I see so many guides, but lots of information spread all over the place and much of it unclear. Hence, this guide. I hope everything is clear enough for someone completely new to understand, but also contains the information and resources to be useful to experienced members of these forums. If this is your first time attempting to flash your phone from stock (as you bought it), by the time you've read this post you should have the understanding of what steps to take and why you are doing them.
Prerequisites
First things first, things you will almost definitely need are
You may also need
Things you may want
To make life easy, I am going to assume that you have saved and extracted all files in the same directory as adb/fastboot.
You may decide to create a folder in the root directory of your computer's hard drive to put all these things in, e.g. C:\desires\
You will probably need an open command prompt or terminal on your computer at this location.
HTC Sync should not be installed on your computer as it can interfere with USB commands.
HBoot
To access your phone's hboot, disconnect any USB and power down your phone. Next, hold down the volume down button, then hold power down until the screen lights up. Release power before releasing volume.
Hboot is useful for flashing, getting information about your phone and running commands that you simply can't do from within Android.
Upon entering hboot, you should be confronted with a screen similar to one of these (left is hboot's bootloader, right is hboot's fastboot)
What information should you record here?
If your screen looks like the one on the left, navigate to FASTBOOT and select it, and it will change to the one on the right.
Next, plug in your USB then in your command prompt enter the following commands;
Temproot Requires Android 2.3.5 or lower.
This is useful if you have to downgrade your RUU. You will need your USB connected for this. You don't need to do this if you already have root, as the aim of temproot is to give you root until you next power down your device.
First, choose your weapon, zergRush or tacoroot. If one isn't working for you, use the other. Don't use both at the same time.
and look to see that there is now a # where there was a $.
If you have successfully got temproot, next is using misc_version. However, this is also a good time to install Titanium Backup, should you want to save any of your data. Busybox and superuser may also be required for Titanium to work, I didn't do it myself.
misc_version Requires root or temproot.
misc_version is used to trick your phone into thinking it is running an older version. Setting this number lower than the RUU you want makes the phone think the RUU is newer, and so lets it run.
You should now be ready to downgrade by RUU.
RUU Requires misc set to lower version number. Will wipe your phone. Bootloader must be locked.
Choosing a RUU is quite simple, take the CID you found in the hboot section and compare it to this list of carriers
Now go over to a repository of RUUs and select the oldest one for your carrier. If there isn't one, then try the generic one for your region (e.g. Europe/Asia/WWE).
The purpose of downgrading is to get an older hboot, so you will be looking for a RUU with version number 1.4x.xxx.x or lower.
There are a lot of SAGA RUUs hosted on androidruu.comandroidfiles.org
If the install fails, you may need a goldcard (see GoldCard section) then come back here.
If the install works, go on to Revolutionary.
GoldCard
A GoldCard is used to make your phone ignore it's Carrier ID (CID) and branding when updating with a RUU. It, in effect, grants you "Super CID" whilst it is connected to your phone.
There are many ways to make a GoldCard, but not all SD cards work.
My preferred method uses the goldcard binary and is done with your phone connected by USB.
Your SD card should now be a goldcard. Reboot and try running the RUU again.
Unlocking Bootloader Will wipe your phone. Don't do this if you're S-OFF.
This lets you flash a custom recovery and custom ROMs using a S-ON device. If you're able to use revolutionary or are already S-OFF, I advise against unlocking your bootloader. After this, when on a custom ROM that has been rooted, if you want to get S-OFF you can use misc_version, re-lock your bootloader and downgrade by RUU.
To unlock your bootloader, head over to htcdev.com/bootloader, choose "All Other Supported Models" and follow the steps it gives you. You can use the same adb and fastboot as linked in this guide.
You may want to backup /dev/block/mmcblk0p16 and /dev/block/mmcblk0p3 to your SD card (via dd) before unlocking, so you can see what is changed and in the future, if go on to S-OFF your device, attempt to lock as if it was never unlocked.
To re-lock your bootloader with fastboot, issue the following command (note that the device will remember that it was unlocked).
Flashing Requires S-OFF or unlocked bootloader.
There are many ways to flash your phone; through recovery, using fastboot flash, fastboot flash zip, PG88IMG.zip and using dd. It is useful to know several methods as you may encounter a situation where one may not work but another will. A S-ON but unlocked device will still prevent some parts of the phone from being overwritten (e.g. hboot).
If you have reached here and just want to put a custom ROM onto your device, put the ROM's zip onto your SD card then the next step is to flash a custom recovery (usually via fastboot). After that, boot into the recovery and: 1. Backup your phone (savepoint), 2. Wipe the phone (clean start), 3. "Install from .zip" (flash ROM).
In all examples, I will demonstrate flashing "my_recovery.img" to the recovery partition.
By fastboot flash
Backups Restores require S-OFF
Other than using your recovery's backup, you can also backup partitions through dd. This does not require S-OFF and is similar to flashing with dd but with the input and output paths the other way around.
For example, to backup your hboot as "my_hboot.img", find the block it is on (listed above) and run the command
If you are not going to be changing special partitions, normal backups made through your custom recovery are easier and store all your data.
update.zip Requires S-OFF or unlocked bootloader
An update.zip lets you interact with the filesystem as root without fully loading up Android via fastboot, stock recovery or custom recovery. It works in a similar way to PG88IMG.zip but with scripting, and the .zip needs to be signed.
The following is an example of how you might create an update.zip to root your device, grey entries are generated upon signing. Remember to include update-binary.
The updater-script contents for this example could be as follows below.
It is important to leave a blank line at the end of this file so that it works as expected.
To sign the zip, use signapk.jar with a pem certificate file and pk8 key file. You can generate your own or use the ones in the zip attached below.
Once signed, you have two choices of how to apply it
The different commands you have available to you in updater-script are below
Credits
xp314a, drivers
prank1, CID vendor list
Revolutionary, S-OFFing and zergRush
jcase, tacoroot
zryvffn, misc_version_universal
Google, adb and android
htcdev, bootloader unlocking
Many others
Thanks for reading, hope this clarifies a lot.
Please message me if you see any errors.
Prerequisites
First things first, things you will almost definitely need are
- ADB and Fastboot as part of Google's platform-tools (16.0.2 windows, linux, macosx)
- HTC's Drivers for Windows computers (here)
- Android version number (Settings > System > About Phone)
- HBoot version number (See hboot section)
- USB debugging enabled (Settings > Applications > Development > USB debugging)
- Fastboot disabled (Settings > Power > Fast Boot)
- Your USB cable
You may also need
- Your CID (Carrier ID, see hboot section)
- Matching RUU for your carrier/region (Get here
here, how to choose here and below) - A GoldCard (made from your SD Card, only needed if RUU for your carrier isn't available, see goldcard section)
- Binary to get temproot (zergRush or tacoroot)
- Binary to make your phone think it is a lower version number (misc_version_universal)
- Revolutionary
- Your phone's serial number (see hboot section)
Things you may want
- A custom recovery (e.g. 4ext, zip)
- An ENG hboot (0.98.2000, 2.00.2002, partition tables change so nandroid before, restore after)
- signapk.jar to create a signed update.zip
To make life easy, I am going to assume that you have saved and extracted all files in the same directory as adb/fastboot.
You may decide to create a folder in the root directory of your computer's hard drive to put all these things in, e.g. C:\desires\
You will probably need an open command prompt or terminal on your computer at this location.
HTC Sync should not be installed on your computer as it can interfere with USB commands.
HBoot
To access your phone's hboot, disconnect any USB and power down your phone. Next, hold down the volume down button, then hold power down until the screen lights up. Release power before releasing volume.
Hboot is useful for flashing, getting information about your phone and running commands that you simply can't do from within Android.
