HTC tried to stop us. They made signed images, a signed kernel, and a signed recovery. They locked the memory. In short, the ThunderBolt is their most locked-down phone to date.
We fixed it for you. Unlike the root method we described yesterday, following the instructions below will provide S-OFF, remove signature checks, and unlock eMMC. Enjoy!
*** Please read the instructions in full
before you attempt the process or head to IRC to ask questions. Also,
make sure your battery is fully charged before taking the plunge. ***
After downloading these files, please check the md5sums!
For instructions on how to do so, see:
Windows: http://helpdeskgeek.com/how-to/check-md5sum-in-windows-7/
Linux: https://help.ubuntu.com/community/HowToMD5SUM
Mac OSX: http://ubuntuforums.org/showthread.php?t=373879
If the md5sums do not match, please stop and re-download that file.
Push misc.img, busybox, and psnueter using the following commands:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push misc.img /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell
Now the shell should display "$".
Run:
/data/local/psneuter
You will now be kicked out of adb, and adb will restart as root. Let's confirm the md5 of misc.img:
adb shell
At this point, the shell should display "#".
Run:
/data/local/busybox md5sum /data/local/misc.img
Output should be "c88dd947eb3b36eec90503a3525ae0de." If it's anything else, re-download the file and try again.
Now let's write misc.img:
dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
exit
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don't freak, it's a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.
Set up the two part exploit, to gain root and unlock MMC.
Push wpthis, busybox, and psnueter.
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell chmod 777 /data/local/wpthis
adb shell
/data/local/psneuter
To unlock eMMC:
adb shell
/data/local/wpthis
exit
To push the eng bootloader:
adb push hbooteng.nb0 /data/local/
adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb" exactly, stop, delete it, and re-download it. Otherwise, continue.
Now we will write the new bootloader.
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Confirm proper write:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb," try again; if it still doesn't work, seek help from chat.andirc.net in channel #thunderbolt. DO NOT REBOOT.
Now, reboot your phone, rename PG05IMG_stock.zip as PG05IMG.zip and put on your SD card. Then flash it. This will upgrade you to release firmware with an S-OFF bootloader.
Next, run this command:
adb reboot bootloader
Choose the bootloader option, and press power; let the ROM flash. When asked to upgrade, choose yes. Don't freak, it's a long reboot.
Once done, reboot and delete PB05IM.zip off of your SDCard. You are now fully rooted.
If you prefer videos, you might be interested in the following, however it uses an older method and will be slightly different:
http://www.youtube.com/watch?v=uFD8vWzMmDA
If you still have problems, come to the chat: irc.andirc.net #thunderbolt or use http://chat.andirc.net:9090/?channels=#thunderbolt.
We fixed it for you. Unlike the root method we described yesterday, following the instructions below will provide S-OFF, remove signature checks, and unlock eMMC. Enjoy!
Rooting The ThunderBolt - Version 2.5
Update: This guide was updated to include some steps into the upgrade RUU, making it faster and safer
Pros
- Root with read/write access to /system
- Ability to downgrade and flash any RUU (i.e. signed firmware)
- S-OFF
- Fully unlocked bootloader
- All ThunderBolts survived testing
Cons
- Voids warranty
- Could brick your phone if you aren't careful
The
method of rooting your Android device as described in the article
herein is solely for enthusiasts and not for the faint of heart.IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA.
Android Police and Team AndIRC disclaim all liability for any harm that may befall your device, including, but not limited to: bricked phones, voided manufacturer warranties, exploding batteries, etc.
The instructions below assume you already have a strong familiarity with adb command lines - this is not for beginners.
If you’re unfamiliar with some of the terms, hit up our primers here:
Android Police and Team AndIRC disclaim all liability for any harm that may befall your device, including, but not limited to: bricked phones, voided manufacturer warranties, exploding batteries, etc.
The instructions below assume you already have a strong familiarity with adb command lines - this is not for beginners.
If you’re unfamiliar with some of the terms, hit up our primers here:
- Rooting Explained + Top 5 Benefits Of Rooting
- Top Android Apps Every Rooted User Should Know About: Part 1 (Apps 1-8), Part 2 (Apps 9-16)
- Custom ROMs Explained And Why You Want Them
Credits
- Scotty2, jamezelle, jcase, and all of Team AndIRC
- Testers, especially ProTekk and Trident
- Thanks to scotty2 for WPThis
- Busybox was pulled from a CyanogenMod ROM, source should be available here
- psneuter was pulled from somewhere, credit to scotty2, source here
- All firmware credit goes to 911sniper
- nat3mil for the video guide
- Jaroslav from Android Police for editorial help
Step 1
First, download these files:
- Downgrade RUU PG05IMG_downgrade.zip (md5sum : aae974054fc3aed275ba3596480ccd5b):
- Mirrors for the package (contains busybox, wpthis, psneuter, su, readme.txt, misc.img, and hbooteng.nb0) (md5sum : 3b359efd76aac456ba7fb0d6972de3af):
- Custom upgrade RUU PG05IMG_stock.zip (md5sum : 31478f109a56be3eb7068d97a7e9b11b):
After downloading these files, please check the md5sums!
For instructions on how to do so, see:
Windows: http://helpdeskgeek.com/how-to/check-md5sum-in-windows-7/
Linux: https://help.ubuntu.com/community/HowToMD5SUM
Mac OSX: http://ubuntuforums.org/showthread.php?t=373879
If the md5sums do not match, please stop and re-download that file.
Step 2
Note that adb is required.Push misc.img, busybox, and psnueter using the following commands:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push misc.img /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
Step 3
This step will gain temp root and flash the custom misc.img. Run:adb shell
Now the shell should display "$".
Run:
/data/local/psneuter
You will now be kicked out of adb, and adb will restart as root. Let's confirm the md5 of misc.img:
adb shell
At this point, the shell should display "#".
Run:
/data/local/busybox md5sum /data/local/misc.img
Output should be "c88dd947eb3b36eec90503a3525ae0de." If it's anything else, re-download the file and try again.
Now let's write misc.img:
dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
exit
Step 4
Here you will rename PG05IMG_downgrade.zip as PG05IMG.zip and place it on your SD card. Then, run the following command:adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don't freak, it's a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.
Set up the two part exploit, to gain root and unlock MMC.
Push wpthis, busybox, and psnueter.
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell chmod 777 /data/local/wpthis
Step 5
Next, enter the following commands:adb shell
/data/local/psneuter
To unlock eMMC:
adb shell
/data/local/wpthis
exit
Step 6
Please pay attention - this is very important. This step involves a small chance of bricking if you mess up.To push the eng bootloader:
adb push hbooteng.nb0 /data/local/
adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb" exactly, stop, delete it, and re-download it. Otherwise, continue.
Now we will write the new bootloader.
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Confirm proper write:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb," try again; if it still doesn't work, seek help from chat.andirc.net in channel #thunderbolt. DO NOT REBOOT.
Now, reboot your phone, rename PG05IMG_stock.zip as PG05IMG.zip and put on your SD card. Then flash it. This will upgrade you to release firmware with an S-OFF bootloader.
Next, run this command:
adb reboot bootloader
Choose the bootloader option, and press power; let the ROM flash. When asked to upgrade, choose yes. Don't freak, it's a long reboot.
Once done, reboot and delete PB05IM.zip off of your SDCard. You are now fully rooted.
If you prefer videos, you might be interested in the following, however it uses an older method and will be slightly different:
http://www.youtube.com/watch?v=uFD8vWzMmDA
If you still have problems, come to the chat: irc.andirc.net #thunderbolt or use http://chat.andirc.net:9090/?channels=#thunderbolt.
0 comments:
Post a Comment