windows, and i tried that but it didnt work, cmd just flashed open and closed ill try again
[GUIDE] Comprehensive S-OFF/Root Methods
- Thread starter prototype7
- Start date
windows, and i tried that but it didnt work, cmd just flashed open and closed ill try again
For the other people reading this, ThisLameN**** let me remote into his computer using TeamViewer and we figured it out. There were three problems.
- He was launching Revolutionary with a double-click instead of from the command prompt
- He had HTC Sync installed instead of the HTC 3.0.0.7 driver. HTC Sync is incompatible with Revolutionary.
- He had his phone in the bootloader instead of booted normally and in charge-only mode.
By correcting those, we were able to run Revolutionary successfully, to obtain S-OFF and install ClockworkMod Recovery.
Thanks so much to @prototype7 for this awesome guide!! I was able to successfully use the tacoroot method to downgrade, root and S-OFF.
I was coming from HBOOT 0.98 and firmware 6.01.605.05, completely stock and locked. There were a few hiccups along the way, but I was able to get around them:
>> Like others have posted earlier, I was unable to flash the radio when instructed in the guide. I just proceeded past that step as others have said. I flashed the modem after everything else was done and then it worked fine.
>> Revolutionary was unable to download the CWM recovery, but it was able to proceed with everything else. After it was done, I just downloaded the IMG file for TWRP from here (search for VIVOW as the device name):
http://teamw.in/project/twrp2/71
And I manually flashed it via fastboot. The information in this guide was helpful:
http://www.phonearena.com/news/How-to-flash-a-custom-recovery-like-CWM-or-TWRP-on-Android_id53914
>> At one point in the process the phone did get stuck in a bootloop. I can't remember if that happened before or after running revolutionary. The first step to get out of it was to use "adb reboot bootloader" or "adb reboot recovery", can't remember which. Sorry my memory about this part is fuzzy.
I was coming from HBOOT 0.98 and firmware 6.01.605.05, completely stock and locked. There were a few hiccups along the way, but I was able to get around them:
>> Like others have posted earlier, I was unable to flash the radio when instructed in the guide. I just proceeded past that step as others have said. I flashed the modem after everything else was done and then it worked fine.
>> Revolutionary was unable to download the CWM recovery, but it was able to proceed with everything else. After it was done, I just downloaded the IMG file for TWRP from here (search for VIVOW as the device name):
http://teamw.in/project/twrp2/71
And I manually flashed it via fastboot. The information in this guide was helpful:
http://www.phonearena.com/news/How-to-flash-a-custom-recovery-like-CWM-or-TWRP-on-Android_id53914
>> At one point in the process the phone did get stuck in a bootloop. I can't remember if that happened before or after running revolutionary. The first step to get out of it was to use "adb reboot bootloader" or "adb reboot recovery", can't remember which. Sorry my memory about this part is fuzzy.
stuck on [flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605....]
So I am stuck trying to flash the RUU, I've had some other problems along the line, but thanks to the usefull posts in this thread, I could crawl all the way up-to here:
In Fact when I rebootRUU, the phone gives me a black screen with HTC logo. When I unplug usb, the android bootloader shows me:
as soon as plug the USB back in, the black screen scrolls down again.
Any Ideas?
So I am stuck trying to flash the RUU, I've had some other problems along the line, but thanks to the usefull posts in this thread, I could crawl all the way up-to here:
Code:
C:\Android>fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip
sending 'zip' (292817 KB)... OKAY [ 47.580s]
writing 'zip'... INFOadopting the signature contained in this image...
INFOsignature checking...
FAILED (remote: 12 signature verify fail)
finished. total time: 103.861sIn Fact when I rebootRUU, the phone gives me a black screen with HTC logo. When I unplug usb, the android bootloader shows me:
as soon as plug the USB back in, the black screen scrolls down again.
Any Ideas?
Can you input the next command at that black screen? I believe that's just what the RUU screen looks like.
Edit: try redownloading the RUU, it might be corrupt.
Last edited:
Sorry, the sequence of my question was not correct, I'll rephrase,
all the previous steps went through ok,
.......
fastboot oem lock - Ok
fastboot erase cache - Ok
fastboot oem rebootRUU - Ok (this is where I indeed reboot into the black screen when connected. and when disconnected I get the white bootloader screen)
The next command in line is:
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip - Not OK (error as in post above)
I'm downloading the Miniadb_inc2.zip file again. Let's hope that does the trick. THe checsum turned out to be ok so I didn't think that would be an issue.
Thanks..
UPDATE: I've redownloaded the package and retried, but no luck.
Code:
FAILED (remote: 12 signature verify fail)
Last edited:
Going from your previous post, I'm assuming you were originally HTCDev unlocked and going for S-OFF? Rerun "fastboot getvar mainver" and ensure the result is the same as I listed in the guide.
Yes Indeed, I currntly have HTCDev unlocked and S-on.
Already verified get mainver. But nevertheless:
Code:
C:\Android>fastboot devices
FA2BHTV00304 fastboot
C:\Android>fastboot getvar mainver
mainver: 2.18.605.3
finished. total time: -0.000s
Last edited:
if you have unlockable bootloader via htcdev do the process, install custom recovery, install superuser via zip file in custom recovery and then do this.
adb push misc_version /data/local/tmp/misc_version
adb shell
su
chmod 777 /data/local/tmp/misc_version
/data/local/tmp/misc_version -s 2.18.605.3
adb reboot bootloader
fastboot devices
fastboot getvar mainver The result should be 2.18.605.3. If it is not, something was not done correctly, you'll need to restart from the beginning.
fastboot oem lock
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a bit of time without giving any indication as to when it will be done, be patient and do not interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot reboot
it is basically the same process. i just removed tacoroot, enabled su just in case and skipped the last flash zip. i have done this several times. afterwards you'll have s-off and you can flash ics firmware+custom recovery of choice+custom rom of choice.
adb push misc_version /data/local/tmp/misc_version
adb shell
su
chmod 777 /data/local/tmp/misc_version
/data/local/tmp/misc_version -s 2.18.605.3
adb reboot bootloader
fastboot devices
fastboot getvar mainver The result should be 2.18.605.3. If it is not, something was not done correctly, you'll need to restart from the beginning.
fastboot oem lock
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a bit of time without giving any indication as to when it will be done, be patient and do not interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot reboot
it is basically the same process. i just removed tacoroot, enabled su just in case and skipped the last flash zip. i have done this several times. afterwards you'll have s-off and you can flash ics firmware+custom recovery of choice+custom rom of choice.
And I thought this thread was finally dead for good
https://github.com/CunningLogic/TacoRoot/archive/master.zip should work fine, there are a few other files you'll need too though. Took me a bit, but I managed to track them all down. Get misc_version from here (link), the radio image (link), adb and fastboot (link), and md5sums (link). You'll also need the RUU which I had to extract from HTC's utility since none of the other links worked, get it here (link), and that's the RUU_really_long_name.zip in the guide, the md5sum result is the same but the name is just RUU.zip. The version of tacoroot is slightly different, it should work but the md5sum will be df596a69e790c6a3261f79465593259f, not what it says in the guide. Get all of these files downloaded in the same directory and you should be good to follow the guide. Enjoy!
Last edited:
And I thought this thread was finally dead for good
I was able to get all of these, except the radio image, new link, please? I've been searching for hours for these files, so I can s off my Inc2, and, it seems, I'm so close... my other concern is revolutionary seems to be gone, as well, how do I get around that?
[EDIT]
Seems RUU.zip is corrupted, too...
[EDIT2]
I ran md5sums on RUU.zip, and, it matches, so, I'm assuming these zips aren't meant to be opened, normally, so, if I can locate the radio img with a proper md5, and a patched revolutionary, or, some other way to s off, I'm ready to try it.
[EDIT3]
I found the correct radio, with proper md5sum, on a russian hosting site, but, I'm getting the 12 signature verify fail error. I still haven't found anything to do the revolutionary step. There is a post on these forums, where OP said he had a patched version of it, that skips the beta key requirement, but, he never released it, as far as I can tell... might have to break out the old hex editing tools... Or, some new ones.
Last edited:
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
83Please do not PM me with questions about this guide! I don't have time to help everyone through it, create a thread in Q&A if you don't have 10 posts or post here, there are other people who have done this and can help you, and I will get to it if I can. PMs asking questions about this guide will be ignored. Thank you.
Fully stable root methods for all firmware versions (no bootloops on 6.01.605.05 firmware!)
Table of Contents
To quickly find a section, hit CTRL+F and type the letters in parentheses, then click "Next"
(IRO) Intro: Read first!
(HDV) HTCDEV Unlock
(TCR) Tacoroot
(DWG) Downgrade tool
(RVL) Revolutionary
(HSO) S-OFF with HTCDev unlock (second post)
(ASO) After S-OFF (second post)
INTRO(IRO)DISCLAIMER: I am not responsible for anything that happens to your device while following these instructions. I will try to help you through problems as much as I can, but I can't guarantee success, especially if you do not carefully read the instructions.
This is a comprehensive guide of all known and fully stable root/s-off methods, at this time, it covers just about all firmware versions out there.Most of these methods will require the Android SDK, so download that (Google it. A link for this really isn't necessary, and I'm sure many people could use practice googling things.The downgrade methods no longer require the sdk, but it is still reccomended that you download it as it is a very useful tool. Don't forget to download the device drivers here (only neccessary on Windows) and set the PATH variable.) and set it up (again, just google "android sdk," the download page even has tutorials).
So, which downgrade method should you use? Most likely you will either have firmware version 5.x or 6.x, you can find out under Settings>About phone. If you are using 5.x, go to the Downgrade Tool section; if you have 6.x, go to the Tacoroot section. Both methods eventually lead to the Revolutionary section, HTCDev unlock is not reccomended and, honestly, completely pointless (read more below).
HTCDEV UNLOCK(HDV)Versions: All
HTCDev is HTC's "official" unlock, it will unlock the bootloader but leave S-ON. Don't do it. Seriously. It's a guaranteed voided warranty and pretty much a huge PITA (you can't flash radios and need to extract and separately flash ROM kernels), and s-off methods are completely stable and even relockable. That said, if for whatever reason you do wish to do this, just go to http://htcdev.com/bootloader/. If you want to obtain S-OFF at any time after using HTCDev unlock, see the second post.
Note: to flash ROMs when HTCDev unlocked, flash the ROM normally, then extract the boot.img from the rom.zip and boot into fastboot, then use the command "fastboot flash boot boot.img."
TACOROOT(TCR)Versions: 6.01.605.05 firmware
Tacoroot is a temp root method discovered by Justin Case that will allow those on the newer firmware to flash an older version and root with Revolutionary. Before you begin, download this zip containing all the files you'll need:
EDIT: Looking for the files? See this post.
Extract this zip to C:/Android. You can extract it somewhere else, just replace C:/Android with the path to the wherever you extracted it wherever it comes up. Now, connect your device to your computer with a USB cable, turn on USB Debugging under Settings>Apps>Development, and disable fastboot under Settings>Power. Make sure your phone is fully charged. Open a command prompt by opening the start menu, typing "cmd" and hitting enter. Type in everything that is in black text. Notes and extra instructions will be written in blue. It is reccomended that you copy/paste the code to avoid typos, to do this, copy by highlighting the line and hitting Ctrl+C as usual; to paste, go to your command prompt and click the small black icon in the upper left corner. A menu will pop up, go to Edit>Paste. Make sure you have not highlighted any spaces before or after the line or any of the blue text. Now, begin copying the code:
cd C:/Android
md5sums RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip Remove the space in the middle of the word radio before hitting enter, I don't know why it won't let me remove it. Result should be cea499f51b40055ffd118960e1e73255, if it isn't, redownload the miniadb zip.
md5sums 1.09.01.0312_vivow_Radio_PG32IMG.zip Result should be ea6b98be48210d7797e62362f49ff751
md5sums tacoroot.sh Result should be 6ec06d776feb212d8b2a55817eddf76d
md5sums misc_version Result should be 050f55d34ddbcc860efa5982491437de
adb devices Result should be your phone's serial number. If it isn't make sure drivers are properly installed and USB Debugging is enabled.
adb push tacoroot.sh /data/local/
adb shell chmod 755 /data/local/tacoroot.sh
adb shell /data/local/tacoroot.sh --setup This will reboot your phone. When you get to a screen with a red exclamation mark, press VolUp+Power until you get to a menu, then press VolUp+VolDown+Power until the phone turns off. Once it is rebooted, continue.
adb shell /data/local/tacoroot.sh --root
adb wait-for-device Running the step before this will reboot your phone again, this time it will be bootlooping, meaning it will not boot fully and get stuck on the boot animation. Once your prompt comes back after this step, you're good to continue even though the phone isn't fully booted.
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 2.18.605.3
adb shell /data/local/tacoroot.sh --undo This will reboot your phone one more time, this time fully stable and will boot completely. Continue once fully booted.
adb reboot bootloader This will reboot your phone to a white screen with a few options. Once you are at this screen, continue with the instructions.
fastboot devices Result should be your phone's serial number, again.
fastboot getvar mainver The result should be 2.18.605.3. If it is not, something was not done correctly, you'll need to restart from the beginning.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Radio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a bit of time without giving any indication as to when it will be done, be patient and do not interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip 1.09.01.0312_vivow_Radio_PG32IMG.zip Same as the above, do not interrupt under any circumstances (unless you really wanted a phone-shaped paperweight)
fastboot reboot
That's the end of the codes, you should be fully booted into the now downgraded version. Re-enable USB debugging, then continue to the Revolutionary section and follow instructions there.
DOWNGRADE TOOL
Versions: HBOOT .98, firmware below 6.01.605.05
This will not work with firmware version 6.01.605.05! Use the tacoroot method!
This tool will downgrade you to 2.3.3, which will allow you to use Revolutionary to gain S-OFF.
Download the tool here, and extract it to a folder where you can easily get to it in a command prompt/terminal.
Now, connect your device to your computer with a USB cable, and turn on USB Debugging in settings. To ensure you are connected, open a command prompt/terminal and type "adb devices". If you see a bunch of letters and numbers followed by "device," you're good to go.
Navigate to the files you extracted in a command prompt/terminal ("cd /path/to/folder," replacing /path/to/folder with the actual filepath), type "hack-vivow.cmd" and let it run. It may take a while and seem to get stuck on some commands, just leave it alone. After it's done, continue to the Revolutionary section. Yep, it really is that easy.
REVOLUTIONARY
Versions: GB 2.3.3, any others after downgrade methods
This is the final step that will actually get you S-OFF.
Go to the revolutionary website, click on the download link for your OS, you'll get a download right away. While it's downloading, fill out the form that pops up (if you don't know your serial number and have the sdk installed, open up a command prompt/terminal and type "adb devices," the letters/numbers before "device" is your serial. Extract the files and run either revolutionary or revolutionary.exe depending on your OS, enter your beta key and say yes when it asks to install CWM recovery. Let it run, and you'll be S-OFF and ready to go!
If you have any questions/comments or found something that isn't right, go ahead and post, I would greatly appreciate any positive or negative feedback, as long as it's constructive.
Credits:
attn1 for Downgrade tool
Revolutionary team
Guhl for misc_version
jcase for Tacoroot
PalmerCurling for Tacoroot downgrade guide
MIVLives for bootloop fix
scotty85 for better Tacoroot downgrade and HTCDev S-OFF method
If you find anything I didn't give credits for and should have, let me know and I'll add it.22Get S-OFF after using HTCDev Unlock
(HSO)If you used HTCDev unlock and want to get S-OFF, follow this guide. What you get from going from HTCDev unlocked to full S-OFF is a full unlock instead of HTC's restricted unlock. This way, you can flash custom radios and flash ROMs without needing to extract and separately flash the boot.img. (Note: If you already installed a custom recovery and a custom ROM, flash this ROM and start at "adb push misc_version /data/local/tmp/misc_version" in the code.) To do this, first download this zip and extract it to C:/Android. You can extract it somewhere else, just replace C:/Android with the path to where you extracted it wherever it comes up. Next, download this zip and extract it to C:/Android. Download this zip as well and put it in your C:/Android folder, but do not extract it. Now, connect your device to your computer with a USB cable, turn on USB Debugging under Settings>Apps>Development, and disable fastboot under Settings>Power. Make sure your phone is fully charged. Open a command prompt by opening the start menu, typing "cmd" and hitting enter. Type in everything that is in black text. Notes and extra instructions will be written in blue. It is recommended that you copy/paste the code to avoid typos, to do this, copy by highlighting the line and hitting Ctrl+C as usual; to paste, go to your command prompt and click the small black icon in the upper left corner. A menu will pop up, go to Edit>Paste. Make sure you have not highlighted any spaces before or after the line or any of the blue text. Now, begin copying the code:
cd C:/Android
md5sums RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip Result should be cea499f51b40055ffd118960e1e73255, if it isn't, redownload the miniadb zip.
