Hi all,
I've an HTC Wildfire with a branded ROM by Fastweb (ITA).
I didn't update to Froyo, so my phone can still be rooted.
Before rooting I want to be sure to be able to come back to stock ROM and hboot.
For my phone no RUU is avalaible, the only software package is the OTA update to Froyo (I haven't downloaded it for now).
As no RUU exists, I know that there's no easy way to restore my phone for warranty; isn't it?
What I'm asking is; if I get a temporary root (so no unrevoked) can I dump some phone address to get an hboot backup?
Using dd I should be able to dump, and if S-OFF also to restore the hboot, right?
I can't find information on this issue, everybody tells to use unrevoked!
May you help me?
[edit] fixed thread title, sorry!
I'm guessing you need NAND unlock (S-OFF), as if you could read/write HBOOT with temp root, people wouldn't be stuck un-rootable on Froyo
Yeah, you're right; I will never be able to write it until I'm S-OFF...but I still shall be able to read it, isn't it?
If i have a dump, I can put the phone in S-OFF with XTC clip and restore it.
But I still don't have any idea about on which /dev/ the hboot is stored
You cannot see the partition under /dev its hidden by hboot.
you need i think the diag file, i have that but thats also a nogo to downgrade or s-off, it says at-cmd timeout [email protected]=7,0 ok but phone reboots and not s-off.
ah, ok...so it seems it's not possible to backup the hboot?
they have been very clever this time...
thanks for your support.
Related
Its only going to be a matter of time before people will need to send phones back under warranty for whatever reasons so a guide for unrooting will be needed.
Any takers?
G2 already has one, but obviously we will need different rom/hboot etc to go back to our stock.
Not just unrooting, but going completely back to stock, i.e. S-ON and stock ROM.
As you say, we should be able to base it on this - http://forum.xda-developers.com/showthread.php?t=835971
Although we have several different stock ROMs, e.g. European, Asian, Vodafone UK, etc.
this is already covered in the FAQ (easy tutorial @ dev forum)
http://forum.xda-developers.com/showpost.php?p=9143411&postcount=2
gtrab said:
this is already covered in the FAQ (easy tutorial @ dev forum)
http://forum.xda-developers.com/showpost.php?p=9143411&postcount=2
Click to expand...
Click to collapse
That just says to use Visionary to turn off rooting. Or did I miss something ?
As I said, I think we need to cover how to return a phone completely to stock, and I don't think it includes all that you'd really need to do, or if you didn't use Visionary in the first place, e.g. the kind of stuff in the G2 post that I linked.
steviewevie said:
That just says to use Visionary to turn off rooting. Or did I miss something ?
As I said, I think we need to cover how to return a phone completely to stock, and I don't think it includes all that you'd really need to do, or if you didn't use Visionary in the first place, e.g. the kind of stuff in the G2 post that I linked.
Click to expand...
Click to collapse
It does say to flash an RUU to S-ON which in the past I would have said would work, but seeing how the G2 forums are not suggesting that its that simple my guess would be that its not that simple.
I had to flash the PC10img thing taken from the stock ROM to restore root and s-on. But no idea how to extract that PC10img thing, not that I have looked into it either.
That info was from one of the guides in the dev section I'm sure.
Sent from my HTC Vision using XDA App
What might work now will probably not work once an OTA update comes out for the DZ though, as per the problem on the G2 they've had which has led to quite a few semi-bricks (possibly full bricks in some cases ?).
Done some research, it would seem that flashing an RUU would work fine for those of us already rooted, if an OTA were to come out those who rooted after the OTA would have issues unless an RUU for the same OTA was released as well. (this is basically because the RUU's currently available will be older than the software the phone is on so the RUU would fail leaving you with a semi-bricked phone as described above, basically it would flash stock hboot and recovery then fail to flash the /system so you would be left with no root or recovery and no rom.
Flashing the ruu would give rise to accepting the OTA too, if you really wanted to do that, but it might block root.
you just need the RUU for your correct original phone version
OR use a gold card
eg. I have debranded mine from bell NAM 1.34.666.5 to euro generic 1.34.405.5
To go back to stock, I can:
1.- grab the bell 1.34.666.1 RUU (its slightly previous, but is the correct original version for my phone)
OR
2.- run the euro generic 1.34.405.5 with a golcard inserted
gtrab said:
you just need the RUU for your correct original phone version
Click to expand...
