ok first off i would like to give many thanks to all the people that help test and figure out the easiest and most effective way of pulling this off.
Joeykrim (for his help with figuring out the easiest way of implementing this)
Toastcfh (for providing us with the eng spl without this we would be nowhere!!)
scotty2 and Guhl (for all the insight they have given me over the past couple of weeks)
preludedrew (for helping me with testing and of course the recovery he working so hard on right now)
riggsandroid and Cosine83 (for helping test things out)
Now on to the good stuff!!
Disclaimer
Please read each and every step in this guide and do them fully failure to do this exactly as it is layed out could result in a permanent brick as usual I am not responsible for anybody's failure to read directions.
Step 1
ok download this file and extract it to the root of your sdcard
www.thebcblends.com/shift/Shift-root.zip
Step 2
make sure you have adb properly setup on your computer before continuing
temp root using either visionary or z4root
open up command prompt and cd to your sdk platform-tools directory
then type adb shell then su
if you havent already u must press allow on your device to enable su perms
Step 3
check the md5sum of both of the files to make sure they match
Code:
md5sum /sdcard/Shift/hboot_orig.bin
Code:
md5sum /sdcard/Shift/hboot_eng.nb0
386c19451e8dd18f9b98fad6b11be4c0 hboot_orig.bin
60ec1006e6ec2e8acb370d6aad35b17e hboot_eng.nb0
if these do not match do not continue redownload the files then check the md5's again
Step 4
Flash the eng spl!!! (dangerous part)
make sure these commands are exact or you could risk bricking your phone!!!
now you should still be in adb shell with root permissions
runs this command and DO NOTT!! reboot till I tell you to
Code:
dd if=/sdcard/Shift/hboot_eng.nb0 of=/dev/block/mmcblk0p18
you just flashed the eng spl!!! now lets make sure it took
Step 5
Check the md5 of new flash hboot and restore if necessary
run this command to pull the newly flashed hboot to your sdcard
Code:
dd if=/dev/block/mmcblk0p18 of=/sdcard/Shift/hboot_check.nb0
now we check the md5 to see if it matches
Code:
md5sum /sdcard/Shift/hboot_check.nb0
it should read 60ec1006e6ec2e8acb370d6aad35b17e
if the md5sum matches then congratulations its safe to reboot!! you can skip the next bit and continue on to step 6
if you absolutely cannot get the eng hboot to flash right then run this to restore the stock hboot
Code:
dd if=/sdcard/Shift/hboot_orig.bin of=/dev/block/mmcblk0p18
then pull it to check md5
Code:
dd if=/dev/block/mmcblk0p18 of=/sdcard/Shift/hboot_check1.bin
then check the md5sum
Code:
md5sum /sdcard/Shift/hboot_check1.bin
it should read 386c19451e8dd18f9b98fad6b11be4c0
if it doesnt keep trying until it does but DO NOT!! reboot till it matches
Step 6
check hboot and perm root!!
ok now reboot your phone into bootloader
turn off phone and hold power+vol down till it boots into bootloader
look at the top and make sure it says s off
if so reboot the phone back into android
put the phone into airplane mode
temp root with visionary
after your temp rooted then attempt to perm root with visionary (haven't tested perm root with z4 yet)
your phone will reboot and you are now officially perm rooted any changes you make will now stick on reboot
Recovery is coming soon!!!!!!
Recovery
for now this recovery does not backup your wimax keys
we shall do that manually and store them in a safe place just in case
Backup Wimax Partitions
Code:
dd if=/dev/block/mmcblk0p25 of=/sdcard/Shift/wimax.bin
Code:
dd if=/dev/block/mmcblk0p30 of=/sdcard/Shift/udata_wimax.bin
Flash Recovery Image
download this zip and extract the img to wherever you please on your computer
recovery
if you do not already have fastboot setup get it
cd to wherever the recovery was placed
then power down your device and hold power+voldown at the same time till it loads the bootloader
click on the fastboot option
Code:
fastboot flash recovery recovery.img
now boot into recovery and see if it worked if so create a nandroid backup!!!
reserved again!!!
you got thanks!
Thanks to everyone involved
worked like a charm thanks brah!
I am honored to have been able to witness this happening in front of my eyes in IRC.
Doing this now...once again, excellent work guys.
Thanks, first of all. Second, perhaps I should wait and see if something comes out later that doesn't look as intimidating as this. Yeah, some might say its easy and what are you crying about? I'm not going to dive in right this minute because I don't have confidence in my abilities with this yet.
Especially since I'm fighting keeping my eyes open. Me so sleepy. Maybe tomorrow I will be more with it.
no shame in that, better to feel comfortable than mess up your phone or something.
You guys are amazing. Kick ass job!
cant get past the check md5sum...its sayin no such file or directory
Worked like a charm! Thanks!! So much easier than what I had to do to root my hero originally or my girlfriend's evo. Thanks again!
Sent from my PG06100
Going to bed now, gonna spend my night off tomorrow rooting my Shift. A huge thank you to everyone involved, I wish I had the money to buy you all some coffee
Sent from my attic using a telegraph.
Worked like a charm
strauss0829 said:
cant get past the check md5sum...its sayin no such file or directory
Click to expand...
Click to collapse
Did you extract the zip to your sdcard?
Xodium said:
I am honored to have been able to witness this happening in front of my eyes in IRC.
Doing this now...once again, excellent work guys.
Click to expand...
Click to collapse
what was the irc channel?
Every day I check the forums hoping today will be the day that perm root is achieved, and now I finally find that its happened...and I'm drunk out of my mind, now I gotta wait til i'm sober tomorrow to give this a go. Thanks to everyone involved!! Its appreciated!
