[UNLOCK/ROOT] AT&T 3.18 - XPwn - Testing

Search This thread
By:
Advanced…
nhshah7

nhshah7

Senior Member
Feb 14, 2009
2,068
568
Boston
Okay, since people are having issues with the manual methods for Windows, I'm going to recommend installing using the Android SDK. @myusernam3, please remove the code from the OP and the other thread and replace it with a link to this post.

DISCLAIMER: Please read this post 4 times over before you attempt this procedure. It may render your phone unusable (read: a brick) if you don't follow it correctly. I and anyone else associated with this exploit is not responsible for any issues that may arise from this process, such as if you brick your phone. Proceed at your own risk, and with extreme caution. This procedure is not for those who don't want to take the time to read and understand how this works.


Download the android SDK and install it. Once that's done, open the android SDK manager and download platform-tools.
Navigate to C:\Program Files (x86)\Android\android-sdk\platform-tools to make sure adb.exe and fastboot.exe are there.
Download the files in the OP and then copy oneXchopper, ownage, and busybox to the platform-tools folder.

Once the files are moved over, you need to open a command prompt window. In windows explorer open to that folder (platform-tools), hold down the shift button and right click anywhere in the folder (not on a file). Then click Open command prompt window here. You should then see a command prompt window open to the platform tools window.

Plug in your phone and make sure USB debugging is enabled (Settings, developer options - enable this if it asks you, make sure USB debugging is checked). Now back in the command prompt, type "adb devices". It should show you HTCxxxxxxxxxx. That confirms that your phone and adb can see each other. If not, make sure you have the correct drivers installed. You can google around for help with this if you have trouble.

With that, we're ready to start typing in commands!

Type the following commands in one line at a time, minus the stuff in parenthesis. When you get to the first adb shell line, hit enter, then type the following line by line:
chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
ln -s /data/local/tmp/busybox /data/local/tmp/sed line
/data/local/tmp/xpwn

You'll see a bunch of lines of code (see below)

Once this is all done, type in "exit", then "adb reboot bootloader" (at the bottom of the code quote)

Code: 
adb push oneXchopper /data/local/tmp/xpwn
adb push busybox /data/local/tmp/busybox
adb push ownage /data/local/tmp/phase1.sh
adb shell 
      (within ADB shell)
      chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
      ln -s /data/local/tmp/busybox /data/local/tmp/sed
      /data/local/tmp/xpwn

You will see this: 
[+] This may take a few minutes.
[+] Success!
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.008 secs (128000 bytes/sec)

exit (will exit from shell)

adb reboot bootloader

You should now be in the bootloader. type in "fastboot getvar cid" and it should show you that your CID is "11111111". If so, it worked! From here, you can follow the instructions here to unlock your bootloader (go to htcdev.com and follow instructions for unlocking a device. in the dropdown device list, select the bottom "other" option).

From there you have to flash TWRP (download link: http://techerrata.com/browse/twrp2/evita - NOTE download 2.3.3.1 because some roms don't flash via TWRP 2.5.0.0). Instructions on how to flash are here (http://techerrata.com/browse/twrp2/evita). you should install via the "Download - Recovery Image Method" - run the fastboot command from the platform-tools folder command prompt above. Your phone should be in bootloader ("adb reboot bootloader" will get you there if you are in android). Copy the downloaded recovery image file to the platform-tools folder, then input the command at the website above (fastboot flash recovery...). Once it flashes successfully, use the up/down volume buttons to select bootloader (on the phone itself), then select recovery via pressing the power button to select. In recovery, make sure you have your rom loaded on your phone first. then go to wipe, and click factory data reset and wipe system. then hit the home button, hit install then install the rom you want. (this is assuming you want to install a rom, not just root.

After unlocking, it will wipe your SD card and you will lose all your sd card data and will have to load a rom to the SD card after unlocking it. it will boot up into the stock rom after you unlock so you can do that here after unlocking and/or flashing TWRP. Alternatively, you can flash SuperSU in recovery to obtain root in the stock rom, then obtain S-Off (see sticky in Developer sub-threads). If you want to use CM or any rom in the Original Android sub-thread, you will have to downgrade your touch-panel firmware. There are stickies in the Original Android Development sub-thread for this.

Good luck!
 
  • Like
Reactions: Steph09, stunning, freakdonkey and 13 others
threetwentyfizzle

threetwentyfizzle

Senior Member
Oct 31, 2012
1,019
410
Albuquerque
OnePlus 10 Pro
Ok, so I have another question regarding the command lines entered in the adb shell. So,

(within ADB shell)
chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
ln -s /data/local/tmp/busybox /data/local/tmp/sed
/data/local/tmp/xpwn

is that command entered as,

chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
(enter)
ln -s /data/local/tmp/busybox /data/local/tmp/sed
(enter)
/data/local/tmp/xpwn

or, is it entered as

chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox ln -s /data/local/tmp/busybox /data/local/tmp/sed/data/local/tmp/xpwn
(enter)

sorry for all the questions, I am just getting errors saying the directory doesnt exist, and I have followed every instruction to the "T".

Also, the command script in the OP is slightly different,

adb shell chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
adb shell
(within ADB shell)
ln -s /data/local/tmp/busybox /data/local/tmp/sed
/data/local/tmp/xpwn

Am I supposed to enter that first line before the adb shell command or after?

Thanks:)
 
S

spacely8

Member
May 26, 2013
20
2
Maryland
Ok so after many, many, many hours of just plain reading and about only 10 min of actually work (lawl) I actually got to unlock the bootloader. Thank you so much for this. I went to the AT&T store thinking they would know if you can revert to a previous Android version (so I can do the previous root version) and obviously they didn't know. Idk why you guys don't work at these stores instead of the retards they hire.

I was having trouble following the manual guide for windows, even though it is very detailed and helpful, so I just did the auto newb version and it worked. If there are any other newbs out there that need help with getting the phone connected, bootloader questions, and stuff like that I can help because I've spent a good 18 hours on this.

Also probably a newbish newb question but do you have to use the TWRP linked here (or TWRP in general) for the custom recovery? Or will any of them work? Right now I'm in the process of doing this and also trying to install Cyanogenmod as well.

Thank you again. I will try and donate if possible because I know this took a lot of work and time (Seeing as it took me 18 hours just how to figure out to unlock bootloader lol)

threetwentyfizzle said:
Ok, so I have another question regarding the command lines entered in the adb shell. So,

(within ADB shell)
chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
ln -s /data/local/tmp/busybox /data/local/tmp/sed
/data/local/tmp/xpwn

is that command entered as,

chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
(enter)
ln -s /data/local/tmp/busybox /data/local/tmp/sed
(enter)
/data/local/tmp/xpwn

or, is it entered as

chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox ln -s /data/local/tmp/busybox /data/local/tmp/sed/data/local/tmp/xpwn
(enter)

sorry for all the questions, I am just getting errors saying the directory doesnt exist, and I have followed every instruction to the "T".

Also, the command script in the OP is slightly different,

adb shell chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
adb shell
(within ADB shell)
ln -s /data/local/tmp/busybox /data/local/tmp/sed
/data/local/tmp/xpwn

Am I supposed to enter that first line before the adb shell command or after?

Thanks:)
Click to expand...
Click to collapse

I believe you enter this line by line, pressing enter after every key and you enter it after the adb shell command. I however didn't get it to work this way and did it the easy way posted in the beginning of the thread (if you have windows). It's really simple as you just plug your phone in and click on the "ONLY ONE X" batch file, and can pick up the rest of the directions from nhshah7
 
nhshah7

nhshah7

Senior Member
Feb 14, 2009
2,068
568
Boston
Yep, line by line. Some people have had some errors with this method and I'm trying to figure out what's going on and why it's not working. The more information I have the better able I am to help people having issues.

Sent from my One X using xda app-developers app
 
  • Like
Reactions: JoeJags
S

spacely8

Member
May 26, 2013
20
2
Maryland
nhshah7 said:
Yep, line by line. Some people have had some errors with this method and I'm trying to figure out what's going on and why it's not working. The more information I have the better able I am to help people having issues.

Sent from my One X using xda app-developers app
Click to expand...
Click to collapse

Do you have to use the TWRP that you linked or can any custom recovery be used?
 
nhshah7

nhshah7

Senior Member
Feb 14, 2009
2,068
568
Boston
spacely8 said:
Do you have to use the TWRP that you linked or can any custom recovery be used?
Click to expand...
Click to collapse

You can use the newest one but cleanrom and viper may have issues being flashed with anything newer than 2.3.3.1, which is why I recommend using that one. It has the least problems so to speak.

Sent from my One X using xda app-developers app
 
exad

exad

Senior Member
Jan 26, 2010
3,459
1,518
Montreal
Any version above 2.3.3.1 has issues properly wiping the phone and causes many issues with any and all ROMs.

Sent from my One X using xda app-developers app
 
S

spacely8

Member
May 26, 2013
20
2
Maryland
Gotcha, thanks guys. I've turned from newb to semi-knowledged after just hours of reading

Btw, I've read up on S-Off but still not really understanding the whole radio thing or advantages of it. I'm thinking of getting S-Off just because it means less control but I would like to know why.

---------- Post added at 02:20 AM ---------- Previous post was at 01:38 AM ----------
nhshah7 said:
Yep, line by line. Some people have had some errors with this method and I'm trying to figure out what's going on and why it's not working. The more information I have the better able I am to help people having issues.

Sent from my One X using xda app-developers app
Click to expand...
Click to collapse

Apologize for the double post

nhshah7 there are some things I recognized through your instructions which may be some peoples' reasoning for having errors with the method:

1. After getting CID and unlocking bootloader, the instructions to flashing the recovery TWRP are not really clear. The command wasn't specified for flashing it
Process:
1a. go into bootloader: adb reboot bootloader
1b. once you download the TWRP file and place it in the appropriate place, type command: fastboot flash recovery (file name).img
1c. Then from the bootloader menu click on recovery
1d. As the phone reboots, hold the volume up arrow and then you will be in recovery mode

I got confused a little but figured it out from outside sources. Thanks again
 
J

jill45

Member
May 16, 2013
6
0
I see TAMPERED but unable to get the CID :(

Hi,

I've tried all the steps correctly.
After the bootloader reboot command, when the phone boots to bootloader, I am getting a popup on the computer screen that the USB device is not recognized and malfunctioned.

But I see Tampered on the phone's bootloader.
And when I tried to get the CID using that command - it says WAITING FOR THE DEVICE.
does not sho up anything ...

is it Bricked ? :(

The computer detects the phone correctly when the phone is in normal mode
but after it boots to bootloader, it does not recognize it.

any solution ?
 
U

utdps

Senior Member
Jun 15, 2010
79
14
Dallas, TX
jill45 said:
Hi,

I've tried all the steps correctly.
After the bootloader reboot command, when the phone boots to bootloader, I am getting a popup on the computer screen that the USB device is not recognized and malfunctioned.

But I see Tampered on the phone's bootloader.
And when I tried to get the CID using that command - it says WAITING FOR THE DEVICE.
does not sho up anything ...

is it Bricked ? :(

The computer detects the phone correctly when the phone is in normal mode
but after it boots to bootloader, it does not recognize it.

any solution ?
Click to expand...
Click to collapse

I have the exact same situation going on right now. It says tampered but I can't get the CID.

Sent from my Nexus 7 using xda premium
 
J

JoeJags

Senior Member
Jan 17, 2011
205
41
nhshah7 said:
Yep, line by line. Some people have had some errors with this method and I'm trying to figure out what's going on and why it's not working. The more information I have the better able I am to help people having issues.

Sent from my One X using xda app-developers app
Click to expand...
Click to collapse

Just wanted to thank you again for all of your efforts in this problem. But I ran into too good of a deal with a friend, and I no longer have my One X. I have a Nexus 4 being delivered in a couple of days. AND THEN I come back here today and see your new instructions, and I don't even get to try it. Oh well. I hope this works our for everyone........

If you have anything in the Nexus 4 section of XDA, I'll be seeing you soon......

Thanks again......
 
nhshah7

nhshah7

Senior Member
Feb 14, 2009
2,068
568
Boston
jill45 said:
Hi,

I've tried all the steps correctly.
After the bootloader reboot command, when the phone boots to bootloader, I am getting a popup on the computer screen that the USB device is not recognized and malfunctioned.

But I see Tampered on the phone's bootloader.
And when I tried to get the CID using that command - it says WAITING FOR THE DEVICE.
does not sho up anything ...

is it Bricked ? :(

The computer detects the phone correctly when the phone is in normal mode
but after it boots to bootloader, it does not recognize it.

any solution ?
Click to expand...
Click to collapse

Sounds like a driver issue if you're able to get into bootloader fine. Go to device manager (just type it into the start menu) and if there's is anything there under usb or devices with a yellow box or some sort of error then that's the problem. The sdk contains drivers so you may be able to manually update them by browsing to the sdk folder when you ask windows to update its drivers.

Wait a second... That's not right (I realize this the second I hit post lol). If it were a driver issue then it wouldn't even have run the exploit. Try the original usb cable and a different usb port. It should work. Reboot your computer too.

But no, bricked means you can't even boot into android and the device is completely broken so you are far from that.



utdps said:
I have the exact same situation going on right now. It says tampered but I can't get the CID.

Sent from my Nexus 7 using xda premium
Click to expand...
Click to collapse



Sent from my One X using xda app-developers app
 
Last edited:
  • Like
Reactions: jill45
J

jill45

Member
May 16, 2013
6
0
Unlocked :)

@ nhshah7

hey !! it worked
I just connected the cable to the other USB port and tried it.
It gave me CID all 1's
and I unlocked successfully from htcdev.com

Thank U, so much !!
-------

Ok, Now I've another small question for u.. (sorry 2 bother u. I know I should search this in this site).
But just wanna let u know what I am trying to actually do, so that u can guide me further...

What should I do next ?

Step 1.Recovery & then
Step 2.Root

And I dont want to install any ROM's in this, so just stop after 2nd step and start using the phone ?
will I have the control to install/uninstall all the app's from my phone ?
 
S

spacely8

Member
May 26, 2013
20
2
Maryland
Sooooo....I bricked my phone....

I was doing great and this process isn't the reason why it happened. I was able to unlock bootloader, flash the recovery, and gain root access by flashing SuperSU. I had a lot of trouble trying to gain S-Off, having a failed 99 issue (I went to the thread for help with that with no avail). So I just quit with trying that. So went on trying to install a custom rom. Was going with cyanogenmod 10.1 but it was failing when trying to flash it and was wondering why. Kept trying to flash it and it kept failing and tried to figure out what the problem was....then my phone went into a continuous boot and after a couple of minutes it turned off and would not come back off. No lights when plugging it in, a messed USB sound when plugging it into the computer and a dead screen.
Figured out the problem and wasn't that difficult at all: The AT&T version of this phone is called the "HTC ONE XL" not the One X. I thought I read enough on that but guess I skipped over this small but significant detail, thinking the XL was like a large version or something of the One X haha

So moral of the story for all newbs out there:
Your AT&T phone is the HTC ONE XL so go to that page on this site for roms and such.

Is there any advice out there for what I should do? Any hope or just get a new phone?
 
exad

exad

Senior Member
Jan 26, 2010
3,459
1,518
Montreal
True and also well documented on this forum. Other moral, read lots before rooting/flashing.

Sent from my One X using xda app-developers app
 
nhshah7

nhshah7

Senior Member
Feb 14, 2009
2,068
568
Boston
spacely8 said:
Sooooo....I bricked my phone....

I was doing great and this process isn't the reason why it happened. I was able to unlock bootloader, flash the recovery, and gain root access by flashing SuperSU. I had a lot of trouble trying to gain S-Off, having a failed 99 issue (I went to the thread for help with that with no avail). So I just quit with trying that. So went on trying to install a custom rom. Was going with cyanogenmod 10.1 but it was failing when trying to flash it and was wondering why. Kept trying to flash it and it kept failing and tried to figure out what the problem was....then my phone went into a continuous boot and after a couple of minutes it turned off and would not come back off. No lights when plugging it in, a messed USB sound when plugging it into the computer and a dead screen.
Figured out the problem and wasn't that difficult at all: The AT&T version of this phone is called the "HTC ONE XL" not the One X. I thought I read enough on that but guess I skipped over this small but significant detail, thinking the XL was like a large version or something of the One X haha

So moral of the story for all newbs out there:
Your AT&T phone is the HTC ONE XL so go to that page on this site for roms and such.

Is there any advice out there for what I should do? Any hope or just get a new phone?
Click to expand...
Click to collapse

Can't get to recovery or bootloader? If not, you might need to call att for a replacement :-\

Sent from my HTC One X using xda app-developers app
 
S

spacely8

Member
May 26, 2013
20
2
Maryland
No, it won't even power up. I think it's hard bricked. It's ok though because I learned a lot through the process. Went to the AT&T store today and had my SIM switched to my old Captivate. Debating whether to send it back for a replacement or buy a new phone. A person on my plan has an upgrade that they are willing to give me. Also looking at getting the Nexus 4, won't have to deal with all this AT&T bullcrap

UPDATE:

PHONE'S NOT BRICKED. Thought it was but tried booting it up after a day and it booted up. Went into a continuous bootloop though but I am able to get into bootloader. Will try factory resetting

UPDATE:

Problem solved, saved my phone, happiest man on Earth
 
Last edited:
You must log in or register to reply here.

Similar threads

grankin01
[UNLOCK] AT&T Bootloader Unlock Through HTC-Dev
Replies
1K
Views
596K
liquidx
liquidx
kennethpenn
  • Locked
[ROOT] One Click HTC One X (AT&T/Rogers/Others) (Win/Mac/Linux)
Replies
870
Views
773K
orangekid
orangekid
Turge
  • Poll
[ROM][SEP 22] Team Venom ViperXL 4.2.0 | Sense 5 | Venom Tweaks | OTA Updates
Replies
19K
Views
2M
T
Tmobilefan906
M
[ROOT] HTC One X AT&T 3.18
Replies
182
Views
206K
J
jerryspring
D
[ROOT] HTC One X AT&T 2.20 Firmware - X-Factor root exploit
Replies
584
Views
358K
J
jerryspring

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 45
    M
    myusernam3
    GO HERE AFTER CAREFULLY FOLLOWING THIS PROCEDURE TO INSTALL ROMS, S-OFF, ETC.
    delacerda said:
    Confirmed! Stock AT&T OneX on 3.18 JB 4.1.1. SuperCID 11111111 , HTC Dev bootloader unlocked, TWRP recovery installed, perm rooted.
    Click to expand...
    Click to collapse
    nhshah7 said:
    Got SuperCID and about to unlock after I backup some data. :)

    Thank you so much!

