Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[ROOT] MR1/OTA PermRoot + Unlock Bootloader - Safer/Easier 5/12/2011

OP jcase

17th March 2011, 08:54 AM   |  #1  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,582
 
4,028 posts
Join Date:Joined: Feb 2010
Donate to Me
More
OUTDATED
Augest 14 2011
Unrevoked and AlpharevX released a new version of their http://revolutionary.io/ tool, use it, and preserve your data.


Do not use the root method below.

Original root left for a good read.

Advanced users wanting a different hboot please see http://forum.xda-developers.com/show....php?t=1186022, others continue as is.

Updated May 12th 2011

This guide has been updated to MR1/OTA Firmware 1.13.605.7


This guide has been updated on April 21 2011 to make it more reliable, and faster.

On request I am reposting this in full, but please check out the original here first.


HTC tried to stop us. They made signed images, a signed kernel, and a signed recovery. They locked the memory. In short, the ThunderBolt is their most locked-down phone to date.

We fixed it for you. Unlike the root method we described yesterday, following the instructions below will provide S-OFF, remove signature checks, and unlock eMMC. Enjoy!

Rooting The ThunderBolt – Version 3

Pros
Root with read/write access to /system
Ability to downgrade and flash any RUU (i.e. signed firmware)
S-OFF
Fully unlocked bootloader
All ThunderBolts survived testing

Cons
Voids warranty
Could brick your phone if you aren’t careful

The method of rooting your Android device as described in the article herein is solely for enthusiasts and not for the faint of heart.

IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA.

Android Police and Team AndIRC disclaim all liability for any harm that may befall your device, including, but not limited to: bricked phones, voided manufacturer warranties, exploding batteries, etc.

The instructions below assume you already have a strong familiarity with adb command lines – this is not for beginners.


Credits
Scotty2, jamezelle, jcase, and all of Team AndIRC
dsb9938 for the tutorial cleanup
Testers, especially ProTekk and Trident
Thanks to scotty2 for WPThis
Busybox was pulled from a CyanogenMod ROM, source should be available here
psneuter was pulled from somewhere, credit to scotty2, source here
All firmware credit goes to 911sniper
Jaroslav from Android Police for editorial help
If I missed anyone in the credits, it was unintentional and I will fix it soon. Lots of people had their hands in on this project.

*** Please read the instructions in full before you attempt the process or head to IRC to ask questions. Also, make sure your battery is fully charged before taking the plunge. ***

Step 1
First, download these files:

Downgrade RUU PG05IMG_downgrade.zip ( (md5sum : aae974054fc3aed275ba3596480ccd5b) THIS IS THE DOWNGRADE RUU USED IN STEP 4:
Multiupload mirror


Mirrors for the package (contains busybox, wpthis, psneuter, su, readme.txt, misc.img, and hbooteng.nb0) (md5sum : 3b359efd76aac456ba7fb0d6972de3af) THIS IS THE EXPLOITS FILE:
Multiupload mirror
DroidSite mirror

Custom upgrade PG05IMG_MR1_upgrade.zip (md5sum : 7960c7977c25b2c8759605be264843ea) THIS IS THE CUSTOM RUU USED IN STEP 7:
http://www.multiupload.com/NEANZBS5S4



Step 2

Note that adb is required.

Push misc.img, busybox, and psnueter using the following commands:

Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push misc.img /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
Step 3

This step will gain temp root and flash the custom misc.img. Run:

Code:
adb shell
Now the shell should display "$".
Run:

Code:
/data/local/psneuter
You will now be kicked out of adb, and adb will restart as root.

Let’s confirm the md5 of misc.img:

Code:
adb shell
At this point, the shell should display "#".

Now run:

Code:
/data/local/busybox md5sum /data/local/misc.img
Output should be "c88dd947eb3b36eec90503a3525ae0de." If it’s anything else, re-download the file and try again.

Now let’s write misc.img:

Code:
dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
exit
Step 4

Here you will rename the downgrade RUU (PG05IMG_downgrade.zip) as PG05IMG.zip and place it on your SD card (put the phone in drive mode and just copy it with your OS). Then, run the following command:

Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.

Step 5

Set up the two part exploit, to gain root and unlock MMC.

