Related
Ok, I'm sure - the answer to this is in here somewhere, but an hour searching is enough...
What exactly does the s-on mean in the hboot? I started from leak 1, upgraded to leak 3, then root. My hboot shows s-on... How does this affect my phone?
Sent from my Froyo Eris using XDA App
Macrodroid said:
Ok, I'm sure - the answer to this is in here somewhere, but an hour searching is enough...
What exactly does the s-on mean in the hboot? I started from leak 1, upgraded to leak 3, then root. My hboot shows s-on... How does this affect my phone?
Sent from my Froyo Eris using XDA App
Click to expand...
Click to collapse
The first "root" which was gained on the Eris was via a leaked HTC "Engineering" ROM which had the 1.49.2000 S-OFF bootloader. An "S-OFF" bootloader has normal security checks suppressed, so that you can use the "fastboot" utility with the phone's bootloader in "FASTBOOT USB" mode to write to various partitions, including the recovery partition. In addition, that same Engineering ROM allowed you to obtain a root shell via the "adb" (Android Device Bridge) tool in the SDK, so you could also write to partitions (including the recovery partition) with the OS of the phone booted.
The way that rooting occurred in most of the early cases was similar to what we do now: as a first step, the recovery boot partition is replaced with a custom recovery (Amon_RA v1.6.2), and then after that a replacement OS is flashed via the (Amon_RA) recovery boot. In a way, the S-OFF bootloader was sort of "free" - you had to apply the Root-ROM (PB00IMG.ZIP) file to the phone using the bootloader HBOOT mode, and this would flash all partitions on the phone.
In any event, if you look at earlier posts, they are dominated by discussions of "what bootloader version do you have" - because if you had a 1.46.0000 S-ON, or 1.47.0000 S-ON bootloader, it was possible to apply the Root-ROM flash using HBOOT; whereas if you had jumped the gun and applied any of the other HTC 2.1 Test release ROMs (which became known as "Leak-V1", "Leak-V2", or "Leak-V3", and had a 1.49.0000 S-ON bootloader installed as a result of that), then it was impossible to apply the "Root ROM" to the phone using HBOOT.
The newly-discovered methods exploit a different hole in the booting of the main OS, so the bootloader is not touched - a permission bug is exploited so that the recovery partition can be overwritten by any user on the phone (root isn't even needed!). Therefore, the recovery partition can be replaced without flashing the entire phone (just as it was in "the wayback").
So, if you look through those old threads where someone asked "I think I rooted, but I am not sure", other folks in the know would ask "does your bootloader say S-ON or S-OFF?"
But now we can gain privilege on the phone by directly overwriting the recovery partition with a custom recovery , and then booting that (which always has root privilege). You can now get a "rooted" recovery, and then a "rooted" ROM installed afterward onto the phone without ever touching the bootloader.
In practice, nobody has been able to detect any noticeable dependencies of the OS on version of the bootloader; if you can get a new OS installed onto the phone by hook or by crook, neither the bootloader nor the OS seem to care what the version of the other is.
That's the long explanation for "you don't need to worry too much about it any longer".
Having an S-OFF bootloader provides just a little bit more flexibility for emergency recovery of the phone; on the other hand, flashing the bootloader is the absolute most dangerous flashing operation that happens on the phone. Everything on the phone springs to life via the bootloader - it has to be intact for anything else on the phone to work.
So, I'd say - "don't worry, be happy". And leave your bootloader as it is.
bftb0
That definately answers my question! Thanks!
Sent from my Buuf Froyo using XDA App
Hiya!
I've disassembled hboot-0.35.0017 for the nexus one. Security check is done by a function that I have patched.
I attached my current IDA (5.5) Database. Patched HBOOT can be found here.
We still need a method/exploit to flash this modified HBOOT on our device so we can have S-OFF.
So does this mean we can lock or is it just a lock in progress and the modified hboot is it flashable
Sent from my Nexus One using XDA App
jdmoore81 said:
So does this mean we can lock or is it just a lock in progress and the modified hboot is it flashable
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
We just need to find a way to flash that modified HBOOT on the nexus one and we can lock it.
rolle3k said:
We just need to find a way to flash that modified HBOOT on the nexus one and we can lock it.
Click to expand...
Click to collapse
Awesome! even if I don't exactly know the variables in play this sounds good and exciting
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
jdmoore81 said:
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
As far as I understood this:
Code:
/* Bootloader / Recovery Flow
*
* On every boot, the bootloader will read the bootloader_message
* from flash and check the command field. The bootloader should
* deal with the command field not having a 0 terminator correctly
* (so as to not crash if the block is invalid or corrupt).
*
* The bootloader will have to publish the partition that contains
* the bootloader_message to the linux kernel so it can update it.
*
* if command == "boot-recovery" -> boot recovery.img
* else if command == "update-radio" -> update radio image (below)
* else if command == "update-hboot" -> update hboot image (below)
* else -> boot boot.img (normal boot)
*
* Radio/Hboot Update Flow
* 1. the bootloader will attempt to load and validate the header
* 2. if the header is invalid, status="invalid-update", goto #8
* 3. display the busy image on-screen
* 4. if the update image is invalid, status="invalid-radio-image", goto #8
* 5. attempt to update the firmware (depending on the command)
* 6. if successful, status="okay", goto #8
* 7. if failed, and the old image can still boot, status="failed-update"
* 8. write the bootloader_message, leaving the recovery field
* unchanged, updating status, and setting command to
* "boot-recovery"
* 9. reboot
*
* The bootloader will not modify or erase the cache partition.
* It is recovery's responsibility to clean up the mess afterwards.
*/
The bootloader is flashing itself, the recovery just informs it to do so.
jdmoore81 said:
What if the hboot is made flashable through custom recovery.
Sent from my Nexus One using XDA App
Click to expand...
Click to collapse
+1. What if you just use a custom recovery with signiture verification off?
@rolle3k: Assuming the we can get it to flash, would you be able to make the same mod to the newer HBOOT HBOOT-0.35.0017
efrant said:
+1. What if you just use a custom recovery with signiture verification off?
@rolle3k: Assuming the we can get it to flash, would you be able to make the same mod to the newer HBOOT HBOOT-0.35.0017
Click to expand...
Click to collapse
Sure. I will edit it and try to flash it with verification off. If it works, I will let you guys know..
Great work here! Keep it up!
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
You won't be able to flash it unless you have an S-OFF nexus... otherwise HBOOT will refuse to flash anything that doesn't have a signature match...
That's why if you try flashing a Desire Radio to the N1, it won't work with a 'normal' nexus... you need to have the S-OFF in the bootloader as previously indicated...
So we would need to find a way (like they've done with the EVO, DINC, etc...) to get past the NAND lock (S-OFF)... I just don't think that people have tried to get that accomplished with the nexus since you can just do 'fastboot oem unlock' and it's done, unlike the other devices...
Very nice work though... I don't think I've seen anyone else get this far... maybe someone could try to get a hold of unrevoked and see if someone there could be of assistance since they haven't published their method of bypassing the NAND lock... but then even if we were able to bypass the NAND lock we would still potentially have the already unlocked bootloader there... if that makes sense...
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
how i can used this file
??????????????????????????????????//
rolle3k said:
I hacked the new hboot, but as expected, it failed to install because the signature is invaild. However, I attached the hboot nethertheless. If you manage to flash it, you can just use "fastboot oem lock" without problems thus locking the bootloader once again.
Click to expand...
Click to collapse
Does it just need to be signed? Can you just uncheck signature verification from the Recovery program?
ezeldin said:
how i can used this file
??????????????????????????????????//
Click to expand...
Click to collapse
It's useless for now.
redstar3894 said:
You won't be able to flash it unless you have an S-OFF nexus... otherwise HBOOT will refuse to flash anything that doesn't have a signature match...
That's why if you try flashing a Desire Radio to the N1, it won't work with a 'normal' nexus... you need to have the S-OFF in the bootloader as previously indicated...
So we would need to find a way (like they've done with the EVO, DINC, etc...) to get past the NAND lock (S-OFF)... I just don't think that people have tried to get that accomplished with the nexus since you can just do 'fastboot oem unlock' and it's done, unlike the other devices...
Very nice work though... I don't think I've seen anyone else get this far... maybe someone could try to get a hold of unrevoked and see if someone there could be of assistance since they haven't published their method of bypassing the NAND lock... but then even if we were able to bypass the NAND lock we would still potentially have the already unlocked bootloader there... if that makes sense...
Click to expand...
Click to collapse
Thanks a lot for your post. Altho I was told that unrevoked's exploit does not seem to work with the nexus one bootloader, as it differs way too much from the desires bootloader.
MicroMod777 said:
Does it just need to be signed? Can you just uncheck signature verification from the Recovery program?
Click to expand...
Click to collapse
Unfortunately that does not the trick. The recovery just tells the HBoot to flash an radio/hboot - it can not do that itself, the HBoot still checks the signature.
/EDIT:
[10:28] <@IEF> Bumble-bee: the exploit currently does not work on N1.
[10:29] <@IEF> it's on of the few devices that's missing the interface to hboot.
[10:29] <@IEF> *one
The exploit used by AlphaRev doesn't work on the N1 unfortunately ;(
Well, I prepared a HBOOT image which has the security check patched, that means security will be off as long as it is flashed. I could even add some code which would set the security flag directly, but that will stay open for the future until someone comes up with a solution to flash an unsigned HBOOT.
rolle3k said:
Well, I prepared a HBOOT image which has the security check patched, that means security will be off as long as it is flashed. I could even add some code which would set the security flag directly, but that will stay open for the future until someone comes up with a solution to flash an unsigned HBOOT.
Click to expand...
Click to collapse
Thanks for your efforts thus far.
ezeldin said:
how i can used this file
??????????????????????????????????//
Click to expand...
Click to collapse
If you have to ask, then it's of no use to you. It's for development only at this stage, not for users.
I uploaded my IDA Database of the newst HBOOT: http://ul.to/yiynox
Security check function has been identified. I will upload my patched HBOOT tomorrow as I need to get some sleep now.
Can't we just dd the HBOOT like we do it on eMMC based devices?
I did the HTC Dev Bootloader Unlock;I installed custom recovery; and I installed a rom via fastboot that had everything....... including the hacked 1.05 hboot now i keep getting boot loop and forsome reason even though the bootloader says ***UNLOCKED***" at the top; it still says S-on.... any help?
Sorry I don't know the answer but maybe you'd get a quicker and better response in the Rooting thread in the Dev section.
Did you downgrade the software if it was @ the most current OTA version?
http://forum.xda-developers.com/showthread.php?t=1401959
Sent from my HTC ThunderBolt using XDA Premium App
yeah from .9 to .5 then unlocked bootloader
smtom said:
Did you downgrade the software if it was @ the most current OTA version?
http://forum.xda-developers.com/showthread.php?t=1401959
Sent from my HTC ThunderBolt using XDA Premium App
Click to expand...
Click to collapse
You install (flash) the super user app?
Sent from my HTC ThunderBolt using XDA Premium App
You downgraded and then you unlocked the bootloader? Had never heard of doing any phone in that order
FWIK and from my personal experience with HTCDEV unlock is that you will never have S-Off, not without an Eng-HBoot. Hacked HBoot's and other exploits can help gain it but "S-On" is in reference to a security feature in relation to the kernel and recovery partition, it was a safety measure to (in theory) keep you from bricking your phone by flashing an unstable kernel on it through recovery mode and possibly being unable to restore your previous nand by effing your recovery up. That is a simplified explanation and not all the reasons but you get the idea. I hope you can get it fixed. Best way to try to fix it is to go back and start from the beginning with just getting an Eng-HBoot or a hacked one that will allow writing to the secure kernel partition through recovery (one that will allow you to copy the NAND part of your device and it's kernel, htcdev unlock only allows nand no matter what the recovery's log says), if you can't do that then try using fastboot in a cmd window to boot a saved recovery image from the fastboot directory on your computer, that may allow you to fix your issues, good luck, hope it helps
if i get the eng hboot how am i going to flash it if its not letting me run pc'img's?
loveableterrorepic4g said:
You downgraded and then you unlocked the bootloader? Had never heard of doing any phone in that order
FWIK and from my personal experience with HTCDEV unlock is that you will never have S-Off, not without an Eng-HBoot. Hacked HBoot's and other exploits can help gain it but "S-On" is in reference to a security feature in relation to the kernel and recovery partition, it was a safety measure to (in theory) keep you from bricking your phone by flashing an unstable kernel on it through recovery mode and possibly being unable to restore your previous nand by effing your recovery up. That is a simplified explanation and not all the reasons but you get the idea. I hope you can get it fixed. Best way to try to fix it is to go back and start from the beginning with just getting an Eng-HBoot or a hacked one that will allow writing to the secure kernel partition through recovery (one that will allow you to copy the NAND part of your device and it's kernel, htcdev unlock only allows nand no matter what the recovery's log says), if you can't do that then try using fastboot in a cmd window to boot a saved recovery image from the fastboot directory on your computer, that may allow you to fix your issues, good luck, hope it helps
Click to expand...
Click to collapse
Have you tried using fastboot as a way to reboot the bootloader? I mean, my big thing is if you can get the pg img for the eng-hboot then you should be able to put it on your SD and then reboot the bootloader to let it try to boot the Pg, I know that I had a panic moment on the original EVO before they figured out a downgrade fix that I nearly bricked it, it wouldn't run the PG img check on first boot of the bootloader until I used fastboot to actually reflash the partitions on the phone (i may hate heimdall when I am working with samsungs but fastboot damn near broke me ha) the best thing to do it get a more intimate knowledge of the process and of fastboot and adb, they are great things to know how to use. Like I said I don't have a Thunderbolt but in dealing with HTC and HTCDEVs unlock tool I am pretty knowledgeable after working with it multiple times, I do know I had to downgrade my EVO (original) by manual partition flashing after I used the HTCDEV unlock tool, it unlocked the bootloader to allow me to boot what I flashed, but the kernel partition was still secure (S-On) this is what the tool, it seems that it was an attempt to cover their ass to ensure that those who don't know what their doing couldn't fully eff things up without more knowledge of the system and could reverse anything that may be unstable.
Ok so I'm trying to relock my bootloader to RUU to the new ics leak 3.13.605.7, but I can't get fastboot to re-lock the damn bootloader. It gives me this error when I type
Code:
fastboot oem lock
Code:
... INFOLock successfully...
INFOTZ_HTC_SVC_DISABLE ret = 134086000 (0x7FDFD70)
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
In Hboot it says:
***TAMPERED***
***RELOCKED***
***Security Warning***
but it wont boot. If i pull the battery and press the power button or select reboot in the bootloader, it takes me right back to the Hboot screen. I can re-unlock it and restore a nandroid and its fine....
I'm not sure what the problem is because I've re-locked my bootloader before to update to the march ICS RUU...
Any suggestions guys?
are you S-OFF?
if you are you dont need to relock the bootloader before an RUU. just run the RUU.exe and you'll be fine
if your not S-OFF, i have no clue
It will not boot until you run an ruu. Rerun whatever one you're currently on before attempting to run the new one.
I personally would reccomend becoming s off before running any other leaks.
Sent from my HTC Sensation XE with Beats Audio Z715e using XDA
Po1soNNN said:
are you S-OFF?
if you are you dont need to relock the bootloader before an RUU. just run the RUU.exe and you'll be fine
if your not S-OFF, i have no clue
Click to expand...
Click to collapse
nah, I have a mac and not enough time around a pc to get s-off to work. And I know with s-off I don't have to worry about this (i have s-off on my Incredible)
I'm just going to try to flash the RUU from hboot and see what happens
AshtonTS said:
Ok so I'm trying to relock my bootloader to RUU to the new ics leak 3.13.605.7, but I can't get fastboot to re-lock the damn bootloader. It gives me this error when I type
Code:
fastboot oem lock
Code:
... INFOLock successfully...
INFOTZ_HTC_SVC_DISABLE ret = 134086000 (0x7FDFD70)
ERROR: usb_read failed with status e00002ed
FAILED (status read failed (No such file or directory))
In Hboot it says:
***TAMPERED***
***RELOCKED***
***Security Warning***
but it wont boot. If i pull the battery and press the power button or select reboot in the bootloader, it takes me right back to the Hboot screen. I can re-unlock it and restore a nandroid and its fine....
I'm not sure what the problem is because I've re-locked my bootloader before to update to the march ICS RUU...
Any suggestions guys?
Click to expand...
Click to collapse
The fact your boot loader says relocked, you can then run the RUU.
Ignore the error. Mine used to give that error as well. You are locked.
Sent from my ADR6425LVW using XDA
scotty1223 said:
It will not boot until you run an ruu. Rerun whatever one you're currently on before attempting to run the new one.
I personally would reccomend becoming s off before running any other leaks.
Sent from my HTC Sensation XE with Beats Audio Z715e using XDA
Click to expand...
Click to collapse
Really? It didn't do that when I re-locked it to run the first ICS RUU...
AshtonTS said:
Really? It didn't do that when I re-locked it to run the first ICS RUU...
Click to expand...
Click to collapse
you were prolly on more or less stock software,wich did not trigger a security warning
now that you are on software that it recognizes as incorrect for your firmware,you are locked into hboot until youeither:
a)re-unlock
or
b)run the correct ruu for your firmware
thats what the security warning means. restoring a backup of the unmolested stock rom that matches the firmware before relocking will avoid the security warning hassle in the future.
tampered is from installing a custom recovery,and i believe should disapear once youve relocked,RUUed,and have the stock recovery.
again,i believe you will have less hassle if you flash the 3.11.605.22 ruu prior to flashing the 3.13.605.07 ruu,based on the funkiness that happend to me when i flashed 3.11 overtop of business sense
scotty1223 said:
you were prolly on more or less stock software,wich did not trigger a security warning
now that you are on software that it recognizes as incorrect for your firmware,you are locked into hboot until youeither:
a)re-unlock
or
b)run the correct ruu for your firmware
thats what the security warning means. restoring a backup of the unmolested stock rom that matches the firmware before relocking will avoid the security warning hassle in the future.
tampered is from installing a custom recovery,and i believe should disapear once youve relocked,RUUed,and have the stock recovery.
again,i believe you will have less hassle if you flash the 3.11.605.22 ruu prior to flashing the 3.13.605.07 ruu,based on the funkiness that happend to me when i flashed 3.11 overtop of business sense
Click to expand...
Click to collapse
Well I was already flashing the RUU by the time I read that I should go back to stock... but everything seems to be ok except that the RUU made NO type of difference whatsoever as far as the wifi dropouts and kernel issues go. I'm getting kinda pissed with this phone now.
AshtonTS said:
Well I was already flashing the RUU by the time I read that I should go back to stock... but everything seems to be ok except that the RUU made NO type of difference whatsoever as far as the wifi dropouts and kernel issues go. I'm getting kinda pissed with this phone now.
Click to expand...
Click to collapse
then i would find a PC to borrow for s-off. assuming its still works with the 2.25 hboot
you could then roll back to whatever version you wanted.
i would also try doing a factory reset or clear storage in hboot,with the stock recovery in place. it seems to fix 4g issues,maybe it will help your prollems as well.
edit: what "kernel issues" ?
scotty1223 said:
then i would find a PC to borrow for s-off. assuming its still works with the 2.25 hboot
you could then roll back to whatever version you wanted.
i would also try doing a factory reset or clear storage in hboot,with the stock recovery in place. it seems to fix 4g issues,maybe it will help your prollems as well.
edit: what "kernel issues" ?
Click to expand...
Click to collapse
The kernel issue that makes the CPU run at max clock speed whenever the screen is on... I can't get through the whole day even underclocked to 810 mhz!
and I thought the s-off method was hboot independent....
AshtonTS said:
The kernel issue that makes the CPU run at max clock speed whenever the screen is on... I can't get through the whole day even underclocked to 810 mhz!
and I thought the s-off method was hboot independent....
Click to expand...
Click to collapse
pretty sure it is hboot independent. but they have said it is patchable. i personally wouldnt risk it.
im lucky to get 5-6 hours of hard use on a battery. i just carry a spare with me its been that way on GB and ICS.
Been a lurker for a while, now I need some input if possible. I have a Thunderbolt whose touchscreen is not fully working, there is a strip about 1/4" wide top to bottom that does not respond to input. I rooted it using trter's Thunderbolt Tool and have been running Santod's ICS. When I decided to return to stock I did not read anything and merely ran trtr's tool and used the unroot option. This has me stuck now with a weird state.
Boot screen:
*** UNLOCKED ***
MECHA XD SHIP S-ON
HBOOT-1.05.0000
MICROP-/
RADIO-1.48.00.0930w_3
eMMC-boot
Jul 19 2011, 14:51:08
4ext recovery is still installed for some reason.
Here are things I have tried:
1. Unroot using trtr's tool - leaves me in a non-booting state with a Security warning and Main Version failure.
2. Used HTCDev unlock and pushed PG05IMG.zip of 2.11.605. This allows me to boot to a seemingly stock ROM.
3. OTA's get pushed, device reboots but OTA's fail to install.
4. Tried recovering Nandroid backups with 4ext, no matter which one I try to restore I get stuck in a boot loop (BAMF SoaB, ICS Santod, Liquid ICS, Multi-source ICS, ICS stock deodex).
5. Tried using 4ext to install the above ROMS directly, along with full wipes and partition formats before each attempt. They seem to install but get stuck in a boot loop on each.
6. Other various combinations of HTCdev, Thunderbolt Tool, FastBoot boot.img pushes, etc. Trtr's tool connecting in booted and fastboot modes fails to unroot or root or change S-ON state.
7. Did step 2 again to get me a working phone (except touch screen problem) until I can figure out WTH is going on.
Current state - the above Boot Screen details, 2.11.605.19 deodexed-signed image, and lucky I have not totally bricked it yet.
Help please? I've googled for the last 3 days and read countless posts and am not sure what to do from here. All I need is to get it back to stock so I can send it back to HTC and get a replacement. I have a working ADB set up and am willing to follow steps exactly or read whatever page you believe I have missed, or call me a dumb n00b, berate me for not reading something, anything... at this point I have no interest in retaining data on the phone or SD card or my dignity, just a stock phone that I can send back.
Thanks all!
Me too
google thunderboltforums How to Fix Security Warning - this is what trtr10 himself recommended to me . It didn't let me post, when I tried direct link.
Your #2 & #6 is similar, but maybe not exactly the same. It didn't work for me, though. And I had to add an adb manual lock step, because you need to be locked before trying trtr10s tool to unroot (or at least locked before it runs the final flash update, which fails for me with Main Version is older. Update Fail!
Also, technically the adb fastboot oem lock yields error #1:
(bootloader) Lock successfully...
FAILED (status read failed (Too many links))
finished. total time: 0.459s
That's major coincidence I have exact same problem, down to dead touch screen strip. I've been trying to get unrooted for a week and was supposed to mail the thing back last Friday . .
Here's hoping a solution gets posted. I don't want to pay cuz the insurance refurb was fail, when my warranty service is supposed to be free replacement and it is stupid hardware failure.
All I can say is trter supposedly updated his tool to work with the latest ota, but its been about a week and he hasn't released it yet.
He did say something about having a problem with his host though.
washuai said:
google thunderboltforums How to Fix Security Warning - this is what trtr10 himself recommended to me . It didn't let me post, when I tried direct link.
Click to expand...
Click to collapse
This is how I fixed the security warning when I first got it, using HTCDev unlock. I also used adb fastboot relock to lock back before trying the tool.
washuai said:
Your #2 & #6 is similar, but maybe not exactly the same. It didn't work for me, though. And I had to add an adb manual lock step, because you need to be locked before trying trtr10s tool to unroot (or at least locked before it runs the final flash update, which fails for me with Main Version is older. Update Fail!
Also, technically the adb fastboot oem lock yields error #1:
(bootloader) Lock successfully...
FAILED (status read failed (Too many links))
finished. total time: 0.459s
Click to expand...
Click to collapse
Yep - got that too...
Weird. Guess I'll wait for the new tool and see what it does...
As far as the identical touchscreen issue, this phone is also a refurb, my second with a touchscreen problem. The really weird part is that it works sometimes, particularly after all this work flashing and re-flashing, but I don't think it has anything to do with the ROMS or software, rather the fact that during all this work I am constantly doing battery pulls and SD card swaps and maybe it's because of a flaky ribbon connection or something - if it was not under warranty I would open it up and just try reseating anything I could find inside.
Have you tried to RUU back? It is a way manufacturers refurb or make the software new again without having to figure out what state it is in.
As long as you can get in fastboot it will work... Also could you possibly fastboot an ENG HBOOT? It doesn't show if it's unlocked nor does
it have any of those pink banners up at top.... Those I believe allow you to flash anything you couldn't normally do before... Try that.. Also I
ALWAYS manually push and flash my stuff through ADB and fastboot. It is faster (if you know what you are doing) AND it has better control
over what I am doing. I made a tut on how to flash boot screens (the very first image that comes up when you turn it on) and it is just about
same commands to flash normally stuff.
I run a Linux Box and always use root terminal so I am not certain at what point you would need superuser if any but as follows
#fastboot devices
#fastboot flash zip "name of zip" (no it doesn't have to be called anything specific, it could be called file1.zip)
#fastboot erase [option] /cache /data /system
to force it into the special RUU mode to use HTC's RUU, this is the command
#fastboot oem rebootRUU
Linux too Yes, I can flash via fastboot, I'm concerned about which one to flash though, I don't want to brick...
jnorth said:
Linux too Yes, I can flash via fastboot, I'm concerned about which one to flash though, I don't want to brick...
Click to expand...
Click to collapse
If you can give me today and I'll send you either the link to download the RUU or the exe itself.
You have the new radios installed and need to downgrade them by going s-off again. Need to do this to avoid main version errors.
The ota's don't install because of the custom recovery.
Backups don't work because your s-on and the kernel can be installed.
You may be able to install santod's ota rom in recovery and install the boot.IMG from the rom (kernel) in fasboot = ./fastboot flash boot boot.img
Relock the boot loader and send it in looking like stock.
There is also a way to spoof your main version and downgrade from ICS to GB Ruu stock. That is posted on another site.
Sent from my ConD3m3dPaC-man ADR6425LVW using xda app-developers app
tburns said:
You have the new radios installed and need to downgrade them by going s-off again. Need to do this to avoid main version errors.
Click to expand...
Click to collapse
Working on this now, as soon as I figure out how to get s-off again. Thanks!
http://androidfiles.org/ruu/?developer=Mecha
The RUU's to take you back to stock
Thanks to hints from you both, I am back to stock... probably more steps than were needed but it worked for me LOL.
1. Used part of the Revolutionary tool to get S-Off again and let it install CWM over 4ext
2. Re-rooted
3. Installed 2.11.605.9 radio and GB OTA rom
4. Used fastboot to put stock hboot back
Appears to be normal stock now and OTA in progress.
Thank you both again!
jnorth said:
Thanks to hints from you both, I am back to stock... probably more steps than were needed but it worked for me LOL.
1. Used part of the Revolutionary tool to get S-Off again and let it install CWM over 4ext
2. Re-rooted
3. Installed 2.11.605.9 radio and GB OTA rom
4. Used fastboot to put stock hboot back
Appears to be normal stock now and OTA in progress.
Thank you both again!
Click to expand...
Click to collapse
that is what the community is all about , right?
Exactly!
One last question - bootloader says ***RELOCKED*** instead of ***LOCKED*** - presumably because I used the HTCdev unlocker at one point... is that fixable or permanent?
jnorth said:
Exactly!
One last question - bootloader says ***RELOCKED*** instead of ***LOCKED*** - presumably because I used the HTCdev unlocker at one point... is that fixable or permanent?
Click to expand...
Click to collapse
you could ALWAYS use an ENG and nobody would be non-the-wiser if you rooted or not! It would look like a developer phone instead..
when it says ***RELOCKED*** it tells anybody and everybody you have been rooted at one point or another (no bueno for warranty)
jnorth said:
Exactly!
One last question - bootloader says ***RELOCKED*** instead of ***LOCKED*** - presumably because I used the HTCdev unlocker at one point... is that fixable or permanent?
Click to expand...
Click to collapse
this -SHOULD- take care of the pink banner up at top BE CAREFUL WITH THIS!!!
there again... I run constant root terminal so I do not know if it requires root or not soooo.....
#fastboot oem mw 8d08ac54 1 31302E30
#fastboot flash hboot whateverhbootfile.nb0