Click to collapse
Isn't that dangerous though once we get any OTAs, and could lead to this ?
http://forum.xda-developers.com/showthread.php?t=838484
Or am I missing something ?
steviewevie said:
Isn't that dangerous though once we get any OTAs, and could lead to this ?
http://forum.xda-developers.com/showthread.php?t=838484
Or am I missing something ?
Click to expand...
Click to collapse
Yes thats what I was getting at in my post above, any RUU you flash needs to be of the same or newer version of what your previously flashing. You cannot GoldCard to flash an RUU to S-ON or you get left with the semi-brick where you have stock recovery and hboot, but no rom installed.
So if an OTA comes out, you can't accept it, s-off then use an older RUU to s-on again. You would have to flash an RUU of that OTA version (if one is released).
Basically its best to not accept any OTA if you can avoid it and just wait for a custom rom of the same, that way we can always use the older RUU's to s-on if we need it.
I successfully downgraded my rooted/S-OFF'd phone to an earlier ROM last night. I simply followed this method - http://forum.xda-developers.com/showthread.php?t=832503
I'm of the firm belief that this is the onyl way to do it if you are at S-OFF. If you have S-OFF, then flashing an older RUU will probably brick your phone.
Well yesterday I perm root and s-off my european Desire Z with World/Euro generic 1.34.405.5. Somehow everything went bad after flashing recovery mode, so I decided to unroot it and bring it back to original settings.
I found there are 2 methods, one is to run the original ruu, and the other one was to copy the exact World/Euro generic 1.34.405.5 PC10img.zip to the root of my sd card.
Then entered to bootloader, and the phone recognize the archive, I simply apply it, and now I am back again to original stock.
However now I tried again and I am happily root, and S-Off following the amazing gtrab guide (http://forum.xda-developers.com/showthread.php?t=835777)
buzmay said:
I found there are 2 methods, one is to run the original ruu, and the other one was to copy the exact World/Euro generic 1.34.405.5 PC10img.zip to the root of my sd card.
Click to expand...
Click to collapse
That's the thing I keep saying though, flashing the original RUU worked for you because you weren't trying to downgrade the ROM, it was the same version that you already had on (just S-OFF etc). If you had a later version on your phone (e.g. via an OTA update) and were trying to flash to an earlier one, you would have bricked it trying the straight RUU method.
So what should be done is download and install an RUU - say 1.234.987, so you're on 1.234.987 - then root / S-OFF / custom ROM the phone. If anything goes wrong, reinstall the 1.234.987 RUU.
By the way - that's a fake RUU
DanWilson said:
So what should be done is download and install an RUU - say 1.234.987, so you're on 1.234.987 - then root / S-OFF / custom ROM the phone. If anything goes wrong, reinstall the 1.234.987 RUU.
Click to expand...
Click to collapse
During that process, if the stock HBOOT/recovery that is installed by that RUU decides that what you're trying to flash is "older" than your custom ROM, you're screwed though. That's why the "debranding" guide has extra steps in it, i.e. gold card and editing the misc partition.
steviewevie said:
During that process, if the stock HBOOT/recovery that is installed by that RUU decides that what you're trying to flash is "older" than your custom ROM, you're screwed though. That's why the "debranding" guide has extra steps in it, i.e. gold card and editing the misc partition.
Click to expand...
Click to collapse
I hate HTC.
Love the phones, love the Sense, hate the security.
Why not give us a command like the N1? WHY!?
So you should backup the system partition before S-OFF and so on? Like so a dd? (Following on from previous post)
DanWilson said:
So you should backup the system partition before S-OFF and so on? Like so a dd? (Following on from previous post)
Click to expand...
Click to collapse
The system partition isn't changed in S-OFF, that's the boot partition (just allows writing to the system partition).
The gold card and editing of the misc partition should work fine, as per this thread - http://forum.xda-developers.com/showthread.php?t=832503
It worked for me last night to flash to an older stock ROM (which also gave me S-ON again, removing my S-OFF).
steviewevie said:
The system partition isn't changed in S-OFF, that's the boot partition (just allows writing to the system partition).
