wiki:g2_root_new

Version 5 (modified by admin, 13 years ago) (diff)

--

G2 rooting (and Desire Z, Desire HD after downgrade)

Necessary files

psneuter http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/psneuter/psneuter.zip (md5sum 89c2dec8d72d87b4c669f44dd31c8d17)

gfree v0.5 http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_05.zip (md5sum ee63bff8a02232e733b5c9a57580ad9a)

rooting files http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_temp-root.zip (md5sum d36df32bb08606f8368a73c65f148cbc)

flash_image http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/vision_utilities/flash_image.zip (md5sum bd475f29e0665c702f8eaf57a0423b58)

engineering hboot

Download the appropriate HBOOT for your phone:

T-Mobile G2: http://android.d3xt3r01.tk/cyanogen/vision/hboot/vision.hboot-0.76.2000.zip (md5sum 7669AE12DC2FAA10AE555A164980EFD0)

HTC Desire Z: http://android.d3xt3r01.tk/cyanogen/vision/hboot/vision.hboot-0.84.2000.zip (md5sum 2CE1BDD5E4C1119CCFCECB938710D742)

HTC Desire HD: http://android.d3xt3r01.tk/cyanogen/common/hboot/ace_glacier.hboot-0.85.2007.zip (md5sum df4fd77f44993eb05a4732210d2eddc6)

Note that the md5sums are for the actual hboot img contained within the zip file, not the for the zip file itself. Note also that the dz, g2, and dhd each use their own version of the engineering boot, as the phones are partitioned differently. (If you have previously installed the wrong HBOOT for your phone, you may need to reflash everything after partition 18)

clockwork recovery

Download the appropriate clockwork recovery for your phone:

T-Mobile G2 and HTC Desire Z: http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-vision.img. The md5sum can be found in http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-vision.img.md5sum.txt

HTC Desire HD: http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-ace.img. The md5sum can be found in http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-ace.img.md5sum.txt

Copy the files to the phone

Before you can adb as described below you need to enable debugging in the settings on the phone. In Settings go to "Applications -> Development" and check the "USB debugging" option.

In the commands to run below, $ or # represent the prompt and should NOT be entered as part of the commands (in Windows this will be something like C:\> instead).

Unpack all the zip files to a directory on your PC. Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:

$ adb push psneuter /data/local/tmp/
$ adb push gfree /data/local/tmp/
$ adb push busybox /data/local/tmp/
$ adb push hboot-eng.img /data/local/tmp/
$ adb push root /data/local/tmp/
$ adb push flash_image /data/local/tmp/
$ adb push su /sdcard/
$ adb push Superuser.apk /sdcard/
$ adb shell chmod 755 /data/local/tmp/*

clockwork recovery for T-Mobile G2 and HTC Desire Z

For the T-Mobile G2 or the HTC Desire Z execute the following command in the terminal or command window

$ adb push recovery-clockwork-vision.img /data/local/tmp/recovery.img

clockwork recovery for HTC Desire HD

For the HTC Desire HD execute the following command in the terminal or command window

$ adb push recovery-clockwork-ace.img /data/local/tmp/recovery.img

Temporary root

In the terminal (or command window) execute these commands:

$ adb shell /data/local/tmp/psneuter
$ adb shell

after the last command you should have a root shell in adb (this is indicated by a # prompt). Leave this terminal (or command window) that contains the root shell open.

S-OFF, Super-CID, SIM-unlock, engineering hboot, clockwork recovery and root

From now on we recommend to install the engineering hboot as part of the gfree procedure.

If you do not want to install the engineering hboot for any reason skip to the next section!

In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:

# cd /data/local/tmp
# ./gfree -f -b hboot-eng.img
# ./flash_image recovery recovery.img
# ./root
# sync

You may see an error message along the lines of "mkdir: /system/xbin already exists", but if so you can ignore that, the rest of the script should still run ok.

Wait a few seconds for the changes to "take".

Check the md5sums of the installed hboot

As it is very important that the hboot was installed correctly we recommend to check the md5sums of the partition. In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:

# cd /data/local/tmp
# ./busybox md5sum hboot-eng.img
# ./busybox md5sum /dev/block/mmcblk0p18

If the md5sums don't match then first of all - DON'T REBOOT and second run for help at the #G2ROOT IRC channel on freenode. If the md5sums match -> reboot your phone.

S-OFF, Super-CID, SIM-unlock, clockwork recovery and root

If you do not want to install the engineering hboot follow this steps!

If you ran the commands in the previous section the skip this section

In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands:

# cd /data/local/tmp
# ./gfree -f
# ./flash_image recovery recovery.img
# ./root
# sync

You may see an error message along the lines of "mkdir: /system/xbin already exists", but if so you can ignore that, the rest of the script should still run ok.

Wait a few seconds for the changes to "take".

Reboot your phone.

Verify the success of gfree

You can verify the success of gfree by using gfree_verify.

Download gfree_verify.zip from http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_verify_v01.zip

Unzip gfree_verify_v01.zip to a place on your PC.

Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands:

$ adb push gfree_verify /data/local/tmp
$ adb shell chmod 755 /data/local/tmp/gfree_verify
$ adb shell

In this shell

$ su
# cd /data/local/tmp
# stop ril-daemon
# ./gfree_verify

You should see the following output:

gfree verify_cid returned: 
@CID: 11111111

OK

gfree verify_secu_flag returned: 
@secu_flag: 0

OK

gfree verify_simlock returned: 
@SIMLOCK= 00

OK

Start the interface layer again (IN THE ADB SHELL ON YOUR PC) - (or reboot your phone):

# start ril-daemon

Did it work? Here's what you're looking for:

@CID: 11111111 <--- this response means you have superCID!

@SIMLOCK= 00 <--- this means your simlock is off.

@secu_flag: 0 <--- this means your radio is S-OFF.

Backup and cleanup

During the process gfree created backups of the partition that it changed to your sdcard in /sdcard/

The files are called /sdcard/part7backup-<time>.bin and part18backup-<time>.bin (if you installed hboot). It is highly recommended that you copy these files to a save location on your PC and keep them'''

You can delete the files in /data/local/tmp they are not needed anymore.

Next steps

Find a custom rom that you would like to install and install it using the clockwork recovery.

Enjoy the freedom of your phone.

If you like free phones and our work we would like to ask you to support the EFF.