Push wpthis, busybox, and psnueter:

Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell chmod 777 /data/local/wpthis
Gain root (this will once again throw you out of adb):

Code:
adb shell
/data/local/psneuter
Unlock MMC:

Code:
adb shell
/data/local/wpthis
exit
Step 6

Please pay attention – this is very important. This step involves a small chance of bricking if you mess up.

To push the eng bootloader:

Code:
adb push hbooteng.nb0 /data/local/
adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb" exactly, stop, delete it, and re-download it. Otherwise, continue.

Now we will write the new bootloader.

Code:
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Confirm proper write:

Code:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb," try again; if it still doesn’t work, seek help from chat.andirc.net in channel #root or go here AndIRC Thunderbolt Web Chat DO NOT REBOOT.




Reboot.

Step 7

Now, put the custom MR1 RUU (PG05IMG_MR1_upgrade.zip) on your SD card by putting the phone in drive mode and copying it with your OS. Then rename it to PG05IMG.zip

Then using an md5sum type program, check the md5sum and make sure it matches 7960c7977c25b2c8759605be264843ea, if it does not, redownload it. (Here is a free windows md5summer).

Next, run this command:

Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.

After it flashes, you will be running release firmware with S-OFF.

Reboot your phone. You should now have full root permissions, an engineering kernel and recovery.

I recommend you get rom manger from market.

If you still have problems, come to the chat: irc.andirc.net #thunderbolt or use http://chat.andirc.net:9090/?channels=#thunderbolt.


.
Last edited by jcase; 14th August 2011 at 09:53 PM. Reason: updated irc channel
The Following 193 Users Say Thank You to jcase For This Useful Post: [ View ]
17th March 2011, 01:36 PM   |  #2  
ProTekk's Avatar
Senior Member
Flag Freehold, NJ
Thanks Meter: 1,250
 
889 posts
Join Date:Joined: Dec 2010
Donate to Me
More
Good luck to you guys and thank you for the work you're putting into this. Definitely going to do a lot of projects once I get the TB and we get confirmed permanent root.
The Following 2 Users Say Thank You to ProTekk For This Useful Post: [ View ]
17th March 2011, 06:08 PM   |  #3  
Member
Flag Houston
Thanks Meter: 6
 
55 posts
Join Date:Joined: Jul 2010
More
Cool, can't wait to hear about it!
The Following User Says Thank You to ufmace For This Useful Post: [ View ]
17th March 2011, 06:14 PM   |  #4  
Senior Member
Flag Atlanta, GA
Thanks Meter: 11
 
270 posts
Join Date:Joined: Jun 2010
More
Its against the nature of my being to have an unrooted Android phone for more than 72 hours. Good luck guys!
17th March 2011, 06:23 PM   |  #5  
Senior Member
Flag Melbourne, FL
Thanks Meter: 2
 
295 posts
Join Date:Joined: Jun 2010
More
HAHAAAaaaaa
Quote:
Originally Posted by rulevoid

Its against the nature of my being to have an unrooted Android phone for more than 72 hours. Good luck guys!

Same here brother....
The Following User Says Thank You to Ddukes76 For This Useful Post: [ View ]
17th March 2011, 06:49 PM   |  #6  
Senior Member
Flag New York
Thanks Meter: 6
 
219 posts
Join Date:Joined: Dec 2009
More
waiting for my instructions so i can root this
17th March 2011, 06:54 PM   |  #7  
Senior Member
Thanks Meter: 46
 
570 posts
Join Date:Joined: Mar 2010
Waiting on this!
17th March 2011, 07:24 PM   |  #8  
Senior Member
Flag Edmond
Thanks Meter: 7
 
151 posts
Join Date:Joined: Aug 2010
More
Ah...the cutting edge. Can't wait to see the development for this phone.
17th March 2011, 07:36 PM   |  #9  
destroyerbmx's Avatar
Senior Member
Flag New Mexico
Thanks Meter: 16
 
372 posts
Join Date:Joined: Mar 2010
More
<- is very excited, I made it first in line for vzw opening at my store.
17th March 2011, 07:57 PM   |  #10  
Senior Member
Thanks Meter: 1
 
147 posts
Join Date:Joined: Jun 2010
More
Quote:
Originally Posted by destroyerbmx

<- is very excited, I made it first in line for vzw opening at my store.

Me too! Now bring on the root! I need to restore data to some of my apps from my incredible.

Post Reply Subscribe to Thread

Tags
andirc, root, teamandirc, thunderbolt, thunderbolt root
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes