ll warm him for the rest of his life
androidforeve said:
Looks a little complicated as much as I would love to go s-off not sure if could handle this
Sent from my HTCONE using xda app-developers app
Click to expand...
Click to collapse
Do a backup in recovery
Copy your entire internal sd to pc
Follow instructions as above
After s-off root like you did before
Move internal back to device
Restore in recovery
Good 30 minutes
I sugest you download everything first, that way your device isnt down while you wait
I only have 1 very anoying issue. Was 3.05.651.5 complete stock with root and .6 update released. I did s-off, did ota, then rooted. I'm 3.05.651.6 s-off, rooted and i still got the ota notice to update to 3.05.651.6 and it wont go away.
Maybe this can help you. http://forum.xda-developers.com/showthread.php?t=1856632
Light a fire for a man and you`ll warm him for a few hours...Light a man on fire and you`ll warm him for the rest of his life
saaaaweet
Here is an easy way to achieve S-off and root without the need to go through the HTCDev unlock procedure and flashing custom recoveries:
1. Make a backup of all your data, just in case... (E.g. with Helium, which is free and works without root)
2. Make sure that
HTC drivers installed and working (You can download them here: http://forum.xda-developers.com/showthread.php?t=2217396)
HTC sync is removed (not closed – REMOVED)
All other phone software are removed or disabled (Samsung Kies, PDANet, etc.)
There is a working internet connection ON YOUR DEVICE - wifi, 3g, 4g, etc. are all supported.
USB debugging is enabled on your device
Ensure that lock screen security is disabled on your device: no passcode lock, no pattern lock, no face lock
3. Install ADB on your PC (e.g. download and extract fastboot_adb.zip to c:\ADB)
4. Download firewater
5. Download temproot
6. Download su binary for SuperSu (e.g. the one in su.zip, or extract it from the SuperSu zip installer)
7. Place firewater and temproot in the ADB folder (e.g. c:\ADB)
8. Copy the SU binary to the root of your memory card and install the card in your device
9. Connect your device directly to an USB 2.0 port on your PC
10. Open a command prompt, and navigate to your ADB folder (e.g c:\ADB)
11. Important: Reboot your device:
Code:
adb reboot
12. When the device rebooted, issue the following commands:
Code:
adb wait-for-device push firewater /data/local/tmp
adb push temproot /data/local/tmp
adb shell
chmod 755 /data/local/tmp/temproot
chmod 755 /data/local/tmp/firewater
At this point, you have the temproot and firewater binaries on your device with execute permissions
13. Now start temproot to gain temporary root access via the shell:
Code:
/data/local/tmp/temproot
This will take long (5-10min) -> go and grab a coffee
14. Once root access is achieved (temproot will inform you about this, and you will see '#' at the end of the prompt instead of '$') you can start firewater:
Code:
/data/local/tmp/firewater
For my device, this step took about 2 minutes.
Now you have S-OFF and an unlocked bootloader. Yay!
15. Remount the /system partition in order to be able to write it:
Code:
mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system
16. Copy su to the /system partition and set its permissions
Code:
cat /storage/ext_sd/su > /system/xbin/su
chmod 04755 /system/xbin/su
17. Grab your device, enter the Play Store and install SuperSu. At this point you are fully rooted.
18. If SuperSu requests to update the su binary, let it (choose the normal approach, NOT the TWRP/CWM method).
19. Shut down your device, then turn it on in bootloader mode by pressing and holding "power" and "volume down" buttons simultaneously
You should see (the UNLOCKED, TAMPERED, and Ship S-OFF texts)
20. To exit bootloader mode, select the "Fastboot" menu item with the vol up/dn buttons, then enter using the power button. Then choose the "Reboot" menu item the same way.
[OPTIONAL] Locking bootloader and clearing "tampered" flag
21. Start command prompt on your PC. Enter your ADB folder. And issue the following commands:
Code:
adb devices
adb shell
su
(I would very strongly recomend you copy/paste the following line)
Code:
echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
Code:
exit
exit
adb reboot bootloader
22. Verify you are now locked. Then select Fastboot -> Reboot
23. Issue the following commands:
Code:
adb devices
adb shell
su
(I would very strongly recomend you copy/paste the following line)
Code:
echo -ne '\x00' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988
Code:
exit
exit
adb reboot bootloader
24. Verify that the tampered flag is cleared
25. That's it. Reboot your device and have fun
FAQ:
Q: I have been waiting for ages to gain temporary root but nothing is happening!! What should I do?
A: Please be patient. It is a long process (usually 5-10 min)
Q: If I S-OFF/unlock/root my phone using this method, what happens to my apps in /data/preload? Will they get wiped?
A: No, they won't. They will be untouched.
Q: Why are you using that long and complicated command for remounting /system? Wouldn't it be easier to just issue "adb remount"?
A: Sure it would, but unfortunately it would not work, since our stock ROMs use secure ADB and this particular command is only available if the ADB daemon on your device is run in "insecure" mode. More information about the technical background here and here.
Q: Why are you suggesting we use SuperSu as a root management app? What's wrong with Superuser / XXX / YYY ?
A: I have no preference whatsoever. It is only an example. Feel free to use other apps (with corresponding su binary), if you so desire.
Q: Is the su binary inside su.zip safe? Where is it from?
A: Yes, it is safe. It was extracted from the zip installer package of SuperSu v1.93 and was not altered in any way.
Q: My phone rebooted itself when I issued the mount command. What now?
A: Run temproot again, then continue the process starting with reissuing the mount command.
Q: Don't you think XYZ is wrong / missing in your guide?
A: Please reply to the thread or drop me a PM and I will correct it ASAP.
Fine print
I created this guide with the best of intentions, to help people like me, who are more or less new to android but are willing to learn and want to make the most of their devices. I tested the whole procedure on my own Butterfly S 901s 1.23.708.3 without any issues.
However you must keep in mind that during this process you will be modifying vital parts of the system, and doing so always entails some risk. Therefore I cannot and will not take any responsibility if you accidentally brick your device attempting the above procedure.
The tools and most methods used throughout this guide are not my creations. I simply collected and organized information already available but scattered across several topics.
Kudos
to beaups and fuses for bringing us firewater,
to hikezoe and fi01, whose work the temproot is based on,
to daorderdillon for figuring out the way to lock the bootloader and clear tampered flag on an S-OFFed Butterfly S.
to ebautista, who was the first to confirm that firewater does indeed work with the Butterfly S
and of course to koniiiik who encouraged me to start experimenting with the /system remounting
edorner said:
Here is an easy way to achieve S-off and root without the need to go through the HTCDev unlock procedure and flashing custom recoveries:
13. Now start temproot to gain temporary root access via the shell:
Code:
/data/local/tmp/temproot
This will take long (5-10min) -> go and grab a coffee
14. Once root access is achieved (temproot will inform you about this, and you will see '#' at the end of the prompt instead of '$') you can start firewater:
Code:
/data/local/tmp/firewater
For my device, this step took about 2 minutes.
Now you have S-OFF and an unlocked bootloader. Yay!
15. Remount the /system partition in order to be able to write it:
Code:
mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system
16. Copy su to the /system partition and set its permissions
Code:
cat /storage/ext_sd/su > /system/xbin/su
chmod 04755 /system/xbin/su
17. Grab your device, enter the Play Store and install SuperSu. At this point you are fully rooted.
18. If SuperSu requests to update the su binary, let it (choose the normal approach, NOT the TWRP/CWM method).
19. Shut down your device, then turn it on in bootloader mode by pressing and holding "power" and "volume down" buttons simultaneously
You should see (the UNLOCKED, TAMPERED, and Ship S-OFF texts)
20. To exit bootloader mode, select the "Fastboot" menu item with the vol up/dn buttons, then enter using the power button. Then choose the "Reboot" menu item the same way.
[/LIST]
Click to expand...
Click to collapse
i have one question and one comment:
1. if i was root and only did firewater, do i need to do since number 15?
2. i did this with my usb 3.0, i know is not recommended, but the device was not recognized in adb. and other thing: be really aware of the screen, if it shuts down the commands will not be working.
cheers
kemoli said:
i have one question and one comment:
1. if i was root and only did firewater, do i need to do since number 15?
2. i did this with my usb 3.0, i know is not recommended, but the device was not recognized in adb. and other thing: be really aware of the screen, if it shuts down the commands will not be working.
cheers
Click to expand...
Click to collapse
If you are already rooted, then steps 13 and 15-18 are unnecessary.
Thank you for the info about the screen, I haven't noticed that before.
As for the connection issue: Well, it may be caused by a lot of things... You could try using an usb 2.0 connection instead, or reinstalling the HTC drivers. And make sure USB debugging is turned on in the developer options.
usb 3.0
edorner said:
If you are already rooted, then steps 13 and 15-18 are unnecessary.
Thank you for the info about the screen, I haven't noticed that before.
As for the connection issue: Well, it may be caused by a lot of things... You could try using an usb 2.0 connection instead, or reinstalling the HTC drivers. And make sure USB debugging is turned on in the developer options.
Click to expand...
Click to collapse
sorry but my explanation was not clear, i can do this only with usb 3.0, with 2.0 my device is not recognized as mtp connection or adb at all even if i have usb debugging turned on... i don´t know exactly why, but it happens after i did a restore because when i did the root with wp_mod my device turns out crazy with superuser, so i root with supersu and after that did this s-off with firewater and works like a charm. I don´t know why but with every product of clockworkmod i have problems...with one old phone that i had, an atrix, my nandroid backup didn´t work and cannot be restored, twrp is the best for me since.
thank you for you response :fingers-crossed:
Ah, I see! I did misunderstand you before. I am glad the s-off method worked for you eventually
Hi edorner,
i have 2 questions need your help.
1. is it need backup everything including "DATA" before unlock bootloader via firewater? (all data will be wiped after unlocked bootloder via htcdev)
2. is it possible to unlock bootloader & root without S-OFF? because i searched several threads but didn't found any threads for "how to S-ON from S-OFF".
thx for your kindness helps n reply. sorry for my bad english...
Hey shiropetto,
shiropetto said:
1. is it need backup everything including "DATA" before unlock bootloader via firewater? (all data will be wiped after unlocked bootloder via htcdev)
Click to expand...
Click to collapse
It is not necessary to backup your data. Nothing will get wiped, when you use this method. Your DATA partition will remain intact.
However I still recommend you to do some kind of backup before you begin. Just as a precaution...
shiropetto said:
2. is it possible to unlock bootloader & root without S-OFF?[/B].
Click to expand...
Click to collapse
TBH, I am not sure.
You could try following the procedure from step 1 to 18, without performing step 14. In theory, it should be safe to try.
That might give you root.
However my guess is that Step 15 will probably not work without S-off or unlocked bootloader.
shiropetto said:
i searched several threads but didn't found any threads for "how to S-ON from S-OFF".
Click to expand...
Click to collapse
S-ON is very easy So I honestly do not see any reason why you would not want to go S-OFF.
To revert to S-ON:
1) open a cmd window in your ADB directory. plug in phone ,usb debugging on
2) adb devices
3) adb reboot bootloader
4) fastboot devices
5) fastboot oem writesecureflag 3
6) fastboot reboot-bootloader
7) verify you are locked s-on
8) fastboot reboot
There are just two important things you must keep in mind:
1) When / if you decide to go back to 100% factory default state, S-ON should be the last step (after unroot, bootloader lock, cid restoring, etc.).
2) Before going back to S-ON, make sure you have a stock hboot. If you go S-ON while having a custom hboot, your device will be bricked.
Just one quick question is this also working for h1.55?
elf_made said:
Just one quick question is this also working for h1.55?
Click to expand...
Click to collapse
Yep.
edorner said:
Hey shiropetto,
It is not necessary to backup your data. Nothing will get wiped, when you use this method. Your DATA partition will remain intact.
However I still recommend you to do some kind of backup before you begin. Just as a precaution...
TBH, I am not sure.
You could try following the procedure from step 1 to 18, without performing step 14. In theory, it should be safe to try.
That might give you root.
However my guess is that Step 15 will probably not work without S-off or unlocked bootloader.
S-ON is very easy So I honestly do not see any reason why you would not want to go S-OFF.
To revert to S-ON:
1) open a cmd window in your ADB directory. plug in phone ,usb debugging on
2) adb devices
3) adb reboot bootloader
4) fastboot devices
5) fastboot oem writesecureflag 3
6) fastboot reboot-bootloader
7) verify you are locked s-on
8) fastboot reboot
There are just two important things you must keep in mind:
1) When / if you decide to go back to 100% factory default state, S-ON should be the last step (after unroot, bootloader lock, cid restoring, etc.).
2) Before going back to S-ON, make sure you have a stock hboot. If you go S-ON while having a custom hboot, your device will be bricked.
Click to expand...
Click to collapse
* thx for your suggestion!
*that mean step 14 including s-off & unlocking? is it will brick if skip step 14?
*thx for your kindness for revert from s-off to s-on!
*i do believing the hboot version still same as official hboot if i never flash other firmware version and device will stay in safe. pls correct me if this explanation was wrong.
shiropetto said:
*that mean step 14 including s-off & unlocking? is it will brick if skip step 14?
Click to expand...
Click to collapse
What I meant is:
If you want to root your phone without S-OFF, you need to perform steps 1-2-3-4-5-6-7-8-9-10-11-12-13-15-16-17-18 from my guide.
It will not brick your device, but there is a good chance it will not be successful either.
BTW, I just had another idea!
If you don't want S-OFF, just unlock & root, there is another method, which might be more suited to your needs:
LINK
Pls check it out. It basically goes like this: HTCdev unlock -> install custom recovery -> install su + superuser/supersu ffrom custom recovery -> done
shiropetto said:
*i do believing the hboot version still same as official hboot if i never flash other firmware version and device will stay in safe. pls correct me if this explanation was wrong.
