Make Your Network Smart – XDA Xposed Tuesday

We rave about the features and abilities of our smartphones. However, in order for … more

Dr.Ketan Brings The S6 Theme Store To The Note 4

Dr.Ketan has submitted a video to the forums showing a functional port of the Galaxy S6 … more

Do You Have Insurance on Your Smartphone?

While affordable smartphones are becoming more available, the majority of high-end flagships … more

Apple Music Will Increase iTunes Match to 100,000 Songs

The battle for music streaming subscription dominance is starting to really heat … more

[DOC][DEV][25/07] Search for root-access: first beta testers with S-OFF

1,561 posts
Thanks Meter: 349
By Elim, Senior Member on 11th June 2011, 09:33 PM
Post Reply Subscribe to Thread Email Thread
Got root rights
Many functions and and changes in the system need root rights on our phone. In this thread I will describe all steps I and others did, to get them.

In this post you will find a history off all steps and the status, in post #2 a detailed documentation and in post #3 one day tutorials.

Status: beta testers with S-OFF
  • 11.6.2011: Open this thread
  • 12.6.2011: Collect all informations (and unpack my own Flyer )
  • 19.6.2011: Prepare PC and Flyer
  • 20.6.2011: run first script to got root rights in a shell (no success)
  • 24.6.2011: Rooted for S-OFF Flyers (by dalada)
  • 15.7.2011: Temp root rights with the fre3vo tool by agraben.
  • 18.7.2011: Permanent temp root rights by eugene373
  • 25.7.2011: First beta testers got S-OFF with help from the alpharev team.
Last edited by Elim; 27th July 2011 at 09:21 AM.
The Following 6 Users Say Thank You to Elim For This Useful Post: [ View ]
11th June 2011, 09:34 PM |#2  
Elim's Avatar
OP Senior Member
Flag Antwerpen
Thanks Meter: 349
Post Changelog and old versions
The first stept to got root access to our HTC Flyer is to find a method which works. Until the first android phone are many different methods are successful but most off them didn't work for gingerbread.

I will first document all steps I or someone else did. Until know we have nothing but help and ideas are welcome.
After we find a way to become root access, we have to write a tool for everybody and after that the work begins... for all other stuff like custome ROMs

1.1 What others try
Here is a list off unsuccessful attempts until now:So, no standard, popular tool works... But can everybody, who check one of the tools above (or something else), send me the log-files which are produced? thx.

PS. I found that different tools with the same name exists (e.g. 1-click), so when you test one of these tools, please can you specify which tool you use, with the version number. Thx.

1.2 Next steps
Okay, I didn't expect that it will be such easy. Next step for me is to read about all this methods in detail and check why they didn't work with the Flyer to find a little hole to get through...

1.3 Use fre3vo tool
After some changes and with the help from agrabren we got successful temp root rights. Until now we found with this tools the following exploits:
  • HTC EVO view 4G: last version contains exploit
  • HTC Flyer WiFi 16GB: exploit at adress 38126600:a00
  • HTC Flyer 3G 32GB: exploit ad address 38125e00:1200

1.4 beta-tests for alpharevX
The first beta testers got their Flyer S-OFF.

For more information and the current status read the last postings or on the alpharev homepage if the Flyer is now supported. But don't use the current verion 0.2pre5, it will not work!

All thanks go to team TeamWin and team alpharev and not to me!!! I only document until now the process.
Last edited by Elim; 27th July 2011 at 09:28 AM.
The Following User Says Thank You to Elim For This Useful Post: [ View ]
11th June 2011, 09:35 PM |#3  
Elim's Avatar
OP Senior Member
Flag Antwerpen
Thanks Meter: 349
Lightbulb Tutorials

Open the bootloader

HTC add a special "fastboot" option to his android devices. When fastboot is active the device can be set-on very fast but you can't open the bootloader with fastboot active. Therefore you have first to deactived the fastboot option.

1. deactivate fastboot
  • go to settings
  • select "Power"
  • unchek "fastboot"
  • switch off the Flyer
2. open bootloader
  • hold down volume-down button
  • hold down power button
  • wait until bootloader open by holding both buttons together down

So long we make test but also when we have an exploit, I am sure we need the functionality to reset our devices.

On other devices I remove the battery but the Flyer one is build-in and can't be removed.

Soft reset
  • Tap and hold on the Volume Up and Volume Down buttons
  • While holding on the Volume Up and Volume Down buttons, please tap and hold the Power button until the screen closes.
(Source: HTC)

Hard (factory) reset
  • Press and hold the VOLUME DOWN button
  • briefly press the POWER button
  • Wait for the screen with the three Android images to appear
  • release the VOLUME DOWN button
  • press the POWER button.
(Source: HTC)

Temp root
with the tool fre3vo
  • Be aware that this is only temp root and the device is still locked and you can brick your Flyer when you did something wrong with you root rights. Solong the device is locked, don't remove anything from the /system directory!!!
  • Download the last version from here
  • Download the android sdk
  • Close HTC sync (or any other tool which maybe listen on the USB ports)
  • use the adb tool from sdk with following commands (replace [exploit adress] with correct address from #2):
    adb push fre3vo /data/local/tmp
    adb shell chmod 777 /data/local/tmp/fre3vo
    adb shell /data/local/tmp/fre3vo -debug -start [exploit address] -end [exploit address]
(all work done by agrabren and the fre3vo team!)
Last edited by Elim; 15th July 2011 at 08:27 PM.
The Following 3 Users Say Thank You to Elim For This Useful Post: [ View ]
11th June 2011, 11:09 PM |#4  
Thanks Meter: 2
do the root and the 50$ is for you
11th June 2011, 11:36 PM |#5  
Senior Member
Thanks Meter: 13
There is a couple hundred bucks easily in the bounty in general section. My addition still stands.

Good luck.
12th June 2011, 02:28 AM |#6  
Thanks Meter: 4
probably a newbie question, but is it not working because they locked the bootloaders?
12th June 2011, 04:53 AM |#7  
Senior Member
Thanks Meter: 16
I agree $$ if you rooted HTC Flyer .
12th June 2011, 06:32 AM |#8  
Elim's Avatar
OP Senior Member
Flag Antwerpen
Thanks Meter: 349
Originally Posted by senji75

probably a newbie question, but is it not working because they locked the bootloaders?

Locked bootloader
Yes, this is the problem. But I don't think that HTC at the end really unlock all his bootloaders and also with a locked bootloader it can be possible to get root access. So, when HTC like to help us, it's possitive, when not... let's try

And we are not allone, also the Sensation has the new locked bootloader and the devs there are also working on it. And maybe a solution there help us also.
Last edited by Elim; 12th June 2011 at 07:45 AM.
12th June 2011, 01:19 PM |#9  
AndroidMobileNZ's Avatar
Senior Member
Thanks Meter: 13
Do we know if an XTC Clip works on the Flyer? I realise this is a hardware solution, but it would be good to know...
12th June 2011, 02:21 PM |#10  
LowFire82's Avatar
Senior Member
Flag Fort Myers
Thanks Meter: 20
The GingerBreak.apk does not work, got that

Has anyone run the manual way with the binary file? Even to see if temp root could be accomplished?

I may try tonight when I get off work to see what happens..
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes