[DOC][DEV][25/07] Search for root-access: first beta testers with S-OFF

Search This thread

Elim

Senior Member
Feb 17, 2008
1,552
351
Antwerpen
Got root rights
Many functions and and changes in the system need root rights on our phone. In this thread I will describe all steps I and others did, to get them.

In this post you will find a history off all steps and the status, in post #2 a detailed documentation and in post #3 one day tutorials.

Status: beta testers with S-OFF
  • 11.6.2011: Open this thread
  • 12.6.2011: Collect all informations (and unpack my own Flyer :D)
  • 19.6.2011: Prepare PC and Flyer
  • 20.6.2011: run first script to got root rights in a shell (no success)
  • 24.6.2011: Rooted for S-OFF Flyers (by dalada)
  • 15.7.2011: Temp root rights with the fre3vo tool by agraben.
  • 18.7.2011: Permanent temp root rights by eugene373
  • 25.7.2011: First beta testers got S-OFF with help from the alpharev team.
 
Last edited:

Elim

Senior Member
Feb 17, 2008
1,552
351
Antwerpen
Changelog and old versions

Documentation
The first stept to got root access to our HTC Flyer is to find a method which works. Until the first android phone are many different methods are successful but most off them didn't work for gingerbread.

I will first document all steps I or someone else did. Until know we have nothing but help and ideas are welcome.
After we find a way to become root access, we have to write a tool for everybody and after that the work begins... for all other stuff like custome ROMs :D

1.1 What others try
Here is a list off unsuccessful attempts until now:
So, no standard, popular tool works... :( But can everybody, who check one of the tools above (or something else), send me the log-files which are produced? thx.

PS. I found that different tools with the same name exists (e.g. 1-click), so when you test one of these tools, please can you specify which tool you use, with the version number. Thx.

1.2 Next steps
Okay, I didn't expect that it will be such easy. Next step for me is to read about all this methods in detail and check why they didn't work with the Flyer to find a little hole to get through...

1.3 Use fre3vo tool
After some changes and with the help from agrabren we got successful temp root rights. Until now we found with this tools the following exploits:
  • HTC EVO view 4G: last version contains exploit
  • HTC Flyer WiFi 16GB: exploit at adress 38126600:a00
  • HTC Flyer 3G 32GB: exploit ad address 38125e00:1200

1.4 beta-tests for alpharevX
The first beta testers got their Flyer S-OFF.

For more information and the current status read the last postings or on the alpharev homepage if the Flyer is now supported. But don't use the current verion 0.2pre5, it will not work!

All thanks go to team TeamWin and team alpharev and not to me!!! I only document until now the process.
 
Last edited:
  • Like
Reactions: mtstinson

Elim

Senior Member
Feb 17, 2008
1,552
351
Antwerpen
Tutorials

Tutorials

Bootloader
Open the bootloader

HTC add a special "fastboot" option to his android devices. When fastboot is active the device can be set-on very fast but you can't open the bootloader with fastboot active. Therefore you have first to deactived the fastboot option.

1. deactivate fastboot
  • go to settings
  • select "Power"
  • unchek "fastboot"
  • switch off the Flyer
2. open bootloader
  • hold down volume-down button
  • hold down power button
  • wait until bootloader open by holding both buttons together down

Reset
So long we make test but also when we have an exploit, I am sure we need the functionality to reset our devices.

On other devices I remove the battery but the Flyer one is build-in and can't be removed.

Soft reset
  • Tap and hold on the Volume Up and Volume Down buttons
  • While holding on the Volume Up and Volume Down buttons, please tap and hold the Power button until the screen closes.
(Source: HTC)

Hard (factory) reset
  • Press and hold the VOLUME DOWN button
  • briefly press the POWER button
  • Wait for the screen with the three Android images to appear
  • release the VOLUME DOWN button
  • Press VOLUME DOWN to select FACTORY RESET
  • press the POWER button.
(Source: HTC)

Temp root
with the tool fre3vo

  • Be aware that this is only temp root and the device is still locked and you can brick your Flyer when you did something wrong with you root rights. Solong the device is locked, don't remove anything from the /system directory!!!
  • Download the last version from here
  • Download the android sdk
  • Close HTC sync (or any other tool which maybe listen on the USB ports)
  • use the adb tool from sdk with following commands (replace [exploit adress] with correct address from #2):
    adb push fre3vo /data/local/tmp
    adb shell chmod 777 /data/local/tmp/fre3vo
    adb shell /data/local/tmp/fre3vo -debug -start [exploit address] -end [exploit address]
(all work done by agrabren and the fre3vo team!)
 
Last edited:

ex69

Senior Member
Aug 31, 2007
107
13
There is a couple hundred bucks easily in the bounty in general section. My addition still stands.

Good luck.
 

Elim

Senior Member
Feb 17, 2008
1,552
351
Antwerpen
probably a newbie question, but is it not working because they locked the bootloaders?
Locked bootloader
Yes, this is the problem. But I don't think that HTC at the end really unlock all his bootloaders and also with a locked bootloader it can be possible to get root access. So, when HTC like to help us, it's possitive, when not... let's try :)

And we are not allone, also the Sensation has the new locked bootloader and the devs there are also working on it. And maybe a solution there help us also.
 
Last edited:

LowFire82

Senior Member
Apr 3, 2011
122
20
Fort Myers
The GingerBreak.apk does not work, got that

Has anyone run the manual way with the binary file? Even to see if temp root could be accomplished?

I may try tonight when I get off work to see what happens..
 

Elim

Senior Member
Feb 17, 2008
1,552
351
Antwerpen
Has anyone run the manual way with the binary file?
Not to affront someone but until know we should assume that all exploits are not really testet. We only have single confirmations that the ones from the first post are run onced and not working.

I plan to check all of them also to get the log files.
 

lazarus99

Member
Sep 6, 2009
30
0
what's the hboot version of the Flyer? can someone post a screenshot with the hboot screen?
An S-OFF method for the Incredible S, Desire S, Wildfire is said to be released soon, check this thread, if it has the same bootloader maybe that exploit will also work on the Flyer. Root access is the only thing keeping me from buying the Flyer...
 

Dubee24

Member
Mar 23, 2011
31
2
San Francisco
That what you were looking for

Sent from my MB860 using XDA Premium App
 

Attachments

  • uploadfromtaptalk1307912102990.jpg
    uploadfromtaptalk1307912102990.jpg
    71.9 KB · Views: 516

Elim

Senior Member
Feb 17, 2008
1,552
351
Antwerpen
I see this also and from the past I know also, that htc devies from the same time, can be unlocked with mostly the same exploid. I will contact thema in the evening. Or someone else did it before?

PS. And we need temporaly root rights. That's always the first step. But when newer HTC's can here use the gingerbread exploit, we also can use it. Very positiv news...
 
Last edited:

LowFire82

Senior Member
Apr 3, 2011
122
20
Fort Myers
Tried the binary GingerBreak last night with no success getting temp root(even let it sit and run for about 8 hours), but I brought my Flyer in to work with me today and am going to try on another computer...

I'll update if I get something different
 

doublecheese

Senior Member
Jul 4, 2007
741
99
51
www.sunsetmetal.com
That what you were looking for

Sent from my MB860 using XDA Premium App

How did you get the bootloader screen ?

Because I can not take the battery out, I can not get to the bootloader screen ...... Can you take the battery out or is it something to do with the phone settings (e.g fast boot etc ?)

EDIT : NEVERMIND , I found it, turn off FAST BOOT
 
Last edited:

saayinla

Senior Member
Jan 24, 2008
402
16
London
How does one access the bootloader on this, I ve tried both the up and down button with the power button to no avail.

Please advice.
 

YOSEFE

Senior Member
Sep 12, 2006
1,541
117
UK
How does one access the bootloader on this, I ve tried both the up and down button with the power button to no avail.

Please advice.

Do the following:
Menu
Settings
Power
Uncheck Fast boot
Switch off Flyer
Press and hold down the Volume Down button and then Press and hold down the Power Button
Wait till you see the Bootloader before releasing both the Volume Down button and the Power button.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 6
    Got root rights
    Many functions and and changes in the system need root rights on our phone. In this thread I will describe all steps I and others did, to get them.

    In this post you will find a history off all steps and the status, in post #2 a detailed documentation and in post #3 one day tutorials.

    Status: beta testers with S-OFF
    • 11.6.2011: Open this thread
    • 12.6.2011: Collect all informations (and unpack my own Flyer :D)
    • 19.6.2011: Prepare PC and Flyer
    • 20.6.2011: run first script to got root rights in a shell (no success)
    • 24.6.2011: Rooted for S-OFF Flyers (by dalada)
    • 15.7.2011: Temp root rights with the fre3vo tool by agraben.
    • 18.7.2011: Permanent temp root rights by eugene373
    • 25.7.2011: First beta testers got S-OFF with help from the alpharev team.
    3
    Tutorials

    Tutorials

    Bootloader
    Open the bootloader

    HTC add a special "fastboot" option to his android devices. When fastboot is active the device can be set-on very fast but you can't open the bootloader with fastboot active. Therefore you have first to deactived the fastboot option.

    1. deactivate fastboot
    • go to settings
    • select "Power"
    • unchek "fastboot"
    • switch off the Flyer
    2. open bootloader
    • hold down volume-down button
    • hold down power button
    • wait until bootloader open by holding both buttons together down

    Reset
    So long we make test but also when we have an exploit, I am sure we need the functionality to reset our devices.

    On other devices I remove the battery but the Flyer one is build-in and can't be removed.

    Soft reset
    • Tap and hold on the Volume Up and Volume Down buttons
    • While holding on the Volume Up and Volume Down buttons, please tap and hold the Power button until the screen closes.
    (Source: HTC)

    Hard (factory) reset
    • Press and hold the VOLUME DOWN button
    • briefly press the POWER button
    • Wait for the screen with the three Android images to appear
    • release the VOLUME DOWN button
    • Press VOLUME DOWN to select FACTORY RESET
    • press the POWER button.
    (Source: HTC)

    Temp root
    with the tool fre3vo

    • Be aware that this is only temp root and the device is still locked and you can brick your Flyer when you did something wrong with you root rights. Solong the device is locked, don't remove anything from the /system directory!!!
    • Download the last version from here
    • Download the android sdk
    • Close HTC sync (or any other tool which maybe listen on the USB ports)
    • use the adb tool from sdk with following commands (replace [exploit adress] with correct address from #2):
      adb push fre3vo /data/local/tmp
      adb shell chmod 777 /data/local/tmp/fre3vo
      adb shell /data/local/tmp/fre3vo -debug -start [exploit address] -end [exploit address]
    (all work done by agrabren and the fre3vo team!)
    3
    Guys good news, Agrabren is working on modifying fre3vo to work on the adreno 205, and after the temp root is achieved we should be able to get the hboot unlocked as it is similar to incredible s which alpharevx was able to exploit, and kmdm said he was willing to help with that part, so thinks are looking good for flyer/view root!
    1
    Changelog and old versions

    Documentation
    The first stept to got root access to our HTC Flyer is to find a method which works. Until the first android phone are many different methods are successful but most off them didn't work for gingerbread.

    I will first document all steps I or someone else did. Until know we have nothing but help and ideas are welcome.
    After we find a way to become root access, we have to write a tool for everybody and after that the work begins... for all other stuff like custome ROMs :D

    1.1 What others try
    Here is a list off unsuccessful attempts until now:
    So, no standard, popular tool works... :( But can everybody, who check one of the tools above (or something else), send me the log-files which are produced? thx.

    PS. I found that different tools with the same name exists (e.g. 1-click), so when you test one of these tools, please can you specify which tool you use, with the version number. Thx.

    1.2 Next steps
    Okay, I didn't expect that it will be such easy. Next step for me is to read about all this methods in detail and check why they didn't work with the Flyer to find a little hole to get through...

    1.3 Use fre3vo tool
    After some changes and with the help from agrabren we got successful temp root rights. Until now we found with this tools the following exploits:
    • HTC EVO view 4G: last version contains exploit
    • HTC Flyer WiFi 16GB: exploit at adress 38126600:a00
    • HTC Flyer 3G 32GB: exploit ad address 38125e00:1200

    1.4 beta-tests for alpharevX
    The first beta testers got their Flyer S-OFF.

    For more information and the current status read the last postings or on the alpharev homepage if the Flyer is now supported. But don't use the current verion 0.2pre5, it will not work!

    All thanks go to team TeamWin and team alpharev and not to me!!! I only document until now the process.
    1
    I already covered this in the General section.

    HTC patched the way to get temp root using the Gingerbreak binary.

    The guys at Gingerbreak and unrevoked are working to find a way to get temp root and then be able to root the device.

    If you are able to do so, then more power to you but the current methods will not work....trust me I've used my flyer as a guinea pig..