Upon entering hboot, you should be confronted with a screen similar to one of these (left is hboot's bootloader, right is hboot's fastboot)
Code:
[COLOR="Magenta"]*** LOCKED *** *** LOCKED ***[/COLOR][COLOR="Green"]
SAGA PVT SHIP S-ON RL SAGA PVT SHIP S-ON RL
HBOOT-x.xx.xxxx HBOOT-x.xx.xxxx (PG8810000)
eMMC-boot RADIO-yyyy.yy.yy.yy_M
Jan 1 1970, 00:00:00 eMMC-boot
Jan 1 1970, 00:00:00[/COLOR]
[COLOR="Blue"]HBOOT[/COLOR]
[COLOR="Red"]FASTBOOT[/COLOR][COLOR="Orange"]
<VOL UP> to previous item
<VOL DOWN> to next item <VOL UP> to previous item
<POWER> to select item <VOL DOWN> to next item
<POWER> to select item[/COLOR]
[COLOR="Blue"]FASTBOOT[/COLOR]
[COLOR="Green"]RECOVERY[/COLOR] [COLOR="Blue"]BOOTLOADER[/COLOR]
[COLOR="Red"]FACTORY RESET[/COLOR] [COLOR="SandyBrown"]REBOOT[/COLOR]
[COLOR="Blue"]SIMLOCK[/COLOR] [COLOR="Purple"]REBOOT BOOTLOADER[/COLOR]
[COLOR="Black"]IMAGE CRC[/COLOR] [COLOR="Red"]POWER DOWN[/COLOR]- The HBOOT-x.xx.xxxx (this is your hboot's version)
- Whether it says S-ON or S-OFF
- Whether it says SHIP or ENG
- You should already be able to flash a custom recovery via a PG88IMG.zip so you can skip ahead.
- If it says SHIP, you may want to flash an ENG hboot.
- If it says ENG, you may want to keep a backup of your hboot.
- If your android version was 4.0.4, you have to unlock the bootloader via htcdev.
- If your hboot version is 0.98.0002 or lower, you can use revolutionary right away.
- If your hboot is higher, you will need to downgrade by RUU before you can use revolutionary.
If your screen looks like the one on the left, navigate to FASTBOOT and select it, and it will change to the one on the right.
Next, plug in your USB then in your command prompt enter the following commands;
- Get your phone's serial number
Code:
fastboot devices - Get your phone's Carrier ID (for use with choosing RUU)
Code:
fastboot getvar cid
Temproot Requires Android 2.3.5 or lower.
This is useful if you have to downgrade your RUU. You will need your USB connected for this. You don't need to do this if you already have root, as the aim of temproot is to give you root until you next power down your device.
First, choose your weapon, zergRush or tacoroot. If one isn't working for you, use the other. Don't use both at the same time.
- Using zergRush
shell will exitCode:adb push zergRush /data/local/tmp/zergRush adb shell chmod 755 /data/local/tmp/zergRush /data/local/tmp/zergRush - Using tacoroot is a bit more complicated but works on more phones, you need to have gone into recovery at least once (tacoroot has command for this)
Phone reboots to recovery, once it is there, reboot manuallyCode:adb push tacoroot.bin /data/local/tmp/tacoroot adb shell chmod 777 /data/local/tmp/tacoroot /data/local/tmp/tacoroot --recovery
Phone reboots again, if it stops at bootloader, choose reboot. It is now ready to be rootedCode:adb shell /data/local/tmp/tacoroot --setup
Code:adb shell /data/local/tmp/tacoroot --root
Code:
adb shell
exitIf you have successfully got temproot, next is using misc_version. However, this is also a good time to install Titanium Backup, should you want to save any of your data. Busybox and superuser may also be required for Titanium to work, I didn't do it myself.
misc_version Requires root or temproot.
misc_version is used to trick your phone into thinking it is running an older version. Setting this number lower than the RUU you want makes the phone think the RUU is newer, and so lets it run.
Code:
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 1.27.405.6RUU Requires misc set to lower version number. Will wipe your phone. Bootloader must be locked.
Choosing a RUU is quite simple, take the CID you found in the hboot section and compare it to this list of carriers
The purpose of downgrading is to get an older hboot, so you will be looking for a RUU with version number 1.4x.xxx.x or lower.
There are a lot of SAGA RUUs hosted on androidruu.com
If the install fails, you may need a goldcard (see GoldCard section) then come back here.
If the install works, go on to Revolutionary.
GoldCard
A GoldCard is used to make your phone ignore it's Carrier ID (CID) and branding when updating with a RUU. It, in effect, grants you "Super CID" whilst it is connected to your phone.
There are many ways to make a GoldCard, but not all SD cards work.
My preferred method uses the goldcard binary and is done with your phone connected by USB.
Code:
adb push goldcard /data/local/tmp/
adb shell chmod 777 /data/local/tmp/goldcard
adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid > tcid
set/p cid= < tcid
del tcid
adb shell /data/local/tmp/goldcard -c %cid% -o /data/local/tmp/goldcard.img
adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1Unlocking Bootloader Will wipe your phone. Don't do this if you're S-OFF.
This lets you flash a custom recovery and custom ROMs using a S-ON device. If you're able to use revolutionary or are already S-OFF, I advise against unlocking your bootloader. After this, when on a custom ROM that has been rooted, if you want to get S-OFF you can use misc_version, re-lock your bootloader and downgrade by RUU.
To unlock your bootloader, head over to htcdev.com/bootloader, choose "All Other Supported Models" and follow the steps it gives you. You can use the same adb and fastboot as linked in this guide.
You may want to backup /dev/block/mmcblk0p16 and /dev/block/mmcblk0p3 to your SD card (via dd) before unlocking, so you can see what is changed and in the future, if go on to S-OFF your device, attempt to lock as if it was never unlocked.
To re-lock your bootloader with fastboot, issue the following command (note that the device will remember that it was unlocked).
Code:
fastboot oem lockFlashing Requires S-OFF or unlocked bootloader.
There are many ways to flash your phone; through recovery, using fastboot flash, fastboot flash zip, PG88IMG.zip and using dd. It is useful to know several methods as you may encounter a situation where one may not work but another will. A S-ON but unlocked device will still prevent some parts of the phone from being overwritten (e.g. hboot).
If you have reached here and just want to put a custom ROM onto your device, put the ROM's zip onto your SD card then the next step is to flash a custom recovery (usually via fastboot). After that, boot into the recovery and: 1. Backup your phone (savepoint), 2. Wipe the phone (clean start), 3. "Install from .zip" (flash ROM).
In all examples, I will demonstrate flashing "my_recovery.img" to the recovery partition.
By fastboot flash
Reboot to bootloader, select fastboot, connect USB, then
Wait for it to complete, reboot your device and it is done.
By fastboot flash zip
Code:
fastboot flash recovery [COLOR="Blue"][B]my_recovery.img[/B][/COLOR]This is the most similar to the method used by a RUU installer. It requires you to create a zip file as in the PG88IMG.zip for it to work, with the exception that you have the file on the computer and not on the SD card.
Reboot to bootloader, select fastboot, connect USB, then
Wait for it to complete, reboot your device and it is done.
By PG88IMG.zipReboot to bootloader, select fastboot, connect USB, then
Code:
fastboot oem rebootRUU
fastboot flash zip [COLOR="Red"][B]PG88IMG.zip[/B][/COLOR]You create a zip file where the ".img" files are named the same as the partition you want to overwrite, and include an "android-info.txt" file to say "this is an important update".
File structure:
Example "android-info.txt"
Place the PG88IMG.zip file in the root of your SD card and reboot to bootloader. It will be automatically detected, preventing you from doing other actions whilst it is there. After it has flashed, remove or rename the file so that the bootloader won't detect it again next time.
Wait for it to complete, reboot your device and it is done.
By ddFile structure:
Code:
PG88IMG.zip
├android-info.txt
└[COLOR="Blue"][B]recovery.img[/B][/COLOR]
Code:
modelid: PG8810000
cidnum:VODAP***
cidnum:VIRGI***
cidnum:T-MOB***
cidnum:TIM__***
cidnum:TELST***
cidnum:TELEF***
cidnum:eek:RANG***
cidnum:eek:2___***
cidnum:BOUYG***
cidnum:H3G__***
cidnum: HTC__***
mainver: 14.01.401.2
hbootpreupdate:13
DelCache:1
DelDevlog:1Wait for it to complete, reboot your device and it is done.
This is the only one done by adb (root environment, S-OFF) and the only one that lets you modify un-named partitions and skip version checks. It can also be done from recovery, but remember to mount /sdcard/ if you plan to use it.
Typing a wrong number when doing this can easily brick your phone, so some consider it the most dangerous method.
First, look up which block you want
Then run the command
(if you need to use su to get root, seperate "adb shell" from "dd" and "su" between them)
Wait for it to complete, reboot your device and it is done.
Typing a wrong number when doing this can easily brick your phone, so some consider it the most dangerous method.
First, look up which block you want
Code:
mmcblk0p7 rcdata (still protected on revolutionary S-OFF)
mmcblk0p17 misc
mmcblk0p18 hboot
mmcblk0p19 splash1
mmcblk0p21 recovery
mmcblk0p22 boot
mmcblk0p25 system
mmcblk0p27 cache
mmcblk0p26 data
mmcblk0p28 devlog
mmcblk0p29 pdata
Code:
adb push [COLOR="Blue"][B]my_recovery.img[/B][/COLOR] /sdcard/
adb shell dd if=/sdcard/[COLOR="Blue"][B]my_recovery.img[/B][/COLOR] of=/dev/block/[COLOR="Red"][B]mmcblk0p21[/B][/COLOR]Wait for it to complete, reboot your device and it is done.
Backups Restores require S-OFF
Other than using your recovery's backup, you can also backup partitions through dd. This does not require S-OFF and is similar to flashing with dd but with the input and output paths the other way around.
For example, to backup your hboot as "my_hboot.img", find the block it is on (listed above) and run the command
Code:
adb shell dd if=/dev/block/[COLOR="Red"][B]mmcblk0p18[/B][/COLOR] of=/sdcard/my_hboot.imgupdate.zip Requires S-OFF or unlocked bootloader
An update.zip lets you interact with the filesystem as root without fully loading up Android via fastboot, stock recovery or custom recovery. It works in a similar way to PG88IMG.zip but with scripting, and the .zip needs to be signed.
The following is an example of how you might create an update.zip to root your device, grey entries are generated upon signing. Remember to include update-binary.
Code:
update.zip
├META-INF
│├com
││└google
││ └android
││ ├update-binary
││ └updater-script
│├[COLOR="Grey"]CERT.RSA[/COLOR]
│├[COLOR="Grey"]CERT.SF[/COLOR]
│└[COLOR="Grey"]MANIFEST.MF[/COLOR]
└system
└xbin
├busybox
└suThe updater-script contents for this example could be as follows below.
It is important to leave a blank line at the end of this file so that it works as expected.
Code:
mount("MTD", "system", "/system");
delete("/system/bin/busybox", "/system/xbin/busybox");
delete("/system/bin/su", "/system/xbin/su");
package_extract_dir("system", "/system");
set_perm(0, 0, 06755, "/system/xbin/busybox");
set_perm(0, 0, 06755, "/system/xbin/su");
unmount("/system");To sign the zip, use signapk.jar with a pem certificate file and pk8 key file. You can generate your own or use the ones in the zip attached below.
Code:
java -jar signapk.jar certificate.pem key.pk8 update.zip update-signed.zipOnce signed, you have two choices of how to apply it
- By recovery; place the update-signed.zip on the root of your SD card and rename it to update.zip. Now reboot into bootloader, choose recovery. If you're on stock recovery, you may be prompted by an exclamation mark here, hold volume up and volume down, press power and then release the buttons to proceed to the next screen. Now choose to apply update.zip.
- By fastboot; boot into your bootloader, go to fastboot, and run
Code:
fastboot update update-signed.zip
The different commands you have available to you in updater-script are below
Credits
xp314a, drivers
prank1, CID vendor list
Revolutionary, S-OFFing and zergRush
jcase, tacoroot
zryvffn, misc_version_universal
Google, adb and android
htcdev, bootloader unlocking
Many others
Thanks for reading, hope this clarifies a lot.
Please message me if you see any errors.
Last edited:
