Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,768,635 Members 52,863 Now Online
XDA Developers Android and Mobile Development Forum

[ROOT] MR1/OTA PermRoot + Unlock Bootloader - Safer/Easier 5/12/2011

Tip us?
 
jcase
Old
(Last edited by jcase; 14th August 2011 at 08:53 PM.) Reason: updated irc channel
#1  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 7124
Posts: 3,615
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Default [ROOT] MR1/OTA PermRoot + Unlock Bootloader - Safer/Easier 5/12/2011

OUTDATED
Augest 14 2011
Unrevoked and AlpharevX released a new version of their http://revolutionary.io/ tool, use it, and preserve your data.


Do not use the root method below.

Original root left for a good read.

Advanced users wanting a different hboot please see http://forum.xda-developers.com/show....php?t=1186022, others continue as is.

Updated May 12th 2011

This guide has been updated to MR1/OTA Firmware 1.13.605.7


This guide has been updated on April 21 2011 to make it more reliable, and faster.

On request I am reposting this in full, but please check out the original here first.


HTC tried to stop us. They made signed images, a signed kernel, and a signed recovery. They locked the memory. In short, the ThunderBolt is their most locked-down phone to date.

We fixed it for you. Unlike the root method we described yesterday, following the instructions below will provide S-OFF, remove signature checks, and unlock eMMC. Enjoy!

Rooting The ThunderBolt – Version 3

Pros
Root with read/write access to /system
Ability to downgrade and flash any RUU (i.e. signed firmware)
S-OFF
Fully unlocked bootloader
All ThunderBolts survived testing

Cons
Voids warranty
Could brick your phone if you aren’t careful

The method of rooting your Android device as described in the article herein is solely for enthusiasts and not for the faint of heart.

IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA.

Android Police and Team AndIRC disclaim all liability for any harm that may befall your device, including, but not limited to: bricked phones, voided manufacturer warranties, exploding batteries, etc.

The instructions below assume you already have a strong familiarity with adb command lines – this is not for beginners.


Credits
Scotty2, jamezelle, jcase, and all of Team AndIRC
dsb9938 for the tutorial cleanup
Testers, especially ProTekk and Trident
Thanks to scotty2 for WPThis
Busybox was pulled from a CyanogenMod ROM, source should be available here
psneuter was pulled from somewhere, credit to scotty2, source here
All firmware credit goes to 911sniper
Jaroslav from Android Police for editorial help
If I missed anyone in the credits, it was unintentional and I will fix it soon. Lots of people had their hands in on this project.

*** Please read the instructions in full before you attempt the process or head to IRC to ask questions. Also, make sure your battery is fully charged before taking the plunge. ***

Step 1
First, download these files:

Downgrade RUU PG05IMG_downgrade.zip ( (md5sum : aae974054fc3aed275ba3596480ccd5b) THIS IS THE DOWNGRADE RUU USED IN STEP 4:
Multiupload mirror


Mirrors for the package (contains busybox, wpthis, psneuter, su, readme.txt, misc.img, and hbooteng.nb0) (md5sum : 3b359efd76aac456ba7fb0d6972de3af) THIS IS THE EXPLOITS FILE:
Multiupload mirror
DroidSite mirror

Custom upgrade PG05IMG_MR1_upgrade.zip (md5sum : 7960c7977c25b2c8759605be264843ea) THIS IS THE CUSTOM RUU USED IN STEP 7:
http://www.multiupload.com/NEANZBS5S4



Step 2

Note that adb is required.

Push misc.img, busybox, and psnueter using the following commands:

Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push misc.img /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
Step 3

This step will gain temp root and flash the custom misc.img. Run:

Code:
adb shell
Now the shell should display "$".
Run:

Code:
/data/local/psneuter
You will now be kicked out of adb, and adb will restart as root.

Let’s confirm the md5 of misc.img:

Code:
adb shell
At this point, the shell should display "#".

Now run:

Code:
/data/local/busybox md5sum /data/local/misc.img
Output should be "c88dd947eb3b36eec90503a3525ae0de." If it’s anything else, re-download the file and try again.

Now let’s write misc.img:

Code:
dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
exit
Step 4

Here you will rename the downgrade RUU (PG05IMG_downgrade.zip) as PG05IMG.zip and place it on your SD card (put the phone in drive mode and just copy it with your OS). Then, run the following command:

Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.

Step 5

Set up the two part exploit, to gain root and unlock MMC.

