How to Root Non-Sprint (Cellular South, Bluegrass Cellular, etc) CDMA Hero

Search This thread

ibegary

Senior Member
Nov 28, 2009
279
40
Bowling Green, KY
From the Eris rooting practices, the reason asroot2 doesn't work on our phones is because the /proc/sys/vm/mmap_min_addr is set to a non-zero value.

If you get it back to 0 you can use asroot2. Just posting as a FYI. I have a feeling when ERIS gets rooted, we will be able to as well.
 

ibegary

Senior Member
Nov 28, 2009
279
40
Bowling Green, KY
Gold card method successful, trying the Sprint RUU now. attaching SIMLOCK screen
 

Attachments

  • hero-goldcard.jpg
    hero-goldcard.jpg
    17.7 KB · Views: 399

ibegary

Senior Member
Nov 28, 2009
279
40
Bowling Green, KY
Now I got error 140 BootLoader Version Error. Attaching Screenshot and RUU_LOG
 

Attachments

  • 2nd-Attempt.jpg
    2nd-Attempt.jpg
    20.2 KB · Views: 55
  • RUU_091229T145232.txt
    5.5 KB · Views: 12

markachee

Senior Member
Oct 8, 2009
147
1
Hburg
Now if we can get the mr ruu it may work but dunno what else to try

Well they just posted it at that same link. Not sure it will get us anywhere but worth a try since you already have a goldcard setup.

http://geekfor.me/news/sprint-ruu-fails/

I'm also out of ideas after this one besides just waiting for a kernel exploit of some sort.

Though I still think there just might be some sort of buffer overflow vulnerability within the HTC specific RUU fastboot (adb shell reboot oem-78 ). I just can't figure out how to know if there really is anything or how to exploit it if I found anything.
 

ibegary

Senior Member
Nov 28, 2009
279
40
Bowling Green, KY
Appears to be working, its flashing the Radio now. Will give you updates to see if everything still works.
 

Attachments

  • update-radio.png
    update-radio.png
    8.4 KB · Views: 59

ibegary

Senior Member
Nov 28, 2009
279
40
Bowling Green, KY
Flashing was successful. Attaching RUU logs and Screenshot. Will edit this post on inital radio/data tests.

--------------
EDIT 1: Sprint Logo showed on boot.

Checking stock radio/data to ensure we haven't lost anything

PHONE: WORKS
SMS: WORKS
MMS: Shows Sprint settings, not sure how to edit for our settings
EVDO: WORKS

##778# is gone

Phone works perfectly, didn't have to re-program it or anything. MSL is still set to all 0's.

Just need to find a way to edit MMS settings.

Also I think we need to get rid of the voice mail notifications program. I think its intercepting the voice mail indication.
Will try rooting next.

-------------------------------
EDIT 2: Root!

C:\android-sdk-windows\tools>adb push asroot2 /data/local/
836 KB/s (74512 bytes in 0.087s)

C:\android-sdk-windows\tools>adb shell
$ cat /proc/sys/vm/mmap_min_addr
cat /proc/sys/vm/mmap_min_addr
/proc/sys/vm/mmap_min_addr: No such file or directory
$ cd /proc/sys/vm
cd /proc/sys/vm
$ ls
ls
overcommit_memory
panic_on_oom
oom_kill_allocating_task
oom_dump_tasks
overcommit_ratio
page-cluster
dirty_background_ratio
dirty_ratio
dirty_writeback_centisecs
dirty_expire_centisecs
nr_pdflush_threads
swappiness
lowmem_reserve_ratio
drop_caches
min_free_kbytes
min_free_order_shift
percpu_pagelist_fraction
max_map_count
laptop_mode
block_dump
vfs_cache_pressure
$ exit
exit

C:\android-sdk-windows\tools>adb push asroot2 /data/local
1039 KB/s (74512 bytes in 0.070s)

C:\android-sdk-windows\tools>adb shell
$ chmod 0755 /data/local/asroot2
chmod 0755 /data/local/asroot2
$ /data/local/asroot2 /system/bin/sh
/data/local/asroot2 /system/bin/sh
[+] Using newer pipe_inode_info layout
Opening: /proc/1016/fd/3
SUCCESS: Enjoy the shell.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /system/bin
cd /system/bin
# cat sh > su
cat sh > su
# chmod 4755 su
chmod 4755 su
#


Looks like we got a winnar!!
------------------------
EDIT 3:

It appears my EVDO has quit working and some how the settings were changed between the first reboot and now. I believe its the sprint DSA which you can find in the ##3282#. Going to re-input and try again.
------------------------
EDIT 4:

It appears Sprint DSA forced my phone to Simple IP which my Network won't support, I'm using QPST to restore MIP. Just a heads up for those who are trying.
------------------------
EDIT 5:

Had to use QPST to restore EVDO Data, very simple. Cell South users probaboly wont have to do that step since you probaboly support Simple IP.

