I realize that there may be no easy solution (or none at all) for this predicament at this time. However, I thought it might be helpful to start a thread that is solely devoted to trying to get root access back on devices that unfortunately have already applied the mandatory Rogers update.

I have absolutely no answers, but I am more than willing to donate to someone who puts time into solving this issue. The other thread(s) are filled with pages upon pages of people just whining and complaining about Rogers and their ill-fated attempts to work with tech support. This is not my intention for this thread. There are a few posts within the sea of complaints that are directed towards a solution, but they are not the easiest to pick out.

Anyone with any ideas, PLEASE post here!

Hi,

As I said in an earlier post, we all now know that the flashrec method is broken, and the goldcard method seems to be broken.

Trying to downgrade the rom fails with an error that basically says you can't install an older firmware over a newer version.

Question: How does the firmware perform this validation? Is it via the build number or timestamps on the files?

Question: Are we able to make our own NBH files? Is the structure known?

If someone can figure out the first question, then we will be half-way there, assuming someone can package nbh files.

gNoob

I'm in school right now (taking college courses now )

But, when I get home, i'll play around with it.

Question: How does the firmware perform this validation? Is it via the build number or timestamps on the files?

There is a "version" on the NBH that is checked. (when i get home today, i'll show you guys the down-and-dirty of each NBH [the latest and the old one])

Question: Are we able to make our own NBH files? Is the structure known?

Yes, and no. The structure is known. We *CAN* create NBH files, but they won't be signed. The stock SPL runs a check on the NBH files for a signature. If the signature is off, it won't flash. Therefore, no we can't. :P

Could this method work. Treating the phone as a brick and bringing it to a pristine state?
Sorry, I'm a "new" user so I can't post urls correctly until the admins let me

code dot google dot com/p/android-roms/wiki/Unbrick

Originally Posted by JakeArmitage79  

Could this method work. Treating the phone as a brick and bringing it to a pristine state?
Sorry, I'm a "new" user so I can't post urls correctly until the admins let me

code dot google dot com/p/android-roms/wiki/Unbrick

http://code.google.com/p/android-roms/wiki/Unbrick

Yeah they did that cause new users would spam Ads or other things.

Nope, this unbricking procedure doesn't work. It returns the following message:

Model ID incorrect!
Update Fail

Not too surprising, actually. If only we could get someone who works for HTC to sneak their signing key to Haykuro. Then an .nbh file with a version number greater than the version inside the SPL could be created and maybe the SPL would allow itself to be replaced.

Interesting challenge, this.

Okay, so I decided to try and see what was inside this RUU from Rogers. When it is initially run, it extracts its contents into my temp directory, and there you can find the rom.nbh file. I thought, maybe, it might allow me to switch out the rom.nbh with Haykuro's older image. So I started the installer, while it was sitting on the start page of the wizard, I replaced rom.nbh with Haykuro's, and it allowed me to get to the part of the updater where it uploads the image to the phone and tries to verify the update.

Unfortunately this fails because it reports the BootLoader version is 'incorrect'. I wonder if this means the wizard can be 'patched' to allow the downgrade?

I also noticed that there's a version fastboot.exe and adb.exe inside the installer's temporary files. I wonder if there's anything different about these versions of the files that might allow them to sidestep the new bootloader checks? Though I suspect without a correct signature this would also fail.

Just fiddling with this, trying to understand the details.

Old Rom:
Version: 1.85.631.5
Model ID: DREA21000
Target CID: ROGER001

New Rom:
Version: 1.89.631.1
Model ID: DREA21000
Target CID: ROGER001


I'll have more time to play with this later, i had some other stuff come up right now. Hopefully in a few days i'll have a bit more to put up.

Thanks Haykuro,

Just a little more information about my fiddling today. I verified that the fastboot.exe is pretty much stock. Trying to 'flash' the firmware with this returns a 'Remote not allowed' error. I also tried taking a look at ARUWizard.exe and ARUGlobal.dll. I thought these might be .NET code, but as far as I can tell, they are not, so maybe a standard decompiler would give some idea of what it's doing inside there? I might try to understand this a little more later.