Related
Obligatory reading before you begin: So You Want to Root and Mod Your HTC Phone
Introduction
Credit goes to Bin4ry for developing the loop-restore trick that applies to many phones, and of course CaptainRewind and jose51197 for being the first to demonstrate its applicability to the HTC Droid Incredible 4G LTE. Since that time, I have put quite a bit of work into writing these automated scripts. I am splitting them out of the original thread so that I can give them a proper home and continue to maintain them. With the start of this thread, I'm also introducing a Linux variant of the script.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Usage - typical procedures
All of the below procedures assume you're still using a phone with a locked bootloader and S-ON.
Prerequisites:
Windows users: uninstall any HTC software you currently have installed (e.g. HTC Sync) and install the HTC drivers from this post. Only unlimited.io's S-OFF requires a certain driver version. Other procedures can use the latest version.
All users: Only use a USB 2.0 port on your computer. Do not use a USB 3.0 port. When you connect your phone to the USB cable, ensure it is in Charge Only mode.
HTCDev Unlock: unlock the bootloader, install a custom recovery, and install superuser (for root access):
Flash RUU 2.17.605.2 or run factory reset if you are already on this software version.
... then set these options:
Settings > Developer options > USB debugging = True
Settings > Power > Fast boot = False
Use task 1 of the script to unlock the bootloader
... then set these options (yes, again):
Settings > Developer options > USB debugging = True
Settings > Power > Fast boot = False
Use task 5 of the script to install either TWRP or CWM recovery
Occasionally, this step needs to be run twice in order for the recovery to boot. It's a quirk of the phone.
Flash a super-user app with the su binary through recovery: Superuser, SuperSU, or ClockworkMod Superuser
If you opt for Superuser, you want Superuser-3.1.3-arm-signed.zip
Use task 3 of the script to revert the CID to stock (this will not affect unlock)
Unlimited.io S-OFF (DirtyRacun):
Follow the instructions for DirtyRacun: Fireball at unlimited.io very carefully
When you get to Temproot your phone via any method available, use task 6 of the script to put your phone in temp-root mode.
Continue the instructions for DirtyRacun
Facepalm S-OFF:
Flash RUU 2.17.605.2 or run factory reset if you are already on this software version.
... then set these options:
Settings > Developer options > USB debugging = True
Settings > Power > Fast boot = False
Use task 1 of the script to unlock the bootloader
... then set these options (yes, again):
Settings > Developer options > USB debugging = True
Settings > Power > Fast boot = False
Use task 5 of the script to install either TWRP or CWM recovery
Occasionally, this step needs to be run twice in order for the recovery to boot. It's a quirk of the phone.
Flash a super-user app with the su binary through recovery: Superuser, SuperSU, or ClockworkMod Superuser
If you opt for Superuser, you want Superuser-3.1.3-arm-signed.zip
Follow the directions for Facepalm S-OFF
Use task 3 of the script to revert the CID to stock (this will not affect unlock or S-OFF)
Flash the DirtyRacun HBOOT from unlimited.io - follow the instructions on the right sidebar
Notice: Windows users can run these commands by removing sudo ./ from each line.
Cautionary Notes about OTAs
When (if) fireball gets an official jellybean release from HTC/Verizon:
It is crucial that users have their CID as VZW__001 (and not SuperCID). It seems OTAs (over-the-air updates) for other HTC devices have caused bricks for users who are S-ON and SuperCID. I strongly recommend users revert their CID after unlocking or doing facepalm S-OFF.
New touch firmware may cause compatibility issues when switching between ROMs. If possible, delay updating while devs work on testing ROMs with the new firmware.
With this said, I really have NO clue whether we will ever get an official jellybean release.
Linux script notes
The linux script will only execute properly in a bash terminal!
After extracting, make runme.sh executable:
Code:
chmod +x runme.sh
Then, run the script:
Code:
./runme.sh
Manual procedures for reference
Windows
Before you begin
Uninstall HTC Sync and any other applications/drivers that come up with a search for "htc" in the uninstall programs list in Windows. Download and install the latest HTC Drivers from this post.
Only use a USB 2.0 port on your computer. Do not use a USB 3.0 port. When you connect your phone to the USB cable, ensure it is in Charge Only mode.
Verify your phone is on the correct software version: Settings > About > Software information: Software number = 2.17.605.2 710RD
If you need to update your phone (from 4.0.3) the RUU is here.
Factory reset your phone: Settings > Storage > Factory data reset
Turn off Fast boot: Settings > Power > Fast boot = Off
Turn on USB debugging: Settings > Developer options > USB debugging = On
Part 1: Obtain temp-root
Open a command prompt in the directory where you extracted Inc4GUnlockV6-Windows.zip. Ensure USB debugging is enabled on your device and verify the connection with:
Code:
adb devices
You should see something like:
List of devices attached
HTXXXXXXXXXX device
Click to expand...
Click to collapse
Start the restore process with
Code:
adb restore fakebackup.ab
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > NUL
The command prompt will appear to be hung. At this point you can accept the restore prompt on your phone. When the command prompt returns, type:
Code:
adb reboot
Wait at least 60 seconds (seriously, time it) and you phone should be in temp-root mode. There will be only a status bar on the phone, but no unlock-ring.
Part 2: Apply SuperCID
Apply the SuperCID modification:
Code:
adb shell "dd if=/dev/block/mmcblk0p4 of=/sdcard/cid"
adb pull /sdcard/cid
copy cid mmcblk0p4.original
hexalter cid 0x214=0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31
adb push cid /sdcard/
adb shell "dd if=/sdcard/cid of=/dev/block/mmcblk0p4"
adb shell "rm /data/local.prop /sdcard/cid"
del cid
If all went well, reboot your phone to the bootloader and check your cid:
Code:
adb reboot-bootloader
fastboot oem readcid
Verify that your cid is 11111111.
Part 3: Unlock the bootloader
You can now proceed to unlock your bootloader. Start by retrieving your unlock token:
Code:
fastboot oem get_identifier_token
Sign up for an account using a valid e-mail address at htcdev.com. After you have logged in, jump to page 3. Submit your device token. When you receive Unlock_code.bin in your e-mail (check your junk mail folder!), copy it to the directory where you extracted Inc4GUnlockV6-Windows.zip, then type:
Code:
fastboot flash unlocktoken Unlock_code.bin
Follow the on-screen instructions to unlock your bootloader.
Part 4: Flash a custom recovery
Download your preferred recovery, TWRP or CWM, and flash it through fastboot (phone is at the bootloader) using:
Code:
fastboot flash recovery recovery_file_name.img
fastboot reboot-bootloader
If this is the first time flashing a custom recovery, you may have to perform this step twice. It's a quirk of the phone.
Part 5: Root the phone
Flash a super-user app with the su binary through recovery: Superuser, SuperSU, or ClockworkMod Superuser
Part 6: Revert your CID to stock
You may want to revert your cid to stock after installing a new ROM. Keeping SuperCID can cause issues with making/receiving phone calls in stock-based ROMs. Make sure you have Superuser installed. Then, with the phone fully booted up, type:
Code:
adb shell "su -c 'dd if=/dev/block/mmcblk0p4 of=/sdcard/cid'"
adb pull /sdcard/cid
hexalter cid 0x214=0x56,0x5A,0x57,0x5F,0x5F,0x30,0x30,0x31
adb push cid /sdcard/
adb shell "su -c 'dd if=/sdcard/cid of=/dev/block/mmcblk0p4'"
adb shell "rm /sdcard/cid"
del cid
Linux
Before you begin
Only use a USB 2.0 port on your computer. Do not use a USB 3.0 port. When you connect your phone to the USB cable, ensure it is in Charge Only mode.
Verify your phone is on the correct software version: Settings > About > Software information: Software number = 2.17.605.2 710RD
If you need to update your phone (from 4.0.3) the RUU is here.
Factory reset your phone: Settings > Storage > Factory data reset
Turn off Fast boot: Settings > Power > Fast boot = Off
Turn on USB debugging: Settings > Developer options > USB debugging = On
Part 1: Obtain temp-root
Open a terminal in the directory where you extracted Inc4GUnlockV6-Linux.zip. Ensure USB debugging is enabled on your device and verify the connection with:
Code:
./adb devices
You should see something like:
List of devices attached
HTXXXXXXXXXX device
Click to expand...
Click to collapse
Start the restore process with
Code:
./adb restore fakebackup.ab
./adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > /dev/null
The terminal will appear to be hung. At this point you can accept the restore prompt on your phone. When the terminal prompt returns, type:
Code:
./adb reboot
Wait at least 60 seconds (seriously, time it) and you phone should be in temp-root mode. There will be only a status bar on the phone, but no unlock-ring.
Part 2: Apply SuperCID
Apply the SuperCID modification:
Code:
./adb shell "dd if=/dev/block/mmcblk0p4 of=/sdcard/cid"
./adb pull /sdcard/cid
cp cid mmcblk0p4.original
printf '\x31\x31\x31\x31\x31\x31\x31\x31' | dd of=cid bs=1 seek=532 conv=notrunc
./adb push cid /sdcard/
./adb shell "dd if=/sdcard/cid of=/dev/block/mmcblk0p4"
./adb shell "rm /data/local.prop /sdcard/cid"
rm cid
If all went well, reboot your phone to the bootloader and check your cid:
Code:
./adb reboot-bootloader
./fastboot oem readcid
Verify that your cid is 11111111.
Part 3: Unlock the bootloader
You can now proceed to unlock your bootloader. Start by retrieving your unlock token:
Code:
./fastboot oem get_identifier_token
Sign up for an account using a valid e-mail address at htcdev.com. After you have logged in, jump to page 3. Submit your device token. When you receive Unlock_code.bin in your e-mail (check your junk mail folder!), copy it to the directory where you extracted Inc4GUnlockV6-Linux.zip, then type:
Code:
./fastboot flash unlocktoken Unlock_code.bin
Follow the on-screen instructions to unlock your bootloader.
Part 4: Flash a custom recovery
Download your preferred recovery, TWRP or CWM, and flash it through fastboot (phone is at the bootloader) using:
Code:
./fastboot flash recovery recovery_file_name.img
./fastboot reboot-bootloader
If this is the first time flashing a custom recovery, you may have to perform this step twice. It's a quirk of the phone.
Part 5: Root the phone
Flash a super-user app with the su binary through recovery: Superuser, SuperSU, or ClockworkMod Superuser
Part 6: Revert your CID to stock
You may want to revert your cid to stock after installing a new ROM. Keeping SuperCID can cause issues with making/receiving phone calls in stock-based ROMs. Make sure you have Superuser installed. Then, with the phone fully booted up, type:
Code:
./adb shell "su -c 'dd if=/dev/block/mmcblk0p4 of=/sdcard/cid'"
./adb pull /sdcard/cid
printf '\x56\x5A\x57\x5F\x5F\x30\x30\x31' | dd of=cid bs=1 seek=532 conv=notrunc
./adb push cid /sdcard/
./adb shell "su -c 'dd if=/sdcard/cid of=/dev/block/mmcblk0p4'"
./adb shell "rm /sdcard/cid"
rm cid
Changelog
Version 6.2
Linux: Fix incorrect use of grep when busybox is not available; update adb and fastboot executables
Version 6.1
Windows: (Hopefully) fixed hanging procedures due to std redirects
Linux: Allow more diverse device codes returned by adb devices
Version 6.0 - Initial Release (in this thread)
Great tool, wish I had this when I was did mine I wasted valuable angry birds time
Sent from my ADR6300 using xda app-developers app
I assume that is only available in linux not a windows version. Anything automated with this process for s-off would be so great. old laptops, new phones and dumbass users like me isn't really a great mix lol
kramer56 said:
I assume that is only available in linux not a windows version. Anything automated with this process for s-off would be so great. old laptops, new phones and dumbass users like me isn't really a great mix lol
Click to expand...
Click to collapse
I literally just put my palm to my face. You need to re-consider whether leaving your stock ROM is a good idea.
This post is relevant.
deserved. the original inc was just so easy i guess. this seems so much more involved with the windows os
I always flash roms with the og
mdmower said:
I literally just put my palm to my face.
Click to expand...
Click to collapse
I see why the new method is called Facepalm S-OFF now.
Well when i get to here adb restore fakebackup.ab
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; it asks on the phone for a encryption password and the cmd.exe says link not found and just keeps running that for 3 minutes then I exited out
maybe I am not extracting to the proper place, that is unclear to me, sorry
When i run the script it doesn't find my device, asks if i see it listed above as "HTXXXXXXX" but all i can see is
emulator-5554 device
FA29TS301243 device
i have the phone connected as charge only, debugging enabled and fast boot dissabled. running latest android 4.0.4, sense 4.1 official update and yes i have latest htc drivers installed and when i plugged the phone it gets recognized just fine.
what could i be doing wrong? win 7 64 bits by the way.
sidgallup said:
When i run the script it doesn't find my device, asks if i see it listed above as "HTXXXXXXX" but all i can see is
emulator-5554 device
FA29TS301243 device
i have the phone connected as charge only, debugging enabled and fast boot dissabled. running latest android 4.0.4, sense 4.1 official update and yes i have latest htc drivers installed and when i plugged the phone it gets recognized just fine.
what could i be doing wrong? win 7 64 bits by the way.
Click to expand...
Click to collapse
I have not seen a fireball with an FAXXXXXXXXX device code. Are you positive you have the Incredible 4G LTE (and not the Desire 4G LTE or Incredible 2, or Incredible S, or something else)?
It looks like you have two devices plugged in. If so, unplug the other device.
If you have HTC Sync or any other HTC software installed, remove it all and re-install just the driver.
Well in about>phone identity it says model number ADR6410LVW and i'm pretty sure it is in fact a 4g LTE, it says so on the back cover.
Also i've downloaded the 4.0.1.002 drivers from that post in the first place, just got the phone 2 days ago.
sidgallup said:
Well in about>phone identity it says model number ADR6410LVW and i'm pretty sure it is in fact a 4g LTE, it says so on the back cover.
Also i've downloaded the 4.0.1.002 drivers from that post in the first place, just got the phone 2 days ago.
Click to expand...
Click to collapse
that driver is for windows 8 i think you need 3.0.007 something like that.
Aldo101t said:
that driver is for windows 8 i think you need 3.0.007 something like that.
Click to expand...
Click to collapse
The 4.x drivers also work with Win7.
sidgallup said:
Well in about>phone identity it says model number ADR6410LVW and i'm pretty sure it is in fact a 4g LTE, it says so on the back cover.
Also i've downloaded the 4.0.1.002 drivers from that post in the first place, just got the phone 2 days ago.
Click to expand...
Click to collapse
Well, if you're sure, you can give the manual instructions a try. If the emulated device isn't something you can unplug, then you'll have to specify the target device for adb with: adb -s FA29TS301243 ...
well... thing is i'm not familiar at all with command line, that's the reason i wanted to use this automatic method, coming from a rooted+m9 Droid 2 with locked bootloader, Incredible 4g looks to intimidating for someone like me, as much as i want to flash Cm10 i don't wanna take the risk of ending with a brick.
Do i need to use this same tool to get it unlocked using the HTCDev method?
sidgallup said:
well... thing is i'm not familiar at all with command line, that's the reason i wanted to use this automatic method, coming from a rooted+m9 Droid 2 with locked bootloader, Incredible 4g looks to intimidating for someone like me, as much as i want to flash Cm10 i don't wanna take the risk of ending with a brick.
Click to expand...
Click to collapse
If you are not comfortable with the command line and the thrill of potentially bricking your phone, please stick with your stock ROM.
This post is relevant.
mdmower said:
If you are not comfortable with the command line and the thrill of potentially bricking your phone, please stick with your stock ROM.
This post is relevant.
Click to expand...
Click to collapse
Yeah, that's what i'm gonna do for now, i thought rooting this phone will be just as relatively easy as with my old Droid 2 Global but it's a completely different animal.
At least last week HTC announced they are updating stock to 4.2.2, with some luck our 4g LTE is getting the update too
mdmower said:
The 4.x drivers also work with Win7.
Well, if you're sure, you can give the manual instructions a try. If the emulated device isn't something you can unplug, then you'll have to specify the target device for adb with: adb -s FA29TS301243 ...
Click to expand...
Click to collapse
I stand corrected, thanks
Ok one last question just to be completely shure i'm not missing something... can i run the script witile the phone is ON or should i be running it with the phone in bootloader mode?
EDIT: ok i got it to work, that other "emulator" device was related to Blue Stacks App Player, as soon as i uninstalled it the script worked perfectly even when my phone wasn't listed as HTXXXX, just installed CM10 and everything is fine.
c:\Android>fastboot oem get_identifier_token
'fastboot' is not recognized as an internal or external command,
operable program or batch file.
I am stuck on this, how do i get pass this the fastboot is there I see it but it won't run
I use windows vista home premium 32 bit
ok yesterday I got as far as the fast boot token on windows and now today the adb is out of date or something to that effect. every time I click sdk manager it has all the revision updates for platform and tools. yesterday it did none of stuff. My device is not found and when i run task 1 it say daemon not working switch to port 5037 and it does not list any devices. Should I do a factory reset on hboot screen? I just installed htc drivers ending in ....23 and still nothing. UBUNTU was a fail because nothing would auto run at all and I had to keep extracting to folders in which nothing found later not to mention no wireless on ubuntu either.
adb is up to date now but no device found, everything powers up just fine
wrong thread
first and formost special thanks CastleBravo,without whos testing and help in this thread,for DNA. he asked all the right questions,and gave others all the right answers while i was at work and couldnt respond. also to treadwayj,who dumped mmcblk0p3 from his still locked phone for comparison,providing valuable confirmation.
with m7,this is just one way to skin the cat. you can also use the revone tool to change back to *locked*
use clockwork recovery it did not work for me using twrp. agaion, if you want to flash these zips,do now use twrp.
i happened across this thread inthe gsm evo 3d forum: http://forum.xda-developers.com/showthread.php?t=1970252 and found it to work on the rezound,inc 4g,sensation 4g,cdma evo 3d,MT4GS,Amaze 4g,one s,droid DNA,m7,and prolly several others.
this does NOT mean you can unlock your bootloader without going thru htcdev. all this means,is that if your bootloader is unlocked after s-off,you can get rid of the relocked watermark and get back to 100% locked prior to s-on for legitimate warranty purposes.
ive always been unlocked. for S&Gs,i dumped mmcblk0p3 and found the described "HTCU" at 0x8404. changed it to 0x00000000 and voila! back to locked
afterward,relfashed my origianl mmcblk0p3,wich brought me back to unlocked with no getting or flashing tokens.
this is NOT a patched or hex edited hboot.again,this is ONLY to get back your original ***locked*** status.
*this is for s-off phones only
2 ways to do it:
1)old school
this assumes you to have drivers,adb/fastboot,a hex editor,a fair understanding about what youre doing,and the ability to follow directions on the linked thread
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]
c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HTxxxxxxxxxx device
c:\mini-adb_vigor>[COLOR="Red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
[email protected]:/ # [COLOR="red"]exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
2292 KB/s (33143808 bytes in 14.116s)
[COLOR="Blue"]*modify mmcblk0p3 with a hex editor[/COLOR]
c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
2478 KB/s (33143808 bytes in 13.059s)
c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
[email protected]:/ #[COLOR="red"] exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]
c:\mini-adb_vigor>
2)noob friendly
-download the appropriate zips,place on sd card.
-boot to recoverywipe cache/dalvik
-flash in recovery. i recomend to run query first,to make sure its working. tested on my personal m7_u,and m7_ul, one s,amaze,jetstream,rezound,inc) 4g,sensation,MT4GS,and gsm evo 3d. tested by castlebravo on DNA.
query:query_bootloader.zip
query_bootloader.zip f335f78f9f46469c823da0c671026de5
unlock:unlock_bootloader.zip
unlock_bootloader.zip f335f78f9f46469c823da0c671026de5
lock:lock_bootloader.zip
lock_bootloader.zip f335f78f9f46469c823da0c671026de5
a little bit of explanation. yes,the md5s are all the same. its the same file,just named differently. the script behaves based on the name of the zip. i knew if i only included 1 download and instructed folks to change the name there would be confusion,so this is my attempt to keep it simple. feel free to download one file and just change the name to make the other zips.
it also works to make your phone relocked if for some reason you want it that way(rename relock_bootloader.zip). i didnt include a zip for that because i figued there would be no demand.
before:
after:
sure,i could have easily faked the above photos,but i dint.
again,all credit goes to s trace on the above thread,be sure to click the thanks button on his post. all i did was remove the device check per his instruction. DO NOT flash on other devices without checking for the proper location of the lock flag first.
DISCLAIMER:this is not my work. i have tested it on my own device,but use it at your own risk. if it melts your phone into a lil pile of goo,its not my fault.
enjoy
special thanks
-BC for originally dumping mmcblk0p3 for me to know this was worth exploring for dna
-CastleBravo for testing and suport on the original test thread,as well as the pics you see here
-treadwayj for dumping mmcblk0p3 from his still locked phone.
-brian for unlocking his bootloader,then dumping mmcblock0p3 to make sure it would work for cdma evo3d phones too
-brian and donb for fearless testing of the zip files on evo3d cdma
This is only for the flags, correct? It won't turn S-ON, will it? I'm not sure how thorough the T-mobile folks check to see if you've rooted your phone or not. Mine says locked but I have S-OFF so i can still do as I please with the phone. NINJA!
silentcovenant said:
This is only for the flags, correct? It won't turn S-ON, will it? I'm not sure how thorough the T-mobile folks check to see if you've rooted your phone or not. Mine says locked but I have S-OFF so i can still do as I please with the phone. NINJA!
Click to expand...
Click to collapse
It will lock the bootloader again, but that doesn't matter now that we have S-OFF.
I just used revone's guide for resetting the flag from "Relocked" to "Locked".
Lafenear said:
It will lock the bootloader again, but that doesn't matter now that we have S-OFF.
I just used revone's guide for resetting the flag from "Relocked" to "Locked".
Click to expand...
Click to collapse
Okay, yeah, me too.. I'm having a lot of issues with getting AOSP ROMs to work with my phone, I'm starting to think the phone is defective. I can't imagine what would be going wrong, though. What would I tell T-Mobile if/when I take the phone to them, I just want another HTC One that works with my flashing habit.
Also, anyone know how to reflash the stock recovery? I notice someone posted the .img file of it
silentcovenant said:
Okay, yeah, me too.. I'm having a lot of issues with getting AOSP ROMs to work with my phone, I'm starting to think the phone is defective. I can't imagine what would be going wrong, though. What would I tell T-Mobile if/when I take the phone to them, I just want another HTC One that works with my flashing habit.
Also, anyone know how to reflash the stock recovery? I notice someone posted the .img file of it
Click to expand...
Click to collapse
you should be able to just flash it in fastboot
Sent from my HTC One using xda premium
Can you actually S-ON again? Don't need to but just curious!
meleelord said:
Can you actually S-ON again? Don't need to but just curious!
Click to expand...
Click to collapse
http://androidforums.com/showthread.php?p=5918438
Sent from my ADR6425LVW using Tapatalk 2
I am trying to unlock my HTC Incredible 4G on Verizon to load a new ROM onto it. All of my attempts have failed up to this point, by using the WinDroid v2.3 automated tool. I get the following output during the process:
Code:
Task:
1) WINDROID USERS CHOOSE THIS OPTION!
2) Set CID to SuperCID (11111111) - Requires Root
3) Revert CID to original state (VZW__001) - Requires Root
4) Re-lock the bootloader
5) Install recovery
6) Put phone into temp-root mode
10) Exit
Choose a task: 1
========================
= Step 1: Temp-Root =
========================
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
FA************ device
Under "List of devices attached" above, you should see your device
listed (looks like HTXXXXXXXXXX).
Do you see your device (Y/N)? y
Now unlock your device and confirm the restore operation.
By the time you are done reading this sentence, it should be safe to
accept the restore prompt on your device. You should not have a backup
password set on your phone, so leave both password fields empty.
If this process is successful, the script will continue. If not, this
shell will run forever and you must exit by closing this window.
When you see this message, the restore is complete. Your phone will
now reboot to what looks like an unusable state (be patient!). A
status bar will show across the top, but there will be no ring unlock.
This is good! Wait for the script to begin step 2: SuperCID.
========================
= Step 2: SuperCID =
========================
Your phone's CID is being modified to SuperCID. Once complete, your
phone will reboot to the bootloader.
2+0 records in
2+0 records out
1024 bytes transferred in 0.025 secs (40960 bytes/sec)
142 KB/s (1024 bytes in 0.007s)
31 KB/s (1024 bytes in 0.032s)
2+0 records in
2+0 records out
1024 bytes transferred in 0.035 secs (29257 bytes/sec)
< waiting for device >
...
(bootloader) cid: VZW__001
OKAY [ 0.011s]
finished. total time: 0.012s
Just above, you should see (bootloader) cid: 11111111
1) Yes, my cid is 11111111. Keep going.
2) No, my cid is VZW__001. Factory reset and try again.
3) No, my cid is VZW__001. Exit the script.
There are two things I notice here:
1) My phone is not identified as "HTxxxxxxxxxx" but rather "FA**********".
2) It appears to work, with the reading and writing of the files, but then it doesn't work.
One thing that I noticed was that when I go into the bootloader when this does not work, I get the first attachment.
When I go to the "Recovery" option, then I get the second attachment.
It appears that I originally put a ROM or S-off'd and unlocked my phone, but somehow lost the unlock and can't figure out how to fix it.
Any help in figure it out would be appreciated.
Do you know which OTA is currently on the phone? The unlock method depends greatly on which one is installed. Assuming you're on the latest, try this method: http://forum.xda-developers.com/showthread.php?t=2664460 The script looks slightly different than what you've posted above.
junkmail9 said:
Do you know which OTA is currently on the phone? The unlock method depends greatly on which one is installed. Assuming you're on the latest, try this method: http://forum.xda-developers.com/showthread.php?t=2664460 The script looks slightly different than what you've posted above.
Click to expand...
Click to collapse
Thanks for the input.
My device is at the most current OTA: 2.19.605.2 710RD
Android: 4.0.4
Kernel:
3.0.8-01625-g9d06ef9
[email protected] #1
SMP PREEMPT
I tried the link that you pointed to with no success. I got the following error messages:
Code:
/sdcard/cid: cannot open for write: Read-only file system
remote object '/sdcard/cid' does not exist
The system cannot find the file specified.
cannot stat 'cid': No such file or directory
/sdcard/cid: cannot open for read: No such file or directory
rm failed for /sdcard/cid, No such file or directory
Could Not Find C:\Users\Keith\Downloads\cid
I've tried just the straight-forward process of a number of different scripts. I think there is something specific that I am missing.
keithsmessina said:
Thanks for the input.
My device is at the most current OTA: 2.19.605.2 710RD
Android: 4.0.4
Kernel:
3.0.8-01625-g9d06ef9
[email protected] #1
SMP PREEMPT
I tried the link that you pointed to with no success. I got the following error messages:
Code:
/sdcard/cid: cannot open for write: Read-only file system
remote object '/sdcard/cid' does not exist
The system cannot find the file specified.
cannot stat 'cid': No such file or directory
/sdcard/cid: cannot open for read: No such file or directory
rm failed for /sdcard/cid, No such file or directory
Could Not Find C:\Users\Keith\Downloads\cid
I've tried just the straight-forward process of a number of different scripts. I think there is something specific that I am missing.
Click to expand...
Click to collapse
Sorry for the delay in response. Looking again at your screenshot in the OP, you are indeed missing the CID. It should appear between "FIREBALL" and "HBOOT":
I have not dealt directly with that one before, but I would imaging that during temproot, you'll need to recreate the directory. I vaguely recall in a post in this forum on how to manually push a different CID via memory chunk. That might be the best approach to rebuild that area so that you can get going again.
Two questions for the general community:
1. Does anyone know if flashing the RUU will restore the CID?
@keithsmessina - It probably wouldn't hurt to try this anyway. I am guessing it will fail due to lack of CID.
2. Will sending the following command work while phone is in bootloader if the phone is not s-off and the \sdcard\CID directory is missing? What, if any other damage could occur if the \sdcard\CID directory is missing?
Code:
fastboot oem writecid VZW__001
junkmail9 said:
Two questions for the general community:
1. Does anyone know if flashing the RUU will restore the CID?
@keithsmessina - It probably wouldn't hurt to try this anyway. I am guessing it will fail due to lack of CID.
2. Will sending the following command work while phone is in bootloader if the phone is not s-off and the \sdcard\CID directory is missing? What, if any other damage could occur if the \sdcard\CID directory is missing?
Code:
fastboot oem writecid VZW__001
Click to expand...
Click to collapse
Thank you for the suggestions.
1. I tried this, but got the message: "Main version is older." I think I can only do that if my version is lower than the current RUU.
2. I tried the fastboot write, but I got:
Code:
(bootloader) fighter_init_sd, SD card already power on
(bootloader) sdhw_7xxx_open: id=0
(bootloader) sdcc_init_memory_device done
(bootloader) SD clock freq = 19MHz....
(bootloader) [FAT_ERROR] fat_open_file: can not find SMART_IO.CRD
(bootloader) [JAVACARD_ERR] SMART_IO.CRD cann't find
OKAY [ 0.172s]
finished. total time: 0.174s
When I tried: adb devices with the phone at "fastboot USB", I didn't see anything, so I think it failed for that reason. I tried killing adb, removing and reinserting the USB, adn then running adb devices, but still comes up empty.
I'm really at a loss, but appreciate the help from you guys.
I managed to figure out the read-inly access. HTC Sync Manager started each time and grabbed the SD card before the script could do anything. I renamed the HTC Sync Manager to stop it from running. Then I re-ran the script and got:
Code:
2+0 records in
2+0 records out
1024 bytes transferred in 0.002 secs (512000 bytes/sec)
333 KB/s (1024 bytes in 0.003s)
71 KB/s (1024 bytes in 0.014s)
2+0 records in
2+0 records out
1024 bytes transferred in 0.002 secs (512000 bytes/sec)
< waiting for device >
...
(bootloader) cid: VZW__001
OKAY [ 0.010s]
finished. total time: 0.012s
So, I am still not getting the right CID, but progress nonetheless.
Try uninstalling all HTC software rather than renaming it. Also I believe
http://forum.xda-developers.com/showthread.php?t=2664460 does not require the super cid.
From my Chroma Flo
wmuflyer said:
Try uninstalling all HTC software rather than renaming it. Also I believe
http://forum.xda-developers.com/showthread.php?t=2664460 does not require the super cid.
From my Chroma Flo
Click to expand...
Click to collapse
Thank you for that. I don't know how many times I've gone through it, but I finally got that you just have to do step 6 rather than step 1 to get S-Off. I now have S-Off with TWRP.
The next problem that I am running into is getting an error message when trying to flash the pacman fireball ROM:
Code:
This package is for device: fireballx; this device is .
Really appreciate all the help in getting me to this point.
Need to use the modified TWRP. Read the OP carefully it takes a bit of work, it swaps partitions so you have more space for apps.
Edit: OP in the PAC thread.
Sent from my Nexus 5 using XDA Free mobile app
wmuflyer said:
Need to use the modified TWRP. Read the OP carefully it takes a bit of work, it swaps partitions so you have more space for apps.
Edit: OP in the PAC thread.
Sent from my Nexus 5 using XDA Free mobile app
Click to expand...
Click to collapse
I realize that I kept running into an issue changing one of the file systems during that first process which meant that only one of them changed: the "Data" filesystem.
The "Internal Storage" filesystem gave me an MTP error, but then said it finished successfully. It stayed as a vFAT filesystem.
I did get Liquidsmooth up and running with PaGapps, but am now looking for a way to resize my partitions, as there isn't much room left to install apps.
People have looked at resizing the partitions but nobody has had any luck. The partition change seems to be the best bet it was set up by MDMower for his CM builds http://mdmower.cmphys.com/cyanogenmod-fireball/ it might give you more information to make the swap. Beeko has stopped work on Liquid Smooth so for current Android 5.x PAC or CM are the choices and they only work with the partition swap. I have PAC on my Fireball but will probably try CM 12.1 soon.
keithsmessina said:
Thank you for that. I don't know how many times I've gone through it, but I finally got that you just have to do step 6 rather than step 1 to get S-Off. I now have S-Off with TWRP.
Click to expand...
Click to collapse
Excellent! Glad you got it done.
junkmail9 said:
Excellent! Glad you got it done.
Click to expand...
Click to collapse
I've managed to swap the partitions and get the Pacman ROM installed, thanks to the instructions you sent me, wmuflyer. No hiccups with the Pacman ROM, it seems to be polished and working flawlessly. Thanks again for all the help, guys! Really appreciate it.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
THIS WILL NOT WORK ON AMAZFIT PACE OR AMAZFIT STRATOS
THIS WILL NOT WORK ON AMAZFIT PACE OR AMAZFIT STRATOS
THIS WILL NOT WORK ON AMAZFIT PACE OR AMAZFIT STRATOS
I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed. Please make sure you read and understand everything written in the post before flashing it! YOU are choosing to make these modifications and must be sure of what it does.
Click to expand...
Click to collapse
Only for unlocked Bootloader
Supported devices: A1801 (Chinese) and A1811 (English)
Property installed ADB and Fastboot drivers as system wide
Watch battery +40% (50% recommended)
Click to expand...
Click to collapse
For anyone interested on installing Stock/Original Chinese Firmware with OTA updates.
Click to expand...
Click to collapse
@Neur_User for PACEfied, STRATOSfied projects and other stuff
@Cracklydisc for AmazIT, StratOS projects and other stuff
Capara @1immortal for his great support
Click to expand...
Click to collapse
1. Connect the watch to your PC
2. Unzip the the folder
3. Run flash_US.bat file for English interface (Don't do it as Administrator since is known to cause issues)
4. Wait to the end of the process and don't touch anything
********************************************************
CN Verge 3.0.12.0 Stock Firmware Installer by Saratoga
********************************************************
1. Connect the watch to the PC
********************************
*******************************
2. Rebooting to Fastboot mode
*******************************
****************************
3. Checking the connection
****************************
****************************
4. Booting modded recovery
****************************
< waiting for any device >
Downloading 'boot.img' OKAY [ 0.464s]
booting FAILED (status read failed (Too many links))
Finished. Total time: 1.535s
***********************************
5. Waiting connection in Recovery
***********************************
******************
6. Copying files
******************
boot.img: 1 file pushed. 7.3 MB/s (9437184 bytes in 1.232s)
system.img.gz: 1 file pushed. 5.1 MB/s (318817711 bytes in 60.127s)
md5s.txt: 1 file pushed. 0.0 MB/s (91 bytes in 0.002s)
flash_rom.sh: 1 file pushed. 0.2 MB/s (458 bytes in 0.002s)
**************************
7. Firmware installation
**************************
Validating images
boot.img: OK
system.img.gz: OK
Starting to flash now. DO NOT TURN OFF OR REMOVE THE USB CABLE!
Flashing boot.img
2304+0 records in
2304+0 records out
9437184 bytes (9.0MB) copied, 0.924353 seconds, 9.7MB/s
Flashing system.img
210944+0 records in
210944+0 records out
864026624 bytes (824.0MB) copied, 96.290046 seconds, 8.6MB/s
Finished
*******************
8. Removing files
*******************
**************
9. Rebooting
**************
*************************************
10. Changing language to Chinese
*************************************
List of devices attached
d41e250a device
**************************************
Stock recovery installation process
**************************************
********************************
11. Rebooting to Fastboot mode
********************************
***************************
12. Booting temporal root
***************************
< waiting for any device >
Downloading 'boot.img' OKAY [ 0.373s]
booting FAILED (status read failed (Too many links))
Finished. Total time: 1.422s
*******************
13. Copying files
*******************
install_recovery.sh: 1 file pushed. 0.2 MB/s (687 bytes in 0.003s)
recovery.img: 1 file pushed. 2.8 MB/s (16777216 bytes in 5.662s)
*****************************
14. Flashing Stock recovery
*****************************
============= STOCK Installer ===============
Done. OTA updates should now work.
*******************
15. Removing files
*******************
***************
16. Rebooting
***************
************
17. Finish
************
Presione una tecla para continuar . . .
Click to expand...
Click to collapse
* Step 14 may be different for you
Click to expand...
Click to collapse
Latest version
Stock CN/Chinese 3.0.43.0 Firmware Installer with OTA updates | Mirror
Previous versions
Stock CN/Chinese 3.0.29.0 Firmware Installer with OTA updates | Mirror
Stock CN/Chinese 3.0.12.0 Firmware Installer with OTA updates | Mirror
Stock CN/Chinese 3.0.10.0 Firmware Installer with OTA updates | Mirror
Click to expand...
Click to collapse
If you like my work you can buy me a beer here
Click to expand...
Click to collapse
Manual Installation Method
Manual Installation Method
Introduction
Here I will explain how to install the firmware using a command window or any other terminal.
The requirements are the ones stated in Post #1.
On your terminal, go to the path where all the files were unzipped and you are good to go.
Manual command installation
You can copy and paste all needed commands.
Firmware installation
1. Connect the watch to the PC and check the connection with the watch
Code:
[COLOR="Blue"]adb devices[/COLOR]
Output (or similar)
Code:
List of devices attached
9dee1d33 device
2. Reboot in fastboot mode
Code:
[COLOR="blue"]adb shell reboot bootloader[/COLOR]
3. When the watch reboots in fastboot mode, check the connection with the watch
Code:
[COLOR="blue"]fastboot devices[/COLOR]
Output (or similar)
Code:
0123456789 fastboot
4. Boot the modded recovery
Code:
[COLOR="blue"]fastboot boot recovery-mod.img[/COLOR]
Output (or similar)
Code:
downloading 'boot.img'...
OKAY [ 0.426s]
booting...
FAILED (status read failed (Too many links))
finished. total time: 1.303s
5. Wait until you get a triangle with an exclamation mark (!) in your watch
6. Copy the files to the watch (it may take upto a minute)
Code:
[COLOR="blue"]adb push boot.img /data/media/0/
adb push system.img.gz /data/media/0/
adb push md5s.txt /data/media/0/
adb push flash_rom.sh /data/media/0/[/COLOR]
Output (or similar)
Code:
adb push boot.img /data/media/0/
7546 KB/s (9437184 bytes in 1.221s)
adb push system.img.gz /data/media/0/
7194 KB/s (228153632 bytes in 30.969s)
adb push md5s.txt /data/media/0/
88 KB/s (91 bytes in 0.001s)
adb push flash_rom.sh /data/media/0/
297 KB/s (458 bytes in 0.001s)
7. Start Firmware installation (it may take up to 2 minutes)
Code:
[COLOR="blue"]adb shell sh /data/media/0/flash_rom.sh[/COLOR]
Output (or similar)
Code:
Validating images
boot.img: OK
system.img.gz: OK
Starting to flash now. DO NOT TURN OFF OR REMOVE THE USB CABLE!
Flashing boot.img
2304+0 records in
2304+0 records out
9437184 bytes (9.0MB) copied, 0.953804 seconds, 9.4MB/s
Flashing system.img
210944+0 records in
210944+0 records out
864026624 bytes (824.0MB) copied, 89.945101 seconds, 9.2MB/s
Finished
8. We have already installed the firmware, now delete installation files form the watch
Code:
[COLOR="blue"]adb shell rm /data/media/0/boot.img
adb shell rm /data/media/0/system.img.gz
adb shell rm /data/media/0/md5s.txt
adb shell rm /data/media/0/flash_rom.sh[/COLOR]
9. Reboot the watch
Code:
[COLOR="blue"]adb reboot[/COLOR]
10. When the splash screen is passed and the bootanimation starts, set your watch to Chinese language
Code:
[COLOR="blue"]adb shell setprop persist.sys.language zh
adb shell setprop persist.sys.country CN[/COLOR]
Stock recovery installation process
11. Reboot in fastboot mode
Code:
[COLOR="blue"]adb shell reboot bootloader[/COLOR]
12. Boot temporal root
Code:
[COLOR="blue"]fastboot boot boot-CN-adb-root.img[/COLOR]
Output (or similar)
Code:
downloading 'boot.img'...
OKAY [ 0.349s]
booting...
FAILED (status read failed (Too many links))
finished. total time: 1.206s
13. Copy stock recovery files to the watch
Code:
[COLOR="blue"]adb push install_recovery.sh /data/media/0/
adb push recovery.img /data/media/0/[/COLOR]
Output (or similar)
Code:
[100%] /data/media/0/install_recovery.sh
[100%] /data/media/0/recovery.img
14. Run the recovery installation script
Code:
[COLOR="blue"]adb shell cd /data/media/0/; sh install_recovery.sh[/COLOR]
Or if above command doesn't work, do it in 2 commands
Code:
[COLOR="blue"]adb shell cd /data/media/0/
adb shell sh install_recovery.sh[/COLOR]
Output (or similar)
Code:
============= STOCK Installer ===============
Flashing recovery...
4096+0 records in
4096+0 records out
16777216 bytes (16.0MB) copied, 2.461221 seconds, 6.5MB/s
Done. OTA updates should now work.
15 . Delete stock recovery installation files
Code:
[COLOR="blue"]adb shell rm /data/media/0/install_recovery.sh
adb shell rm /data/media/0/recovery.img [/COLOR]
16. Reboot the watch
Code:
[COLOR="blue"]adb reboot[/COLOR]
17. Finish.
Go to Amazfit app and update to latest version.
Some extra useful commands
Wipe dalvik/cache
Code:
[COLOR="blue"]adb shell reboot bootloader
fastboot erase cache
fastboot reboot[/COLOR]
Do a Factory Reset (You will lose all the data in your watch. Unpair the watch from Amazfit app while doing this?
Code:
[COLOR="Blue"]adb shell reboot bootloader
fastboot erase data
fastboot erase cache
fastboot reboot[/COLOR]
Reserved 1
Reserved 1
I tried flashing back from 3.2.0.5 back.
First error at Step 4 when the recovery-mod.img is flashed to boot and the booting failed.
****************************
4. Booting modded recovery
****************************
< waiting for any device >
Downloading 'boot.img' FAILED (status read failed (Too many links))
Finished. Total time: 1.082s
***********************************
5. Waiting connection in Recovery
***********************************
So I have to do manually:
\Verge_Stock_CN_3.0.12.0_Firmware_Installer>fastboot boot recovery-mod.img
Downloading 'boot.img' OKAY [ 0.464s]
booting FAILED (status read failed (Too many links))
Finished. Total time: 1.545s
2nd error is during the flash prompt, ADB exited shell before system flash is completed:
Step 7 no flash system complete message
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell sh /data/media/0/flash_rom.sh
Validating images
boot.img: OK
system.img.gz: OK
Starting to flash now. DO NOT TURN OFF OR REMOVE THE USB CABLE!
Flashing boot.img
2304+0 records in
2304+0 records out
9437184 bytes (9.0MB) copied, 0.952945 seconds, 9.4MB/s
Flashing system.img
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>
Took me a while to re-connect to shell and reissue the flash command.
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell sh /data/media/0/flash_rom.sh
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb reconnect
reconnecting c5121c27 [connecting]
Finally able to reconnect to shell
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
# ls
cache
charger
data
default.prop
dev
etc
file_contexts
flash
fstab.watch
init
init.rc
init.recovery.watch.rc
mnt
proc
res
root
sbin
sdcard
sepolicy
sideload
sys
system
tmp
ueventd.rc
ueventd.watch.rc
# ls data/media/0
Alarms
DCIM
Download
Movies
Music
Notifications
Pictures
Podcasts
Ringtones
WatchFace
boot.img
flash_rom.sh
gpxdata
md5s.txt
system.img.gz
# sh /data/media/0/flash_rom.sh
Validating images
boot.img: OK
system.img.gz: OK
Starting to flash now. DO NOT TURN OFF OR REMOVE THE USB CABLE!
Flashing boot.img
2304+0 records in
2304+0 records out
9437184 bytes (9.0MB) copied, 0.950465 seconds, 9.5MB/s
Flashing system.img
210944+0 records in
210944+0 records out
864026624 bytes (824.0MB) copied, 101.986899 seconds, 8.1MB/s
Finished
After rebooting I am able to receive 3.0.13.0 OTA and install.
apollow2007 said:
I tried flashing back from 3.2.0.5 back.
First error at Step 4 when the recovery-mod.img is flashed to boot and the booting failed.
****************************
4. Booting modded recovery
****************************
< waiting for any device >
Downloading 'boot.img' FAILED (status read failed (Too many links))
Finished. Total time: 1.082s
***********************************
5. Waiting connection in Recovery
***********************************
So I have to do manually:
\Verge_Stock_CN_3.0.12.0_Firmware_Installer>fastboot boot recovery-mod.img
Downloading 'boot.img' OKAY [ 0.464s]
booting FAILED (status read failed (Too many links))
Finished. Total time: 1.545s
2nd error is during the flash prompt, ADB exited shell before system flash is completed:
Step 7 no flash system complete message
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell sh /data/media/0/flash_rom.sh
Validating images
boot.img: OK
system.img.gz: OK
Starting to flash now. DO NOT TURN OFF OR REMOVE THE USB CABLE!
Flashing boot.img
2304+0 records in
2304+0 records out
9437184 bytes (9.0MB) copied, 0.952945 seconds, 9.4MB/s
Flashing system.img
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>
Took me a while to re-connect to shell and reissue the flash command.
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell sh /data/media/0/flash_rom.sh
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
error: device still connecting
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb reconnect
reconnecting c5121c27 [connecting]
Finally able to reconnect to shell
E:\downloads\watch\Verge_Stock_CN_3.0.12.0_Firmware_Installer>adb shell
# ls
cache
charger
data
default.prop
dev
etc
file_contexts
flash
fstab.watch
init
init.rc
init.recovery.watch.rc
mnt
proc
res
root
sbin
sdcard
sepolicy
sideload
sys
system
tmp
ueventd.rc
ueventd.watch.rc
# ls data/media/0
Alarms
DCIM
Download
Movies
Music
Notifications
Pictures
Podcasts
Ringtones
WatchFace
boot.img
flash_rom.sh
gpxdata
md5s.txt
system.img.gz
# sh /data/media/0/flash_rom.sh
Validating images
boot.img: OK
system.img.gz: OK
Starting to flash now. DO NOT TURN OFF OR REMOVE THE USB CABLE!
Flashing boot.img
2304+0 records in
2304+0 records out
9437184 bytes (9.0MB) copied, 0.950465 seconds, 9.5MB/s
Flashing system.img
210944+0 records in
210944+0 records out
864026624 bytes (824.0MB) copied, 101.986899 seconds, 8.1MB/s
Finished
After rebooting I am able to receive 3.0.13.0 OTA and install.
Click to expand...
Click to collapse
Glad you were able to install and update.
May I ask for your Windows version and previous ROM version on watch?
Saratoga79 said:
Glad you were able to install and update.
May I ask for your Windows version and previous ROM version on watch?
Click to expand...
Click to collapse
Windows 10 Pro.
Previous ROM was 3.2.0.5 which was converted from 3.0.13.0.
Stock 3.0.14.0 firmware if you want it.
Great work Saratoga79.
My Verge prompted me for an update this morning, I have stock 3.0.14.0 (zh but set to en) on it if you want a copy.
Hi.
Possible to update the ROM image here to 3.0.29.0?
Flashing back from US to CN rom will have to start update from 3.0.14 all the way to 3.0.29.0
apollow2007 said:
Hi.
Possible to update the ROM image here to 3.0.29.0?
Flashing back from US to CN rom will have to start update from 3.0.14 all the way to 3.0.29.0
Click to expand...
Click to collapse
OP updated with 3.0.29.0 Firmware Installer.
Ayuda!
I have the 1801 version of China. With room 3.0.28 of saratoga, but I constantly get request to update to official 3.0.29. So how do I give an update and do not miss the Spanish language?
Sliv33 said:
I have the 1801 version of China. With room 3.0.28 of saratoga, but I constantly get request to update to official 3.0.29. So how do I give an update and do not miss the Spanish language?
Click to expand...
Click to collapse
My ROM is since a week ago based on 3.0.29.0.
Hello people , I have verge that keeps freezing when receiving several notifications and has sever battery drain. I have factory reset and re-installed the English firmware . But doesn't seem to help.
Will installing the latest Chinese firmware help.
Than I can install the last english os .
Could this help
cetuss4 said:
Hello people , I have verge that keeps freezing when receiving several notifications and has sever battery drain. I have factory reset and re-installed the English firmware . But doesn't seem to help.
Will installing the latest Chinese firmware help.
Than I can install the last english os .
Could this help
Click to expand...
Click to collapse
Not sure but you can give it a try.
For this Version
Can change language Chinese >> English without error
Have anybody any news/information when will be official update from Amazfit for Verge (International version) with integrated Alexa or other voice assistant for the rest of the world costumers like: Europe countries and ect?
Can i use NFC function on A1811 with Chinese stock rom?
I heard there are NFC chipsets in A1811 too
Flashing chinese bootloader on A1811 bricks my watch??
vsc0705 said:
Can i use NFC function on A1811 with Chinese stock rom?
I heard there are NFC chipsets in A1811 too
Click to expand...
Click to collapse
No, you can't, AFAIK, but you can give it a shot. I think there is no NFC, since NFC can't be enabled on CN Firmware. There is a dedicated switch for that in the firmware, but it's reported that NFC doesn't turn on for A1811. for A1801 it does.
vsc0705 said:
Flashing chinese bootloader on A1811 bricks my watch??
Click to expand...
Click to collapse
No, it doesn't.
Saratoga79 said:
I think there is no NFC, since NFC can't be enabled on CN Firmware. There is a dedicated switch for that in the firmware, but it's reported that NFC doesn't turn on for A1811. for A1801 it does..
Click to expand...
Click to collapse
NFC is in Verge http://cn.amazfit.com/verge.html before you post asnwer, check information in official web site - it's easy and no need a lot of time :highfive:
As i know NFC will be available later (if talk about US market), why is not activated in China's version i don't know. As i understand NFC is available only for payment process, so everthing maybe working somehow automatic. I can't explain reasons, but as i mentioned web site and others official source saying that NFC is in Verge (Chinese software) and will be later in International (i guest they mean US market only for this moment)
P.S. This is official Amazfit Verge commercial https://www.youtube.com/watch?v=PydD99xx2dk, look what doing guy in commercial from 34 second, he doing payment. Payment process is doing with NFC, what is meantioned in Amazfit web site So yes chinese version must have NFC available, why is not, need to ask Amazfit, but i guest, cos costumers which flashing Chinese ROM is not from China and maybe somehow by GOS is detecting that is not China country and features is not available. It's nonensese probably you will say, but when please explain me why the same software version for International costumers with Alexa working only in US, i got this software with Alexa, but i can't use Alexa, cos i'm not from US, if say exactly i'm not right now in US... I guest in the say working NFC. But maybe i'm wrong
About A1811 i guest you are right, i did not tried, but probably as i mentioned will not works, cos somehow *probably by GPS) this watch is really smart and detecting what you are not in the same market in which these features working If i understand you wrong, sorry, english is no my primary - national language
xdauser2019 said:
NFC is in Verge http://cn.amazfit.com/verge.html before you post asnwer, check information in official web site - it's easy and no need a lot of time :highfive:
As i know NFC will be available later (if talk about US market), why is not activated in China's version i don't know. As i understand NFC is available only for payment process, so everthing maybe working somehow automatic. I can't explain reasons, but as i mentioned web site and others official source saying that NFC is in Verge (Chinese software) and will be later in International (i guest they mean US market only for this moment)
P.S. This is official Amazfit Verge commercial https://www.youtube.com/watch?v=PydD99xx2dk, look what doing guy in commercial from 34 second, he doing payment. Payment process is doing with NFC, what is meantioned in Amazfit web site So yes chinese version must have NFC available, why is not, need to ask Amazfit, but i guest, cos costumers which flashing Chinese ROM is not from China and maybe somehow by GOS is detecting that is not China country and features is not available. It's nonensese probably you will say, but when please explain me why the same software version for International costumers with Alexa working only in US, i got this software with Alexa, but i can't use Alexa, cos i'm not from US, if say exactly i'm not right now in US... I guest in the say working NFC. But maybe i'm wrong
About A1811 i guest you are right, i did not tried, but probably as i mentioned will not works, cos somehow *probably by GPS) this watch is really smart and detecting what you are not in the same market in which these features working If i understand you wrong, sorry, english is no my primary - national language
Click to expand...
Click to collapse
Yes, I know A1801/CN version has NFC, I managed to enable it and I have done some test with 3th party apps but is not usable out of China.
I meant that A1811/International version has no NFC or lacks "something" as flashing Chinese firmware on it NFC doesn't work.
Saratoga79 said:
Yes, I know A1801/CN version has NFC, I managed to enable it and I have done some test with 3th party apps but is not usable out of China.
I meant that A1811/International version has no NFC or lacks "something" as flashing Chinese firmware on it NFC doesn't work.
Click to expand...
Click to collapse
As i know NFC is not just activated yet, if i understand right, coz now is negotiations are under way with markets (probably with companies, where will work services with NFC or something like is, i don't no details), soon must be everything available. But how i mentioned before, probably will works only in US market (like is with Alexa now). Oh well we will see... i hope update will be very soon and maybe with all ours answers
P.S. NFC is microchip which update will not add to watch, so yes NFC is already in yours device, it's just not activated, there is no option to do that yet Keep patience future will show all features... and keep in mind Verge international version is very new, so what you can see in Chinese version, i 'm sure, i hope will be in international version too, just keep waiting patience
Why not working with Chinese software in international version device (A1811 is for all world, except Asia region, as i understand)? I already write my minds, how they are correct i don't know, but idea that not working for reason, coz watch detect somehow (probably by GPS) that you are not in China for me sounds most probable. Why? You got 3.2.20 software update? What was written in it? Alexa that's right? Where is she? Cos working only in US? Are you in US? No, so probably that's reason why is no available for you NFC with Chinese software... But this is just my mind, maybe i wrote totall nonsenses, but i can't to image another reason why with the same software in one market working Alexa in other no, why can't to be the same with NFC and the same software for different market?
By the way are you sure that in Stock CN/Chinese 3.0.29.0 version already was available/activated NFC for China market too? This is second idea which came to head. I really really don't know how Amazfit made software, i mean how it working, so sorry if i wrote something insane, just lound thinking and trying to understand reason
They say, that unfortunately, a majority of new Unisoc (Spreadtrum) chips have bootloaders that cannot be unlocked without a key, which is not provided by the SoC manufacturer, and is beyond the control of the ODM. Many low-end Android smartphones are powered by such chips, and the end result is that root is impossible on those devices, i.e. ZTE Blade A5 2019, Doogee N10, etc. (Unisoc SC9863A)
Some have obtained the source code of the U-boot bootloader used on those devices, however, the algorithm for the key verification is stored on the Trusted Execution Environment, which means it cannot be extracted (the TEE is a SecureEnclave-like device, with no possible direct access to it's memory or storage, besides de-capping it and reading the bits with an electron microscope) -- more info here: https://source.android.com/security/trusty
However, Spreadtrum actually does verify the whole boot process, meaning that booting a modified binary is impossible. If you change the boot partition, it will infinitely reboot with a black screen and vibration. If you leave the boot as-is, but change system, it will get to the splash screen and then reboot. etc.
It genuinely does cryptographicaly verify the signature and hash of every partition. Which is great for security, in theory, unless the OS has preloaded spyware, but the secureboot process prevents you from removing it.
Been there, and I didn't even realised the cause.
MTK is quite good, but it's becoming worse in the perf/$ ratio, i.e. the SC9863A is a octa core A55 chip at 1.5GHz, while similar MTK devices are dual core A7 at 1.2 GHz. The architecture improvements alone are excellent, not mentioning the extra cores and higher clock speed.
The key is most certainly not the same, because I doubt they would go through the trouble of doing actual secure boot verification, and storing the data in the TEE, and just have the same key. Additionally, the U-boot code I obtained lies to the user about commands not being found, if the command doesn't contain a valid unlock key.
there is a dedicated thread on hovatek forum for rooitng this chipset
that thread on hovatek is thrilling...
Hovatek forums indicate you need a PAC or FDL file to do anything unless you buy extra hardware. Can anything be done for a vendor that hasn't released either? Even a temproot exploit like mtk-su is fine, if it works on Android 9.
those El-Cheapo phones are simply not supported well by hackerdom.
if we can port mtk-su to this processor or create a new temp root we are done
Skorpion96 said:
if we can port mtk-su to this processor or create a new temp root we are done
Click to expand...
Click to collapse
You cant port mtk-su. The sercuity exploit is a defect built into the CPU. A CPU is made up on millions of transistors , A transistor is a switch (On/Off) , Creates a workload that targets the switch would normally return no to yes is very difficult n can very easily destroy the CPU by creating a internal short. NOTE The device manufacturer can help provide a bootloader key if request
lepusang said:
You cant port mtk-su. The sercuity exploit is a defect built into the CPU. A CPU is made up on millions of transistors , A transistor is a switch (On/Off) , Creates a workload that targets the switch would normally return no to yes is very difficult n can very easily destroy the CPU by creating a internal short. NOTE The device manufacturer can help provide a bootloader key if request
Click to expand...
Click to collapse
i know that mtk-su can't be ported but maybe we can use the source of mtk easy su and the cve-2015-1474 to make a working app
Skorpion96 said:
i know that mtk-su can't be ported but maybe we can use the source of mtk easy su and the cve-2015-1474 to make a working app
Click to expand...
Click to collapse
Can it really be done? I have a ZTE blade vantage 2 and I'd love to root it if possible.
I just tried a zip to enable fastboot on the axon mini on my zte blade A5 2019, it flashes, fails because model is different but it is not a signature error meaning that it has the same signature. So signature is the same for every zte, now I'm asking zte Italy to help me getting the unlock file or the signature itself which is the same since or I will flash the file directly or I will sign it and flash. I hope they will help.
Useless try, they refused to help because of their policy
Went out and bought an m8l plus to try it. This is the first time I've ever dealt with a unisoc sc9863a. I was optimistic about it at first, but now I'm doubtful
*Update* found modified fastboot folder and did the following. Unlocked bootloader, about to try to root with magisk. Root achieved with magisk. Made copy of firmware, moved boot_a to phone and patched with magisk. Flashed patched boot_a with adb. Currently deleting system apps. Root is go. This is unisoc sc9863a blu m8l Android 11
Found this. Can't post the link, but I'll c&p the text:
Open the modified_fastboot folder, right-click then select Open in Terminal
Test detection using
Code:
./fastboot devices
Get Identifier Token using
Code:
./fastboot oem get_identifier_token
You should get an output like
Identifier token:
XXXXXXXXXXXXXXXXXXXXXXXX
OKAY [ 0.019s]
finished. total time: 0.019s
Copy out the Identifier token
Run this command ; replace XXXXXXXXXXXXXXXXXXXXXXXX with your Identifier token
Code:
./signidentifier_unlockbootloader.sh XXXXXXXXXXXXXXXXXXXXXXXX rsa4096_vbmeta.pem signature.bin
You should have an output like
Identifier sign script, ver 0.10
1+0 records in
1+0 records out
50 bytes copied, 0.000257562 s, 194 kB/s
Identifier sign successfully
You should also see a signature.bin file in the modified_fastboot folder
Finally, run this command
Code:
./fastboot flashing unlock_bootloader signature.bin
You should get a prompt on the device asking you to push a volume button to confirm unlock, do so
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
You should now have an output like
downloading 'unlock_message'...
OKAY [ 0.001s]
unlocking bootloader...
Info:Unlock bootloader success! OKAY [ 85.787s]
finished. total time: 85.788s
Reboot the device using
Code:
./fastboot reboot
Your bootloader should now be unlocked
They request you log in and register in exchange for the modified fastboot folder
you can get the modified Fastboot folder anywhere, used that trick to bl unlock all my blu and wiko phones
R41N MuTT said:
Found this. Can't post the link, but I'll c&p the text:
Open the modified_fastboot folder, right-click then select Open in Terminal
Test detection using
Code:
./fastboot devices
Get Identifier Token using
Code:
./fastboot oem get_identifier_token
You should get an output like
Identifier token:
XXXXXXXXXXXXXXXXXXXXXXXX
OKAY [ 0.019s]
finished. total time: 0.019s
Copy out the Identifier token
Run this command ; replace XXXXXXXXXXXXXXXXXXXXXXXX with your Identifier token
Code:
./signidentifier_unlockbootloader.sh XXXXXXXXXXXXXXXXXXXXXXXX rsa4096_vbmeta.pem signature.bin
You should have an output like
Identifier sign script, ver 0.10
1+0 records in
1+0 records out
50 bytes copied, 0.000257562 s, 194 kB/s
Identifier sign successfully
You should also see a signature.bin file in the modified_fastboot folder
Finally, run this command
Code:
./fastboot flashing unlock_bootloader signature.bin
You should get a prompt on the device asking you to push a volume button to confirm unlock, do so
You should now have an output like
downloading 'unlock_message'...
OKAY [ 0.001s]
unlocking bootloader...
Info:Unlock bootloader success! OKAY [ 85.787s]
finished. total time: 85.788s
Reboot the device using
Code:
./fastboot reboot
Your bootloader should now be unlocked
They request you log in and register in exchange for the modified fastboot folder
Click to expand...
Click to collapse
It succeeded ....but. when i try
fastboot flash recovery recovery.img
It says
Sending recovery... (Size shows in KB)
Then says writing recovery... Fot infinity ....
I ported custom twrp recovery using hovatek's automatic unisoc twrp porting guide....have any solution? I also tried to flash twrp by spd research tool and it stuck at probably 95/97 percent
R41N MuTT said:
Found this. Can't post the link, but I'll c&p the text: ....
Click to expand...
Click to collapse
fastboot oem get_identifier_token
Give only back the Serial Number in hexadecimal
Put your SN of your Device in a Hexeditor and change the view to Hexview
when you compare you will see its the SN
I show you the output of my Device, it's an blackview A70 Smartphone. This device is my favorite victim, because it is stubborn as a donkey.
Code:
d:\android\blackview\a70>fastboot oem get_identifier_token
(bootloader) identifier token:
(bootloader) 334b3032384137304545413037313431
(bootloader) 37
okay [ 0.031s]
finished. total time: 0.031s
(the number above in a phantasy number)
Interesting is, here are 3 lines (bootloader)
1. is title
2. is first part of SN
3. is 2. Part of SN
yes the length of the SN of this device is 17 characters. In this case you have to put line 2 and line 3 together to build the number.
If you dont do that, not success with unlock.
for example, this is my SN read with
fastboot devices
3K028A70EEA071417
fastboot oem get_identifier_token
334b3032384137304545413037313431
37
the difference is only binary and hex view