This is going to be my last post since everything is working so well. Will post updates if I can get MMS working. Also if you have any questions.

Thanks!
 

Attachments

  • finished.jpg
    finished.jpg
    19.6 KB · Views: 63
  • RUU_091230T085928.txt
    15.9 KB · Views: 57
Last edited:

markachee

Senior Member
Oct 8, 2009
147
1
Hburg
Looks like we got a winnar!!
------------------------
EDIT 3:

It appears my EVDO has quit working and some how the settings were changed between the first reboot and now. I believe its the sprint DSA which you can find in the ##3282#. Going to re-input and try again.
------------------------
EDIT 4:

It appears Sprint DSA forced my phone to Simple IP which my Network won't support, I'm using QPST to restore MIP. Just a heads up for those who are trying.
------------------------
EDIT 5:

Had to use QPST to restore EVDO Data, very simple. Cell South users probaboly wont have to do that step since you probaboly support Simple IP.

This is going to be my last post since everything is working so well. Will post updates if I can get MMS working. Also if you have any questions.

Thanks!

Awesome! Thanks for the detailed result!

Are there settings I should make a note of beforehand in case EVDO doesn't work? I'm not familiar with what QPST, Simple IP, etc. are.

Cellular South's MMS already doesn't work so that's one I won't have to worry about.
 

ibegary

Senior Member
Nov 28, 2009
279
40
Bowling Green, KY
Right after your phone reboots after flashing Sprint's RUU, I would turn your phone in to airplane mode (preferably before data connects).

Go to phone dialer and do a ##3282# (##DATA#) and go to Advanced. Scroll down to sprint DSA and change it to something random, like I did: http://google.com

That should keep your settings in there. For some reason if it dont, you can use QPST (which is a phone programming tool) to put your Cell south settings back in (their all over google).

Mine has been running great, running fresh 1.0 and a transparent lockscreen. Loving it.
 

markachee

Senior Member
Oct 8, 2009
147
1
Hburg
Right after your phone reboots after flashing Sprint's RUU, I would turn your phone in to airplane mode (preferably before data connects).

Go to phone dialer and do a ##3282# (##DATA#) and go to Advanced. Scroll down to sprint DSA and change it to something random, like I did: http://google.com

That should keep your settings in there. For some reason if it dont, you can use QPST (which is a phone programming tool) to put your Cell south settings back in (their all over google).

Mine has been running great, running fresh 1.0 and a transparent lockscreen. Loving it.

Awesome, thanks again. Here we go!
 

quietcblongs

Senior Member
Nov 8, 2009
117
0
Have you've been able to find a Cell South RUU? That would be helpful in building a more suitable ROM for rooted phones. Hopefully, the sequence can be like this:
1. Flash Sprint RUU
2. Root and install nandroid
3. Flash to a rooted Cell South RUU based ROM
Maybe someone can see if HTC will give out the Cell South RUU, I presume they've been the source for Sprint's RUUs.
 

markachee

Senior Member
Oct 8, 2009
147
1
Hburg
Have you've been able to find a Cell South RUU? That would be helpful in building a more suitable ROM for rooted phones. Hopefully, the sequence can be like this:
1. Flash Sprint RUU
2. Root and install nandroid
3. Flash to a rooted Cell South RUU based ROM
Maybe someone can see if HTC will give out the Cell South RUU, I presume they've been the source for Sprint's RUUs.

I have had zero luck with trying to find a good source for RUUs. HTC e-mail support just told me how to factory reset my phone. I haven't tried Cellular South support yet but I can imagine the headache trying to explain to them exactly what I'm looking for. They seem to just magically appear on the Internet.

But with the luck ibegory has had, I don't think I'm too worried about having the wrong radio anymore.

Got side tracked and haven't been able to flash mine yet, but I will later tonight.
 

ibegary

Senior Member
Nov 28, 2009
279
40
Bowling Green, KY
Just keep in mind that a Cell South or any non-Sprint branded RUU probaboly won't be useful since the asroot2 exploit was patched in those versions.

I consider us lucky that it wasn't patched in the MR1 RUU release that flip posted.

I would like someone else to try before we call it good. Just some of my notes:

(1) Create & Test a Gold Card (a 2GB SanDisk worked for me). Outlined by markachee in Post #27. You should see something similar to the image attached on post #42.

(2) While the Gold Card is in your phone, run the new RUU: http://geekfor.me/news/sprint_ruu_156/

(3) After phone reboots, quickly (before first data connection) put phone in Airplane mode (Push down the end call button until the power off options appear, choose airplane mode).

(4) Go to dialer and do a ##3282# (##DATA#) and go to advanced. change the Sprint DSA to something random (i.e. http://google.com). Press menu and commit modifications.

(5) Turn off airplane mode.

(6) Verify radio (phone calls) and data connectivity. If you weren't quick enough on step 4 you may need QPST to put your settings back in. QPST version 2.7 build 313 worked great for me. Settings for your carrier can be found by googling.

(7) Root your phone as outlined in this post on XDA: http://xdaforums.com/showthread.php?t=583291

----------------

a. My personal recommendations is to remove the visual voice mail app since its useless to us. You can do this by removing the /system/app/Sprint_Core.apk

b. Get MMS working by modifying the telephony.db in /data/data/com.providers.telephony/databases directory. You'll need to know some sqlite commands to modify the 'carriers' table and change the sprint settings to your settings. Verified working with Bluegrass.

c. Speed dial #2 has been replaced by Sprint's Customer Care # (*2). Working on seeing how that can be released. will keep you posted.


Thanks to everyone who made it possible. It's nice to have a phone thats open to whatever I want to do with it.
 

markachee

Senior Member
Oct 8, 2009
147
1
Hburg
Just keep in mind that a Cell South or any non-Sprint branded RUU probaboly won't be useful since the asroot2 exploit was patched in those versions.

I consider us lucky that it wasn't patched in the MR1 RUU release that flip posted.

I would like someone else to try before we call it good. Just some of my notes:

(1) Create & Test a Gold Card (a 2GB SanDisk worked for me). Outlined by markachee in Post #27. You should see something similar to the image attached on post #42.

(2) While the Gold Card is in your phone, run the new RUU: http://geekfor.me/news/sprint_ruu_156/

(3) After phone reboots, quickly (before first data connection) put phone in Airplane mode (Push down the end call button until the power off options appear, choose airplane mode).

(4) Go to dialer and do a ##3282# (##DATA#) and go to advanced. change the Sprint DSA to something random (i.e. http://google.com). Press menu and commit modifications.

(5) Turn off airplane mode.

(6) Verify radio (phone calls) and data connectivity. If you weren't quick enough on step 4 you may need QPST to put your settings back in. QPST version 2.7 build 313 worked great for me. Settings for your carrier can be found by googling.

(7) Root your phone as outlined in this post on XDA: http://xdaforums.com/showthread.php?t=583291

RUU successfully applied and it booted! ... but no SMS or data, and when I try to make a call I get a fast busy signal...

Also, to change the DSA, what did you put in as the password when you go to edit? Where do I get that?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Update (October 7, 2010)
    Use ngholson's guide to root: http://xdaforums.com/showthread.php?t=581869&page=53#post8358998

    Posts in the first 40 or so pages of this thread are old old old. Try browsing through the last 10 or so pages if you have any problems.

    I may put a guide for using an App to root in this first post, but I don't have time right now.

    OLD OLD OLD Manual Root:

    This will still work, but ngholson's guide is a lot easier and you should definitely try it first.

    NOTICE / WARNING / READ THESE:
    1. I give no guarantees for anything that may or may not result from following these instructions (or any mistakes made).
    2. Doing this will probably void your warranty, BUT as long as you don't run some other carrier's RUU (not talking about ROMs here, talking about the official upgrade files. what's important is that your hboot version doesn't change) you can always just flash your carrier's RUU to go back to unrooted completely stock.

    Known issues:
    NONE! This is a clean procedure that leaves your current rom as is. Any issues you have will be related to whatever ROMs you choose to flash or additional packages you choose to flash to your current rom

    Steps:

    1. Upgrade to 2.1
    We know this works with the initial 2.1 updates, but later updates may patch it. If you have installed additional updates from your carrier, you may have to flash the original RUU to be able to root.

    2. Download and extract the Android SDK
    http://developer.android.com/sdk/index.html
    You really only need this for the adb binary. If anyone can suggest a better way to get it than downloading the entire SDK, let me know.

    3. Download and install HTC Sync
    Some carriers have specific versions of HTC Sync (I know Cellular South does).
    You could also just install the adb drivers.

    4. Download the hack and extract it to your SDK tools directory. (or wherever you have adb)
    It's attached to this post.