The gold card and editing of the misc partition should work fine, as per this thread - http://forum.xda-developers.com/showthread.php?t=832503
It worked for me last night to flash to an older stock ROM (which also gave me S-ON again, removing my S-OFF).
Click to expand...
Click to collapse
Cool. Confused. I believe you though.
But you are saying just to make a gold card, and edit the misc partition?
Nice
DanWilson said:
Cool. Confused. I believe you though.
But you are saying just to make a gold card, and edit the misc partition?
Click to expand...
Click to collapse
Following that guide that I linked worked for me. Yes, I turned my SD card into a gold card and edited the misc partition. Then it is fooled into thinking you're restoring a ROM of the same version that it already is running, so it lets you do it.
Actually, I do wonder whether both steps are necessary (i.e. gold card *and* editing misc), because I thought the whole point of the gold card was that it avoided those checks, so perhaps you can do one or the other ? I am only thinking out loud here, and may well be missing something, so I don't suggest trying it other than as in that guide.
I need to send my Mytouch 4g in for repair due to an issue with "limited service" problems. Both T-Mobile and HTC said it is a rare problem and it needs to come in for repair.
My problem is that my phone is/has been rooted. I need to COMPLETELY UNROOT it before sending it in, or they will not repair/replace.
What can I do to completely unroot so they will not know that it was ever rooted?
I have run the unlockr method with the PD15IMG but Im not sure that is it. What else can do to see that it was rooted? Is there anything other than info in the bootloader? I turned the S-On again.
PS - the issue with my phone is when i put in my SIM card (under any rom, including stock) it comes back with a message saying "limited service" and i cannot do anything to fix it. If you have an answer for this too, that would be helpful.
Either way I dont want to lost this phone due to root/warranty problems.
Thanks ahead of time....
How did you root it? Did you use gfree and simunlock? Did you flash engineering hboot? Did you S-OFF? Did you flash custom images?
There are a lot of questions to answer in what to undo.
If you SIM/Super CID unlocked and radio S-OFF with gfree then you need to follow the instructions in the gfree thread on how to restore your part7 backup.
If you flashed the engineering hboot, again, follow info in the gfree thread on how to flash it back to stock.
Once you are back to normal hboot and S-ON, just loading the PD15IMG for the complete OTA (find the thread in the dev section) will factory wipe and clear the rest for you.
Thanks for the quick reply. I followed the unlockr method completely to gain root.
theunlockr.com/2010/12/10/how-to-gain-permanent-root-and-s-off-on-the-t-mobile-mytouch-4g-htc-glacier/
Then I installed Iced Glacier.
I also did their unroot method which includes flashing the PD15IMG and turning the S-On. Normally, should I receive an OTA after flashing this? Or is this THE updated image?
If is should expect an OTA, I will not get it. The reason i need to send the phone in is because i do not get service with the SIM card in. It reads "Limited service" "Emergency Calls Only". In this case, i would not recieve an OTA. Is there anything else I can do?
Thanks again.
http://forum.xda-developers.com/showthread.php?t=858996
Scroll down to "follow these steps to restore stock hboot (0.86.0000) and flash that back on if you have not already.
If you flashed the PD15IMG from this thread then it already has the OTA updated applied and you should be g2g.
Thank you very much. That is a huge help.
After updating the HBoot and flashing the PD15IMG we should be back to stock.
Is there any way after that HTC will see it as previously rooted?
I thought to myself that the hackers were smarter than the developers.... Im glad I was right.
Thanks again.
Sent from my HTC Glacier using XDA App
pnut22r said:
Is there any way after that HTC will see it as previously rooted?
Click to expand...
Click to collapse
With S-ON, a stock hboot, and a fresh flash of the OTA image -- no, not to my knowledge.
Ok so I am expecting to receive a replacement for the BAD SCREEN (inferior) issue. So preparing to get my phone to STOCK condition.
--------PRESENT STATE----------
Rooted - using http://forum.xda-developers.com/showthread.php?t=858021
S=OFF
Radio - 26.09.04.26
ROM - Nexus AOSP 1.2.7
Recovery - 3.0.2.4
----------STOCK STATE------------
Unroot - http://forum.xda-developers.com/showthread.php?t=924923
S=ON
Radio - 26.03.02.26 http://forum.xda-developers.com/showthread.php?t=1059347
Recovery - ????
Now I kind of know where I need to be at but I am not sure of the sequence of the steps. Also, how do I get back to stock recovery from Clockwork?
Is there a good check list of things to make sure before sending back the old phone?
thanks a lot.
for unroot
download stock rom from here http://forum.xda-developers.com/showthread.php?t=901477
rename it PD15IMG.zip and put it in the root of your sdcard not in a folder
go into hboot by powering off then hold VOL DOWN+POWER
then it will automatically check to find PD15IMG.zip when it ask for update click yes
wait for it to install done stock unroot
Thanks for your reponse. I was aware of that method and was planning on using it. Does that also take care of clockwork recovery and updated radio?
Hi all,
today i discovered something strange and i like to get your opinion on that:
I am not able to do s-off things in fastboot even if i have s-off!
Situation:
Phone: Desire Z
HBOOT: stock 0.85.0005
FW: 1.34..
Rooted: did root, supercid and s-off via gfree and verified via gfree_verify - even hboot showes up S-OFF
ROM: GingerVillain 1.5
Recovery: ClockworkMod 3.0.0.5
Problem:
First of all, i myself have no problem, but i started experimenting after a friend semi-bricked his desire z with same setup.
I did a nandroid backup and when i boot into hboot and do a 'fastboot flash recovery recovery.img' (with my nandroid recovery.img) i always get a remote: not allowed.
Now from my point of view this should only happen if I have a S-ON and should be impossible with S-OFF ?! Even using 'fastboot oem rebootRUU' does not change anything.
The thing that concerns me about that is: If something destroys both system and recovery, your pretty much screwed + bricked because hboot is not allowed to write to something other then cache and all of this basic stuff doesn't work:
- flash recovery with CW
- flash a complete zip
- flash an other hboot
- RUU
When I rooted my phone i have read everywhere that eng-hboots are not necessary any longer. But it appears that they are the only thing that helps and you have to install them as long as you have a working ROM.
Any thoughts on that issue / can you reproduce this / are fastboot actions logged anywhere?
You need a ENG. HBoot to use fastboot commands, doesn't matter if your s-off.
yeah, i came to the same conclusion..
is there any chance to flash a eng-hboot from a bricked 0.85.0005? i did some experimentation with a goldcard, but at least remote commands didn't change in behaviour..
I think being full-bricked when something goes wrong and not having an eng-hboot already installed is not an acceptable solution for most people here
DragonTEC said:
yeah, i came to the same conclusion..
is there any chance to flash a eng-hboot from a bricked 0.85.0005?
Click to expand...
Click to collapse
maybe thru a modified PC10IMG.zip
I think being full-bricked when something goes wrong and not having an eng-hboot already installed is not an acceptable solution for most people here
Click to expand...
Click to collapse
My thoughts exactly, its kind of a safety if you can't boot into android.
i'm not sure if a PC10IMG.zip will help at all.. my friend tried flashing both 1.34 and 1.72 RUU ROMs as PC10IMG and this didn't change anything.. in fact, the 1.72 even didn' install the new .00008 hbott, so i thing there is some heavy write protection in the hboot making it more or less useless..
what i can imagine that works is aa gokldcard with sppimg.zip, but i haven't yet found one for the desire z..
i have the feeling that this is a huge problem because with a short research i have found at least 3 threads of people having bricked their phone exactly this way and are now stuck.. some of the experts here might pay attention to this problem and in my opinion you should also consider removing the 'a eng-hboot is not needed, don't use it' advice from the rooting section of the wiki..
So what exactly is your problem.
You destroyed recovery and system?
If yes, and you used gfree to get Super-CID just install an PC10IMG that has a version higher or equal to the main version in you misc partition. And then do the whole downgrading, rooting, flashing recovery again.
If you are not Super-CID you might need a goldcard in addition if the CID of the phone is not supported by the PC10IMG that you whant to install.
have fun Guhl
It is almost impossible to brick this phone. The only possible way might be a failed copy of the eng-hboot and this is why the warning is and stays in the wiki.
Sent from my HTC Vision using XDA App
I thought so, too, but when flashing a newer original RUU using the PC10IMG.zip, the flash process runs okay, but after the restart nothing (still hangs in HTC screen, no new hboot) changes so apparently no changes are made..
