wiki:g2_root_new

G2 rooting (and Desire Z, Desire HD after downgrade)

Prerequisites

  • Disable auto-run or uninstall Visionary if you have it (It's important!)

Downgrading HTC Desire Z and Desire HD

The HTC Desire Z with a firmware version higher than 1.34 and the Desire HD with a firmware version higher then 1.32 have to be downgraded

For the HTC Desire Z follow this guide Downgrade DZ till step 12 and then come back.

For the HTC Desire HD follow this guide Downgrade HD and then come back.

1. Necessary files

psneuter psneuter.zip (md5sum 89c2dec8d72d87b4c669f44dd31c8d17)

gfree v0.5 gfree_05.zip (md5sum ee63bff8a02232e733b5c9a57580ad9a)

rooting files gfree_root_psn.zip (md5sum 3b9172af8c4562b0f7f9e0c5fd01f89a)

flash_image flash_image.zip (md5sum bd475f29e0665c702f8eaf57a0423b58)

1.1. engineering hboot

Download the appropriate HBOOT for your phone:

T-Mobile G2: vision.hboot-0.76.2000.zip (md5sum 7669AE12DC2FAA10AE555A164980EFD0)

HTC Desire Z: vision.hboot-0.84.2000.zip (md5sum 2CE1BDD5E4C1119CCFCECB938710D742)

HTC Desire HD: ace_glacier.hboot-0.85.2007.zip (md5sum df4fd77f44993eb05a4732210d2eddc6)

Note that the md5sums are for the actual hboot img contained within the zip file, not the for the zip file itself. Note also that the dz, g2, and dhd each use their own version of the engineering boot, as the phones are partitioned differently. (If you have previously installed the wrong HBOOT for your phone, you may need to reflash everything after partition 18)

1.2. clockwork recovery

Download the appropriate clockwork recovery for your phone:

T-Mobile G2 and HTC Desire Z: recovery-clockwork-3.0.0.5-vision.img (md5sum 9b2282522cf53b0ff1669771cc7f9376)

HTC Desire HD: recovery-clockwork-3.0.0.6-ace.img (md5sum ddfbf43779236d407541102f7fc0e0b7)

2. Copy the files to the phone

Before you can adb as described below you need to enable debugging in the settings on the phone. In Settings go to "Applications -> Development" and check the "USB debugging" option.

Connect the phone to the USB of your PC. The phone will stay connected during the complete procedure.

Make sure that you do NOT turn on USB storage. There has to be a sdcard in the phone and it has to be mounted to the phone!

In the commands to run below, $ or # represent the prompt and should NOT be entered as part of the commands (in Windows this will be something like C:\> instead).

Unpack all the zip files to a directory on your PC. Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:

$ adb push psneuter /data/local/tmp/
$ adb push gfree /data/local/tmp/
$ adb push busybox /data/local/tmp/
$ adb push hboot-eng.img /data/local/tmp/
$ adb push root_psn /data/local/tmp/
$ adb push flash_image /data/local/tmp/
$ adb push su /sdcard/
$ adb push Superuser.apk /sdcard/
$ adb shell chmod 755 /data/local/tmp/*

2.a. clockwork recovery for T-Mobile G2 and HTC Desire Z

For the T-Mobile G2 or the HTC Desire Z execute the following command in the terminal or command window

$ adb push recovery-clockwork-3.0.0.5-vision.img /data/local/tmp/recovery.img

2.b. clockwork recovery for HTC Desire HD

For the HTC Desire HD execute the following command in the terminal or command window

$ adb push recovery-clockwork-3.0.0.6-ace.img /data/local/tmp/recovery.img

3. Temporary root

In the terminal (or command window) execute these commands:

$ adb shell /data/local/tmp/psneuter
$ adb shell

after the last command you should have a root shell in adb (this is indicated by a # prompt). Leave this terminal (or command window) that contains the root shell open.

4.a. S-OFF, Super-CID, SIM-unlock, engineering hboot, clockwork recovery and root

From now on we recommend to install the engineering hboot as part of the gfree procedure.

If you do not want to install the engineering hboot for any reason skip to section 4.b.!

In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:

# cd /data/local/tmp
# ./gfree -f -b hboot-eng.img
# ./flash_image recovery recovery.img
# ./root_psn
# sync

Wait a few seconds for the changes to "take".

4.a.1. Check the md5sums of the installed hboot

As it is very important that the hboot was installed correctly we recommend to check the md5sums of the partition. In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:

# cd /data/local/tmp
# ./busybox md5sum hboot-eng.img
# ./busybox md5sum /dev/block/mmcblk0p18

If the md5sums don't match then first of all - DON'T REBOOT and second run for help at the #G2ROOT IRC channel on freenode.

If the md5sums match -> Reboot your phone by executing the following command In the root shell (indicated by the #):

# reboot

4.b. S-OFF, Super-CID, SIM-unlock, clockwork recovery and root

If you do not want to install the engineering hboot follow this section!

If you ran the commands in section 4.a. then skip this section and proceed to section 5.

In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:

# cd /data/local/tmp
# ./gfree -f
# ./flash_image recovery recovery.img
# ./root_psn
# sync

Wait a few seconds for the changes to "take".

Reboot your phone by executing the following command In the root shell (indicated by the #):

# reboot

5. Verify the success of gfree

You can verify the success of gfree by using gfree_verify.

Download gfree_verify.zip from gfree_verify_v01.zip (md5sum 8e3535fd720d19fa0aec4eb711b897c4)

Unzip gfree_verify_v01.zip to a place on your PC.

Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:

$ adb push gfree_verify /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/gfree_verify
$ adb shell

In this shell:

Remark: When you run su for the first time in the adb shell make sure the the screen of the phone is unlocked. Because when you enter the command the Superuser app will show up and ask you if you want to grant superuser access to app Unknown (2000).

Check the Remember check box and click allow.

$ su
# cd /data/local/tmp
# stop ril-daemon
# ./gfree_verify

You should see the following output:

gfree verify_cid returned: 
@CID: 11111111

OK

gfree verify_secu_flag returned: 
@secu_flag: 0

OK

gfree verify_simlock returned: 
@SIMLOCK= 00

OK

Start the interface layer again (IN THE ADB SHELL ON YOUR PC) - (or reboot your phone):

# start ril-daemon

Did it work? Here's what you're looking for:

@CID: 11111111 <--- this response means you have superCID!

@SIMLOCK= 00 <--- this means your simlock is off.

@secu_flag: 0 <--- this means your radio is S-OFF.

6. Backup and cleanup

During the process gfree created backups of the partition that it changed to your sdcard in /sdcard/

The files are called /sdcard/part7backup-<time>.bin and part18backup-<time>.bin (if you installed hboot). It is highly recommended that you copy these files to a save location on your PC and keep them!

You can delete the files in /data/local/tmp they are not needed anymore.

7. Next steps

Find a custom rom that you would like to install and install it using the clockwork recovery.

Enjoy the freedom of your phone.

If you like free phones and our work we would like to ask you to support the EFF.

Last modified 11 years ago Last modified on 04/01/11 14:31:32