Push wpthis, busybox, and psnueter:

Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell chmod 777 /data/local/wpthis
Gain root (this will once again throw you out of adb):

Code:
adb shell
/data/local/psneuter
Unlock MMC:

Code:
adb shell
/data/local/wpthis
exit
Step 6

Please pay attention – this is very important. This step involves a small chance of bricking if you mess up.

To push the eng bootloader:

Code:
adb push hbooteng.nb0 /data/local/
adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb" exactly, stop, delete it, and re-download it. Otherwise, continue.

Now we will write the new bootloader.

Code:
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Confirm proper write:

Code:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb," try again; if it still doesn’t work, seek help from chat.andirc.net in channel #root or go here AndIRC Thunderbolt Web Chat DO NOT REBOOT.




Reboot.

Step 7

Now, put the custom MR1 RUU (PG05IMG_MR1_upgrade.zip) on your SD card by putting the phone in drive mode and copying it with your OS. Then rename it to PG05IMG.zip

Then using an md5sum type program, check the md5sum and make sure it matches 7960c7977c25b2c8759605be264843ea, if it does not, redownload it. (Here is a free windows md5summer).

Next, run this command:

Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.

After it flashes, you will be running release firmware with S-OFF.

Reboot your phone. You should now have full root permissions, an engineering kernel and recovery.

I recommend you get rom manger from market.

If you still have problems, come to the chat: irc.andirc.net #thunderbolt or use http://chat.andirc.net:9090/?channels=#thunderbolt.


.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following 193 Users Say Thank You to jcase For This Useful Post: [ Click to Expand ]
 
ProTekk
Old
#2  
ProTekk's Avatar
Senior Member
Thanks Meter 1200
Posts: 884
Join Date: Dec 2010
Location: Freehold, NJ

 
DONATE TO ME
Good luck to you guys and thank you for the work you're putting into this. Definitely going to do a lot of projects once I get the TB and we get confirmed permanent root.
HTC DROID Incredible - Retired
HTC Thunderbolt - AOKP Jellybean Build 2
HTC DROID Incredible 2 - Retired
HTC Rezound - Retired
Samsung Galaxy Nexus - AOKP Jellybean Build 2
HP TouchPad 32 GB - Retired
ASUS Nexus 7 - AOKP Jellybean Build 2
Samsung Galaxy S III - AOKP Jellybean Build 2
http://www.twitter.com/ProTekkFZS
The Following 2 Users Say Thank You to ProTekk For This Useful Post: [ Click to Expand ]
 
ufmace
Old
#3  
Member
Thanks Meter 6
Posts: 55
Join Date: Jul 2010
Location: Houston
Cool, can't wait to hear about it!
The Following User Says Thank You to ufmace For This Useful Post: [ Click to Expand ]
 
rulevoid
Old
#4  
Senior Member
Thanks Meter 11
Posts: 270
Join Date: Jun 2010
Location: Atlanta, GA
Its against the nature of my being to have an unrooted Android phone for more than 72 hours. Good luck guys!
 
Ddukes76
Old
#5  
Senior Member
Thanks Meter 2
Posts: 295
Join Date: Jun 2010
Location: Melbourne, FL
Default HAHAAAaaaaa

Quote:
Originally Posted by rulevoid View Post
Its against the nature of my being to have an unrooted Android phone for more than 72 hours. Good luck guys!
Same here brother....
The Following User Says Thank You to Ddukes76 For This Useful Post: [ Click to Expand ]
 
themobijew
Old
#6  
Senior Member
Thanks Meter 6
Posts: 219
Join Date: Dec 2009
Location: New York
waiting for my instructions so i can root this
 
ipawd1
Old
#7  
Senior Member
Thanks Meter 46
Posts: 570
Join Date: Mar 2010
Waiting on this!
 
SeenNotScene
Old
#8  
Senior Member
Thanks Meter 7
Posts: 150
Join Date: Aug 2010
Location: Edmond
Ah...the cutting edge. Can't wait to see the development for this phone.
 
destroyerbmx
Old
#9  
destroyerbmx's Avatar
Senior Member
Thanks Meter 16
Posts: 372
Join Date: Mar 2010
Location: New Mexico
<- is very excited, I made it first in line for vzw opening at my store.
 
sdorn77
Old
#10  
Senior Member
Thanks Meter 1
Posts: 147
Join Date: Jun 2010
Quote:
Originally Posted by destroyerbmx View Post
<- is very excited, I made it first in line for vzw opening at my store.
Me too! Now bring on the root! I need to restore data to some of my apps from my incredible.

Tags
andirc, root, teamandirc, thunderbolt, thunderbolt root
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes