[TUTORIAL] How To Unlock Nand Protection ~ Part-2 [Gaining RW Access/Full Root]

Search This thread
By:
Advanced…
toastcfh

toastcfh

Retired Senior Recognized Developer
Feb 11, 2009
1,309
1,881
Lakeland, FL
THIS IS PART 2 OF A 2 PART GUIDE TO ROOTING THE EVO AND UNLOCKING NAND PROTECTION. YOU MUST FOLLOW THE STEPS IN THE PART 1 OF ROOTING TO BE ABLE TO PROCEED WITH THIS GUIDE. IF YOU HAVENT ROOTED USING MY METHOD, THEN FOLLOW THE LINK BELOW AND DO SO.

[TUTORIAL] How To Root The HTC EVO ~ Part-1 \0/

THANX:
- keishou (for the rooted build. without it none of this would be possible)
- Behnaam (my good friend and awesome dev. he tip me off on how to downgrade to older main versions)
- maejrep (for compiling us a recovery from Amon's source)
- Flipz (for being awesome :p)
- Stericson (for hosting the files for me)
- Amon RA (for his awesome recovery source on github that we used)

INTRODUCTION:

This process will allow you to unlock Nand protection on all partitions at all times via Engineering SPL. Without going into details and driving more confusion, lets get started. :D

FILES NEEDED:

- PC36IMG.zip ~> mirror-1
PC36IMG.zip md5sum~ fe8aba99893c766b8c4fd0a2734e4738
- View attachment mtd-eng.zip
- View attachment flash_image.zip
- recovery.img ~> mirror-1
STEP 1~NANDROID BACKUP:

- go into the recovery provided in the PART 1 root method and do a nandroid backup before u begin this. we will use this nandroid at the end of this tutorial to get u back where u were.

STEP 2~FLASHING MTD PARTITION TO ENABLE DOWNGRADE:

- down;oad all files posted above
- unzip the flash_image.zip and the mtd-eng.zip
- put the flash_image and mtd-eng.img on the root of your sdcard
- go into shell on ur pc and do:
Code: 
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image misc /sdcard/mtd-eng.img
- this should only take a second or two
- now put the PC36IMG.zip on the root of your sdcard
- power off the phone

STEP 3~FLASHING ENG BUILD:

- hold volume down + power to boot into hboot
- it should now find and verify the PC36IMG.zip on the root of your sdcard. itll show a blue status bar on the top right of the screen.
- after a minute or so it will ask u if u wanna flash SAY YES
- affter it flashes the PC36IMG.zip it will ask if you wanna reboot. SAY YES
- once booted into Android put the recovery.img linked above on the root of you sdcard
- on your PC open a shell again and do:
Code: 
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery.img
reboot recovery
- you should now be in recovery mode
- do a wipe of data and dalvik cache
- navigate to nandroid restore and restore the previous rom setup
- come here to the forum, get and flash the latest radio
- enjoy... you can now reboot into recovery, write to system and other partitions while in Android. Also you now have a Engineering SPL so you can fastboot and much more.

SCROLL DOWN TO SECOND POST FOR FAQ ;)
 
Last edited:
phinnaeus

phinnaeus

Senior Member
Apr 25, 2010
251
6
Seattle
toast rocks + unofficial FAQ

EPIC. WIN.

and toast, if you ever had a reason to sticky one of your own threads, I think this one is deserving.

Common Mistakes / Questions

Problem:
I can't download the files / They are corrupted / etc!!!!1!!!!1
Click to expand...
Click to collapse

How to fix:
Here's a mirror, thanks to lewi3069.
lewi3069 said:
http://cybermetricsystems.net/android/PC36IMG.zip
http://cybermetricsystems.net/android/flash_image.zip
http://cybermetricsystems.net/android/mtd-eng.zip
http://cybermetricsystems.net/android/recovery.img
Click to expand...
Click to collapse

----------------------------------------------------

Error:
Code: 
adb shell
# cat /sdcard/flash_image > /data/flash_image
cat /sdcard/flash_image > /data/flash_image
cat: can't open ' /sdcard/flash_image' : No such file or directory

How to fix:
Your sdcard isn't mounted properly. You can use ADB to push the files:
Code: 
adb push /path/to/flash_image /sdcard/flash_image
adb push /path/to/mtd-eng.img /sdcard/mtd-eng.img
or try to mount the card: (*note, this command only works from recovery. If you are inside the android OS you have to use adb remount. This is also how you test system r/w access, which is what this whole process gives you :)
Code: 
adb shell mount /sdcard

----------------------------------------------------

Error:
Code: 
mtd: erase failure at 0x00000000 (I/O error)
mtd: skipping write block at 0x00000000
mtd: erase failure at 0x00020000 (I/O error)
mtd: erase failure at 0x00020000 (I/O error)
mtd: skipping write block at 0x00020000
mtd: erase failure at 0x00040000 (I/O error)
mtd: erase failure at 0x00040000 (I/O error)
mtd: skipping write block at 0x00040000
mtd: erase failure at 0x00060000 (I/O error)
mtd: erase failure at 0x00060000 (I/O error)
(note: probably a lot longer than that)

How to fix:
You are using the wrong PC36IMG.zip file. Its not the same one from part one. Download the file listed in Toast's post, above.

----------------------------------------------------

Error:
Something about "Main version is older" ...not sure of exact syntax

How to fix:
You need to redo the mtd-eng.img step. Check and make sure you didn't get the sdcard mounting error.

----------------------------------------------------

Question:
Can I delete these files from my sdcard, now that I have finished?
Click to expand...
Click to collapse

Answer:
Sure. Alternatively, you can just throw them into a folder named whatever you want (example folder name: "files for rooting") and leave them there in case you need the later! Totally up to you, but yes they are safe to remove.

----------------------------------------------------

Question:
Do I have to backup/restore my nandroid? Can't I just flash a new ROM?
Click to expand...
Click to collapse

Answer:
Yep. The advantage of restoring your nandroid is I believe you get your radio back. Maybe not. It takes like 3 seconds to restore your radio anyway. I just flashed my ROM back over clean and used Titanium Backup which I strongly recommend to restore all my apps.
 
Last edited:
J

JustinLoe

Senior Member
May 3, 2009
74
3
Plucking Hot, Thanks. I'll edit this post later for soemthing meaningful like "donated".
 
Last edited by a moderator:
herbthehammer

herbthehammer

Senior Member
May 16, 2010
929
51
Outstanding Toast! Thank you oh so VERY MUCH!!! You made my day a lot happier...

Uh oh, is there something wrong? First off, after you finish step 1, you need to reboot the phone (or at least I did cause nothing was happening while sitting in recovery). Second, in step 3, I got so far as the img and then I got errors. I followed the instructions to the letter. Hell, I even rebooted and tried step 3 again ad still have the same problems.

Code: 
users-macbook:evo-recovery user$ ./adb-mac shell
# cat /sdcard/flash_image > /data/flash_image
# chmod 755 /data/flash_image
# /data/flash_image recovery /sdcard/recovery.img
mtd: erase failure at 0x00000000 (I/O error)
mtd: erase failure at 0x00000000 (I/O error)
mtd: skipping write block at 0x00000000
mtd: erase failure at 0x00020000 (I/O error)
mtd: erase failure at 0x00020000 (I/O error)
mtd: skipping write block at 0x00020000
mtd: erase failure at 0x00040000 (I/O error)
mtd: erase failure at 0x00040000 (I/O error)
mtd: skipping write block at 0x00040000
mtd: erase failure at 0x00060000 (I/O error)
mtd: erase failure at 0x00060000 (I/O error)
mtd: skipping write block at 0x00060000
mtd: not writing bad block at 0x00080000
mtd: erase failure at 0x000a0000 (I/O error)
mtd: erase failure at 0x000a0000 (I/O error)
mtd: skipping write block at 0x000a0000
mtd: erase failure at 0x000c0000 (I/O error)
mtd: erase failure at 0x000c0000 (I/O error)
mtd: skipping write block at 0x000c0000
mtd: erase failure at 0x000e0000 (I/O error)
mtd: erase failure at 0x000e0000 (I/O error)
mtd: skipping write block at 0x000e0000
mtd: erase failure at 0x00100000 (I/O error)
mtd: erase failure at 0x00100000 (I/O error)
mtd: skipping write block at 0x00100000
mtd: erase failure at 0x00120000 (I/O error)
mtd: erase failure at 0x00120000 (I/O error)
mtd: skipping write block at 0x00120000
mtd: erase failure at 0x00140000 (I/O error)
mtd: erase failure at 0x00140000 (I/O error)
mtd: skipping write block at 0x00140000
mtd: erase failure at 0x00160000 (I/O error)
mtd: erase failure at 0x00160000 (I/O error)
mtd: skipping write block at 0x00160000
mtd: erase failure at 0x00180000 (I/O error)
mtd: erase failure at 0x00180000 (I/O error)
mtd: skipping write block at 0x00180000
mtd: erase failure at 0x001a0000 (I/O error)
mtd: erase failure at 0x001a0000 (I/O error)
mtd: skipping write block at 0x001a0000
mtd: erase failure at 0x001c0000 (I/O error)
mtd: erase failure at 0x001c0000 (I/O error)
mtd: skipping write block at 0x001c0000
mtd: erase failure at 0x001e0000 (I/O error)
mtd: erase failure at 0x001e0000 (I/O error)
mtd: skipping write block at 0x001e0000
mtd: erase failure at 0x00200000 (I/O error)
mtd: erase failure at 0x00200000 (I/O error)
mtd: skipping write block at 0x00200000
mtd: erase failure at 0x00220000 (I/O error)
mtd: erase failure at 0x00220000 (I/O error)
mtd: skipping write block at 0x00220000
mtd: erase failure at 0x00240000 (I/O error)
mtd: erase failure at 0x00240000 (I/O error)
mtd: skipping write block at 0x00240000
mtd: erase failure at 0x00260000 (I/O error)
mtd: erase failure at 0x00260000 (I/O error)
mtd: skipping write block at 0x00260000
mtd: erase failure at 0x00280000 (I/O error)
mtd: erase failure at 0x00280000 (I/O error)
mtd: skipping write block at 0x00280000
mtd: erase failure at 0x002a0000 (I/O error)
mtd: erase failure at 0x002a0000 (I/O error)
mtd: skipping write block at 0x002a0000
mtd: erase failure at 0x002c0000 (I/O error)
mtd: erase failure at 0x002c0000 (I/O error)
mtd: skipping write block at 0x002c0000
mtd: erase failure at 0x002e0000 (I/O error)
mtd: erase failure at 0x002e0000 (I/O error)
mtd: skipping write block at 0x002e0000
mtd: erase failure at 0x00300000 (I/O error)
mtd: erase failure at 0x00300000 (I/O error)
mtd: skipping write block at 0x00300000
mtd: erase failure at 0x00320000 (I/O error)
mtd: erase failure at 0x00320000 (I/O error)
mtd: skipping write block at 0x00320000
mtd: erase failure at 0x00340000 (I/O error)
mtd: erase failure at 0x00340000 (I/O error)
mtd: skipping write block at 0x00340000
mtd: erase failure at 0x00360000 (I/O error)
mtd: erase failure at 0x00360000 (I/O error)
mtd: skipping write block at 0x00360000
mtd: erase failure at 0x00380000 (I/O error)
mtd: erase failure at 0x00380000 (I/O error)
mtd: skipping write block at 0x00380000
mtd: erase failure at 0x003a0000 (I/O error)
mtd: erase failure at 0x003a0000 (I/O error)
mtd: skipping write block at 0x003a0000
mtd: erase failure at 0x003c0000 (I/O error)
mtd: erase failure at 0x003c0000 (I/O error)
mtd: skipping write block at 0x003c0000
mtd: erase failure at 0x003e0000 (I/O error)
mtd: erase failure at 0x003e0000 (I/O error)
mtd: skipping write block at 0x003e0000
mtd: erase failure at 0x00400000 (I/O error)
mtd: erase failure at 0x00400000 (I/O error)
mtd: skipping write block at 0x00400000
mtd: erase failure at 0x00420000 (I/O error)
mtd: erase failure at 0x00420000 (I/O error)
mtd: skipping write block at 0x00420000
mtd: erase failure at 0x00440000 (I/O error)
mtd: erase failure at 0x00440000 (I/O error)
mtd: skipping write block at 0x00440000
mtd: erase failure at 0x00460000 (I/O error)
mtd: erase failure at 0x00460000 (I/O error)
mtd: skipping write block at 0x00460000
mtd: erase failure at 0x00480000 (I/O error)
mtd: erase failure at 0x00480000 (I/O error)
mtd: skipping write block at 0x00480000
mtd: erase failure at 0x004a0000 (I/O error)
mtd: erase failure at 0x004a0000 (I/O error)
mtd: skipping write block at 0x004a0000
mtd: erase failure at 0x004c0000 (I/O error)
mtd: erase failure at 0x004c0000 (I/O error)
mtd: skipping write block at 0x004c0000
mtd: erase failure at 0x004e0000 (I/O error)
mtd: erase failure at 0x004e0000 (I/O error)
mtd: skipping write block at 0x004e0000
error writing recovery: No space left on device

There were no errors up until this point. Did I do something wrong?
Nevermind for now. I read a few pages into this post and found out the img from step 1 is different from the img in this topic. Redownloading and trying again.
 
Last edited:
docsparks

docsparks

Senior Member
Aug 28, 2009
475
242
www.dcombl.com
Does this by chance at all increase the odds of being able to get AOSP 2.1 dialer/contacts on EVO?

Either way, THANK YOU.
::sifting for card to donate with::
 
jabbawalkee

jabbawalkee

Senior Member
Dec 22, 2008
2,043
172
Chevy Chase, MD
twitter.com
I'm having an issue...did first step of part 2 then put PC36IMG.zip on root of my sdcard, powered off, then did vol-down+power and it started to load the img (with blue thing in righthand corner)...next it said "Checking...PC36IMG.zip" but didn't ask me if I wanted to flash it.

What do I do?
 
G

geekykid

Member
Apr 9, 2010
43
1
Washington, DC
jabbawalkee said:
I'm having an issue...did first step of part 2 then put PC36IMG.zip on root of my sdcard, powered off, then did vol-down+power and it started to load the img (with blue thing in righthand corner)...next it said "Checking...PC36IMG.zip" but didn't ask me if I wanted to flash it.

What do I do?
Click to expand...
Click to collapse


im having the same issue. it goes through the steps of loading PC36IMG and then checks it but then kicks be back to the hboot menu. im going to redownload the file. perhaps it was corrupt.



edit: perhaps the file is corrupted on their server? im having the same issue.
 
Last edited:
jabbawalkee

jabbawalkee

Senior Member
Dec 22, 2008
2,043
172
Chevy Chase, MD
twitter.com
geekykid said:
im having the same issue. it goes through the steps of loading PC36IMG and then checks it but then kicks be back to the hboot menu. im going to redownload the file. perhaps it was corrupt.

ill repost when complete.
Click to expand...
Click to collapse

I redownloaded the file 5 times and still the same problem. I know I didn't do anything wrong because I followed the instructions to a T.

@TOAST - can you give us any indication of what to do? It didn't ask me if I wanted to flash PC36IMG.zip in HBOOT. What do we do?
 
C

chavo2005

Member
Oct 12, 2009
43
0
i've downloaded the PC36IMG.zip twice now.. and both times WinRAR is reporting the archive as corrupt. I am also unable to get it to flash...
 
You must log in or register to reply here.

Similar threads

toastcfh
  • Locked
[TUTORIAL] How To Root The HTC EVO ~ Part-1 \0/
Replies
1K
Views
856K
O
okolowicz
J
[Program] SimpleRoot .1 ---- 3 Click Root w/ nand unlock!!
Replies
769
Views
534K
Notorious
Notorious
Calkulin
[ ROM / 2-9 ] Calkulin's EViO 2 v1.8 [ 3.70 l Battery Saver script w/ Profiles ]
Replies
9K
Views
1M
S
Samsungmobile
myn
[ROM] Myn’s Warm TwoPointTwo - [RLS 5 - 01/07/2011] - More Than Meets The Eye!
Replies
48K
Views
6M
Sinistertensai
Sinistertensai
regaw_leinad
  • Locked
[GUIDE] How to root Android 2.2 on the EVO 4G Outdated
Replies
2K
Views
778K
mcmexican
mcmexican

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 1
    M
    maejrep
    joeykrim said:
    so this PC36IMG.zip is older, version 1.15 and engineering build with eng hboot where the other 1st posted PC36IMG.zip is version 1.32 and a userdebug build so no eng hboot?
    Click to expand...
    Click to collapse
    Correct.. the file MUST be named PC36IMG.zip, because that's what the radio looks for when doing an automatic RUU flash. Otherwise we would name them differently, based on what they are :) which would make it easier to keep track of
    where do you see these version numbers, 1.15 and 1.32?
    Click to expand...
    Click to collapse
    The version number is the "Build number" and "Software number" you see in About Phone. The eng one is called 1.15.651.1, and the stock one is "1.32.651.1". The misc.img replaces 1.32 with 1.15, and that allows it to flash.
    View
    1
    Notorious
    Notorious
    buzz86us said:
    does this give me full s-off? I tried the revolutionary method and it doesn't work because there are some bad blocks on the nand.
    Click to expand...
    Click to collapse

    You won't be able to use this. This was only for Froyo 2.2 if you have bad blocks there is nothing you can do about it

    Sent from my SPH-L710 using xda app-developers app
    View

New posts