    Here is what I did and what worked for me:

    Copy oneXchopper, ownage, and busybox files to folder with ADB (this is if you have the android sdk)
    Code: 
    adb push oneXchopper /data/local/tmp/xpwn
adb push busybox /data/local/tmp/busybox
adb push ownage /data/local/tmp/phase1.sh
adb shell chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
adb shell 
      (within ADB shell)
      ln -s /data/local/tmp/busybox /data/local/tmp/sed
      /data/local/tmp/xpwn

You will see this: 
[+] This may take a few minutes.
[+] Success!
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.008 secs (128000 bytes/sec)

exit (will exit from shell)

adb reboot bootloader

    This will reboot you to the bootloader. If you have the android SDK, you can confirm superCID via the command "fastboot getvar cid".

    Next step, hit up HTCdev.com for an unlock code!

    Thanks man :)
    Click to expand...
    Click to collapse

    Root on the ATT 3.18 firmware for HTC One XL and SuperCID. Linux only for now due to laziness.
    Here ya go, just extract and run pwn.sh. This automated method is untested, however I have done it manually to my own phone last night.
    Just to clarify, this is a temp root which sets your CID to SuperCID allowing a bootloader unlock via HTCDev. It does NOT install Superuser or anything of that sort.

    I'm not responsible for bricks, warranty voiding, etc. and please let me know if this works or if I need to tweak some things. It SHOULD handle everything automatically.

    Thanks to Dan Rosenberg for Motochopper, which I modified very slightly for use in this script.
    Thanks also to the people who paid the bounty. You guys are awesome and probably just bought me something nice. Not sure what yet :p
    One more thanks to Daft Punk for providing some decent music to listen to while I worked on this. I was up all night to get lucky xD

    A backup of mmcblk0p4 is made in /sdcard/backup.cid. You can run /data/local/tmp/xpwn manually and restore this backup should things go wrong.

    dd if=/sdcard/backup.cid of=/dev/block/mmcblk0p4

    This script is sponsored, created, and fueled by absolute hatred of AT&T. Enjoy your HTC Dev unlock!

    UPDATE: There is now a Windows auto-pwn script available, thanks to Megadoug13.
    You can get it from HERE
    I am unable to test or really work with this because I have no Windows box, so contact Megadoug13 if it doesn't work.
    The instructions I received with this package are as follows:
    Megadoug13 (via email) said:
    Just double click "ONLY ONE X" have usb debugging on. and when the phone gets into bootloader it wont tell you that your cid is 11111111. just get your token id and then submit at htcdev. this is only the cid change script. oh make sure to unzip it lol. dont click on anything BUT "ONLY ONE X"
    Click to expand...
    Click to collapse
    View
    16
    nhshah7
    nhshah7
    Okay, since people are having issues with the manual methods for Windows, I'm going to recommend installing using the Android SDK. @myusernam3, please remove the code from the OP and the other thread and replace it with a link to this post.

    DISCLAIMER: Please read this post 4 times over before you attempt this procedure. It may render your phone unusable (read: a brick) if you don't follow it correctly. I and anyone else associated with this exploit is not responsible for any issues that may arise from this process, such as if you brick your phone. Proceed at your own risk, and with extreme caution. This procedure is not for those who don't want to take the time to read and understand how this works.


    Download the android SDK and install it. Once that's done, open the android SDK manager and download platform-tools.
    Navigate to C:\Program Files (x86)\Android\android-sdk\platform-tools to make sure adb.exe and fastboot.exe are there.
    Download the files in the OP and then copy oneXchopper, ownage, and busybox to the platform-tools folder.

    Once the files are moved over, you need to open a command prompt window. In windows explorer open to that folder (platform-tools), hold down the shift button and right click anywhere in the folder (not on a file). Then click Open command prompt window here. You should then see a command prompt window open to the platform tools window.

    Plug in your phone and make sure USB debugging is enabled (Settings, developer options - enable this if it asks you, make sure USB debugging is checked). Now back in the command prompt, type "adb devices". It should show you HTCxxxxxxxxxx. That confirms that your phone and adb can see each other. If not, make sure you have the correct drivers installed. You can google around for help with this if you have trouble.

    With that, we're ready to start typing in commands!

    Type the following commands in one line at a time, minus the stuff in parenthesis. When you get to the first adb shell line, hit enter, then type the following line by line:
    chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
    ln -s /data/local/tmp/busybox /data/local/tmp/sed line
    /data/local/tmp/xpwn

    You'll see a bunch of lines of code (see below)

    Once this is all done, type in "exit", then "adb reboot bootloader" (at the bottom of the code quote)

    Code: 
    adb push oneXchopper /data/local/tmp/xpwn
adb push busybox /data/local/tmp/busybox
adb push ownage /data/local/tmp/phase1.sh
adb shell 
      (within ADB shell)
      chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
      ln -s /data/local/tmp/busybox /data/local/tmp/sed
      /data/local/tmp/xpwn

You will see this: 
[+] This may take a few minutes.
[+] Success!
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.008 secs (128000 bytes/sec)

exit (will exit from shell)

adb reboot bootloader

    You should now be in the bootloader. type in "fastboot getvar cid" and it should show you that your CID is "11111111". If so, it worked! From here, you can follow the instructions here to unlock your bootloader (go to htcdev.com and follow instructions for unlocking a device. in the dropdown device list, select the bottom "other" option).

    From there you have to flash TWRP (download link: http://techerrata.com/browse/twrp2/evita - NOTE download 2.3.3.1 because some roms don't flash via TWRP 2.5.0.0). Instructions on how to flash are here (http://techerrata.com/browse/twrp2/evita). you should install via the "Download - Recovery Image Method" - run the fastboot command from the platform-tools folder command prompt above. Your phone should be in bootloader ("adb reboot bootloader" will get you there if you are in android). Copy the downloaded recovery image file to the platform-tools folder, then input the command at the website above (fastboot flash recovery...). Once it flashes successfully, use the up/down volume buttons to select bootloader (on the phone itself), then select recovery via pressing the power button to select. In recovery, make sure you have your rom loaded on your phone first. then go to wipe, and click factory data reset and wipe system. then hit the home button, hit install then install the rom you want. (this is assuming you want to install a rom, not just root.

    After unlocking, it will wipe your SD card and you will lose all your sd card data and will have to load a rom to the SD card after unlocking it. it will boot up into the stock rom after you unlock so you can do that here after unlocking and/or flashing TWRP. Alternatively, you can flash SuperSU in recovery to obtain root in the stock rom, then obtain S-Off (see sticky in Developer sub-threads). If you want to use CM or any rom in the Original Android sub-thread, you will have to downgrade your touch-panel firmware. There are stickies in the Original Android Development sub-thread for this.

    Good luck!
    View
    6
    M
    myusernam3
    delacerda said:
    Confirmed! Stock AT&T OneX on 3.18 JB 4.1.1. SuperCID 11111111 , HTC Dev bootloader unlocked, TWRP recovery installed, perm rooted.
    Click to expand...
    Click to collapse

    Congratulations, you're the first. Enjoy.

    18th.abn said:
    Lastly, root access doesn't give you the ability to write to mmcblk0p4.
    Click to expand...
    Click to collapse

    Looks like somebody's wrong. Jerk.
    View
    4
    M
    myusernam3
    xxnatanxx said:
    I hate linux and command prompt. I follow the steps and it never works

    Sent from my HTC One X using xda app-developers app
    Click to expand...
    Click to collapse

    Uploading an auto-pwn for Windows right now, thanks to Megadoug13. It'll be in the first post.
    View
    2
    nhshah7
    nhshah7
    Subscribed and will test this once my phone is charged.

    Sent from my Transformer Prime TF201 using Tapatalk HD


    EDIT: Windows Manual method added from this post

    nhshah7 said:
    Okay, since people are having issues with the manual methods for Windows, I'm going to recommend installing using the Android SDK. @myusernam3, please remove the code from the OP and the other thread and replace it with a link to this post.

    DISCLAIMER: Please read this post 4 times over before you attempt this procedure. It may render your phone unusable (read: a brick) if you don't follow it correctly. I and anyone else associated with this exploit is not responsible for any issues that may arise from this process, such as if you brick your phone. Proceed at your own risk, and with extreme caution. This procedure is not for those who don't want to take the time to read and understand how this works.


    Download the android SDK and install it. Once that's done, open the android SDK manager and download platform-tools.
    Navigate to C:\Program Files (x86)\Android\android-sdk\platform-tools to make sure adb.exe and fastboot.exe are there.
    Download the files in the OP and then copy oneXchopper, ownage, and busybox to the platform-tools folder.

    Once the files are moved over, you need to open a command prompt window. In windows explorer open to that folder (platform-tools), hold down the shift button and right click anywhere in the folder (not on a file). Then click Open command prompt window here. You should then see a command prompt window open to the platform tools window.

    Plug in your phone and make sure USB debugging is enabled (Settings, developer options - enable this if it asks you, make sure USB debugging is checked). Now back in the command prompt, type "adb devices". It should show you HTCxxxxxxxxxx. That confirms that your phone and adb can see each other. If not, make sure you have the correct drivers installed. You can google around for help with this if you have trouble.

    With that, we're ready to start typing in commands!

    Type the following commands in one line at a time, minus the stuff in parenthesis. When you get to the first adb shell line, hit enter, then type the following line by line:
    chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
    ln -s /data/local/tmp/busybox /data/local/tmp/sed line
    /data/local/tmp/xpwn

    You'll see a bunch of lines of code (see below)

    Once this is all done, type in "exit", then "adb reboot bootloader" (at the bottom of the code quote)

    Code: 
    adb push oneXchopper /data/local/tmp/xpwn
adb push busybox /data/local/tmp/busybox
adb push ownage /data/local/tmp/phase1.sh
adb shell 
      (within ADB shell)
      chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
      ln -s /data/local/tmp/busybox /data/local/tmp/sed
      /data/local/tmp/xpwn

You will see this: 
[+] This may take a few minutes.
[+] Success!
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.001 secs (1024000 bytes/sec)
2+0 records in
2+0 records out
1024 bytes transferred in 0.008 secs (128000 bytes/sec)

exit (will exit from shell)

adb reboot bootloader

    You should now be in the bootloader. type in "fastboot getvar cid" and it should show you that your CID is "11111111". If so, it worked! From here, you can follow the instructions here to unlock your bootloader (go to htcdev.com and follow instructions for unlocking a device. in the dropdown device list, select the bottom "other" option).

    From there you have to flash TWRP (download link: http://techerrata.com/browse/twrp2/evita - NOTE download 2.3.3.1 because some roms don't flash via TWRP 2.5.0.0). Instructions on how to flash are here (http://techerrata.com/browse/twrp2/evita). you should install via the "Download - Recovery Image Method" - run the fastboot command from the platform-tools folder command prompt above. Your phone should be in bootloader ("adb reboot bootloader" will get you there if you are in android). Copy the downloaded recovery image file to the platform-tools folder, then input the command at the website above (fastboot flash recovery...). Once it flashes successfully, use the up/down volume buttons to select bootloader (on the phone itself), then select recovery via pressing the power button to select. In recovery, make sure you have your rom loaded on your phone first. then go to wipe, and click factory data reset and wipe system. then hit the home button, hit install then install the rom you want. (this is assuming you want to install a rom, not just root.

    After unlocking, it will wipe your SD card and you will lose all your sd card data and will have to load a rom to the SD card after unlocking it. it will boot up into the stock rom after you unlock so you can do that here after unlocking and/or flashing TWRP. Alternatively, you can flash SuperSU in recovery to obtain root in the stock rom, then obtain S-Off (see sticky in Developer sub-threads). If you want to use CM or any rom in the Original Android sub-thread, you will have to downgrade your touch-panel firmware. There are stickies in the Original Android Development sub-thread for this.

    Good luck!
    Click to expand...
    Click to collapse
    View

New posts