Please remember to add a category to the bottom of each page that you create.
See categories help for further details, but most will probably be [[Category:HTC ModelName]].

HTC Dream/Rooting Branded EBI1s

From XDA-Developers
Jump to: navigation, search

This Guide will show how to prepare you Stock HTC Dream with a 3.x radio (EBI1) To install a EBI1 rom (also frequently called 32a roms, due to the first 3.x radios being on 32a magics

Samples of stock EBI1 roms are:

  • Rogers Dream (Canada)
  • Orange Dream with 1.86.* firmware (France)

Many other non-google branded Dreams

Introduction

Previously to January all Rogers Dreams had a serious 911 flaw. This was patched back in January 2010 however with the patch all exploits to enter root where removed

With the DroidX exploit however we can also get root on out locked Rogers Dreams

Preparations

NOTE: If you proceed with this process you proceed at your own risk. While these steps are designed such that if you follow all of them in order they minimize the chances of bricking your phone there is always a slight risk and neither XDA nor its members will take responsibility for you bricking your phone. In addition you agree that installing a custom firmware voids your phone's warranty.


These files are required to Install a custom recovery and Engineering SPL.. Once this is done you will require additional files to install your custom rom, please read all the instructions prior to starting.

  1. You will first want to setup ADB and Fastboot on your system as described on the ADP1 page
  2. SDCard inside the phone
  3. Download DroidXRoot_v2.zip from the How to Root Droid X thread (mirror exploid+src only)
    • unzip the file and put the file exploid somewhere easy to access from adb (we will not be using the rest of the files) exploid's MD5 37040d1a0203c101a9dbd70eb6d0efa4
  4. Download SPL 1.33.2005 (spl-signed.zip) MD5: 2112b7df6ed9d0a56897ac23b0399bb5
  5. Downlaod recovery-RA-dream-v1.7.0R-cyan.img MD5: ba2bf2d1c27e1bee009de2f66ac977e7

Rooting Steps

NOTICE: this process will erase everything on your phone; Please backup any important information before starting

A - Placing the rooting files on your phone

The first thing we need to do is put the explid binary and related files onto the phone via adb

  1. Ensure USB Debugging is enabled (Settings -> Applications -> Development -> USB debugging)
  2. run the following adb commands on your computer (from the directory withe the downloaded files) this will put the hack on your phone
    • adb push spl-signed.zip /sdcard/1_33_2005_spl.zip
    • adb push recovery-RA-dream-v1.7.0R-cyan.img /data/local
    • adb push exploid /sqlite_stmt_journals
    • adb shell chmod 777 /sqlite_stmt_journals/exploid

B - Running exploid

Now that the files are on the phone we need to run the exploit

  1. run: adb shell /sqlite_stmt_journals/exploid
    This will produce the following:
    $ adb shell /sqlite_stmt_journals/exploid
    [*] Android local root exploid (C) The Android Exploid Crew
    [*] Modified by birdman for the DroidX
    [+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
    [+] opening NETLINK_KOBJECT_UEVENT socket
    [+] sending add message ...
    [*] Try to invoke hotplug now, clicking at the wireless
    [*] settings, plugin USB key etc.
    [*] You succeeded if you find /system/bin/rootshell.
    [*] GUI might hang/restart meanwhile so be patient.
  2. Now the exploit is primed Unplug/re-plug the USB wire to activate

C - Installing the custom recovery

This will install ra-recovery (that we loaded into /data/local)

  1. enter the shell: adb shell (will return a '$' prompt)
  2. in the shell run rootshell
    $ rootshell
    Password (echoed):
  3. type the password "secretlol" to get a root '#' prompt
  4. in the root prompt run the following
    • chmod 666 /dev/mtd/mtd1
    • exit
  5. now you are back in the regular shell ('$' prompt), run the following twice
    flash_image recovery /data/local/recovery-RA-dream-v1.7.0R-cyan.img
    Note: The first run may return "mtd: read error at 0x00000000 (Out of memory)" the second run will run clean
  6. enter exit to exit the shell
  7. Long hold hangup/power and power off the phone

Sample:

$ adb shell
$ rootshell
Password (echoed):secretlol
# chmod 666 /dev/mtd/mtd1
# exit
$ flash_image recovery /data/local/recovery-RA-dream-v1.7.0R-cyan.img
mtd: read error at 0x00000000 (Out of memory)
mtd: read error at 0x00020000 (Out of memory)
mtd: read error at 0x00040000 (Out of memory)
$ flash_image recovery /data/local/recovery-RA-dream-v1.7.0R-cyan.img

$ exit

D - Installing an engineering SPL

This will install the engineering SPL and prepare the phone for a custom rom.

