= G2 rooting (and Desire Z, Desire HD after downgrade) = == Necessary files == psneuter [http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/psneuter/psneuter.zip] (md5sum 89c2dec8d72d87b4c669f44dd31c8d17) gfree v0.5 [http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_05.zip] (md5sum ee63bff8a02232e733b5c9a57580ad9a) rooting files [http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_temp-root.zip] (md5sum d36df32bb08606f8368a73c65f148cbc) flash_image [http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/vision_utilities/flash_image.zip] (md5sum bd475f29e0665c702f8eaf57a0423b58) === engineering hboot === Download the '''appropriate HBOOT for your phone''': T-Mobile G2: [http://android.d3xt3r01.tk/cyanogen/vision/hboot/vision.hboot-0.76.2000.zip] (md5sum 7669AE12DC2FAA10AE555A164980EFD0) HTC Desire Z: [http://android.d3xt3r01.tk/cyanogen/vision/hboot/vision.hboot-0.84.2000.zip] (md5sum 2CE1BDD5E4C1119CCFCECB938710D742) HTC Desire HD: [http://android.d3xt3r01.tk/cyanogen/common/hboot/ace_glacier.hboot-0.85.2007.zip] (md5sum df4fd77f44993eb05a4732210d2eddc6) Note that the md5sums are for the actual hboot img contained within the zip file, not the for the zip file itself. Note also that the dz, g2, and dhd each use their own version of the engineering boot, as the phones are partitioned differently. (If you have previously installed the wrong HBOOT for your phone, you may need to reflash everything after partition 18) === clockwork recovery === Download the '''appropriate clockwork recovery for your phone''': T-Mobile G2 and HTC Desire Z: [http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-vision.img]. The md5sum can be found in [http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-vision.img.md5sum.txt] HTC Desire HD: [http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-ace.img]. The md5sum can be found in [http://mirrorbrain.cyanogenmod.com/cm/recoveries/recovery-clockwork-ace.img.md5sum.txt] == Copy the files to the phone == Before you can adb as described below you need to enable debugging in the settings on the phone. In Settings go to "Applications -> Development" and check the "USB debugging" option. In the commands to run below, '''$ or # represent the prompt and should NOT be entered as part of the commands''' (in Windows this will be something like C:\> instead). Unpack all the zip files to a directory on your PC. Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands: {{{ $ adb push psneuter /data/local/tmp/ $ adb push gfree /data/local/tmp/ $ adb push busybox /data/local/tmp/ $ adb push hboot-eng.img /data/local/tmp/ $ adb push root /data/local/tmp/ $ adb push flash_image /data/local/tmp/ $ adb push su /sdcard/ $ adb push Superuser.apk /sdcard/ $ adb shell chmod 755 /data/local/tmp/* }}} === clockwork recovery for T-Mobile G2 and HTC Desire Z=== For the T-Mobile G2 or the HTC Desire Z execute the following command in the terminal or command window {{{ $ adb push recovery-clockwork-vision.img /data/local/tmp/recovery.img }}} === clockwork recovery for HTC Desire HD=== For the HTC Desire HD execute the following command in the terminal or command window {{{ $ adb push recovery-clockwork-ace.img /data/local/tmp/recovery.img }}} == Temporary root == In the terminal (or command window) execute these commands: {{{ $ adb shell /data/local/tmp/psneuter $ adb shell }}} after the last command you should have a root shell in adb (this is indicated by a # prompt). Leave this terminal (or command window) that contains the root shell open. == S-OFF, Super-CID, SIM-unlock, engineering hboot, clockwork recovery and root == From now on we recommend to install the engineering hboot as part of the gfree procedure. If you do not want to install the engineering hboot for any reason skip to the next section! In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands: {{{ # cd /data/local/tmp # ./gfree -f -b hboot-eng.img # ./flash_image recovery recovery.img # ./root # sync }}} You may see the error messages "killall: rage: no process killed" and/or "mkdir: /system/xbin already exists". You can ignore that, the rest of the script should still run fine. Wait a few seconds for the changes to "take". === Check the md5sums of the installed hboot === As it is very important that the hboot was installed correctly we recommend to check the md5sums of the partition. In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands: {{{ # cd /data/local/tmp # ./busybox md5sum hboot-eng.img # ./busybox md5sum /dev/block/mmcblk0p18 }}} If the md5sums don't match then first of all - '''DON'T REBOOT''' and second run for help at the #G2ROOT IRC channel on freenode. If the md5sums match -> reboot your phone. == S-OFF, Super-CID, SIM-unlock, clockwork recovery and root == If you do not want to install the engineering hboot follow this steps! If you ran the commands in the previous section the skip this section In the root shell (indicated by the #) that you got in the Temporary root section execute the following commands: {{{ # cd /data/local/tmp # ./gfree -f # ./flash_image recovery recovery.img # ./root # sync }}} You may see the error messages "killall: rage: no process killed" and/or "mkdir: /system/xbin already exists". You can ignore that, the rest of the script should still run fine. Wait a few seconds for the changes to "take". Reboot your phone. == Verify the success of gfree == You can verify the success of gfree by using gfree_verify. Download gfree_verify.zip from [http://www.thinkthinkdo.com/trac/project1/raw-attachment/wiki/gfree/gfree_verify_v01.zip] Unzip gfree_verify_v01.zip to a place on your PC. Open a terminal (or command window) on your PC and change the current directory to where the files are on your PC and execute these commands: {{{ $ adb push gfree_verify /data/local/tmp $ adb shell chmod 755 /data/local/tmp/gfree_verify $ adb shell }}} In this shell {{{ $ su # cd /data/local/tmp # stop ril-daemon # ./gfree_verify }}} You should see the following output: {{{ gfree verify_cid returned: @CID: 11111111 OK gfree verify_secu_flag returned: @secu_flag: 0 OK gfree verify_simlock returned: @SIMLOCK= 00 OK }}} Start the interface layer again (IN THE ADB SHELL ON YOUR PC) - (or reboot your phone): {{{ # start ril-daemon }}} Did it work? Here's what you're looking for: '''@CID: 11111111''' <--- this response means you have superCID! '''@SIMLOCK= 00''' <--- this means your simlock is off. '''@secu_flag: 0''' <--- this means your radio is S-OFF. == Backup and cleanup == During the process gfree created backups of the partition that it changed to your sdcard in /sdcard/ The files are called /sdcard/part7backup-