Click to expand...
Click to collapse
Your explanation is correct. If you have not -intentionally- flashed a modified hboot image to your device, then you can be sure it contains an "original" hboot partition, signed by HTC. And anyway, it is only possible to flash a custom hboot is you are S-OFF. And since you obviously don't have S-OFF yet, it is impossible for you to have a custom/modified hboot
edorner said:
What I meant is:
If you want to root your phone without S-OFF, you need to perform steps 1-2-3-4-5-6-7-8-9-10-11-12-13-15-16-17-18 from my guide.
It will not brick your device, but there is a good chance it will not be successful either.
BTW, I just had another idea!
If you don't want S-OFF, just unlock & root, there is another method, which might be more suited to your needs:
LINK
Pls check it out. It basically goes like this: HTCdev unlock -> install custom recovery -> install su + superuser/supersu ffrom custom recovery -> done
Your explanation is correct. If you have not -intentionally- flashed a modified hboot image to your device, then you can be sure it contains an "original" hboot partition, signed by HTC. And anyway, it is only possible to flash a custom hboot is you are S-OFF. And since you obviously don't have S-OFF yet, it is impossible for you to have a custom/modified hboot
Click to expand...
Click to collapse
i have flashed everything, tamperred, s-off, unlocked, but no SU. what i need suppose to redo which steps? coz i was accidentally done the wrong typo during step 16, even i repeat from step 12 "adb shell", its still the same no root permission once i run the SuperSU. any SU could be flashable via recovery? perhaps the Root_wp_mod.zip will bring the bugs (reported by some users).
shiropetto said:
i have flashed everything, tamperred, s-off, unlocked, but no SU. what i need suppose to redo which steps? coz i was accidentally done the wrong typo during step 16, even i repeat from step 12 "adb shell", its still the same no root permission once i run the SuperSU. any SU could be flashable via recovery? perhaps the Root_wp_mod.zip will bring the bugs (reported by some users).
Click to expand...
Click to collapse
I see.
This should work:
Code:
/data/local/tmp/temproot
mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system
cat /storage/ext_sd/su > /system/xbin/su
chmod 04755 /system/xbin/su
Then open the Play Store and install SuperSu
If this solution does not work, then just flash a custom recovery e.g. TWRP, and install SuperSU from there.
edorner said:
I see.
This should work:
Code:
/data/local/tmp/temproot
mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system
cat /storage/ext_sd/su > /system/xbin/su
chmod 04755 /system/xbin/su
Then open the Play Store and install SuperSu
If this solution does not work, then just flash a custom recovery e.g. TWRP, and install SuperSU from there.
Click to expand...
Click to collapse
Could u provide or guide me which one suitable for flashing via recovery mode? I try with root_wp_mod but removed tweaks n replace the supersu n su from your given link. Its been there in menu but can't proceed the binary progress, maybe su not installed properly.
edit: I have rooted with the link given by u. Thx! Hurray! I'm enjoying my s-off butterfly S now!
Sent from my HTC Butterfly s using xda premium
shiropetto said:
Could u provide or guide me which one suitable for flashing via recovery mode?
Sent from my HTC Butterfly s using xda premium
Click to expand...
Click to collapse
Great! Congrats
edorner said:
Yep.
Click to expand...
Click to collapse
Well I tried all the steps but the damn phone is still S-ON.
Here is my configuration:
Rooted
Android version: 4.3
Htc sense: 5.5
Software number: 2.21.708.1
Htc sdk api level: 5.65
kernel version: 3.4.10-g158f9a4 [email protected]#1
Please find below my cmd window which just hanged out and a print screen of my bootloader... Hope this helps! Thanks a lot!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Am I the only one having the above issue/configuration for which the s-off could not be done? Thanks!
help
hello
I'm new to this phone and I would like to know that I can do if I already have the bootloader unlocked HTCDev, where do I start?
thanks greetings
GAVANA said:
hello
I'm new to this phone and I would like to know that I can do if I already have the bootloader unlocked HTCDev, where do I start?
thanks greetings
Click to expand...
Click to collapse
If u have taken the kit Kat update u will have to wait for new s off
Sent from my HTC Butterfly s using XDA Premium 4 mobile app
ups!!!
daorderdillon said:
If u have taken the kit Kat update u will have to wait for new s off
Sent from my HTC Butterfly s using XDA Premium 4 mobile app
Click to expand...
Click to collapse
lol, just when I read your message, my phone ends Upgrading to kit kat,
I'll have to wait then, but I can do root and install recovery?
Greetings buddy