1.33.2005 (called danger on EBI0 dreams such as the T-Mobile dreams) will allow us to cleanly erase and flash radios.. This is also required if you are to change your dream to EBI0 from the current EBI1 state in the future.

This is highly recommended/required for all EBI1 users to install this SPL. (To return to a stock system, flash the official NBH or ROM Upgrade Utility (RUU) provided from your provided, this will restore everything including SPL)

  1. hold down the home key and boot into recovery
  2. Choose Flash zip from sdcard
  3. Choose 1_33_2005_spl.zip (this will stage the flash of the engineering SPL)
  4. reboot as prompted at the bottom of the screen
  5. The recovery will load up again do not be alarmed
  6. (optional) run a nandroid backup of the stock rom (the partition layout of 1.33.2005 matches that of the EBI1 SPLs, so its safe to backup now)
  7. run the adb command adb shell reboot bootloader (Note it may be a moment after the recovery screen appears before you can execute the command)
  8. Verify the following:
    • HBOOT: 1.33.2005
    • RADIO: 3.22.26.17
  9. If your radio is begins with 3.22 you may continue, however if the last two numbers don't match and you wish to upgrade:
    • Download 3.22.26.17
    • run fastboot flash radio radio-3.22.26.17_dream.img
  10. run the following two fastboot commands (this will prevent issues flashing your rom)
    • fastboot erase system -w
    • fastboot erase boot
  11. powerdown
    • fastboot oem powerdown
  12. Proceed to flash an EBI1 rom

E - Install Custom EBI1 rom

  • Cyanogen Continue to the cyanogen wiki for installation instructions the install guide
(Note: you will not need to wipe but will need the EBI1 port file)
  • biffmod 2.0 Proceed to Biffmod port post
  • Other Follow the instructions of the EBI1 rom of your choice;


Important: if at some point you decide to install the EBI0 radio (2.x), please note you must use fastboot to avoid bricking your phone. This is not recommended for beginners.

Troubleshooting

Additional aids in making the device work

Rogers APN (If no internet connection):

If you have an older Rogers SIM (non-usim) the APN may not be auto detected:

Goto: Settings -> Wireless controls -> Mobile networks -> Access Point Names.

Make the following two APNa:

Internet

Name: Rogers
APN: internet.com
Username: wapuser1
Password: wap
MCC: 302
MNC: 72 (or try 720 with newer SIM cards)

MMS

Name: Rogers MMS
APN: media.com
Username: media
Password: mda01
Server: 172.25.0.107
MMSC: http://mms.gprs.rogers.com
APN type: mms
MMS Proxy: 10.128.1.69
MMS Port: 80


Returning to Stock Rogers

In general once rooted its highly recommended not to return to stock; however in some instances you may wish to return your phone to the company for repair or if something goes wrong while still on a perfected SPL this may be required to proceed.

The following will re-install the e911 patched rom for the Rogers Dream

  1. download the nbh file rogers_1.89.631.1.nbh MD5:25bfcc329679e4869b3d65f673e463ac
  2. place the file somewhere accessible by fastboot
  3. power up your phone while holding down camera (aka boot into fastboot)
  4. As prompted press send or back to enter fastboot
  5. Check your SPL version and flash accordingly:
    • 1.33.2005 simply run 'fastboot flash nbh rogers_1.89.631.1.nbh'
    • 1.33.0008 / 1.33.0009 / 1.33.0010 run the following steps
      A) run 'fastboot oem rebootRUU'
      B) wait for the device to reboot into RUU mode
      C) run 'fastboot flash nbh rogers_1.89.631.1.nbh'
    • Any other SPL you will need to install 1.33.2005 aka. DangerSPL first (please make sure a 2.x or 3.x radio is installed prior to installing Danger SPL)
  6. run 'fastboot oem powerdown' to shutdown the phone if you are still on the fastboot screen
  7. boot into the Rogers rom

Credits

This process is the DroidX root ported to fully rooting the Rogers Dream

For questions see the related XDA thread