Better Mobile App

[Q] Need help downgrading.

Trying to downgrade...
C:\Program Files (x86)\Android\android-sdk\platform-tools>crackin.bat
"Copying tools"
cannot stat 'busybox': No such file or directory
cannot stat 'flash_image': No such file or directory
cannot stat 'misc1-2.img': No such file or directory
Unable to chmod /data/local/busybox: No such file or directory
Unable to chmod /data/local/flash_image: No such file or directory
"Freeing primary PERM linker"
rm failed for /data/DxDrm/fuse/*, No such file or directory
rm failed for /data/DxDrm/fuse, No such file or directory
rmdir failed for /data/DxDrm/fuse/, No such file or directory
cannot create /data/DxDrm/fuse: directory nonexistent
Unable to chmod /data/DxDrm/fuse: No such file or directory
"Freeing secondary PERM linker"
rmdir failed for /data/DxDrm/fuse/, No such file or directory
rmdir failed for /data/DxDrm, No such file or directory
link failed Permission denied
"Rebooting to normal mode to unlock CHMOD links"
rmdir failed for /data/dontpanic, Permission denied
rm failed for /data/DxDrm, No such file or directory
link failed File exists
link failed Permission denied
"Rebooting to normal mode to downgrade ROM"
/dev/mtd/mtd0: Permission denied
/data/local/busybox: not found
/data/local/flash_image: not found
"Freeing links"
rm failed for /data/DxDrm, No such file or directory
rm failed for /data/dontpanic, Permission denied
PATH: C:\Program Files (x86)\Android\android-sdk\tools
Copied the hack4legend files to C:\Program Files (x86)\Android\android-sdk\platform-tools & C:\Program Files (x86)\Android\android-sdk\tools
Following this guide:
http://forum.xda-developers.com/showthread.php?t=725430

You have your adb and crackin.bat in the folder " /android-sdk/platform-tools"
And it looks like the other files (line 3 - 5) are in another folder.
Assuming you followed the instructions exactly, you probably extracted those files into "/android-sdk/tools"?
If so, just copy all files from "/android-sdk/platform-tools" to "/android-sdk/tools" and it should work.

Also, do i need to root HBOOT first?
New error:
C:\Program Files (x86)\Android\android-sdk\tools>crackin.bat
"Copying tools"
1364 KB/s (698452 bytes in 0.500s)
608 KB/s (76044 bytes in 0.122s)
1438 KB/s (655360 bytes in 0.445s)
"Freeing primary PERM linker"
rm failed for /data/DxDrm/fuse/*, No such file or directory
rm failed for /data/DxDrm/fuse, No such file or directory
rmdir failed for /data/DxDrm/fuse/, No such file or directory
cannot create /data/DxDrm/fuse: directory nonexistent
Unable to chmod /data/DxDrm/fuse: No such file or directory
"Freeing secondary PERM linker"
rmdir failed for /data/DxDrm/fuse/, No such file or directory
rmdir failed for /data/DxDrm, No such file or directory
link failed Permission denied
"Rebooting to normal mode to unlock CHMOD links"
rmdir failed for /data/dontpanic, Permission denied
rm failed for /data/DxDrm, No such file or directory
link failed File exists
link failed Permission denied
"Rebooting to normal mode to downgrade ROM"
/dev/mtd/mtd0: Permission denied
cr--rw---- 1 1001 2002 90, 0 Mar 9 14:13 /dev/mtd/mtd0
error writing misc: Permission denied
"Freeing links"
rm failed for /data/DxDrm, No such file or directory
rm failed for /data/dontpanic, Permission denied

- Get visionary+
- Temproot your legend with it
- Use commandline with adb on your pc to flash misc1-2.img.
type the following commands from the folder where you have adb;
Code:
adb shell
su
accept the notification on your phone if one comes up
and then in the command line type this;
Code:
/data/local/flash_image misc /data/local/misc1-2.img
After that you should be able to run the 1.31 RUU

C:\Program Files (x86)\Android\android-sdk\platform-tools>adb shell
$ su
su
# adb push flash_image /data/local/
adb push flash_image /data/local/
adb: not found
#
Edit:
Is this what suppose to happen?
C:\Program Files (x86)\Android\android-sdk\tools>adb shell
$ su
su
# /data/local/flash_image misc /data/local/misc1-2.img
/data/local/flash_image misc /data/local/misc1-2.img
#

kmtse1 said:
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb shell
$ su
su
# adb push flash_image /data/local/
adb push flash_image /data/local/
adb: not found
#
Edit:
Is this what suppose to happen?
C:\Program Files (x86)\Android\android-sdk\tools>adb shell
$ su
su
# /data/local/flash_image misc /data/local/misc1-2.img
/data/local/flash_image misc /data/local/misc1-2.img
#
Click to expand...
Click to collapse
From what I remember, yes it is.
You can now continue the guide in your first post from the point where you have to insert your gold card into your phone.

Still the same errors...

kmtse1 said:
Still the same errors...
Click to expand...
Click to collapse
Which errors?
The errors you posted in your first post were from running crackin.bat.
That is not necessary after running the steps I posted.
You can skip to the part where you insert your goldcard into your phone and then run the 1.31 RUU.

I get stuck at step 6 http://theunlockr.com/2010/06/07/how-to-load-a-custom-rom-on-the-htc-legend/
No menus load.

So if I understand correctly, you have now already succesfully downgraded (Link as in your first post) and rooted (Link)your phone? Since the link you gave in your last post is for flashing a custom rom, which is the last step in the process.

Oops, no, not downgraded yet - I lost my patience, I will try properly again.

Azaruc said:
So if I understand correctly, you have now already succesfully downgraded (Link as in your first post) and rooted (Link)your phone? Since the link you gave in your last post is for flashing a custom rom, which is the last step in the process.
Click to expand...
Click to collapse
How do I install the RUU to downgrade? I get an error if I run the .exe on my laptop.
Error Code: -5001 : 0x80070002
Error Information:
>SetupNew\setup.cpp (142)
PAPP:
PVENDOR:
PGUID:
$
@Windows 7 / Server 2008 R2 Service Pack 1 (7601)
IE Version: 8.0.7601.17514

Have you installed HTC Sync v2.0.33 ?
Download here
You need this version of HTC Sync, so if you have a newer version, uninstall that version first.
Once installed, run the RUU again (you might need to run it as admin).

Azaruc said:
Have you installed HTC Sync v2.0.33 ?
Download here
You need this version of HTC Sync, so if you have a newer version, uninstall that version first.
Once installed, run the RUU again (you might need to run it as admin).
Click to expand...
Click to collapse
Yes I have that specific version.
Tried run as admin.

Just to be sure, you still have your phone connected in charge only state right?
If so, are you sure you didn't get any error in the earlier steps?
I downgraded using the exact same method and didn't get this error (recognized all of the others), so I'm not sure what might cause this otherwise.

Azaruc said:
Just to be sure, you still have your phone connected in charge only state right?
If so, are you sure you didn't get any error in the earlier steps?
I downgraded using the exact same method and didn't get this error (recognized all of the others), so I'm not sure what might cause this otherwise.
Click to expand...
Click to collapse
I showed you what I got from following your steps earlier. You said it looked ok, then I went to downgrade with the RUU.
Is the RUU compatible with 64bit Windows 7?

Looking at your other post, it looks like you managed to complete the downgrading?
What turned out to be the problem with the second step?

Azaruc said:
Looking at your other post, it looks like you managed to complete the downgrading?
What turned out to be the problem with the second step?
Click to expand...
Click to collapse
The downgrade guide doesn't work for me - I followed this instead: http://android.modaco.com/content/h...-r4-htc-legend-rooting-guide-now-with-1-31-x/
But now, I still can't delete widgets/apps. http://forum.xda-developers.com/showthread.php?t=987023

Azaruc said:
- Get visionary+
- Temproot your legend with it
- Use commandline with adb on your pc to flash misc1-2.img.
type the following commands from the folder where you have adb;
Code:
adb shell
su
accept the notification on your phone if one comes up
and then in the command line type this;
Code:
/data/local/flash_image misc /data/local/misc1-2.img
After that you should be able to run the 1.31 RUU
Click to expand...
Click to collapse
Mate, just wanted to let you know I was having the exact same issues under Win7 x64 and after trying your Visionary+ and manually executing adb commands method, I was able to run RUU successfully.
My Legend is now 1.3.1 and Im performing the root as I type.
Thanks for your help and contritubtion.

Error 170: Usb connection error
Tried to downgrade many time using guides on the forum but when running RUU always get:
ERROR 170: USB CONNECTION ERROR
- downloaded the drivers with HTC SYNC (phone shows up at device manager)
- made the gold card (with two different cards 2GB Kingston, 8GB SanDisc)
- ran ADB ended up with: cr--rw----
- did a temproot, ran adb shell .... su and so on
but still get:
ERROR 170: USB CONNECTION ERROR
Have no clue what to do now whatsoever. Any suggestions?

[S-OFF] Facepalm s-off Droid Incredible 4G LTE

Welcome to Facepalm S-Off for the Droid Incredible 4G LTE.
Credits and terms:
Exploit by beaups. Full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:
beaups - Donate to beaups
jcase - Donate to jcase
dsb9938 - Donate to dsb9938
dr_drache - Donate to dr_drache
Thanks also to mdmower for commissioning Facepalm for this device, and testing.
You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.
This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.
Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.
For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:
Droid Incredible 4G LTE SuperCID: http://forum.xda-developers.com/showthread.php?t=2214653
Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):
1.) Download patcher and unzip it in your working directory:
soffbin3.zip
2.) Download the RUU zip below:
http://d-h.st/MOw
3.)
Code:
adb reboot bootloader
(wait for bootloader)
4.)
Code:
fastboot oem rebootRUU
(wait for black HTC Screen)
5.)
Code:
fastboot flash zip 2.17.605.2_rom.zip
After 2-3 minutes, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”
6.) Immediately issue the following command:
Code:
fastboot oem boot
You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).
7.) Issue the following commands to update the security partition with S-off flags (one command at a time!):
Code:
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell
su
/data/local/tmp/soffbin3
exit
exit
8.) Wait a few seconds, then:
Code:
adb reboot bootloader
9.) You should see what you are looking for!
If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
Enjoy.

beaups said:
Welcome to Facepalm S-Off for the Droid Incredible 4G LTE.
Credits and terms:
Exploit by beaups. Full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:
beaups - Donate to beaups
jcase - Donate to jcase
dsb9938 - Donate to dsb9938
dr_drache - Donate to dr_drache
Thanks also to mdmower for commissioning Facepalm for this device, and testing.
You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.
This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.
Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.
For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:
Droid Incredible 4G LTE SuperCID: http://forum.xda-developers.com/showthread.php?t=2214653
Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):
1.) Download patcher and unzip it in your working directory:
soffbin3.zip
2.) Download the RUU zip below:
http://d-h.st/MOw
3.)
Code:
adb reboot bootloader
(wait for bootloader)
4.)
Code:
fastboot oem rebootRUU
(wait for black HTC Screen)
5.)
Code:
fastboot flash zip 2.17.605.2_rom.zip
After 2-3 minutes, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”
6.) Immediately issue the following command:
Code:
fastboot oem boot
You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).
7.) Issue the following commands to update the security partition with S-off flags (one command at a time!):
Code:
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell
su
/data/local/tmp/soffbin3
exit
exit
8.) Wait a few seconds, then:
Code:
adb reboot bootloader
9.) You should see what you are looking for!
If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
Enjoy.
Click to expand...
Click to collapse
wondering if this will survive a ota

jose51197 said:
wondering if this will survive a ota
Click to expand...
Click to collapse
Radio S-off always survives OTA...now whether or not the device survives.....
Sent from my HTC6435LVW using Tapatalk 2

Has anyone been able to get this to work? I've tried several times usually getting error 99: unknown fail while flashing the zip. I have superCID and an unlocked bootloader, fastboot and adb both working. I even returned the phone back to a stock rom at which point I got the zip to flash correctly (giving me error 92) but still get a write protection error trying to run soffbin3. When I retried after that I'm getting error 99 again at flashing the zip. I've tried from 2 different computers Windows 7 64 bit and Windows XP 32 bit same errors on both. Any ideas what could cause this?

mpappas87 said:
Has anyone been able to get this to work? I've tried several times usually getting error 99: unknown fail while flashing the zip. I have superCID and an unlocked bootloader, fastboot and adb both working. I even returned the phone back to a stock rom at which point I got the zip to flash correctly (giving me error 92) but still get a write protection error trying to run soffbin3. When I retried after that I'm getting error 99 again at flashing the zip. I've tried from 2 different computers Windows 7 64 bit and Windows XP 32 bit same errors on both. Any ideas what could cause this?
Click to expand...
Click to collapse
Of course it's been tested
For error99 do a full forced power down (hold power for 30 sec while unplugged or pull battery if you have one), then boot back up holding vol down to get back to bootloader.
Also, confirm you have superCID via fastboot getvar cid

beaups said:
Of course it's been tested
For error99 do a full forced power down (hold power for 30 sec while unplugged or pull battery if you have one), then boot back up holding vol down to get back to bootloader.
Also, confirm you have superCID via fastboot getvar cid
Click to expand...
Click to collapse
what value do you want us to have with super cid.
I unlocked and then reverted back toe the stock cid

dcooterfrog said:
what value do you want us to have with super cid.
I unlocked and then reverted back toe the stock cid
Click to expand...
Click to collapse
I THINK YOU SHOULD REMAIN ON SUPERCID(11111111)til you get s-off then if need be revert back.

dcooterfrog said:
what value do you want us to have with super cid.
I unlocked and then reverted back toe the stock cid
Click to expand...
Click to collapse
Any supercid should do, but 1's and 2's have been tested.
Sent from my HTC6435LVW using Tapatalk 2

