Short story is, I got a DNA off of Craigslist for cheap that was stuck in fastboot mode and would not RUU. Its S-ON/Relocked/Tampered. After trying many things, I flashed a 2.06 update zip, and now it boots into a custom ROM that already has working root access. Looks like someone tried to put it back to a stock state but relocked it preamturely.
Now that I am back into a bootable state, neither Revone or Moonshine will work to get S-OFF so I can clean up the mess. Moonshine fails at 'launching temproot -> waiting 10 seconds -> Error; run distiller again' , and Revone auto-reboots after running ./revone.dna -P, and I've tried all the tricks in that thread here. I've factory reset/powered down and tried ad nauseum, with no luck.
My next line of thinking is, since it already has a working root, is it possible to have Moonshine bypass the temproot process? Or is it somehow possible to reflash a stock 2.06 system image? (I know there is no RUU yet.)
Since I did successfully flash the 2.06 update, which would restore the kernel and all that, Any suggestions on what to try next?
[EDIT] SOLVED!! I had to manually supercid and then unlock the bootloader via htcdev (most folks in a similar situation as I was would likely need temproot first.). After, I was able to S-OFF via facepalm.
Big thanks to Zanzibar in freenode #moonshiners for the tip!!
hurrrtin said:
Short story is, I got a DNA off of Craigslist for cheap that was stuck in fastboot mode and would not RUU. Its S-ON/Relocked/Tampered. After trying many things, I flashed a 2.06 update zip, and now it boots into a custom ROM that already has working root access. Looks like someone tried to put it back to a stock state but relocked it preamturely.
Now that I am back into a bootable state, neither Revone or Moonshine will work to get S-OFF so I can clean up the mess. Moonshine fails at 'launching temproot -> waiting 10 seconds -> Error; run distiller again' , and Revone auto-reboots after running ./revone.dna -P, and I've tried all the tricks in that thread here. I've factory reset/powered down and tried ad nauseum, with no luck.
My next line of thinking is, since it already has a working root, is it possible to have Moonshine bypass the temproot process? Or is it somehow possible to reflash a stock 2.06 system image? (I know there is no RUU yet.)
Since I did successfully flash the 2.06 update, which would restore the kernel and all that, Any suggestions on what to try next?
[EDIT] SOLVED!! I had to manually supercid and then unlock the bootloader via htcdev (most folks in a similar situation as I was would likely need temproot first.). After, I was able to S-OFF via facepalm.
Big thanks to Zanzibar in freenode #moonshiners for the tip!!
Click to expand...
Click to collapse
I've got a DNA in the same situation, mind telling me how you manually supercid on the 2.06 firmware?
PhantomApollyon said:
I've got a DNA in the same situation, mind telling me how you manually supercid on the 2.06 firmware?
Click to expand...
Click to collapse
fastboot oem writecid xxxxxxxxx if you have issues with revone, try typing "su" before ./revone -p in shell so it runs as root (if you have root obviously)
Also omitting the "-p" switch might help.
fr4nk1yn said:
Also omitting the "-p" switch might help.
Click to expand...
Click to collapse
Even though this is marked solved in the op, im going to leave this tidbit here as it most likely would have applied here.
adb install dnashellroot.apk
[16:40] <@beaups> then
[16:40] <@beaups> adb shell
[16:40] <@beaups> am start -n c.fyf/.MainActivity
[16:41] <@beaups> wait 10 seconds, then
[16:41] <@beaups> /dev/sh
[16:41] <@beaups> let me know if $ turns into #
[16:41] <maxiixam> k
[16:42] <maxiixam> hah, helps if im not in fastboot =P
[16:43] <@beaups> indeed
[16:43] <maxiixam> don't worry this aint my first rodeo
[16:43] <@beaups> says the guy who went s-on...
[16:44] <Nick> lmfao
[16:44] <maxiixam> every dog has his day.
[16:44] <maxiixam> also next, we got #
[16:45] <@beaups> cool
[16:45] <@beaups> echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
[16:45] <@beaups> ^copy/paste that
[16:45] <@beaups> do NOT screw it up
[16:45] <maxiixam> done
[16:46] <@beaups> ok
[16:46] <@beaups> exit
[16:46] <@beaups> exit
[16:46] <@beaups> adb reboot bootloader
[16:46] <@beaups> fastboot getvar cid
[16:46] == Bowsakirby [[email protected]/web/freenode/ip.69.92.52.209] has quit [Ping timeout: 250 seconds]
[16:46] <maxiixam> all 2222222's just procede to htcdev?
[16:47] <@beaups> yep
[16:47] <@beaups> then use facepalm for s-off
Run this from an elevated cmd prompt where you have un zipped moonshine.
*I am not responsible for what may happen to your phone*
Related
Well I rooted my thunderbolt yesterday and today I was going to try to install a ROM but for some reason I can't do it.
I'm using rom manager. I flashed the clockworkmod recovery. Then I went to backup my current rom and the phone restarts then just goes straight to the boot loader where I only have a few options.
Hboot
Power down etc...
What am I doing wrong?
When I tried yesterday I got a little farther and went to install the rom and the same thing happened. No recovery or options to install off SD.
There is no option for recovery?
If not, go back into rom manager, settings, and check erase recovery. Then flash CM Recovery again (the top option on rom manager) and it should fix the problem for you.
Tried that:
I get HBOOT
FASTBOOT
RECOVERY
FACTORY RESET
SIMLOCK
HBOOT USB
IMAGE CRC
I go select recovery and the phone restarts briefly and I get FASTBOOT USB
BOOTLOADER
REBOOT
REBOOT BOOTLOADER
POWER DOWN
No other options.
I would flash back to stock and root again, maybe something didn't take right the first time.
g00s3y said:
I would flash back to stock and root again, maybe something didn't take right the first time.
Click to expand...
Click to collapse
Agh really. It rooted perfectly I thought. I have root access and everything. Any other ideas before I have to go through that process again?
Maybe go to the thunderbolt chatroom on IRC and see if people can help you there. Unless someone else here knows what to do. But i never heard of a problem like that.
I think I might have figured out the problem.
After I go to install the ROM it brings me to the bootloader. Under the pink ***security warning*** I'm showing
MECHA XD SHIP S-ON
I thought S was supposed to be off? Does the root for Mac not do S off?
droidboy850 said:
I think I might have figured out the problem.
After I go to install the ROM it brings me to the bootloader. Under the pink ***security warning*** I'm showing
MECHA XD SHIP S-ON
I thought S was supposed to be off? Does the root for Mac not do S off?
Click to expand...
Click to collapse
That is not good at all I believe. You should go to the chat ASAP, I think you have to restore your system to stock and then root again. You aren't supposed to be showing the pink ***Security Warning*** and you should also be S-OFF.
EDIT: Just saw you were on a mac, I don't have one so any instructions on MAC specifics I wouldn't be able to tell you, sorry.
Any tutorials for going back to stock on a mac? I saw a regular unroot procedure but it said push the image and exploits and I'm not sure what push means. I also don't have ADB or anything on my phone so can I still do it?
droidboy850 said:
Any tutorials for going back to stock on a mac? I saw a regular unroot procedure but it said push the image and exploits and I'm not sure what push means. I also don't have ADB or anything on my phone so can I still do it?
Click to expand...
Click to collapse
ADB would be in your computer. If you used a simple root process, then you will have to learn ADB to fix your issue.
the solution is here: http://forum.xda-developers.com/showthread.php?t=1009423
and if you did the long root way, this will be easy for you.
First, download the following files: To where? The SD?
Stock firmware (MD5 sum: 7141f5620f6128af77d50587e341f4b0)
exploits.zip (MD5 sum: 3b359efd76aac456ba7fb0d6972de3af)
Next, push exploits.zip and misc.img. What is push?
I go into terminal to do adb push misc.img /data/local/ and it says adb: command not found.
Where do the unroot files have to be? I'm still confused how I can be rooted with S on?
droidboy850 said:
I go into terminal to do adb push misc.img /data/local/ and it says adb: command not found.
Where do the unroot files have to be? I'm still confused how I can be rooted with S on?
Click to expand...
Click to collapse
if you type "adb devices" what does it tell you?
I've gotten a little farther but look what it says now:
$ su
/data/local/busybox md5sum /data/local/misc.img
Permission denied
$ c88dd947eb3b36eec90503a3525ae0de /data/local/misc.img
$ dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
/dev/block/mmcblk0p17: cannot open for write: Permission denied
This procedure applies to both flyers and view
Required downloads
First download the Gingerbread RUU for your device from this thread.
If you don't have adb and fastboot on your PC
Get fastboot and adb tool for windows here
Get Fastboot and adb for linux here
I don't have a simple bundde for Mac, would welcome a link if anyone has one.
Download my universal misc_version and unzip to obtain the misc_version file.
Download tacoroot
Place both the misc_version and tacoroot.bin files in the same directory as adb
Procedure
Check the version number for your gingerbread RUU
In my example I am using this RUU: RUU_Flyer_HTC_WWE_2.00.405.3_R_Radio_20.3501.30.08 9BU_3809.05.04.10_M_release_194964_signed.exe
The version is the part highlighted in red.
Boot your flyer up to android if it's not already on, with usb debugging enabled and connect it to the PC.
Run the following adb commands
Code:
adb push tacoroot.bin /data/local
adb push misc_version /data/local
adb shell chmod 755 /data/local/tacoroot.bin
adb shell chmod 755 /data/local/misc_version
adb shell /data/local/tacoroot.bin --setup
At this point your device will reboot to recovery
Simultaneously press Volume Up, Volume Down and Power
Reboot your device
Run the following command
Code:
adb shell /data/local/tacoroot.bin --root
Your device will reboot, do not worry if it does not boot fully, it doesn't matter for this procedure, and it is a side effect of this root exploit.
Run the following command:
Code:
adb shell /data/local/misc_version -s [COLOR="Red"]2.00.405.3[/COLOR]
Note that the number in RED is the version number retrieved in step 1.
Reboot to fastboot:
Code:
adb reboot bootloader
Run your RUU ( if on linux or mac, see other similar threads from me on how to RUU on those OSes )
Special Thanks
jcase for providing the tacoroot.
Nice release globatron! I was actually looking at Tacoroot for this last night but didn't really want to go into it too much and decided against using it. Glad to see I wasn't the only one with the idea for it though.
heh, Gave jcase the updated misc_version so he has it on the github radme for tacoroot already but didn't want to release the procedure until I has actually tested misc_version to run on at least a few HTC emmc devices and with multiple version string lengths.
Even if you didn't release this today, I probably would have started on it tonight, I'm a bored teenager with too much time. Still, keep up the good work. If you want me to make a script for you or anything, let me know and I'll get to work on it. (also, you know you can actually have adb from the recovery so you dont need to hit the buttons on it, just have it wait then adb reboot (or even adb shell reboot))
Of course I know that but that's not the what the buttons is about here.
What are the points of the button?
Sent by breaking the sound barrier
To ensure with absolute certainty that a log will be created.
Ah, you want the button presses to be logged to ensure it's done the job. Alright, fair enough.
Glad to TacoRoot in use!
Thanks for the spice jcase, just realized I had a typo in the procedure....jcase *provided*, not tested (well that too), tacoroot.
globatron said:
Thanks for the spice jcase, just realized I had a typo in the procedure....jcase *provided*, not tested (well that too), tacoroot.
Click to expand...
Click to collapse
is the typo msc_version being misc_version
thanks Kevin, fixed that.
yep, didnt notice it until someone tried to do my procedure today lol... copy and paste my friend lol. Plus I just need to know one thing. This brings you down to GB but still keeps you locked right? You still technically have to use HTC unlock to bring it back to 1.13.000 correct?
Part1: correct, you've never unlocked if you do this.
Part2: No, you don't have to unlock at all during this procedure.
so to go from the 1.14 hboot to 1.13 u dont need to htc unlock?
kevinrocksman said:
so to go from the 1.14 hboot to 1.13 u dont need to htc unlock?
Click to expand...
Click to collapse
That's correct.
globatron said:
This procedure applies to both flyers and view
Required downloads
First download the Gingerbread RUU for your device from this thread.
the download link takes me to the flyer RUU, i understand the view & flyer are the same except the 3g/4g network on the View. i just want to make sure i download the correct RUU for my View. what verision do i need? this one "RUU_Express_Sprint_WWE_1.22.651.1_Radio_1.05.11.0531_NV_2.28_SPCS_release_198141_signed.exe"
agian thank you for the support
Click to expand...
Click to collapse
That one is fine. Express is the board name or the view so an RUU with express (not expresskt) in the name is what you need.
Hello, thanks for the downgrade help. Upgraded to honeycomb and hated it so I followed your instructions and everything went exactly as described until the middle of the RUU upgrade itself where it stopped and gave me an
ERROR[140]: BOOTLOADER VERSION ERROR
The ROM Update utility cannot update your android phone
Please get the correct ROM update utility and try again.
It won't successfully reboot now. When I go back to bootloader mode the recover screen shows
*** LOCKED ***
express pvt ship s-on rl
hboot-1.14.0005
microp-0656
radio-1.05.01.1006_3
emmc-boot
oct 25 2011, 16:35:13
used RUU_Express_Sprint_WWE_1.22.651.1
Its completely stock, was notified of the new update by htc and installed it over wifi. Thanks in advance for any help
What appears to have happened here is that somewhere along the way something didn't work fully and you failed to set the version to the same as or lower than the RUU you used.
I would need to see the output of :
Code:
fastboot getvar version-main
to be absolutely certain of this. If that is the case then becasue you are completely stock the best course of action would be for you to return it for repair. Tell the technical support people that this happened when you tried to take the OTA update to HoneyComb. The alternative will require you to use the HTC unlock.
My DNA was previously S-off and unlocked before the latest kitkat OTA, when the new OTA came out I fastboot flashed the latest HBOOT and Radio before I started using a custom sense 6 rom. It seems that with the HBOOT update, my bootloader became locked and the tempered sign is gone as well, I tried using firewater, but since my phone is S-Off the application just say there's not anything it can do and closes. What can I do to unlock my bootloader? Or do I have to return everything to S-On and run firewater?
Just downgrade the hboot and install again 3.06.605.4 and later unlock your bootloader and keep it s-off!! and later if you want update again to kitkat but use the first ota zip and second one too!!
I would flash the 3.06 hboot first before this, but it probably won't make a difference.
to UNLOCK your bootloader,enter the following:
adb devices
adb shell
su (if needed to get a # prompt)
Code:
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
(i would very strongly recomend you copy/paste this)
exit
(exit a second time if you need to to get back to a normal > prompt)
adb reboot bootloader
verify you are now unlocked
Click to expand...
Click to collapse
quoted from this thread http://forum.xda-developers.com/showthread.php?p=47769994
Change CID, htcdev -> unlock
Sent from my Nexus 5 using XDA Free mobile app
.torrented said:
I would flash the 3.06 hboot first before this, but it probably won't make a difference.
quoted from this thread http://forum.xda-developers.com/showthread.php?p=47769994
Click to expand...
Click to collapse
worked perfectly!! Thanks so much
Hello everyone I'm a new VZW One Max owner and this device has proven to be the most complicated ive experienced so far in terms of Rooting/Bootloader unlocking/and S-off. (I'm temp rooted with weaksauce 1.0.1)
I cant seem to get the bootloader unlocked via HTCdev, and the firewater and rumrunner do not work for me either .
It seems like every method to help accomplish the above requires an unlocked bootloader, and after reading several threads the tool of choice is firewater.
While reading the thread for firewater I noticed it said it is for HBOOT 2.47, there was a note at the bottom of the thread for 2.49 HBOOT users but while following the instructions from that thread one of the steps was to unlock the bootloader via HTCdev :silly: . And install the Stock HTC 1.19xxxx
How can that be done in my situation?
Ive attached errors i've been experiencing from firewater and rumrunner.
***For rumrunners I'm using the custom device specific download. But i've seen all types of errors from flashing a new kernel to using a more updated version.
Verizon HTC One Max Android Version 4.4.2 with HBOOT 2.49
Thanks for any steps in the right direction!
ceo4eva said:
Hello everyone I'm a new VZW One Max owner and this device has proven to be the most complicated ive experienced so far in terms of Rooting/Bootloader unlocking/and S-off. (I'm temp rooted with weaksauce 1.0.1)
I cant seem to get the bootloader unlocked via HTCdev, and the firewater and rumrunner do not work for me either .
It seems like every method to help accomplish the above requires an unlocked bootloader, and after reading several threads the tool of choice is firewater.
While reading the thread for firewater I noticed it said it is for HBOOT 2.47, there was a note at the bottom of the thread for 2.49 HBOOT users but while following the instructions from that thread one of the steps was to unlock the bootloader via HTCdev :silly: . And install the Stock HTC 1.19xxxx
How can that be done in my situation?
Ive attached errors i've been experiencing from firewater and rumrunner.
***For rumrunners I'm using the custom device specific download. But i've seen all types of errors from flashing a new kernel to using a more updated version.
Verizon HTC One Max Android Version 4.4.2 with HBOOT 2.49
Thanks for any steps in the right direction!
Click to expand...
Click to collapse
If you still need help with this, I recently did this on a Verizon One Max, double check the following:
Fastboot mode is off in the power/battery settings
No lock screen security enabled, pattern, pin, face, nothing should be on
Leave the screen on a long timeout, or no timeout for this process, adb may prompt RSA checks you'll need to grant permissions to.
Remove all super user apps, busybox installer apps, supersu, superuser, whatever
Then:
Run weaksauce app
Install supersu from play store or you can adb install the apk if you have the updater zip or apk on your PC
After you have su (# prompt instead of $ after typing su) in adb shell turn off WiFi, leave mobile data on:
adb shell
su
If you see it change to # then proceed, if not, reboot and run weaksauce again, wait for a minute and try the commands again.
Exit adb shell (type exit and hit enter twice)
Push firewater to /data/local/tmp
adb push firewater /data/local/tmp
Set 755 permissions on firewater:
adb shell
su (if not on # prompt, it should still be there)
chmod 755 /data/local/tmp/firewater
Run firewater (still in shell, don't close the terminal or exit from su/#):
/data/local/tmp/firewater
Last time it froze the first time, then the second try it went through on the second bottle. If you see no improvement after 3 minutes hold power for 60 seconds until it reboots the device, then start again from the weaksauce running part.
Hope this helps. I did it over team viewer with another user and this is what finally got it to get it all finished.
Rumrunner doesn't work with verizon 2.49 that I can tell, it'll be weaksauce and firewater.
I tried to s-off my phone today with plenty of methods so I could put my phone back to stock. My hboot is 1.44 but I believe it is a patched version as the date is July 5 2013. Revone gives me error code 6 and firewater gives the chaser error. On a mac so can't use rum runner, and can't use ruu.exe files. Anything I could try? I would think either find a way to update or maybe flash a custom kernel would work?
ADarkKnight said:
I tried to s-off my phone today with plenty of methods so I could put my phone back to stock. My hboot is 1.44 but I believe it is a patched version as the date is July 5 2013. Revone gives me error code 6 and firewater gives the chaser error. On a mac so can't use rum runner, and can't use ruu.exe files. Anything I could try? I would think either find a way to update or maybe flash a custom kernel would work?
Click to expand...
Click to collapse
Post a fastboot getvar all (except for imei and serialno).
majmoz said:
Post a fastboot getvar all (except for imei and serialno).
Click to expand...
Click to collapse
Thanks for the reply. Not home right now but have an update. When running firewater, the last command /data/local/tmp/firewater does nothing except delete the file. Know what to do?
ADarkKnight said:
Thanks for the reply. Not home right now but have an update. When running firewater, the last command /data/local/tmp/firewater does nothing except delete the file. Know what to do?
Click to expand...
Click to collapse
I didn't use firewater so I'm not sure about that. However, you could update to the RUU 3.17.502.3.rom.zip then try firewater again. I don't think firewater really works well with that low of a hboot. Here are the commands for running the rom.zip:
Code:
[B][I]./adb reboot bootloader[/I][/B]
After that, type:
Code:
[B][I]./fastboot oem rebootRUU [/I][/B]
NOTE: You should see a silver HTC logo come up on your phone after executing this command.
NOTE: if this command freezes, just disconnect the USB cable and hold the power and volume down buttons until the device reboots. Then, repeat the steps above again.
Finally:
Code:
[B][I]./fastboot flash zip 3.17.502.3.rom.zip[/I][/B]
Repeat the same command: IMPORTANT
Code:
[B][I]./fastboot flash zip 3.17.502.3.rom.zip[/I][/B]
NOTE: The green bar on the phone may not go to 100% of the bar ... but If you see completed on your computer command window, wait for a few seconds and move on.
Last Step:
Code:
[B][I]./fastboot reboot[/I][/B]
Click to expand...
Click to collapse
Good luck I got to get some sleep!
majmoz said:
I didn't use firewater so I'm not sure about that. However, you could update to the RUU 3.17.502.3.rom.zip then try firewater again. I don't think firewater really works well with that low of a hboot. Here are the commands for running the rom.zip:
Good luck I got to get some sleep!
Click to expand...
Click to collapse
Thanks for the instructions, actually ended up flashing stock recovery and took ota's up to that version. Still no dice for s-off. Oh well, doesn't really matter, was just going to do it because i'm replacing my phone with att, but what are the odds they know how to get into the bootloader Getting the replacement today, and funny beaups replied to me saying he'll update a fix today. Hopefully I can s-off the replacement.