I wanna give out a Huge thanks to all that helped work on Root. My day has been made
great job, even i managed to get thru it
strauss0829 said:
cant get past the check md5sum...its sayin no such file or directory
Click to expand...
Click to collapse
try this:
Code:
busybox md5sum /sdcard/Shift/hboot_eng.nb0
Related
EPIC EASY ROOT!! COURTESY OF NETARCHY!!
netarchy said:
Part 1:
Code:
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
adb reboot
Part 2:
Toast's Part 2, for nand unlock
Click to expand...
Click to collapse
Everything below is grayed out as it is now of historical interest.
Simpleroot method for this version is out, this app makes rooting this ROM version much easier.
This method developed by an anonymous user. It is for rooting the new OTA v1.47.651.1. If your stuck with the new ota or just bought an EVO with this version, this is for you.
UPDATE 7/6:Hackfiles updated. See end of this post.
VIDEO TUTORIAL HERE, Courtesy of jiqqaman
Make sure you have adb ready to go and know how to get into adb shell. You must use the EVO browser to perform these steps. If these steps don't work, use recovery to wipe your phone and start fresh (you will lose all of your data on the phone)
1. Unzip the files into a directory somewhere on your computer
2. Put the files into the root of your sdcard (mount the EVO as a disk drive)
3. Unmount your phone
4. Run "adb shell" and start part1 on your phone:
Code:
Code:
sh /sdcard/part1
5. If the script says to power down, hold your power button and turn off your phone, then turn it back on.
6. When it starts up it will ask you to open the EVO browser. open your EVO browser to http://bit.ly/ad0pRn
7. When it asks you to, refresh the EVO browser on the same page
8. Reboot your phone with "adb reboot"
9. Run adb shell as soon as you can (when the HTC logo is still showing). You need to be fast. If you get "error: device not found", try again.
Code:
Code:
adb shell /data/local/part2
10. It should print after part2 finished:
Code:
Code:
crw-rw-rw- root root 90, 2 2010-07-05 19:37 mtd1
11. When your phone finished booting, flash toastcfh's mtd-eng.img to misc:
Code:
Code:
cat /sdcard/flash_image > /data/local/flash_image
chmod 755 /data/local/flash_image
/data/local/flash_image misc /sdcard/mtd-eng.img
12. Now flash the Engineering SPL with toastcfh's post: http://forum.xda-developers.com/showthread.php?t=701835
13. If your are having troubles, you may find useful information HERE
FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY. DON'T **** UP YOUR ROOT!
zikronix said:
Permanant mirror for the updated hackfiles2
Updated Hackfiles2
Click to expand...
Click to collapse
Brilliant .
Thanks
Wow that was faster than I had anticipated. Will be interesting to see if this works for people. Good work!
Yay root, adobe haxed?
Omg..... I'm going to try this when I get home
Sent from my PC36100 using Tapatalk
SteelH you might wanna update your thread title to reflect correct version number 1.47.651.1 (says 1.46.651.1 at the moment)
Seriously?!? Dang that is amazing. I am a newb so will wait for others to work it out...and for someone to set up a three click...LOL. (I was a bit worried about the contest money. I'll donate to whomever gets a set up a newb can follow.)
Till then I'll let the more adventurous tell us how it goes.
Great work if this is for real!
wow props to the person that did this and props for it being anonymous!!!
does this really work?
Has anybody confirmed this?
Sent from my PC36100 using XDA App
EPIC!!
EPIC!!!!! Way to go community!
seankent4uf said:
SteelH you might wanna update your thread title to reflect correct version number 1.47.651.1 (says 1.46.651.1 at the moment)
Click to expand...
Click to collapse
Thank you.
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
WOW!
You guys are amazing..
This is gonna be a hectic week, I can already tell...
HTC releases source, OTA-root method!
Can't wait until some of these new FroYo ROMs start popping up.
ninja edit: So who wins the $600?
seankent4uf said:
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
Click to expand...
Click to collapse
meh i tried that but still no one listened. :-/
seankent4uf said:
If someone can confirm that this works, the following should be added to the instructions:
"FINAL STEP - Do NOT accept any OTA updates from this point on. REALLY."
Click to expand...
Click to collapse
That can't be said enough.
mcjx said:
This is gonna be a hectic week, I can already tell...
HTC releases source, OTA-root method!
Can't wait until some of these new FroYo ROMs start popping up.
ninja edit: So who wins the $600?
Click to expand...
Click to collapse
Anonymous. That is if everyone puts their money where their mouth is. Follow the other thread to see who does or doesn't pay up. I will keep it updated.
Epic, big win for the community
now how do we patch the hole in flash aftewards? kinda doesnt give me that warm fuzzy feeling we can gain root from flashlite....
XDA devs to the rescue, again!
Make sure your battery has a decent amount of charge in it, you don't want to run out of juice in the middle of this.
You will need to have the android sdk installed, as you will need to use the adb tool.
Windows users will need to install HTC Sync in order to get the usb driver for the phone installed.
Part 1: In which we find that the Evo spreads easier than a Thai whore during tourist season
Code:
adb shell "rm /data/local/rights/mid.txt"
adb shell "ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt"
adb reboot
Part 2: In which we find that engineers have no personality, but they make one hell of a bootloader
Put the files from Toast's Part 2, for nand unlock onto the sdcard (PC36IMG.zip, mtd-eng.img, recovery.img, flash_image)
then (after making sure the sdcard is remounted to the phone if you used disk mode to xfer the files):
Code:
adb shell "cat /sdcard/flash_image > /data/local/rights/flash_image"
adb shell "chmod 755 /data/local/rights/flash_image"
adb shell "/data/local/rights/flash_image misc /sdcard/mtd-eng.img"
adb reboot bootloader
When asked if you want to update, say yes. Relax for a while, the update takes some time.
When the phone eventually boots back up:
Part 3: In which I find the whore, and make her install a custom recovery
Code:
adb shell "cat /sdcard/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image recovery /sdcard/recovery.img"
After this you should be fully rooted with nand unlock.
I highly recommend going through Whitslack's Starting Over method to bring your software and radios up to date.
You're done.
Pity this only came to light a few days before people are going to be upgrading to a new OTA.
No, this will not work for anyone who updated to 2.2.
epic!!! 789
niice!
Nice Find!
At least now people can be rooted prior to the new OTA!
damn it!
___
Sweet! Wish I had that method starting out. Lol.
Sent from my PC36100 using XDA App
does this method really work??
BAttitude7689 said:
does this method really work??
Click to expand...
Click to collapse
Yes it does.
ok, so i have no idea how that works... care to go into it alittle bit more?
khshapiro said:
ok, so i have no idea how that works... care to go into it alittle bit more?
Click to expand...
Click to collapse
The init scripts chmod 777 mid.txt on boot (this means that anyone can do anything to the file basically). By removing the file and linking it to mtd1, the chmod now makes mtd1 accessible by everyone after a reboot, which means that you can go directly to toast's part2 which starts with flashing mtd-eng.img.
Incidentally it appears the droid eris guys have been using this flaw to their advantage for a while as well ;D.
So no, really? What is "root?"
You do fine work, sir
posting in a legendary thread
Couldn't you then just use wits "start over" method for part two to make the process even shorter?
netarchy said:
Part 1:
Code:
adb shell rm /data/local/rights/mid.txt
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
adb reboot
Click to expand...
Click to collapse
What would be more interesting is for someone on the new OTA non-root to see if this exists in the Froyo release. I'll look around for a posting of the OTA update non-rooted and try it on my smashed phone. At least I won't care if that thing looses root.
Could we get a "The easiest 1.47.651.1 root method with nand unlock" for dummies? I have no clue what to do with this code.
You need to use an ADB shell for this using the Android SDK....
I tried to use the Evo-Recovery shell and received permission denied errors.
I am not a DEV by any means, and do not claim any credit for any of this. However, for people who need help, this may offer some assistance -- this is definitely the easiest root method out there.
1. Download and Install Android SDK - Learn Here
http://forum.xda-developers.com/showthread.php?t=694250
2. Open up a Command Prompt by holding windows button & pressing R or by pressing Run and typing CMD.
3. Navigate your way in DOS to the Android SDK folder, then to the Tools Folder
4. Then enter in the code in part 1. After each line press enter...the line will repeat below it.
5. Follow Toasts Part 2 -- Link: http://forum.xda-developers.com/showthread.php?t=701835 -- Video found here: http://www.youtube.com/watch?v=tUXTB0eydwE.
5A. Because you didn't do Toast's Part 1 of Root first (you used an exploit provided by the OP), you will NOT have a NAND Backup. Put the Custom ROM you want to load on your SD card, and after unlocking NAND protection and doing the wipes, load it from the custom recovery in lieu of restoring your NAND backup.
6. You're now rooted w/ NAND Unlocked!
7. I would then suggest going here, and running this so you have a fully rooted, stock ROM with all your radio/wimax up to date: http://forum.xda-developers.com/showthread.php?t=715915.
Anyone know if this method will work on an unrevoked3'd Evo? I am trying to acquire full root and I was going to use SimpleRoot today but if this will work...
Thank you for this! Question about number part 7. YOu suggest running the fully rooted stock 1.47.651.1 afterwards. Would it be a bad idea to Just run the fully rooted stock froyo 3.23.651.3 or even any other custom rom for that matter? i.e OMJ's EVO 2.2 Custom rom? Thanks
regulator207 said:
Couldn't you then just use wits "start over" method for part two to make the process even shorter?
Click to expand...
Click to collapse
No because you need the engineering hboot to flash it since it's not signed by HTC.
Should work on 1.32 or 1.47. Nice.
Someone should test if this still works in the new 2.2 update. Good chance it does.
damit!
justinisyoung said:
damn it!
___
Click to expand...
Click to collapse
Hey! That's what I was gonna say!
*******UPDATED 8/31/10 *******
This rooting method was adapted from regaw_leinad's method and toastcfh's method. By following these steps you will successfully downgrade your phone back to android 2.1 in order to gain root.
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
special thanks to:
regaw_leinad
Sebastian Krahmer
Toastcfh
amon_ra
FILES YOU WILL NEED:
copy and paste into browser
Code:
sdx-downloads.com/sdx/evo/troot/eng-PC36IMG.zip
evo4g.me/downloads//count.php?target=evo-root.zip
files.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-evo-v1.8.0.img
developer.android.com/sdk/index.html
You will need the Android SDK in order to communicate between your computer and your phone. Download it (last link above) and follow the setup instructions that it comes with.
Unzip the contents of the evo-root.zip and put all the files from it into the tools folder located in the android sdk folder.
Rename the eng-PC36IMG.zip to PC36IMG.zip and then put it the tools folder located in the android sdk folder. DO NOT UNZIP IT!
******* PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738 *******
Move the recovery-RA-evo-v1.8.0.img into the android sdk folder as well.
Make sure usb debugging is enabled on your device. To do so go to Settings > Applications > Development > and make sure the check box is checked.
Plug your phone into the computer. Select "Charge Only" from the notifications bar.
Open up terminal and navigate your way into the android sdk folder.
Code:
cd /
cd asdk
Push all the files onto your phone.
Code:
tools/adb push /asdk/tools/flash_image /sdcard/
tools/adb push /asdk/tools/rageagainstthecage-arm5.bin /data/local/tmp/
tools/adb push /asdk/tools/mtd-eng.img /sdcard/
tools/adb push /asdk/tools/PC36IMG.zip /sdcard/
tools/adb push /asdk/tools/recovery-RA-evo-v1.8.0.img /sdcard/
Note that the PC36IMG.zip will take longer than the other files to transfer to the sdcard because it is a large file.
Now we will make rageagainstthecage.bin executable.
Code:
tools/adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
You should see this (below) after it has made the change.
Code:
$
Now to use the rooted shell.
Code:
cd /data/local/tmp
./rageagainstthecage-arm5.bin
You will now see some text on your terminal screen describing the exploit.
Wait for the adb shell to finish the process. At this point it may or may not terminate the current shell session in terminal. If it does then it should look like this:
Code:
users-iMac:asdk user$
If it doesn't it will return to
Code:
$
in that case you need to exit the current session. To do so type
Code:
exit
Now we need initiate a new shell which should now have root permissions.
Enter the following:
Code:
tools/adb shell
and you will see you now have a
Code:
#
instead of
Code:
$
Now we need to flash the mdt-eng.img in order for it to let us install a custom recovery
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
That will flash your misc partition with Toast's mtd-eng.img
This should return you to
Code:
#
Now boot into hBoot
Code:
reboot bootloader
This will reboot your phone into hBoot. It will scan for the PC36IMG.img. When it asks yes or no, select yes.
It should then reflash your phone into the engineering build.
When it asks to reboot select yes.
You will need to flash custom recovery in order to be able to flash other custom roms or modifications. I use Amon_RA's recovery because it works great and has NEVER caused me any problems.
Now, open up terminal and get back into the android sdk folder
Code:
cd /
cd asdk
Since we have already pushed the recovery onto the sdcard we only need to flash the recovery onto the phone so that we can use it
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery-RA-evo-v1.8.0.img
Now lets rename that PC36IMG.zip file again
Code:
mv /sdcard/PC36IMG.zip /sdcard/eng-PC36IMG.zip
that way your phone doesn't try to flash it when you go into recovery each time
And last but not least we need to boot into it to flash a custom rom
Code:
reboot recovery
Your phone should then reboot into Amon_RA's recovery and you may now head over to the dev forum to find your new favorite custom rom.
very nice! can anyone confirm this? my buddy wants me to root his 2.2 and i would like to try this.
To make life easier for some people add this to your post mate, and apply it yourself if you would like.
Here is how to add your sdk/tools directory to your .bash_profile file so you won't have to navigate to the folder each time.
Download this so you'll be able to see your hidden files http://www.mediafire.com/?diimft1ninn Run it, check "Show Hidden Files" then click Restart finder. Now, navigate to your home folder (/Users/UserName/) and see if there's a .bash_profile already there. If not, create with textedit.
Now add this to the file: export PATH=${PATH}:/Path/Of/Your/Sdk/Tools/Folder
Mine is /Users/bmxrider4444/Documents/Android/SDK/tools
Now do not save it as rich text. If yours is in rich text, click on "Format" in the menu bar, and click "make plain text". Now save it as .bash_profile and uncheck "if no extension is provided, use .txt".
Now you can go back to Ghost and uncheck "Show all hidden files" and restart finder again (special thanks to ajones7279 for these steps)
Enjoy!
Just as clarification as to what this does, it enables you to run adb commands and other commands without having to navigate to the /android/tools/ folder every time you want to run adb or whatever.
does this work?
seekis said:
At this point we need to push the recovery onto the sdcard
Code:
tools/adb push "location of recovery-RA-evo-v1.8.0.img" /sdcard/
Click to expand...
Click to collapse
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
seekis said:
I don't trust unrevoked as I have had problems with it in the past.
I am not responsible for any damages to your phone.
Click to expand...
Click to collapse
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
randymac88 said:
This is great! Thanks for the guide - I am planning on rooting my Wife's EVO but have been waiting for an easier method than the other one posted. Question on the above where we write "location of recovery-ra-evo-v1.8.0.img". Is that the exact code, or should we be adding a directory or folder location into this line? I rooted my 2.1 EVO on my Mac a couple months ago and don't remember this step. Once again - very much appreciate the help.
One last question - would it make more sense to have a custom ROM already on your SD Card prior to rooting, so that you can flash it right after you flash AMON-RA for the first time? Probably doesn't matter but thought i'd ask.
Click to expand...
Click to collapse
Thats not the exact code no. I just put that as a place holder you are suppose to put in the location of where you have the recovery.img. For example, the exact command for me would be:
Code:
/Users/seekis/Downloads/recovery-ra-evo-v1.8.0.img
Don't trust us with the unrevoked 3.x/unrevoked forever application combo that's worked for thousands of users without sideeffects on regaw's post?
You should note to everyone that your method will screw up their PRI, reverting it back to 1.34. By using unrevoked and unrevoked forever, you can keep 1.40.
Click to expand...
Click to collapse
As far as using unrevoked, I stated that I, ME, MYSELF, has had issues with it. not that anybody else has. By all means go and use it if you would like. I will not. It is true that you will loose PRI 1.40, but seeing as how even after installing the OTA from HTC my phone still didn't update it to 1.40, I don't see the issue.
rsage said:
^^ same question as above, plus one other n00b question - does this method unlock NAND?
[edit] I was not insinuating that randymac88 is a n00b; I, however, am
Click to expand...
Click to collapse
i believe it does unlock nand seeing as how i adapted it from toasts method
Hey Seekis - question, I'm stuck here. I keep getting "permission denied", or "operation not permitted" when trying to make the exploit executable at this step:
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Am I missing something? I've tried a million times and can't seem to get past this. I've successfully pushed all the files onto the sdcard.
I've also have had some trouble finding the exact root path to these files. I've been able to navigate, but I would think a lot of users would have some trouble.
Regardless, many thanks for getting this posted...
EDIT: I pushed the rageagainstthecage file to the sdcard by mistake. Will try again tomorrow.
ok i got rid of that step by moving the file into the android sdk and pushing it with all the other files
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
The wife's EVO is now fully rooted running Baked Snack 1.5 w/Netarchy's kernel. Touch and go there for a minute, but it all worked out. No 1.40 PRI, but I don't really care about that right now.
Woot! Thanks Seekis!!
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
FoxHound630 said:
do u have to push the pc36img with adb every time or will drag and drop work or copy and paste work?
Click to expand...
Click to collapse
You can mount the card on your system and copy paste it over as well, yes.
randymac88 said:
Okay now I appear to be in big trouble as I've just messed up my wife's phone, and its probably going to be unusable for a while until I get this figured out (assuming I do!).
I got through most of the process. I flashed the PC36IMG.zip file; however when it asked to reboot, it just dumped me back into the bootloader. Whenever I say reboot, it just takes me back to the bootloader. Pull the battery, same thing - bootloader. Yikes.
I don't know how to get to the next step because I can't get into a booted rom in order to flash the amon-ra recovery. Am I totally effed? Can anyone help me here?
EDIT: Okay reflashed the PC36IMG.zip file, and it rebooted into the stock ROM. Onward! Phew!!
Click to expand...
Click to collapse
Had the same issue. When i first booked into the bootloader i had to select recovery then flash PC36IMG.zip. Then boot loop. Then i went back into the bootloader and it automagically read in the PC36IMG.zip and flashed it, then i got stock 2.1 root. Just a few minutes of "oh crap"
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
atom_jack said:
I'm stuck. I got as far as flashing PC36IMG.zip, which was successful, as my phone now runs 2.1, but it doesn't appear I'm rooted. When I go back into the adb shell, I'm getting the $ prompt, and running
Code:
cat /sdcard/flash_image > /data/flash_image
gives me a permission denied error. Help!
Click to expand...
Click to collapse
i dont know what to tell you other than try again. this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
seekis said:
i dont know what to tell you other than try again.
Click to expand...
Click to collapse
So after you flash PC36IMG.zip you should automatically get a root (#) prompt when going into the shell? ie, I'll have rooted 2.1 yes?
seekis said:
this happened to me the first time through as well. i dont know why. i just started from the top and it worked the second time through.
Click to expand...
Click to collapse
Aha. Ok, I will keep trying til it gives me a root shell, I guess. I also tried unrevoked3 but that didn't seem to work.
Success!! So, I stupidly assumed that all PC36IMG.zip's were the same, and was using the one from the original 2.2 PC thread. Once I got the correct one, voila!
You might want to post the md5 of the one you are using, so there's no confusion for others. Also, you missed a tiny step when you first start up hboot - you have to select fastboot for it to start scanning for PC36IMG.zip.
Thanks!
I take no credit whatsoever for obtaining root or anything development related.
I simply took BCNice20's instructions and added more detail for less experienced users. In fact I copied most of this directly from his thread and added more detail.
I take absolutely no responsibility for your phone if you brick it, if it melts, if it sleeps with your wife, or if it burns your house down.
Proceed at your own risk.
If you need to get started with the SDK and ADB start here
Step 1
Temp root your device using Visionary or Z4 (I prefer Visionary)
If you are already temp rooted skip this step
Step 2
Download the file linked at this address http://www.thebcblends.com/shift/Shift-root.zip
Extract the contents to the root of your SD card.
If you are having trouble extracting download 7-Zip
Once installed connect your phone to your computer as a disk drive
right click on the shift-root.zip, select extract here, then use the dropdown to locate your device, more specifically your SD card
Once you have extracted the file to the root of your sd card change your connection type back to charge only
Step 3
If you have followed my other thread you already have adb working
Open the cmd prompt and paste the following
Code:
cd C:\AndroidSDK\platform-tools
hit enter
type
Code:
adb shell
hit enter
you will see this
Code:
$
no type
Code:
su
hit enter
Superuser will prompt you to click allow on your phone. Click it quickly to allow permissions!
Now you will see
Code:
#
you have root permissions.
Step 4
Verifying md5sum
Make sure you copy and paste this exactly
Code:
md5sum /sdcard/Shift/hboot_orig.bin
then hit enter
Your result should look like this 386c19451e8dd18f9b98fad6b11be4c0 hboot_orig.bin make sure the numbers match. You may have some extra path in front of hboot_orig.bin.
Next copy and paste this exactly
Code:
md5sum /sdcard/Shift/hboot_eng.nb0
then hit enter
Your result should look like this 60ec1006e6ec2e8acb370d6aad35b17e hboot_eng.nb0 make sure the numbers match. You may have some extra path in front of hboot_eng.nbo.
If these do not match do not proceed. Delete the file placed on the root of your sd card and repeat step 2 and redownload.
Step 5
Now we're going to flash the eng spl. This is where the unpleasant things can happen.
Make sure you are in adb shell with superuser(root) permission. This was explained in Step 3.
If you are not in adb shell with root permissions then do not proceed. Do not pass go, do not collect $200.
Now DO NOT REBOOT until you are instructed to do so!!
Now paste this exactly into cmd prompt
Code:
dd if=/sdcard/Shift/hboot_eng.nb0 of=/dev/block/mmcblk0p18
and hit enter
You have flashed the eng spl. Now we will make sure it flashed properly.
Step 6
Check the md5 of new flash hboot and restore if necessary
run this command to pull the newly flashed hboot to your sdcard
type
Code:
dd if=/dev/block/mmcblk0p18 of=/sdcard/Shift/hboot_check.nb0
in the command prompt and hit enter
now we check the md5 to see if it matches
Enter
Code:
md5sum /sdcard/Shift/hboot_check.nb0
in the command prompt and hit enter
it should read 60ec1006e6ec2e8acb370d6aad35b17e
if the md5sum matches then congratulations its safe to reboot!! you can skip the next bit and continue on to step 7
if you absolutely cannot get the eng hboot to flash right then run this to restore the stock hboot
Type
Code:
dd if=/sdcard/Shift/hboot_orig.bin of=/dev/block/mmcblk0p18
in the command prompt and hit enter
then pull it to check md5
Type
Code:
dd if=/dev/block/mmcblk0p18 of=/sdcard/Shift/hboot_check1.bin
in the command prompt and hit enter
then check the md5sum
Type
Code:
md5sum /sdcard/Shift/hboot_check1.bin
in the cmd prompt then hit enter
it should read 386c19451e8dd18f9b98fad6b11be4c0
if it doesnt keep trying until it does but DO NOT!! reboot till it matches
Step 7
check hboot and perm root!!
ok now reboot your phone into bootloader
turn off phone and hold power+vol down till it boots into bootloader
look at the top and make sure it says s off
if so reboot the phone back into android
put the phone into airplane mode
Go to setting, applications, manage applications and uninstall superuser
Next temp root with visionary
after you are temp rooted then attempt to perm root with visionary
your phone will reboot and you are now officially perm rooted any changes you make will now stick on reboot
**Edit Recovery Added**
Download ROM Manager from the Market. (Pay for the donate version!)
Open ROM Manger and install recovery.
Im having problems on the CMD prompt. On the command line Im getting C:\users\Dizidi> instead of C:\>. Did I miss a step somewhere?
dizidi said:
Im having problems on the CMD prompt. On the command line Im getting C:\users\Dizidi> instead of C:\>. Did I miss a step somewhere?
Click to expand...
Click to collapse
Nope, that's sounds right.
Next you'll want to
Code:
cd C:\AndroidSDK\platform-tools
dizidi said:
Im having problems on the CMD prompt. On the command line Im getting C:\users\Dizidi> instead of C:\>. Did I miss a step somewhere?
Click to expand...
Click to collapse
You may want to learn some basic DOS commands first. See:
http://www.lsi.upc.edu/~robert/teaching/foninf/doshelp.html#chdir
dizidi said:
Im having problems on the CMD prompt. On the command line Im getting C:\users\Dizidi> instead of C:\>. Did I miss a step somewhere?
Click to expand...
Click to collapse
Type cd\ to get to the c:
The command prompt just started out in your user directory. You can just do the cd\Android......... stuff. Using cd\ it doesn't matter which directory you're in when you start.
Sent from my HTC EVO Shift 4G using XDA App.
Im such a noob, thanks guys. forgot to type in "cd".
Good Job typing this up!
Although I have rooted many phones before through adb it is helpful to see it wrighting in simple English
Thought I'd add that I needed to download an app like BusyBox in order to get md5sum to work.
Getting a lot of PM's for help so I'm bumping this back to page one
Any quick instructions for the 2nd part of that post, installing recovery?
tcd2004 said:
Any quick instructions for the 2nd part of that post, installing recovery?
Click to expand...
Click to collapse
First follow BCNice's instructions for backing up your Wimax Keys. You need to be in adb shell, then paste and enter. That easy!
After that place this file on the root of your sd card.
Disconnect from the computer then power down your shift.
Enter the bootloader by pressing power and volume down. The bootloader should recognize the zip and flash it automatically. Select yes to reboot when prompted.
Connect to your computer and remove the zip from your sd card.
If you want to verify your recovery is now working power down and turn back on by pressing power and holding the volume down button. You should now be looking at Clockwork Recovery.
BrandoKC said:
Enter the bootloader by pressing power and volume down. The bootloader should recognize the zip and flash it automatically. Select yes to reboot when prompted.
Click to expand...
Click to collapse
I'm not sure why, but I cannot for the life of me get this to work.
SD Checking...
Loading PG06IMG.zip
No Image!
idaed said:
I'm not sure why, but I cannot for the life of me get this to work.
SD Checking...
Loading PG06IMG.zip
No Image!
Click to expand...
Click to collapse
Delete the file off of your SD card and follow the instructions included in the Wiki Just download the fastboot file linked in the wiki and put it in the same folder you put adb in.
Thank for this guide!!!!!!!!!!!!!!!
I am now rooted . Thank you BrandoKC. I know you copied the instructions from bcnice20 ( Thank you bcnice20), but you dumbed it down enough for me to get brave. I'm a total noob to Android. It was a bit nerve racking, but I got it on the first shot. Thanks to everyone. Now it's time to OC my Shift .
Is there a video guide to root my shift?
HTC Evo Shift 4G
Thans for the more detailed guide! I'm now permarooted in under an hour
Sent from my PG06100 using XDA App
for some reason.. whenever I do temp root with visionary or z4... It says its rooting.. then my phone "restarts" does the sprint 4g slaph screen and gets stuck on the big 4G logo...