Of course you've tested it I meant has anyone who is just a user trying to follow your instructions got it to work yet, I wasn't trying to be sarcastic. Anyway your battery pull instructions work for error 99 however I still keep getting the write protection error. My bootloader is unlocked and I have superCID set to 11111111. I'll copy what I see here so you can look at it
c:\Android>fastboot oem rebootRUU
...
(bootloader) Start Verify: 3
OKAY [ 0.072s]
finished. total time: 0.072s
c:\Android>fastboot flash zip 2.17.605.2_rom.zip
sending 'zip' (583416 KB)...
OKAY [ 24.313s]
writing 'zip'...
(bootloader) adopting the signature contained in this image...
FAILED (remote: 92 supercid! please flush image again immediately)
finished. total time: 24.422s
c:\Android>fastboot oem boot
< waiting for device >
...
(bootloader) Boot/Recovery signature checking...
(bootloader) Boot/Recovery signature checking...
(bootloader) setup_tag addr=0x80400100 cmdline add=0xC02FA8C4
(bootloader) TAG:Ramdisk OK
(bootloader) TAG:skuid 0x2DB00
(bootloader) TAG:hero panel = 0x4940045
(bootloader) TAG:engineerid = 0x0
(bootloader) TAG: PS ID = 0x0
(bootloader) TAG: Gyro ID = 0x0
(bootloader) Device CID is super CID
(bootloader) CID is super CID
(bootloader) Backup CID is empty
(bootloader) setting->cid::11111111
(bootloader) serial number: HT26SS300293
(bootloader) commandline from head: console=ttyHSL0,115200,n8
(bootloader) command line length =739
(bootloader) active commandline: poweron_status=1 reset_status=0 board_fi
(bootloader) ghter.disable_uart3=0 diag.enabled=0 board_fighter.debug_uar
(bootloader) t=0 userdata_sel=0 androidboot.emmc=true androidboot.pagesiz
(bootloader) e=2048 skuid=0 ddt=20 ats=0 androidboot.lb=1 td.td=1 td.sf=
(bootloader) 1 td.ofs=328 td.prd=1 td.dly=0 td.tmo=300 hlog.ofs=628 un.of
(bootloader) s=694 imc_online_log=0 androidboot.efuse_info=FFSL androidb
(bootloader) oot.baseband=1.53.06.0919 androidboot.cid=11111111 androidbo
(bootloader) ot.devicerev=3 androidboot.batt_poweron=good_battery android
(bootloader) boot.carrier=ALL and
(bootloader) aARM_Partion[0].name=misc
(bootloader) aARM_Partion[1].name=recovery
(bootloader) aARM_Partion[2].name=boot
(bootloader) aARM_Partion[3].name=system
(bootloader) aARM_Partion[4].name=local
(bootloader) aARM_Partion[5].name=cache
(bootloader) aARM_Partion[6].name=userdata
(bootloader) aARM_Partion[7].name=devlog
(bootloader) aARM_Partion[8].name=pdata
(bootloader) aARM_Partion[9].name=fat
(bootloader) aARM_Partion[A].name=extra
(bootloader) aARM_Partion.name=radio
(bootloader) aARM_Partion[C].name=adsp
(bootloader) aARM_Partion[D].name=dsps
(bootloader) aARM_Partion[E].name=wcnss
(bootloader) aARM_Partion[F].name=radio_config
(bootloader) aARM_Partion[10].name=modem_st1
(bootloader) aARM_Partion[11].name=modem_st2
(bootloader) partition number=18
(bootloader) Valid partition num=18
(bootloader) TZ_HTC_SVC_SET_DDR_MPU ret = 0
(bootloader) smem 90005000 (phy 90005000): TZ_HTC_SVC_UPDATE_SMEM ret = 0
(bootloader) TZ_HTC_SVC_LOG_OPERATOR ret = 0
(bootloader) TZ_HTC_SVC_ENC ret = 0
(bootloader) TZ_HTC_SVC_DISABLE ret = 474079232 (0x1C41E000)
(bootloader) jump_to_kernel: machine_id(3524), tags_addr(0x80400100), ker
(bootloader) nel_addr(0x80408000)
(bootloader) -------------------hboot boot time:9464 msec
FAILED (status read failed (Too many links))
finished. total time: 6.292s
c:\Android>adb push soffbin3 /data/local/tmp/
1078 KB/s (2209 bytes in 0.002s)
c:\Android>adb shell chmod 744 /data/local/tmp/soffbin3
c:\Android>adb shell
[email protected]:/ # su
su
[email protected]:/ # /data/local/tmp/soffbin3
/data/local/tmp/soffbin3
/data/local/tmp/soffbin3[2]: cannot create │╗▒╫÷: Read-only file system
/data/local/tmp/soffbin3[2]: ┴√╓♣î⌠: not found
/data/local/tmp/soffbin3[4]: syntax error: 'ⁿ' unexpected
/data/local/tmp/soffbin3[2]: ╕╚Ç╫⌂idτº╬R░4↔∩N¥U÷Å┘)╘¿j¥&j+ò╩U¿PñF╩≥ÇTAäBÑJÇJôç
►╝D<B}░wYQéäè╘─ï∙╬▄;╗wªnE╟>{ε╣ττ₧{ε╣?τ╣╣┼yM╙╚*ö: not found
/data/local/tmp/soffbin3[2]: ┘ªnc↕♂mè◄←ßî╟Θ: not found
/data/local/tmp/soffbin3[2]: ô♦∞☻─Q└: not found
/data/local/tmp/soffbin3[2]: ª↕Wê2└δ}▄G╗2öó^≡▲ñ√⌐ç♦/│.₧: not found
1|[email protected]:/ # exit
exit
1|[email protected]:/ # exit
exit
c:\Android>adb reboot bootloader
Click to expand...
Click to collapse
I hope you can help me figure this out, I'd really like to have s-off and I do appreciate all your hard work putting this together for us.
Edit:
I tried again this time entering the fastboot oem boot and pressing enter while it was flashing the zip so that it ran as soon as it finished flashing the zip and it rebooted back to the black HTC screen. Is that supposed to happen should I just wait, I waited five minute (I timed it) and it never changed from that screen.
c:\Android>fastboot oem rebootRUU
...
(bootloader) Start Verify: 3
OKAY [ 0.075s]
finished. total time: 0.075s
c:\Android>fastboot flash zip 2.17.605.2_rom.zip
sending 'zip' (583416 KB)...
OKAY [ 24.340s]
writing 'zip'...
(bootloader) adopting the signature contained in this image...
FAILED (remote: 92 supercid! please flush image again immediately)
finished. total time: 24.449s
c:\Android>fastboot oem boot
...
FAILED (command write failed (Too many links))
finished. total time: 0.001s
Click to expand...
Click to collapse

Well those are some weird errors you are getting indeed, the soffbin3 is pretty simple, should just return a 1.
Perhaps try on a more stock rom?
And your first method was the correct behavior, not the 2nd.
edit: I see your adb push only pushed 2209 bytes, which is the size of the ZIP file, not the decompressed binary.
The instructions clearly state you need to UNZIP it, not just delete the zip extension from your downloaded file. We zip the file before uploading in order to identify download errors.
Once decompressed the binary is 4751 bytes.

I know you're probably not going to believe me when I tell you this but I did unzip it something must have went wrong with the download/unzipping the first time. I re-downloaded it checked the MD5 and unzipped it and it worked great first try. Thank you so much for your help.

mpappas87 said:
I know you're probably not going to believe me when I tell you this but I did unzip it something must have went wrong with the download/unzipping the first time. I re-downloaded it checked the MD5 and unzipped it and it worked great first try. Thank you so much for your help.
Click to expand...
Click to collapse
no problem, glad you got it sorted.

some more questions
what does step 5 do. will it wipe my device. if used tibu to integrate a lot of apps into the stock rom and debloated a lot.
will it just recopy the stock system
what does the soffbin3 program do.

dcooterfrog said:
some more questions
what does step 5 do. will it wipe my device. if used tibu to integrate a lot of apps into the stock rom and debloated a lot.
will it just recopy the stock system
what does the soffbin3 program do.
Click to expand...
Click to collapse
The process just s-off's your device. If followed properly, there will be no wipe etc.
Sent from my HTC6435LVW using Tapatalk 2

Permission denied when trying to obtain S-OFF
Trouble obtaining S-OFF
Been working on this a while now. I go slowly through each step up to the point where it asks to type in su and hit enter and this is what I see (in command prompt):
FAILED (status read failed (Too many links))
finished. total time: 7.001s
C:\Users\Joe\Desktop\Fireball>adb push soffbin3 /data/local/tmp/
26 KB/s (4751 bytes in 0.173s)
C:\Users\Joe\Desktop\Fireball>adb shell chmod 744 /data/local/tmp/soffbin3
C:\Users\Joe\Desktop\Fireball>adb shell
[email protected]:/ $ su
su
1|[email protected]:/ $ /data/local/tmp/soffbin3
/data/local/tmp/soffbin3
open: Permission denied
[email protected]:/ $
I'm going to guess that somehow it's not booting back into the stock rooted ROM with write privileges? I've tried going through this procedure 4 times to ensure I didn't type in anything wrong. Also, to confirm, I do have superCID:
(bootloader) Device CID is super CID
(bootloader) CID is super CID
(bootloader) Backup CID is empty
(bootloader) setting->cid::11111111
and I have made sure the soff binary file (is of course unzipped) but also 4751 bytes.
Any ideas what I'm doing wrong here? I really appreciate this detailed write up, I just don't think I'm doing something right. Thanks!

joesee said:
Trouble obtaining S-OFF
Been working on this a while now. I go slowly through each step up to the point where it asks to type in su and hit enter and this is what I see (in command prompt):
FAILED (status read failed (Too many links))
finished. total time: 7.001s
C:\Users\Joe\Desktop\Fireball>adb push soffbin3 /data/local/tmp/
26 KB/s (4751 bytes in 0.173s)
C:\Users\Joe\Desktop\Fireball>adb shell chmod 744 /data/local/tmp/soffbin3
C:\Users\Joe\Desktop\Fireball>adb shell
[email protected]:/ $ su
su
1|[email protected]:/ $ /data/local/tmp/soffbin3
/data/local/tmp/soffbin3
open: Permission denied
[email protected]:/ $
I'm going to guess that somehow it's not booting back into the stock rooted ROM with write privileges? I've tried going through this procedure 4 times to ensure I didn't type in anything wrong. Also, to confirm, I do have superCID:
(bootloader) Device CID is super CID
(bootloader) CID is super CID
(bootloader) Backup CID is empty
(bootloader) setting->cid::11111111
and I have made sure the soff binary file (is of course unzipped) but also 4751 bytes.
Any ideas what I'm doing wrong here? I really appreciate this detailed write up, I just don't think I'm doing something right. Thanks!
Click to expand...
Click to collapse
You don't seem to have root access when trying to run soffbin3.
when you issue the su command the prompt should go from $ to #
But its staying $. So you either need to redo temp root or flash a custom recovery and flash an su zip.
Sent from my Nexus 7 using xda app-developers app

Incredible
Phenomenal work, thank you! Well written instructions and successful S-OFF of my device. I had no bizarre questions about what exactly a step meant. Lets just say good riddance to bad rubbish that comes from some of our friends.
and btw...Oh my gosh...I didn't need a specially sized microSD card to accomplish this

times_infinity said:
You don't seem to have root access when trying to run soffbin3.
when you issue the su command the prompt should go from $ to #
But its staying $. So you either need to redo temp root or flash a custom recovery and flash an su zip.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
I don't understand temp root? The ROM I'm running is rooted, but when the phone is "temp rooted" I'm assuming you mean the phone lets you run commands as 'su' while running adb commands. If that's correct, that means according to this thread http://forum.xda-developers.com/showthread.php?t=2214653 - I would have to type this in ADB:
adb restore fakebackup.ab
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > NUL
then reboot when the command is finished and only THEN I have temp root and can finish with the facepalm instructions right before I go into adb shell?
I have dabbled around with adb commands for a while now but don't understand why I've got su.zip flashed on my phone and have root at the ROM level I have to do this temp root ? Please help me understand?
Right now my phone is stuck in the odd mode where only your notification bar appears and accepts no adb commands but does show up under "adb devices'.
---------- Post added at 11:56 PM ---------- Previous post was at 11:24 PM ----------
times_infinity said:
You don't seem to have root access when trying to run soffbin3.
when you issue the su command the prompt should go from $ to #
But its staying $. So you either need to redo temp root or flash a custom recovery and flash an su zip.
Sent from my Nexus 7 using xda app-developers app
Click to expand...
Click to collapse
After running the temproot adb commands shown in my previous post, this is a paste of my command prompt:
C:\Android\Inc4G>adb shell chmod 744 /data/local/tmp/soffbin3
C:\Android\Inc4G>adb shell
[email protected]:/ # su
su
[email protected]:/ # /data/local/tmp/soffbin3
/data/local/tmp/soffbin3
1|[email protected]:/ # exit
exit
1|[email protected]:/ # exit
exit
C:\Android\Inc4G>adb reboot bootloader
That time I did not get permission denied, but there was no pause whatsoever in the command and after rebooting into the bootloader I still have S-ON. Before I try something else I was wondering what might be happening?
---------- Post added 10th June 2013 at 12:09 AM ---------- Previous post was 9th June 2013 at 11:56 PM ----------
joesee said:
I don't understand temp root? The ROM I'm running is rooted, but when the phone is "temp rooted" I'm assuming you mean the phone lets you run commands as 'su' while running adb commands. If that's correct, that means according to this thread http://forum.xda-developers.com/showthread.php?t=2214653 - I would have to type this in ADB:
adb restore fakebackup.ab
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > NUL
then reboot when the command is finished and only THEN I have temp root and can finish with the facepalm instructions right before I go into adb shell?
I have dabbled around with adb commands for a while now but don't understand why I've got su.zip flashed on my phone and have root at the ROM level I have to do this temp root ? Please help me understand?
Right now my phone is stuck in the odd mode where only your notification bar appears and accepts no adb commands but does show up under "adb devices'.
---------- Post added at 11:56 PM ---------- Previous post was at 11:24 PM ----------
After running the temproot adb commands shown in my previous post, this is a paste of my command prompt:
C:\Android\Inc4G>adb shell chmod 744 /data/local/tmp/soffbin3
C:\Android\Inc4G>adb shell
[email protected]:/ # su
su
[email protected]:/ # /data/local/tmp/soffbin3
/data/local/tmp/soffbin3
1|[email protected]:/ # exit
exit
1|[email protected]:/ # exit
exit
C:\Android\Inc4G>adb reboot bootloader
That time I did not get permission denied, but there was no pause whatsoever in the command and after rebooting into the bootloader I still have S-ON. Before I try something else I was wondering what might be happening?
Click to expand...
Click to collapse
I just wanted to take a minute and thank everyone for this write up. After running through this process 3 full times, I've FINALLY gotten S-OFF on my Incredible4G. Thanks again for all your hard work!!

I was wondering if I could kindly get some assistance.
I keep getting the following error:
C:\WINDOWS\system32>fastboot flash zip 2.17.605.2_rom.zip
error: cannot load '2.17.605.2_rom.zip'
I am BL unlocked, supercid, running ViperROM.
I am not quite sure what I am doing wrong. I seemed to have followed the instructions to a tee.
Assistance is greatly appreciated!

Moved to troubleshoot forum.
Thread
Sent from my ADR6410LVW using xda app-developers app

[SOLVED] Unbricked! ('build.prop' mess; 'su' fails with EPERM )

See the next post for a solution.!
BACKGROUND
OK. So, I had an HDX 8.9 with 14.3.2.6 all setup with towelroot, HDXposed, gapps, play store, etc.
I used to have SafeStrap on this also, but I kept running out of space; so, I got rid of it:- a foolish idea, no doubt.
Even without a ROM slot, I may have had a better chance at recovering using the built-in shell... Oh, well...
THE DEED [**SCARY**]
I was trying to follow this excellent guide -without thinking too much- )
Or, closer to the truth, I thought: I have root and I won't mess with the boot process; so, what could possibly go wrong?
So, I modded my build.prop:
Code:
>>> diff build.prop.orig build.prop
25,26c25,28
< ro.product.model=KFAPWI
< ro.product.brand=Amazon
---
> #ro.product.model=KFAPWI
> #ro.product.brand=Amazon
> ro.product.model=SM-G900F
> ro.product.brand=Samsung
32c34,35
< ro.product.manufacturer=Amazon
---
> #ro.product.manufacturer=Amazon
> ro.product.manufacturer=Samsung
AND, I also forgot to adjust permissions on the new build.prop.
Code:
[email protected]:/system $ ls -l /system/build.prop*
-rw-rw-rw- root root 5561 2014-12-14 14:52 build.prop
-rw-r--r-- root root 5475 2014-09-09 03:53 build.prop.orig
I rebooted and got a nasty surprise: not only does the screen go black after the grey Kindle Fire logo (which wasn't too surprising), but su fails as well with exit code 1 (EPERM :- permission denied)
Code:
>>> adb shell
[email protected]:/ $ su
1|[email protected]:/ $ ls -al /system/xbin/su
-rwsr-sr-x root root 71264 2014-11-27 16:00 su
Permissions on the binary look OK (the same as in my backup image).
In fact, su will run with the '-v' (or '-h') option, but seems to EPERM when trying to exec another command.
Code:
[email protected]:/ $ su -v
2.35:SUPERSU
STATUS
I do have a backup of the original build.prop.
I also made images of all the 20-something MMC partitions using dd.
The "brick" has adb access, and fastboot seems to work as well.
Unfortunately, the more obvious workarounds such as adb remount or fastboot boot KERNEL MODDED-RAMDISK do not help.
Interestingly, fastboot boot downloads the image before bailing out with "boot not allowed on locked hw" (or something very similar),
which _may_ (?perhaps?) allow for overflowing a buffer by messing with the fastboot protocol.. (just speculating)
While writing this up, I also tried to flash the backup of my system partition.
Code:
>>> fastboot -i 0x1949 flash system system.img
target reported max download size of 1073741824 bytes
Invalid sparse file format at header magi
erasing 'system'...
OKAY [ 0.020s]
sending sparse 'system' (1032534 KB)...
OKAY [ 32.464s]
writing 'system'...
FAILED (remote: flashing not allowed for locked hw)
finished. total time: 32.536s
Not only did this not work, it also got me fairly nervous as it claimed to have erased the system partition.
Luckily, that did not happen. After rebooting, the situation is the same: everything's still there, but su fails.
QUESTIONS
Do wrong permissions on build.prop alone result in such weird behavior? Or, is it more likely that the changes in content caused the lockdown?
Does 'factory reset' (from the recovery screen) fix anything in the system partition? Or, is that the same thing as Factory Reset in Settings, which clears userdata?
All the unbricking guides (specifically for build.prop mistakes) I've seen so far are based a working su. Are there other options/exploits that could be useful?
Any chance that re-rooting might help? And, in that case, does anybody know about an adb-friendly rooting method for 14.3.2.6?
Any ideas I could try to unbrick my HDX?

Answers to my questions follow....
UNBRICKING
Learn about ghettoroot in this thread.
Code:
>>> wget 'http://forum.xda-developers.com/attachment.php?attachmentid=2924899&d=1409874318' -O ghettoroot-v0.2.2.zip
>>> unzip ghettoroot-v0.2.2.zip
>>> adb push ghettoroot/files/ghettoroot /data/local/tmp
>>> adb shell
[email protected]:/ $ cd /data/local/tmp
[email protected]:/ $ chmod 0755 ghettoroot
[email protected]:/ $ ./ghettoroot -n -m "1337 0 0 0 4 0" /system/bin/sh
# chmod 0644 /system/build.prop
# reboot
ANSWERS
Do wrong permissions on build.prop alone result in such weird behavior? Or, is it more likely that the changes in content caused the lockdown?
-- As it should be evident from the solution above, this whole nightmare was the result of the permissions being wrong; my HDX boots fine with the changed content.
Does 'factory reset' (from the recovery screen) fix anything in the system partition? Or, is that the same thing as Factory Reset in Settings, which clears userdata?
-- Thankfully, I didn't have to try this, but I do suspect that both ways to trigger Factory Reset will have the same effect.
All the unbricking guides (specifically for build.prop mistakes) I've seen so far are based a working su. Are there other options/exploits that could be useful?
-- Well, most guides also explained that one might have to root the device first; my only issue was that the examples used old exploits that do not work on 14.3.2.6.
Any chance that re-rooting might help? And, in that case, does anybody know about an adb-friendly rooting method for 14.3.2.6?
-- In fact, this is the solution. As towelroot works on 14.3.2.6, I was trying to find a command-line version: that's what ghettoroot is.
Wonderfully over-engineered for just unbricking, and the modstring is preset to work on some obscure Samsung device, but a bit of fiddling is all that was necessary to get it to work on the HDX 8.9.
Any ideas I could try to unbrick my HDX?
-- As a matter of fact, I started to look into getting around the bootloader (as I though I had lost root for good), and I have a much better clue where/how to get started.
The only problem is that I'm not exactly high on free cycles... In any case, if and when I get some time, I'll be loading the aboot image into IDA Pro...
These two -not completely unrelated- blog posts got me all excited..

draxie said:
Any ideas I could try to unbrick my HDX?
-- As a matter of fact, I started to look into getting around the bootloader (as I though I had lost root for good), and I have a much better clue where/how to get started.
The only problem is that I'm not exactly high on free cycles... In any case, if and when I get some time, I'll be loading the aboot image into IDA Pro...
These two -not completely unrelated- blog posts got me all excited..
Click to expand...
Click to collapse
Last I heard, Dan's TrustZone exploit won't do any good for our devices.

EncryptedCurse said:
Last I heard, Dan's TrustZone exploit won't do any good for our devices.
Click to expand...
Click to collapse
Fair enough. No point wasting time on that track then...
Just out of curiostiy, I ran strings on my aboot image (tha's the level of complexity I had time for)
and got a few -for me- new and interesting tidbits such as evidence of embedded public keys (expected)
Code:
Production Kernel Key1
Lab1261
Amazon1
Lab126 Root CA 10
Engineering Key1
Lab1261
Amazon1 0
Lab126 Tablet Root CA 10
Unlock Key1
Lab1261
Lab126 Bootchain CA0
and possible indications of a "native" unlock command:
Code:
Unlock code is correct
Unlock code is NOT correct
unlock_code
Of course, any unlock code is likely to be signed by the privare part of that "Unlock Key",
but there's hope that signature checking may be broken..
Wishful thinking, I know, but given that little kernel itself was vulnerable to an RSA padding attack (CVE-2014-0973),
I'd at least check if something similar might work for a "supported" unlock method (if such a thing now exists).
BTW, any clue if said padding attack may apply to our slate? All three public keys listed above have exponent 3 (see attachment); so, that part -at least- is fine. (-;
I'm not too inclined to test this as I'm unsure how I'd recover from a low-level boot error without a sane recovery partition...

I cant root my device

Hello,
I wanted to root for my Huawei Ascend Y550-L01.
At the command:
Code:
adb push su /system/bin
An error has occurred:
Code:
failed to copy 'su' to '/system/bin/su' : Read-only file system
Then sought out the information that you need to perform the command to mount the system partition R / W. Unfortunately, no way the internet DOES NOT WORK ...
I note that during the root process I have included usb debugging, I have included anti-virus ...

Fixing ext4 partition in Android TV (Akai) - no e2fsck present

Hi, my first opened discussion, after very much pain since i am not expert at linux shell commands / environment, i have dismounted the userdata partition, now i need to check/repair it with a e2fsck / fsck.ext4 but isn't there on this Android TV (damn!), so i tried to import it from my Tablet that is vers. 4.4.2 against 4.4.4 of TV, passing it before to a Windows Xp pc through USB cable, then to TV using a USB pendrive, when i try to run it with or without superuser rights it fails, it tells :
system/bin/sh: e2fsck: not found [when in normal user mode]
su: exec failed for e2fsck Error:No such file or directory
[when used with su -c behind]
the file exists:
$ su -c ls -l
-rwxrwxrwx root root 122576 2012-03-25 13:36 e2fsck
Any Ideas? Much thanks!

Already solved, thanks the same.