md5sums 1.09.01.0312_vivow_Radio_PG32IMG.zip Result should be ea6b98be48210d7797e62362f49ff751
md5sums misc_version Result should be 050f55d34ddbcc860efa5982491437de
adb devicesResult should be your phone's serial number.
adb push CWM-SuperSU-v0.94.zip /sdcard This might take a minute or so. If it gives an error, try "adb push CWM-SuperSU-v0.94.zip /mnt/sdcard"
adb reboot bootloader This should reboot your phone to a white menu, once it is there, continue.
fastboot devices This should return your phone's serial number.
fastboot flash recovery recovery.img This might take a while, be patient and do not interrupt it. Once it is done, use the volume buttons on your phone to navigate through the menu until RECOVERY is highlighted, then press Power to select it. Your phone will reboot into another menu, once it shows up, select "install from sdcard" then "choose zip from sdcard," then scroll down and select CWM-SuperSU-v0.94.zip, and accept it. Once it is finished, press power then select reboot. Once you are fully booted, continue with the instructions.
adb push misc_version /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/misc_version -s 2.18.605.3
adb reboot bootloader This will reboot you to the white menu again.
fastboot devices Result should be your phone's serial number.
fastboot getvar mainver Result should be 2.18.605.3. If it isn't, make sure you didn't get any errors in the above code and everything was copied correctly.
fastboot oem lock
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip RUU_Vivo_W_Gingerbread_S_VERIZON_WWE_2.18.605.3_Ra dio_1.09.01.0622_NV_VZW1.92_release_199487_si.zip This will take a while, be patient and do not under any circumstances interrupt it.
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip 1.09.01.0312_vivow_Radio_PG32IMG.zip This will also take a bit, again, do not interrupt it.
fastboot reboot
That's the end of the code, you should be downgraded and can now get S-OFF by following the Revolutionary guide in the first post.
After S-OFF(ASO)So, now you have S-OFF. Congratulations! The next step would be to flash a custom recovery, then either an su zip or a custom, rooted ROM. For recoveries, the choices are ClockworkMod, 4EXT or TWRP. I personally prefer 4EXT, but TWRP is also great and has many great features. ClockworkMod is a little slower, but still stable. All ROMs and recoveries for the Dinc2 can be found in the development forums (where you found this guide), and there are many different ROMs to choose from, so check them out! If you want something rock solid and completely stable, try out CondemnedSoul's CM7 or one of the Gingerbread Sense ROMs, or if you want something newer, a bit faster, but maybe has a few minor bugs, check out one of the many ICS ROMs. If you want the latest and greatest, with a few slight bugs, go Jelly Bean with aeroevan's CM10. If you were looking to just root, download and flash the zip found here: http://xdaforums.com/showthread.php?t=1538053, however, I would recommend that you try one of the Gingerbread Sense ROMs such as Skyraider Zeus if you wanted something a bit different with extra features, or andybonestock for a faster, debloated ROM that looks and feels exactly like what you're used to, but rooted.3Updated, let me know how the new radio flashing method in the tacoroot guide works, also added After S-OFF section. As always, if you have any feedback, go ahead and post it, user feedback is the only way I can fix this if there's anything wrong, thanks!3I had problems (boot loops) with doing this on a refurb as well (radio was indeed the problem). Flash a different radio and it should work (Currently running the new MIUI w Android 4.0.4)
BTW, this method still works even on the recent refurbs that verizon is sending out...intead of the zergRush you have to use tacoroot tho.
This method using tacoroot instead of zergRush is exactly what this is lol. Basically what it does for anyone who is curious is tacoroot uses an exploit with the recovery log (which is why you need to reboot into recovery) to gain access to default.prop (or maybe it was local.prop, don't remember exactly), and it writes the line ro.kernel.qemu="1". This tells the system to boot as an emulator, which gives us temporary root access, so we can now use the misc_version tool to write that 2.whateveritwas number to the mainver, which tricks the system into thinking it has a lower version number, so we can flash an RUU that is actually a downgrade. This version is the one the Revolutionary tool was developed for, so then that can be use to get S-OFF. Long story short, zergRush and tacoroot are both methods to gain temp root which we use to trick the system into letting us downgrade. The only reason we need to use tacoroot now is because the zergRush exploit was patched in the latest firmware update.
Edit: wow, was not expecting to be typing that wall of text when I responded to that lol, hopefully it helps people understand how this actually works.
Sent from my Incredible 2 using Tapatalk 2