I ran visionary when I first got the shift(temp root to run titanium backup) but now it's not working. anyone know why?
Uninstall superuser, reboot, rerun Visionary
Sent from my PG06100 using XDA Premium App
BrandoKC said:
Uninstall superuser, reboot, rerun Visionary
Sent from my PG06100 using XDA Premium App
Click to expand...
Click to collapse
ah, gotcha. will try thanks.
Before I start this thread, I should say that all credit goes to otaking71 for finding this crack.
The two original threads are here
http://forum.xda-developers.com/showthread.php?t=1255043
http://forum.xda-developers.com/showthread.php?t=1255360
All of the work was done in the #htc_evo_shift channel on freenode irc.
Table of contents:
1. Hboot information about the exploit.
2. Downgrading
2.1 Notes
3. Full root(Updated 2.2 root)
4. Links
5. Credits/donation links
I will aim to make it so this mod can be ported to other devices to help downgrade bootloaders and software. Please read the entire thread before flashing anything and trying this.
Hboot
Hboot uses a hidden partition to check everything it flashes against, this partition is "misc", or hboot -1, or on the shift mmcblk0p17(hboot itself is at mmcblk0p18).
Some raw dumps of this partition using strings to filter ascii strings brings out this type of dump.
Locked bootloader for the evo shift's dump
"SPCS_001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
2.76.651.4
FNOC
FNOC"
Unlocked bootloader for the verizon thunderbolt
"VZW__001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
1.02.605.6
FNOC
FNOC"
Eng spl unlocked evo shift
"FN0C
FN0C
FN0C"
Now the place to focus at is the version numbers, 2.76.651.4. Hboot will check all items you try to flash via hboot or ruu utility against this number and if it is lower than what you are trying to flash, it will allow you to proceed in flashing through hboot, or ruu. If the number is higher, it will reject the flash. If the number doesn't exist(like in the eng spl) it will assume it is able to flash it(ONLY TESTED ON ENG SPL, not locked bootloaders). So by dumping the TB's misc partition into our own, we made it so the locked hboot would accept flashes. Either by RUU or hboot.
We believe the package you flash still needs to be signed though so that only leaves you with official ruu's and extracted ruu zips.
Joeykrim's history(Located on the second page of this thread)
joeykrim said:
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)
Click to expand...
Click to collapse
How to downgrade your device
For the shift, will be different on other devices with a bit of modding.
1. Temproot(With Fre3vo for the shift) http://forum.xda-developers.com/showthread.php?t=1185243
2. Move the file misc.img to the root of your sdcard, and PG06IMG.zip too if you plan on flashing through hboot.
3. Modify the misc partition to bypass the version check, type the following in an adb shell or a terminal emulator on your phone.
Code:
dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
Note for other devs: misc.img is the image from the TB, could be other images as long as it has a lower version number.
4. This is up to you, you can either use the ruu utility to revert or the PG06IMG.zip in hboot. I'll include links to both. Since both utilities check the misc partition, both are able to flash =)
5. Reboot and then full root like normal on your downgraded device.
Notes
1. When flashing hboot/using this exploit it always flashes twice/stops early and recontinues. Don't worry about it, this is normal(Sometimes it looks like more than 2 but just chill out).
2. Some SDcards are not recognized by hboot, so you will either have to switch cards for this operation or use the ruu utility method.
3. Remove the PG06IMG from your sdcard after flash, or hboot will pick it up next time.
Full root for downgraded 2.2
Flash ENG bootloader
1. Download these files and extract them to the root of your sdcard: www.thebcblends.com/shift/Shift-root.zip
2. Obtain temproot from z4Root, visionary, OR CM's temproot wiki
3. Flash hboot with Engineer SPL:
Code:
dd if=/sdcard/Shift/hboot_eng.nb0 of=/dev/block/mmcblk0p18
4. Boot into bootloader and check for S-OFF
Flashing a recovery
1. Grab latest shift recovery from: http://www.koushikdutta.com/2010/02/clockwork-recovery-image.html
2. Make sure you're temprooted(may have to temp root again)
3. Install recovery from rom manager
Alternative install can be done if you grab another recovery's recovery.img and do one of the following below.
a. Okay this is for those with fastboot - flash the recovery with fastboot: fastboot flash recovery recovery.img
b. This is for those where fastboot doesn't work or they don't have it - 1. Place recovery.img on the root of your sdcard, then type the command below.
Code:
dd if=/sdcard/recovery.img of=/dev/block/mmcblk0p21
Full root/Rom flashing
Well I know you don't have anything you want to save from the 2.2 ruu since it's just a stock flash, so I am going to leave it off here as flash whatever rom you want over the new system via recovery and you should end up with a fully rooted android.
Just remember to wipe data/factory reset after flash.
Links - MD5Sums aren't terribly important here as the files will not flash if they are not correct due to the signatures.
Fre3vo temp root for GB - http://forum.xda-developers.com/showthread.php?t=1185243
misc.img for the misc partition - http://dl.dropbox.com/u/41040697/misc.img MD5Sum: c88dd947eb3b36eec90503a3525ae0de
Misc.img mirror(You guys took down my second dropbox.....trying a different site now): http://www.box.net/shared/0l8ex73zne0tfr10ob69
Second mics.img mirror: http://dl.dropbox.com/u/15373824/misc.img
Another mirror for misc.img: http://dev-host.org/a9dbnuzgb9qv/misc.zip (Thanks Fdxrider)
Official ruu file for downgrading to 2.2 - http://www.multiupload.com/15N2D30H6C MD5SUM: a4b880954d2ac29d5bdf0dade9dede3c
PG06IMG for hboot downgrading to 2.2 - http://dl.dropbox.com/u/41040697/PG06IMG.zip MD5SUM: d20be478fd860b80f5e800c958f79077
Mirror for PG06IMG(First link went down temporarily due to generating too much traffic on my account, good job guys xD) - http://dl.dropbox.com/u/15373824/PG06IMG.zip
Mirror for PG06IMG: http://dev-host.org/xmlaaco0s2ph/PG06IMG.zip
2.2 root [Bcnice guide]- http://forum.xda-developers.com/showthread.php?t=932153
Cm's rooting method(For those without z4root or visionary) - http://wiki.cyanogenmod.com/wiki/HTC_Evo_Shift_4G:_Full_Update_Guide
Credits
Otaking71 - Discoverer of this exploit for the shift and working throughout the night to establish it as a working downgrade.
Bcnice20 & other 2.2 root devs - I borrowed your root methods for this guide, and linked to them. Just had to update it for recovery basically.
Stuke00 - Fre3vo temp root for 2.3.3
Joeykrim - Donating that history for the curious minds.
Donation links:
Otaking71 - Main driver of this discovery/creator and came up with this theory
http://forum.xda-developers.com/donatetome.php?u=1762836
Should we vote this to the front or try to keep it on the downlow?
^ Shift Faced
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Something of that sort, you can obtain full root through this exploit. Though it's through downgrading the firmware you use old 2.2 rooting methods.
totalnub911 said:
I'm at work now, but am I to understand that there is now a full root for shifts on gb?
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
YoungCorruption said:
that is correct if you downgrade then root with shiftRR. thats what i'm getting from all this
EDIT: got beat to it
Click to expand...
Click to collapse
sounds like its time to change your siggy there youngcorruption!
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
halrulez said:
Im sorry for the noobish but what does this mean and how do i do this
2. Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
misc.img is the image from the TB, could be other images as long as it has a lower version number.
Click to expand...
Click to collapse
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Nice write up, thanks to otaking and scary you all saved the shifters from a horrible ota update
Sent from my Supreme Shift using Tapatalk
Scaryghoul said:
In more specific directions it means to move the downloaded file misc.img to /sdcard , then to type the command "dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17 misc.img" without quotes. The rest just means it'll be different on other devices.
Click to expand...
Click to collapse
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
halrulez said:
ok can do this in terminal from my phone or do i have to do this in adb from my computer?
and if so what are the full steps to get to the point so i can enter this. I am trying to understand adb hell i am just starting in linux so i am hella noob
Click to expand...
Click to collapse
Either one, you can either mount your phone on usb and move the misc.img to your sdcard then type the command in terminal on your phone.
OR
You can adb push the file to your sdcard then adb shell the command.
I'll make the instructions more detailed in a bit.
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
I just did it and it worked perfectly. Back on 2.2, ready to root. Thanks again to otaking and scary for all your hard work.
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
halrulez said:
ok so i was able to do this from the terminal from my android
bow though when i am trying to run the ruu from my computer is starts to go but keeps says that it is waiting for the booloader. the phone wont boot in to the boot loader
Click to expand...
Click to collapse
you might need to install htc sync to run ruu's. http://www.htc.com/managed-assets/support/software/htc-sync/setup_3.0.5557.exe
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Best day ever!!!!!!!!!!!!!!!!!!!!!!!!!
strapped365 said:
im just going to put this out there as well because i have had problems with the drivers that came with sync and i was forced to use the modified usb drivers found in the unrevoked evo tool, i dunno its weird but my vista pc didnt like anything but them drivers, and another guy i helped ruu from a major mess up, he couldnt get anything with sync to reconize his shift untill he used the same modified evo drivers . i hope no one has an issue but if it come about this is how to fix a driver issue
Click to expand...
Click to collapse
provide link to said drivers?
riggsandroid said:
provide link to said drivers?
Click to expand...
Click to collapse
kinda cant provide an actual link directly to the drivers because i had to set up unrevoked just like i was rooting an evo, so i just hinted they were in the tool
http://unrevoked.com/recovery/
thats where you can get the tool from to setup your drivers if you have issues with sync not playing well or your pc just dont want to read the drivers right
for those curious, a lil bit of history:
same method as used on the evo part 2 thread by toastcfh at xda.
only diff is shift is emmc and evo was mtd. shift emmc partitions are a bit more in number and named differnetly when compared to the evo mtd partitions. on the evo this partition was labeled as "misc" in /proc/partitions. the misc partition being flashed holds the software version number which hboot checks against to verify whether or not it will allow an RUU to be loaded.
also, i want to recall a web site somewhere which allows users to create a custom misc file with a provided version number.
thought this partition was protected by the internal memory write protection but appears it wasn't. not much of a surprise as the first release of the shift didn't have write protection for the hboot partition turned on.
great this works! sadly, they'll prob patch it next OTA around as they did for the evo.
good job on testing (sorry about the lost shift), publishing and releasing! glad to see the shift has unlocked internal memory write protection again!!!
blakeatl said:
What do you mean by: Modify the misc partition: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p1?
I moved the misc.img to sdcard but I have no mmcblk0pl in dev/block. Do I have to create that folder? And dd and of....lost me there.
Click to expand...
Click to collapse
you're path to the internal partition location is incorrect. as the OP states, use:/dev/block/mmcblk0p17
full command: dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17
great article with the history and usage of dd, its a classic unix/linux command. very good to become familiar with: http://en.wikipedia.org/wiki/Dd_(Unix)