Related
[Tutorial] Root FRF91/FRF85B/FRF83/FRF72 (T-Mo/AT&T) Without Unlocking (100% Working)
Credits:
Booker-T
M9x3mos
th3fallen
juan413
_Sri_
Amon_RA
cyanogen
For your amazing works leading up to this guide
Notes:
- Donate if I've helped save your HTC warranty.
- This will work! If you can't figure something out, don't get discouraged. Ask here for help.
- After this process, you can flash whatever ROM you like in recovery. I just have the steps showing for CyanMod so you know you have a good, clean system to start off with.
[T-Mo & ATT] Prerequisites:
- Locked Nexus One flashed with FRF85B
(Stuck on FRF91? Use THIS to downgrade to EPE76. Then update back up to FRF85B.)
- Lastet SDK (Click)
- Working ADB (Info)
- The attached .zip "ROOT_FRF83.zip" (Attachment at bottom)
- Got Mac/Linux? (Click Thanks madj42)
Process:
1) Extract the files within "ROOT_FRF83.zip" into the "tools" directory of the extracted SDK package
2) Open a command prompt or terminal and change to the "tools" directory of the extracted SDK package
- Example: Type "cd C:\Users\Matt\Desktop\android-sdk-windows\tools" and hit Enter
3) Type "loop" and hit Enter
4) With phone attached through microUSB, enter Recovery with the battery cover OFF and the SDcard REMOVED.
- Tip: Be careful not to let the battery fall out during this process
- Tip: To enter recovery, boot while holding Volume down button. Then select the recovery option.
5) When you see the HTC devices attached in recovery mode, hit Ctrl+C, then "y", then Enter
6) Slide in SDcard (Make sure there is no update.zip on it at this point)
- Tip: It should slide in and click VERY easily if you trim the tab on the battery properly. A sharp razor blaze works well.
- Tip: I recommend this instead of other methods (paper slip) because it will work without error
- Tip: You only need to cut as far as the SDcard slot goes, you do not need to trim the entire tab
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
7) On your phone, press Power + Volume Up AFTER inserting SDcard
8) Choose "apply sdcard:update.zip"
- Tip: It will fail, but that is expected because there is no update.zip
- Tip: This is done to mount the SDcard after achieving adb while the SDcard was out
9) In your terminal type "adb push flash_image /sdcard/flash_image" and hit Enter
10) In your terminal type "adb push ota.zip /sdcard/update.zip" and hit Enter
11) In your terminal, type "adb push update.zip /sdcard/update.zip" and DO NOT yet hit Enter
12)Ready your finger near the Enter key of your keyboard so that you can quickly hit it once you complete the next step
13) Choose "apply sdcard:update.zip"
14) As soon as you see the yellow installation progress bar, hit Enter on your keyboard
- Tip: If completed properly, you should see a message about rooting adb
15) Choose "Reboot into system"
You now have root access(aka Admin rights) in your stock ROM, but with limited capabilities.
If you want to do any of the following, please continue:
- Flash a custom recovery
- Perform Nandroid backup
- Flash a Rooted Stock Froyo ROM with full capabilities
- Flash CyanogenMod
16) Download the following to the root of your SDcard
- recovery-RA-nexus-v1.7.0.1.img: http://rapidshare.com/files/393267368/recovery-RA-nexus-v1.7.0.1.img
- Note: UnMount your SDcard after copying these files, but keep your phone plugged in
17) In your terminal type "adb shell" and hit Enter
18) In your terminal type "su" and hit Enter
- Tip: At this point, it will hang until you choose "Allow" on your phone with the SuperUser app pop-up
- Tip: $ should now be replaced with #
19) In your terminal, type "mount -o rw,remount /dev/block/mtdblock4 /system" and hit Enter
20) In your terminal, type "cat /sdcard/flash_image > /system/bin/flash_image" and hit Enter
21) In your terminal, type "chmod 775 /system/bin/flash_image" and hit Enter
22) In your terminal, type "flash_image recovery /sdcard/recovery-RA-nexus-v1.7.0.1.img" and hit Enter
23) In your terminal, type "rm /system/etc/install-recovery.sh" and hit Enter
24) In your terminal, type "rm /system/recovery-from-boot.p" and hit Enter
You can now boot into your new Recovery by turning off your phone and turning back on while holding Volume Down.
If you want the latest CyanogenMod, please continue.
25) Download the following to the root of your SDcard
- update-CM-5.0.8-N1-signed.zip: http://cyanogen-updater.googlecode.com/files/update-cm-5.0.8-N1-signed.zip
- gapps-passion-EPF30-signed.zip: http://www.mediafire.com/download.php?mjzwozjojkh
26) Nandroid backup
- Tip: In Recovery, choose "Backup/Restore" then "Nand backup"
- Tip: This will give you an exact copy of your system's current state which you can revert back to at any time
27) Wipe your phone
- Tip: In Recovery, Choose "Wipe" then "Wipe data/factory reset"
28) Apply zip "update-CM-5.0.8-N1-signed.zip"
- Tip: In Recovery, Choose "Flash zip from sdcard"
29) Apply zip "gapps-passion-EPF30-signed.zip"
30) Reboot into your newly rooted phone!
thanks! is there any specific reason why it has to be FRF83 or FRF72 if you know? for us AT&T Nexus User stuck on EPE54B, shouldn't we be able to do the same? or the ota.zip is different in that sense? Please give us some insight. thanks!
Sorry, where is The attached .zip "ROOT_FRF83.zip" ?
where is the attached .zip "ROOT_FRF83.zip"
Oops!! Added link to the top!
Constrabus said:
Oops!! Added link to the top!
Click to expand...
Click to collapse
the link wont work
Link updated
Constrabus said:
4) With phone attached through microUSB, enter Recovery with the battery cover OFF and the SDcard REMOVED.
- Tip: Be careful not to let the battery fall out during this process
5) When you see the HTC devices attached in recovery mode, hit Ctrl+C
6) Slide in SDcard (Make sure there is no update.zip on it at this point)
- Tip: It should slide in and click VERY easily if you trimmed the tab on the battery properly
7) On your phone, press Power + Volume Up
8) Choose "Apply update.zip from SDcard"
- Tip: It will fail, but that is expected.
9) In your terminal type "adb push flash_image /sdcard/flash_image" and hit Enter
Click to expand...
Click to collapse
Still getting either adb with no sd, or sd with no adb.
When I follow your exact process, apply "sdcard:update.zip" returns
"-- Install from sdcard...
Finding update package...
E:Can't mount /dev/block/mmcblk0p1 (or /dev/block/mmcblk0)
(No such file or directory)
E:Can't mount SDCARD:update.zip
Installation aborted."
and then "adb push flash_image /sdcard/flash_image" returns
"failed to copy 'ota.zip' to '/sdcard/flash_image'ermission denied".
These are the exact same returns I get when I tried the process without a card inserted, which is what leads me to believe the card is in but not mounted.
Is there a way to tell adb to (re)mount the SD card in recovery?
Or am I doing something wrong...
Can you walk me through just those particular steps? Like Cookbook-detailed instructions.
Make sure that you are inserting the sdcard BEFORE you press Power and Volume Up to reveal the recovery options and AFTER you get adb connected in recovery mode with loop.
Also make sure you can get adb working while in android to make sure the driver is installed properly.
lostinatlanta said:
Still getting either adb with no sd, or sd with no adb.
When I follow your exact process, apply "sdcard:update.zip" returns
"-- Install from sdcard...
Finding update package...
E:Can't mount /dev/block/mmcblk0p1 (or /dev/block/mmcblk0)
(No such file or directory)
E:Can't mount SDCARD:update.zip
Installation aborted."
and then "adb push flash_image /sdcard/flash_image" returns
"failed to copy 'ota.zip' to '/sdcard/flash_image'ermission denied".
These are the exact same returns I get when I tried the process without a card inserted, which is what leads me to believe the card is in but not mounted.
Is there a way to tell adb to (re)mount the SD card in recovery?
Click to expand...
Click to collapse
weird thing is adb devices do not see my phone even without SD card...
guess froyo is a must to get this working?
i am on EPE54B, still...
I now have an unlocked, newly unrooted FRF83. Will this tutorial still work for me?
t mobile usa 3g network, stock recovery image. I think I am unrooted because there was a warning in the tutorial and my adb shell denies super user permissions.
kaiser_tytnii said:
weird thing is adb devices do not see my phone even without SD card...
guess froyo is a must to get this working?
i am on EPE54B, still...
Click to expand...
Click to collapse
This guide is for people stuck on FRF83 because you can't revert to the older build where other guides worked.
adambenjamin said:
I now have an unlocked, newly unrooted FRF83. Will this tutorial still work for me?
t mobile usa 3g network, stock recovery image. I think I am unrooted because there was a warning in the tutorial and my adb shell denies super user permissions.
Click to expand...
Click to collapse
If you are unlocked, this guide would be redundant for you. The purpose of this guide is to root without having to unlock, thus preserving your warranty.
Shell script version of loop.bat:
I assume this will work...
Code:
while true; do adb devices; done
Constrabus said:
If you are unlocked, this guide would be redundant for you. The purpose of this guide is to root without having to unlock, thus preserving your warranty.
Click to expand...
Click to collapse
I still would like to get my root back. Will that part of this tutorial work to get the root back?
EDIT: Got it rooted. wow that was easy.
Based on you providing links for recovery-RA-nexus-v.1.7.0.1.img, update-CM-5.0.8-N1-signed.zip, google addon EPF30; will the steps involving these install Cyanogen on my phone?
I was hoping to do this process without wiping my phone's memory and keeping my stock FRF83.
what25 said:
Based on you providing links for recovery-RA-nexus-v.1.7.0.1.img, update-CM-5.0.8-N1-signed.zip, google addon EPF30; will the steps involving these install Cyanogen on my phone?
I was hoping to do this process without wiping my phone's memory and keeping my stock FRF83.
Click to expand...
Click to collapse
If you don't want the Cyanogen ROM or RA recovery just skip step #22 and stop with step #24. I didn't follow this tutorial as I did Booker-T's method with some tweaks but if you do what I said you should be fine.
madj42 said:
If you don't want the Cyanogen ROM or RA recovery just skip step #22 and stop with step #24. I didn't follow this tutorial as I did Booker-T's method with some tweaks but if you do what I said you should be fine.
Click to expand...
Click to collapse
You dont have to use that rom, you can flash any other rom as long as you have root. Paul obrien offeres a rooted FRF83 rom
I was able to do this without taking out / putting the SD card in (and thus avoided filing down my battery. I didn't run "loop.bat" until I was highlighting the Recovery icon, the ran it, when into Recovery, and adb picked it up.
Worked perfect!
Just, when flashing recovery, the better terminal emulator was giving me an error, i used Rom Manager to flash the recovery, and back to terminal to rm /system/etc/ blah blah ....GREAT Tutorial!
First of all i want to thank captainrewind without his help and his device this wouldnt be possible, i didnt even own the device myself im just planning to buy it and with him offering himself to test everything, well we combined knowledges and made it all you need to do is simple:
Anyone wanting to know how this Started read http://forum.xda-developers.com/showthread.php?t=1984936
mdmower experienced issues with ril(calls and else) and contacts not syncing so i worked with him and we discovered supercid is responsable for this so the only thing you got to do is reverse cid(thats option number 3 on script) and you are ready to go, no need to relock bootloader!!, they are 2 versions of script one with recovery one without its your choice, the recovery one is pretty big 8mb and without only a few kbytes, screenshots below
the one with recovery
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The one without recovery
mdmower said
mdmower said:
I have another script update. The temproot method is no longer used to change the cid after you're unlocked. Those procedures now assume you have superuser installed (root) and are much faster and more reliable.
My package still does not include a recovery image to reduce the size of the download, but I have included a menu option to install recovery - you simply need to download either CWM or TWRP and put recovery.img in the same directory as the script.
Special Note: If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time. I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.
Click to expand...
Click to collapse
Also please note as mdmower said Special Note: If you run the script multiple times, be sure to remove mmcblk0p4 and mmcblk0p4.backup from the directory each time. I purposely leave these in case you want to make a backup. mmcblk0p4 corresponds to SuperCID and mmcblk0p4.backup corresponds to VZW__001.
The script is attached below, script unlocks bootloader and installs a recovery for you, not root but you can find intructions on next post
THANKS:
Bin4ry for temproot method
Grankin01 for the cid base
mdmower for correcting script
Superdave for discovering temp root(forgot to mention before sorry)
The manual way!!!!
DO AN ADB BACKUP BEFORE STARTING AS THIS WILL RESTORE TO FACTORY DEFAULTS!
EVERYTIME WE SAY TYPE IT MEANS TYPING THE CODE AND PRESSING ENTER
SOME USERS ARE HAVING ISSUES TEMPROOTING. IF SO PLEASE DO FACTORY RESET AND/OR REINSTALL THE RUU BEFORE STARTING. Also, verify you are NOT using a USB 3.0 port by looking at the inside of the port itself on your computer. If it's blue, it's USB 3.0 and you need to use a different port.
Requirements:
•A hex editor
•Android sdk(fastboot and adb at least)
•Recommended 50% battery or more and usb debugging on
•Be updated to the latest ruu with sense 4.1 (version 2.17.605.2)
Quick how-to temproot (written by captainrewind):
Read here for some detail (FOR REFERENCE ONLY, all instructions are below): http://forum.xda-developers.com/showthread.php?t=1886460
Download the file http://ul.to/h44f6vni
So lets start:
First, if you haven't already, download and install the HTC drivers.
On your phone, go to Settings -> Developer options, and enable USB debugging.
Next, go to Settings -> Connect to PC and change Default connection type to Disk drive and disable Ask me.
Plug your phone into the computer, and wait until it pops up asking what you want to do with the newly plugged in phone.
Close the pop ups and go press the Start button and type "cmd". It should pop up with "cmd.exe". Right click on it and click Run as Administrator.
Download this file with the fake backup in it.
Once downloaded, unzip it to C:\Root.
Navigate to the folder in the command Prompt by typing
Code:
cd c:\Root\stuff
Now that you're there, type:
Code:
adb devices
If your phone pops up in the list, you're good to go!
Next, type
Code:
adb restore fakebackup.ab
DO NOT click OK to the restore on the device just yet!
Now type:
Code:
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done"
(errors will appear, ignore)
Accept the restore on the device, then type:
Code:
adb reboot
(At this time, you are temprooted, and the phone UI will be in an unusable state, with temproot shell.)
After reboot type:
Code:
adb shell
Verify that the prompt is "#" (meaning root) or "$" (meaning normal user). If it's not "#", please start over.
At this point, you can optionally do this ONLY if you want to revert changes:
Code:
rm /data/local.prop
exit
adb reboot
if everything went right proceed to second part
2nd part(written by me)
Obtaining supercid
type
Code:
dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4
Close cmd and start a new one then type
Code:
adb pull /sdcard/mmcblk0p4
Open the file (mmcblk0p4) with your hex editor.
Look for offset 00000210 and you should see VZW__001 with your imei on the right
Change VZW__001 to 11111111 and save the file as mmcblk0p4MOD
Now go back to your command prompt and type
Code:
adb push mmcblk0p4MOD /sdcard/mmcblk0p4MOD
Type
Code:
adb shell
Type
Code:
dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4
If suceeded close the window and start a new one and type "adb reboot bootloader" then "fastboot oem readcid" and that should show you 11111111
Now, go to htcdev.com website, sign up, login, and select the "Unlock Bootloader" option from their site and follow the instructions, selecting other supported devices from their dropdown menu.
bugs:
If you experience issues with com.android.phone crashing when placing/receiving calls or your contacts refuse to sync, you may need to change your cid back to its origintal state (VZW__001). This is proceure 3 in the script and will not affect your unlock or data (perform a backup just in case though!).
After that you can install a recovery or root the rom following captainrewind post below
Honorable mention goes to superdave for discovering the temproot method by Bin4ry works after the latest RUU.
This is no joke people and it shows what a lot of support from those who came before us, a little persistence to try a combination of things, and collaboration can accomplish.
I made a new friend today as well. NOW BRING ON THE CUSTOM ROMS!
I've now successfully flashed TWRP and SU binary and Superuser.apk. Here's how:
CM Recovery:
See this thread for details on the CWM Recovery.
TWRP:
THANKS TO ANDYBONES FOR THE UPDATED TWRP LINKS AND INSTRUCTIONS!
TWRP Download:
http://dl.dropbox.com/u/26383143/HTC Incredible 4G/TWRP2.2_recovery.img
TWRP Instructions:
Code:
adb reboot bootloader
Once in the bootloader:
Code:
fastboot flash recovery TWRP2.2_recovery.img
Code:
fastboot reboot
Once TWRP is flashed:
Download the Superuser apk and binaries from here:
http://androidsu.com/superuser/
Then, push them to your EXTERNAL SD:
Code:
adb push "Superuser-3.1.3-arm-signed.zip" /sdcard/ext_sd
Then, reboot into recovery:
Code:
adb reboot recovery
From the TWRP Recovery, use the "Install" feature to select and install the zip.
Reboot
YOU ARE NOW ROOTED!
bad ass guys!! i knew somneone out in xda land could figure it out!!
I flipping love you guys
So why don't we have cm10 yet?
Sent from my ADR6410LVW using Xparent Blue Tapatalk 2
now this is f***ing awesome!!
great job guys!
http://www.youtube.com/watch?v=VLnWf1sQkjY&sns=em
Sent from my Nexus 7 using Tapatalk 2
i think we should wait for yall to finish whatever yall are doing before we (especially me) start asking boot questions about how to use this
---------- Post added at 07:04 PM ---------- Previous post was at 06:42 PM ----------
But seriously what does this mean
, and cd to the stuff/ dir inside the zip
So what do you recommend for a hex editor?
brycekerr said:
So what do you recommend for a hex editor?
Click to expand...
Click to collapse
I use this one,
download.cnet.com/HxD-Hex-Editor/3000-2352_4-10891068.html
check out our ViperROM once rooted!
---------- Post added at 07:15 PM ---------- Previous post was at 07:11 PM ----------
Should def do a shout out to
Bin4ry
in the OP.
without that exploit this wouldn't be possible
Perfect, thanks! And that's why I wanted root lol, I ran that on my Rez
Error:
"while is not recognized as an internal/external command"
Is that the error we are supposed to ignore? and also I need a device encryption password to restore, anybody know what it is?
brycekerr said:
So what do you recommend for a hex editor?
Click to expand...
Click to collapse
UltraEdit is a 30-day trial, download here: http://www.ultraedit.com/.
If you've used it before and are outside the 30-days, go OpenSource and use Frhed: http://frhed.sourceforge.net/en/
---------- Post added at 05:22 PM ---------- Previous post was at 05:19 PM ----------
Linch89 said:
i think we should wait for yall to finish whatever yall are doing before we (especially me) start asking boot questions about how to use this
---------- Post added at 07:04 PM ---------- Previous post was at 06:42 PM ----------
But seriously what does this mean
, and cd to the stuff/ dir inside the zip
Click to expand...
Click to collapse
Jose is updating it... it just means after you unzip it and open terminal to CD to the c:\path\of\unzipped\file\stuff\ dir
---------- Post added at 05:28 PM ---------- Previous post was at 05:22 PM ----------
brycekerr said:
Perfect, thanks! And that's why I wanted root lol, I ran that on my Rez
Error:
"while is not recognized as an internal/external command"
Is that the error we are supposed to ignore? and also I need a device encryption password to restore, anybody know what it is?
Click to expand...
Click to collapse
Whoops, sorry that's my mistake... that needs to be run from adb shell. Hang on, Jose is fixing. Encryption password should be blank.
tried from adb shell, get a looping error
"link failed no such file or directory"
brycekerr said:
tried from adb shell, get a looping error
"link failed no such file or directory"
Click to expand...
Click to collapse
You should get that, just ignore it and click restore the backup on the phone and those messages should go away.
Does this void the warranty through the htcdev unlock? Not a big deal just curious
Sent from my Nexus 7 using Tapatalk 2
Works great , nice work guys!
Upon reboot my phone starts to boot into the OS....I can see its connected to the network and stuff in the notification bar, but all I can see is the wallpaper and the screen is completely unresponsive
This is after adb reboot
jamminjon82 said:
Does this void the warranty through the htcdev unlock? Not a big deal just curious
Sent from my Nexus 7 using Tapatalk 2
Click to expand...
Click to collapse
Yes
brycekerr said:
Upon reboot my phone starts to boot into the OS....I can see its connected to the network and stuff in the notification bar, but all I can see is the wallpaper and the screen is completely unresponsive
This is after adb reboot
Click to expand...
Click to collapse
That is expected, the OP has been updated with that detail.
Edit: NVM
the file has no MOD on the end...should it just read mmcblk0p4?
brycekerr said:
Edit: NVM
the file has no MOD on the end...should it just read mmcblk0p4?
Click to expand...
Click to collapse
you would need to cd to the directory where the MOD file (the one you altered with the hex editor) lives.
with the rezound,some folks unknowingly re-unlocked after s off to regain use of fastbooot commands,after running ruus that replaced the patched jpbear hboot. i thot i would bring this here,in case there ever becomes a need.
i happened across this thread inthe gsm evo 3d forum: http://forum.xda-developers.com/showthread.php?t=1970252 and found it to work on the rezound,inc 4g,sensation 4g,cdma evo 3d,MT4GS,Amaze 4g,and prolly several others.
this does NOT mean you can unlock your bootloader without going thru htcdev. all this means,is that if you accidentally unlocked your bootloader after s-off,you can get rid of the relocked watermark and get back to 100% locked prior to s-on for warranty purposes,without having to s-on and re-s off.
ive always been unlocked. for S&Gs,i dumped mmcblk0p3 and found the described "HTCU" at 0x8404. changed it to 0x00000000 and voila! back to locked
afterward,relfashed my origianl mmcblk0p3,wich brought me back to unlocked with no getting or flashing tokens.
this is NOT a patched or hex edited hboot.again,this is ONLY to get back your original ***locked*** status.
*this is for s-off phones only
2 ways to do it:
1)old school
this assumes you to have drivers,adb/fastboot,a hex editor,a fair understanding about what youre doing,and the ability to follow directions on the linked thread
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]
c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HTxxxxxxxxxx device
c:\mini-adb_vigor>[COLOR="Red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
[email protected]:/ # [COLOR="red"]exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
2292 KB/s (33143808 bytes in 14.116s)
[COLOR="Blue"]*modify mmcblk0p3 with a hex editor[/COLOR]
c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
2478 KB/s (33143808 bytes in 13.059s)
c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
[email protected]:/ #[COLOR="red"] exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]
c:\mini-adb_vigor>
2)noob friendly
-download the appropriate zips,place on sd card.
-boot to recoverywipe cache/dalvik
-flash in recovery. i recomend to run query first,to make sure its working. tested on my personal amaze,jetstream,rezound,inc 4g,sensation,MT4GS,and gsm evo 3d.
query:query_bootloader.zip
query_bootloader.zip f335f78f9f46469c823da0c671026de5
unlock:unlock_bootloader.zip
unlock_bootloader.zip f335f78f9f46469c823da0c671026de5
lock:lock_bootloader.zip
lock_bootloader.zip f335f78f9f46469c823da0c671026de5
a little bit of explanation. yes,the md5s are all the same. its the same file,just named differently. the script behaves based on the name of the zip. i knew if i only included 1 download and instructed folks to change the name there would be confusion,so this is my attempt to keep it simple. feel free to download one file and just change the name to make the other zips.
it also works to make your phone relocked if for some reason you want it that way(rename relock_bootloader.zip). i didnt include a zip for that because i figued there would be no demand.
before:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
after:
sure,i could have easily faked the above photos,but i dint.
again,all credit goes to s trace on the above thread,be sure to click the thanks button on his post. all i did was remove the device check per his instruction. DO NOT flash on other devices without checking for the proper location of the lock flag first.
DISCLAIMER:this is not my work. i have tested it on my own device,but use it at your own risk. if it melts your phone into a lil pile of goo,its not my fault.
enjoy
special thanks
-brian for unlocking his bootloader,then dumping mmcblock0p3 to make sure it would work for cdma evo3d phones too
-brian and donb for fearless testing of the zip files on evo3d cdma
Thank you. This looks really useful for the future possibly.
SnapplerX said:
Thank you. This looks really useful for the future possibly.
Click to expand...
Click to collapse
your welcome. its not my work,so make sure to thank s trace on the original thread in the gsm 3d forum. i know alot of folks will find it useful
Not sure if i missed somthing but if i never did S-off and im currently s-on will this still work?
dntipwn said:
Not sure if i missed somthing but if i never did S-off and im currently s-on will this still work?
Click to expand...
Click to collapse
no,it will not. mmcblk0p3 is write protected while s on(or s off would have come alot sooner )
if youre s on,and want to get rid of relocked im afraid youll need to s off.
There's a easier way to do it. I was thinking of making a tutorial howto thread but was lazy. All you have to do is be s-off with juopunutbear's hboot. Then go on bootloader and connect through USB. Ensure fastboot usb is there then run adb and run command "fastboot oem lock". It should say that the bootloader is already locked. Then run adb command "fastboot oem writesecureflag 3" (this command will turn your phone back to s-on in case you didn't know), install stock ruu and your phone should be s-on with ***locked*** status. If your somebody looking to return your phone for warranty reasons or for whatever desire you want, or just want lock status as everyone wants to know how to do, then this'll work reverting you back to stock completely. You'll look like you've never tampered your phone
After I S-Off'd I flashed an RUU and achieved **Locked** status.
I didn't have to unlock my bootloader after that. Just flashed a recovery using fastboot and flashed a ROM.
nulcon said:
There's a easier way to do it. I was thinking of making a tutorial howto thread but was lazy. All you have to do is be s-off with juopunutbear's hboot. Then go on bootloader and connect through USB. Ensure fastboot usb is there then run adb and run command "fastboot oem lock". It should say that the bootloader is already locked. Then run adb command "fastboot oem writesecureflag 3" (this command will turn your phone back to s-on in case you didn't know), install stock ruu and your phone should be s-on with ***locked*** status. If your somebody looking to return your phone for warranty reasons or for whatever desire you want, or just want lock status as everyone wants to know how to do, then this'll work reverting you back to stock completely. You'll look like you've never tampered your phone
Click to expand...
Click to collapse
you have completely missed the point. what you said is true of one has never left a jpbear hboot,or re-unlocked.
however...
if one has re-unlocked after s-off,then they cannot get back to locked with fastboot oem lock,they will be relocked just like before s-off.
in addition,this gives you the freedom to use an unlocked hboot rather than a jpbear hboot if youve run an ruu that overwrote it. you can easily lock and unlock simply by flashing the zip.
Double0EK said:
After I S-Off'd I flashed an RUU and achieved **Locked** status.
I didn't have to unlock my bootloader after that. Just flashed a recovery using fastboot and flashed a ROM.
Click to expand...
Click to collapse
part of the jpbear s off process is doing exactly what the zips are doing- resetting the lock flag status back to 00000000 at 0x8400. alot of folks dont realize this becasue they continue to use the jpbear hboot. this is why running an ruu that overwrites the jpbear hboot gives you a stock locked hboot.
you are correct,you dont need to unlock(or reinstall jpbear) in order to install a recovery. however alot of noobs did not realize this,and unknowingly unlocked in order to fastboot flash a recovery. until now,the best these folks could do wasrelocked,unless they were willing to turn s on,then run jpbear again. simply flahsing a zip in recovery is a lil easier
big thanks man, but do you only have to download the first file?
amazeboy said:
big thanks man, but do you only have to download the first file?
Click to expand...
Click to collapse
yes. all 3 are the same. just change the name to create the other files,the script behaves based on the name of the zip. again,i recomend to run query first,then lock or unlock.
you can change the zip to achieve relocked but i dint htink there would be demand for that
First of all, the thread about omap4boot: http://forum.xda-developers.com/showthread.php?t=1971014
I didn't create this tool, I just found out a way to make it works with our phone, and maybe I'm not the first (tested under Windows 7 Ultimate 32-bit).
What do you need:
omap4boot, get it from original thread.
Extract omap4boot archive somewhere like C:\omap4boot (I will use this path in the tutorial).
Power off your phone and remove the battery.
Connect your phone (still without the battery) to the PC.
You will hear the sound of a new driver, then the sound of a driver when it disconnects continiusly.
Start -> Right click on "Computer" -> "Manage".
On the left column, click on "Device manager".
You will see a device that appear and disappear under "Other/Unknown Devices".
You must right click on the unknown device before it disappear, once clicked select "Driver Update". (You can use this tip to make the process easier http://forum.xda-developers.com/showthread.php?p=51019004).
Click on the second button (manually install driver) and insert the "usb_drv_windows" path (C:\omap4boot\usb_drv_windows) and install the driver.
Disconnect the phone from the PC and power it off.
Open a command prompt (Win+R, type cmd and press Enter).
Type the following command in the command prompt:
Code:
cd C:\omap4boot
start-fastboot.bat
Now input 3 (Prada 3.0 P940) and press enter.
Plug the phone without battery to the PC, when the tool says "Wait 5 seconds" put the battery in your phone.
(The first time that you do this, you have to install the drivers again. Repeat step 9)
At the other prompts answer always "N", this could be important.
Now you can use fastboot on L9 Next times you can start from step 12.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(the red rettangle isn't important here )
Sorry for my english, if someone wants to review the tutorial just send me a PM.
I test it when I do recovery.img (we need to sign it, I will try with prada keys).
Has anyone tried to flash something?
Do you think it won't brick our phone. It flashes new u-boot.
On W8 x64 when I install driver I get Not signed INF.
What FW have you got? 10g or other?
artas182x said:
I test it when I do recovery.img (we need to sign it, I will try with prada keys).
Has anyone tried to flash something?
Do you think it won't brick our phone. It flashes new u-boot.
On W8 x64 when I install driver I get Not signed INF.
What FW have you got? 10g or other?
Click to expand...
Click to collapse
I flashed some stock partitions (recovery, boot) on ITALIAN WIND 10D but I can't confirm if the security error appear or not now.
When i tried to flash system.img fastboot said something like "file too large".
At the step 15 I said to answer N, otherwise the tool should flash new u-boot and I'm not sure if it works on our L9.
Maybe on a 64-bit system you have to disable the driver signature check, the bad thing is that (on Windows 7) you have to do it manually at every boot.
Odp: fastboot on our L9 with omap4boot
I try this today. Maybe it's a way to soft unbrick our l9 (without kdz).
Wysyłane z mojego LG-P760 za pomocą Tapatalk 2
artas182x said:
I try this today. Maybe it's a way to soft unbrick our l9 (without kdz).
Wysyłane z mojego LG-P760 za pomocą Tapatalk 2
Click to expand...
Click to collapse
Yes this should make the phone unbrickable (i think a backup is needed), but as I said I got problems flashing the system.img.
Also, if we get a security error flashing a custom recovery/boot.img we can restore the original recovery/boot.img in seconds without LG Support Tool.
R: fastboot on our L9 with omap4boot
Se need to try u boot from Prada..maybe work!
Inviato dal mio LG-P760 con Tapatalk 2
Bootloader is LK MAY-2012 in Prada 3.0 and our L9. It can work.
artas182x said:
Bootloader is LK MAY-2012 in Prada 3.0 and our L9. It can work.
Click to expand...
Click to collapse
I can try but how to restore the stock u-boot if things won't going well?
I think we can restore with kdz, but I'm not sure.
artas182x said:
I think we can restore with kdz, but I'm not sure.
Click to expand...
Click to collapse
Looking in the omap4boot's files seems that it dumps "x" and "u" partitions (when it dumps the locked loader).
I will backup those partitions to have a possibility of restore with fastboot.
Should I follow the procedure for Prada P940?
i think as same as you,if you can get into recovery, in theory you could install kdz rom.
Maybe I did something wrong but it didn't work..
What I've done:
Start fastboot
When the tools asked for u-boot replace, I said "Y".
fastboot replaced u-boot, then I ran "fastboot reboot".
Black screen. Removed battery and USB, polugged in battery and press power, still black screen.
Started fastboot again and ran "fastboot flash u-boot u.img" (u.img was my backup of u partition)
Then the phone restarted normally with "fastboot reboot".
I was on 10D Wind ITA. The black screen is scary :silly: but this confirms that with fastboot we can restore every partition.
I tried to restore system and phone restarted like in your phone.
artas182x said:
I tried to restore system and phone restarted like in your phone.
Click to expand...
Click to collapse
How did you restore system? fastboot said to me "remote: data too large" or similar.
I didn't restore system beacuse it reboot phone. Have you got good system dump. I did correct system dump using dd if= of=.
artas182x said:
I didn't restore system beacuse it reboot phone. Have you got good system dump. I did correct system dump using dd if= of=.
Click to expand...
Click to collapse
These are the commands that I used some time ago to restore the phone (without the recovery):
Code:
#adb shell su -c busybox dd if=/sdcard/BACKUP/boot.img of=/dev/block/mmcblk0p3
#adb shell su -c busybox dd if=/sdcard/BACKUP/cache.img of=/dev/block/mmcblk0p12
#adb shell su -c busybox dd if=/sdcard/BACKUP/divxkey.img of=/dev/block/mmcblk0p5
#adb shell su -c busybox dd if=/sdcard/BACKUP/fota.img of=/dev/block/mmcblk0p8
#adb shell su -c busybox dd if=/sdcard/BACKUP/misc.img of=/dev/block/mmcblk0p6
#adb shell su -c busybox dd if=/sdcard/BACKUP/mlt.img of=/dev/block/mmcblk0p14
#adb shell su -c busybox dd if=/sdcard/BACKUP/nv.img of=/dev/block/mmcblk0p7
#adb shell su -c busybox dd if=/sdcard/BACKUP/persist.img of=/dev/block/mmcblk0p13
#adb shell su -c busybox dd if=/sdcard/BACKUP/recovery.img of=/dev/block/mmcblk0p4
#adb shell su -c busybox dd if=/sdcard/BACKUP/reserved.img of=/dev/block/mmcblk0p9
#adb shell su -c busybox dd if=/sdcard/BACKUP/u.img of=/dev/block/mmcblk0p2
#adb shell su -c busybox dd if=/sdcard/BACKUP/x.img of=/dev/block/mmcblk0p1
#adb shell su -c busybox dd if=/sdcard/BACKUP/userdata.img of=/dev/block/mmcblk0p11
#adb shell su -c busybox dd if=/sdcard/BACKUP/system.img of=/dev/block/mmcblk0p10
I obtained the imgs with the inverse command.
Anyway you mean you got a black screen?
Has anyone had any luck restoring system.img?
Ive been thinking of different theories on how to save those who updated to 10G on P769BK. One of which is making a system.img dump from a phone that was able to preserve root with Voodo OTA restore and using this tool to flash onto phones that lost it.
I'm not too familiar with fastboot commands but if anyone can help me with how to pull the system partition and reflash to another phone I'll gladly guinea pig...got a couple of these suckers lying around
Jrkoffjonson said:
Has anyone had any luck restoring system.img?
Ive been thinking of different theories on how to save those who updated to 10G on P769BK. One of which is making a system.img dump from a phone that was able to preserve root with Voodo OTA restore and using this tool to flash onto phones that lost it.
I'm not too familiar with fastboot commands but if anyone can help me with how to pull the system partition and reflash to another phone I'll gladly guinea pig...got a couple of these suckers lying around
Click to expand...
Click to collapse
It seems that system partition is too big to flash with fastboot, the only way to restore is with dd but a rooted phone is needed.
sguerrini97 said:
It seems that system partition is too big to flash with fastboot, the only way to restore is with dd but a rooted phone is needed.
Click to expand...
Click to collapse
Well that stinks, so much for that idea :'[
System dump file
After downloading the zip linked in the OP I found a dump batch file called 'dump_prada.bat' in the zip.
Took a look into it and modified it to work with our device to do an easy system wide dump.
It works, but only if you have an external sd card as our internal storage is too small to hold the files before transferring to the computer.
I'm attaching it as a .txt file- just rename it to full_dump.bat and run as admin.
Not taking any credit for the original script..
Hi there,
I recently bought a LG K40s and wanted to unlock the bootloader in order to root this phone. But I could't find any instructions on how to do this nor a fastboot mode for that phone.
Does anyone know how I can get root access on this phone?
Thanks in advance,
Oebbler1
Fastboot: switch off the smartphone by holding the Power button for a couple of seconds. Then connect the Type C USB cable with your PC or laptop. Now push Volume Down and connect this cable with your device. When
hi. I try to root this device but when I use ADB this don´t go to bootloader, the device reboot in normal mode. I look TWRP web and this device isn´t in the list
Any method to root this device?
Regards
Help
we need to create a post to get help to root and install twrp on LG K40s
@jessepinheiro50
To root Android as 1st thing of all things these requirements must be achieved
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Next step is to install the USB-driver matching your device
Then check you can access phone from PC via USB
Code:
adb devices
and that boot-loader can get unlocked
Code:
adb shell "getprop ro.oem_unlock_supported"
and if returned value=1 verify that you can deal with phone's boot-loader
Code:
adb reboot bootloader
fastboot devices
Next step is to boot into phone's boot-loader, and unlock it WHAT WILL ERASE ALL DATA ON YOUR PHONE
Code:
fastboot OEM unlock
fastboot reboot
At last step you flash the software that will add root to Android
Code:
adb devices
adb sideload <ROOTING-SOFTWARE-ZIP>
adb reboot
Any news?
Any news on how to root this device?
solve ?
renanflores85 said:
Any news on how to root this device?
Click to expand...
Click to collapse
there is an apk that search for what program can root the current android, and the only it show was stumproot, idk if is safe, i never saw it before, but searching for it, it show that is a root program for lg
jwoegerbauer said:
@jessepinheiro50
To root Android as 1st thing of all things these requirements must be achieved
Next step is to install the
Then check you can access phone from PC via USB
Code:
adb devices
and that boot-loader can get unlocked
Code:
adb shell "getprop ro.oem_unlock_supported"
and if returned value=1 verify that you can deal with phone's boot-loader
Code:
adb reboot bootloader
fastboot devices
Next step is to boot into phone's boot-loader, and unlock it WHAT WILL ERASE ALL DATA ON YOUR PHONE
Code:
fastboot OEM unlock
fastboot reboot
At last step you flash the software that will add root to Android
Code:
adb devices
adb sideload <ROOTING-SOFTWARE-ZIP>
adb reboot
Click to expand...
Click to collapse
this don't worked, it just reboot the phone, and it show 1 when it check if is possible to use boot-loader
letsbrick said:
this don't worked, it just reboot the phone, and it show 1 when it check if is possible to use boot-loader
Click to expand...
Click to collapse
Try
Code:
fastboot flashing unlock
instead of
Code:
fastboot OEM unlock
jwoegerbauer said:
Try
Code:
fastboot flashing unlock
instead of
Code:
fastboot OEM unlock
Click to expand...
Click to collapse
That's not work for me. adb don't identify the device and only wait.
wallrony said:
That's not work for me. adb don't identify the device and only wait.
Click to expand...
Click to collapse
yeah is waiting for any device
So... The problem is that "adb reboot bootloader" doesn't init smartphone in bootloader, but in normal boot process. it's feasible to think about how to "unlock" the "boot of bootloader", since LG may have blocked in this device.
we should create guides in XDA how to install drivers on PC
as this is common hardship for many.
most preferably some autoinstaller of all drivers, for all devices (taken from manufacturers)
indestructible master said:
we should create guides in XDA how to install drivers on PC
as this is common hardship for many.
most preferably some autoinstaller of all drivers, for all devices (taken from manufacturers)
Click to expand...
Click to collapse
No, that's not the problem. Fastboot commands run only when the device's in bootloader device.
So, i solved to persist and search many ways to see something. And that, i got in recovery menu (with Restart System, Wipe, Start ADB sideload - but without connection with PC, as a not connected device, the connection isn't stablished because adbd is a not found command from device shell, in the log returns that, and system wait more or less of 5 minutes to back to recovery menu). In that, i could see the recovery logs, and the last is the normal procedure of a factory reset, i think. In that i encountered some properties that are defined by default:
Code:
ro.boot.flash.locked=1
ro.treble.enabled=true
ro.bootloader=unknown
ro.product.name=mmh551m_f
And by peace of mind, i run
Code:
adb shell "getprop ro.bootloader"
on PC terminal with adb and that returns me the "unknown" that i see in the log. Running
Code:
adb shell "getprop"
returns all prop of the system, so that can be examined to make something. So... I tried to change property using setprop, like ro.boot.flash.locked to 0, or ro.bootloader to any value, but no success.
And to finalize, in contact with LG support whatsapp, the ChatBot returns me a message saying that the bootloader function isn't available by secure reasons.
I think that the value was simply hided from the original value to not access the bootloader, but it's in device ... But with no permission to change the value and not know what value set in the prop.
There are a guide to unlock the boot-loader, but not yet to root.
Root LG K41S + SafetynetAPI pass
Disclaimer These kind of modifications are not for the faint of heart!!! Flash/modify at your own risk!!! I will not be responsible for bricked phones, Dead batteries, world war 3, yada yada yada..... you Know the Rest. :sneaky: Introduction...
forum.xda-developers.com
I followed this process and it doesn't go past the [ fastboot OEM unlock ] step.
I just get < waiting for any device >
However, when I try to use Google Pay and other such apps, I am faced with a security issue.
The question is: Is the bootloader unlocked or not ?
If so, how to relock it ?
Have a device of this wich has a problem with the screen apparently, after changing the screen it wont boot, no battery animation when charger is connected, only a red light and a smooth periodical vibration. If i hold power on and any vol buttons it seems to try boot showing lg logo but fail quicly and keeps off.
Something happened when i repaired it was that side buttons flex got broken so had to order a new one, it passed a lot of time to receive it but i believe that day with broken flex when testing the new screen i think i've seen the battery animation... Im not sure.
But seem its a common issue in this model. So is there something i can do to fix the mainboard?