So from my point of view the phone is more or less bricked.. i guess maybe some custome PC10IMG with an eng-hboot might change this, but i only found one for the G2 and wasn't able to find one for the DZ.. Thats why I thing that removing the 'UNNECESSARY' advice is justified (of course i don't want the warning advice that this can brick the phone to be removed)..
A little question about AlpharevX that I had on my mind for some time.
What I would love is the right answer and not thousand of people guessing it, so ideally, please refrain from answering if you are not sure.
XTC Clip gives us factory S-OFF, through the likely emulation of the official HTC SIM card with the relevant RSA keys. If you use the XTC clip, your phone becomes a 'dev' phone, totally unlocked as it was meant by HTC.
Now what about AlpharevX?
There are a lot of people talking about it making their phone S-OFF.
Now the question.
Is the AlpharevX S-OFF the same as the XTC Clip S-OFF, ie achieved by clearing the s58 security flag, OR is it just patching the HBOOT to make it think that S is OFF (like Alpharev 1.8 did), OR is it achieving this feat in some other way?
On the Alpharev 1.8 page, it says:
Since we are unable to access the Radio NVRAM itself (where secuflag is stored),
Click to expand...
Click to collapse
So this got me wondering.
It is a reversed engineerd bootloader that thinks that the secuflag is off. So nothing is changed in the radio, they just put a new hboot on your phone.
Alltough it is a reversed engineerd one, it does do everything that the standard htc hboot does. It does even more: there is the posibility to use fastboot, which is not possible with the factory bootloader. So making your phone s-off by the xtc clip will not allow you to use fastboot, flashing the one from alpharevx does.
Erwin
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Thanks Erwin.
So the phone is still S-ON, but does not care about it anymore. Sweet.
I was asking this because I was thinking that if I were a developer, I would have put some code in all sort of horrible places to check for this sort of bypass, a bit like in the first PS, where games stopped working if they detected a modchip.
But then if I were an HTC developper, I would have had total faith in HBOOT 1.000.1 being unbreakable, so I may not have bothered
In any case, how did they manage to get a custom HBOOT ? Does anyone know?
Is it signed ?
You're welcome! ;-)
It is of course not signed ;-) I've asked them, but they wouldn't say it, propably for the same reason as why unrEVOked keep there method secret untill htc has come up with an update that fixes the exploit. So I understand why they won't tell us and also, you do not ask for your grandmother's secret family recepy, do you ;-)
All we know is that they use a combination psneuter and gingerbreak to get a temproot, and than somehow manage to get pass the nand protection to replace the factory hboot by there hboot. Or at least, that is my interpretation of what I've read here on this forum somewhere
Erwin
metv said:
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Click to expand...
Click to collapse
Sorry I didn't see your question.
Once they have a way to replace the stock hboot by there one, there hboot can be easely replaced in the same way by the stock one, to get an s-off device again. They have already said somewhere that they will provide a way to revert the proces, just in case you have to bring your phone back in waranty. There are real genuises, aren't they ;-)
Erwin
Thanks for the clear explanation chaps.
Hi Gents,
Before I get flamed, have been on XDA for with a HD2 for a while so bear with me - I have purchased a Mytouch and it has come with S-off but no root have tried pushing CWR via adb but comes back not reading the img - also came with 2.3.4 update S-off is ther a way I can flash a rom thats rooted to get Su permission ??
I am on H-boot .89
Any help would be great.
Thx
Stickies and INDEX are a great help.
Some basic reading is expected.
Thank Jack_R1 used to say the same myself I think re downgrade and start from scratch ... eeek and this one has a bad chipset -
No need to re-downgrade. If you got S-OFF - you're good.
Now flash engineering bootloader (0.85) by PD15IMG.ZIP way (search the guides for it) and use fastboot for flashing recovery.
This should guide you enough.
Thanks mate appreciate the help
Edit: have done your suggested but i am getting a Cid error ??
Means you probably don't have MT4G, but HTC Panache.
Look up a thread named "Videotron/Mobilicity Panache thread". There are instructions for making goldcard.
Actually, what it could also mean is that your phone was S-OFF-ed by XTC Clip and not by gfree, which means you're still not SuperCID. You might want to downgrade to Froyo and run gfree for SuperCID only.