    5. Turn on USB Debugging on your phone
    Settings -> Applications -> Development -> USB Debugging

    6. Plug your phone in USB

    7. Run the script
    For Windows this is runindos.bat. You should be able to just double click it.
    That's it. This will flash the Darch version of AmonRA's recovery.

    8. BACKUP
    At this point you should probably backup your current stock rom (see Recovery guide below) and backup your PRL. (navalynt has good instructions on this in his root guide).

    Now you can flash a custom rom or just flash the provided su.zip (see Recovery guide below) for Superuser Permissions (root) within your current rom.


    Recovery

    Recovery is where you can backup, restore, and flash ROMs or additional app zips.

    To enter Recovery mode on your phone, power the phone off. Then hold home and press the power button. Keep holding home until you get the recovery screen.

    You'll see several options, but the first thing you'll want to use is Backup.I've always used the nandroid option, not sure of the differences between it and bart. Backing up does exactly what you'd expect: copies your current ROM to your sd card. It doesn't change anything on the phone. It does take a few minutes so be patient.

    Most roms will suggest you wipe first, and there is a menu option for that in recovery also. Just choose wipe, then factory reset. This does nothing to your sd card and only wipes application data (app installed from the market, settings for any app, etc).

    After you've backed up, Recovery is also where you flash new ROMs or additions to your current ROM. It's easiest to pick a rom you want on your pc, and transfer it to your phone over usb. you can either do this the normal way, or if you're already in recovery, there is a USB-MS option you can use. Some Recoveries require flashable zips to be in the root of your sd card (not in any directory). After the ZIP is on your sd card, choose "install zip from sdcard" and pick the zip of the ROM you want. That's it. After it's done flashing, reboot your phone. If you wiped and flashed a full ROM, the first will take several minutes.

    If you flash a ROM and either get stuck in a boot loop or just don't like it, go back into recovery under the Backup option and choose nandroid restore. Pick the option you get (it's a directory named with your phone's serial number) and you'll see a list of backups named with the date/time they were created. Choose which one you want to restore, wait a few minutes, then reboot and you'll be back to exactly where you were.
    1
    After I run the script my phone do not do anything.

    Read my post carefully. If you follow the instructions it will work.
    1
    Before trying this i would recommend that you try using z4root first. z4 will root most devices.

    **NOTE** When i wrote this i did it for the assistance of cellular south customers that were concerned that all of the rooting methods erroneously appear to be sprint specific. This, however, should work with all hero's.

    **NOTE** recently it was brought to my attention that the Androot program will not work with the most recent update from sprint. if you find this to be the case with your hero, try Regaw's rooter here http://xdaforums.com/showthread.php?t=909258

    **NOTE** If AndRoot does not work for you try Regaw's rooter here http://xdaforums.com/showthread.php?t=909258

    Need to root a cellular south hero? this should also work on most all carriers. (I am a cellular south hero user, this is the method that i used and it worked just fine.)

    before we begin you need to change some settings on the phone. go to SETTINGS -> APPLICATIONS check the box that says 'Unknown Sources'
    then go to SETTINGS -> APPLICATIONS -> DEVELOPMENT and check 'USB Debugging'
    you will also need to have HTC Sync installed (you may want to consider downloading the android SDK so that you have tools like ADB (android device bridge) which allows you to execute shell commands on the phone and push and pull data from a command line. for the purposes of this tutorial it is not necessary to have the sdk.)

    you need to download Universal AndRoot. you can either download it to your computer and copy it to your phone or download it directly to your phone. the PC download link is here

    if you want to download directly to your phone open your barcode scanner and point it at the following QR Code.

    AndroidUniversalandroidrootQRcode_thumb.jpg


    you also need a file manager such as ASTRO, this is available from the android market on your phone. once you have ASTRO on your phone, browse the SDCARD for the Universal AndRoot file that you downloaded. once you find it tap on it and choose Application Manager, and select install.

    run AndRoot select Root and let it do its thing.

    if you just wanted Root access to run programs that require root stop here, you are now rooted.

    /------- End of Rooting Guide-------/

    if you want to install a custom rom on your hero continue.

    /---- Start of custom rom guide ----/

    1st make sure that you have at least 500 MB free on your sdcard. it is a good idea to have a fully charged battery but not necessary, just make sure that you have at least 30% battery charged before you try using nandroid.

    at any point after this you may be asked to allow superuser permissions to different programs that we are using. make sure that you grant them.

    Ok next you need a custom recovery image. there are two that i know of. Clockworkmod and Amon, for this tutorial i am using ClockworkMod. if you want to use Amon stop here and search xda for further help on that, i have not used Amon.

    if, like me, you really had no preference which one you use. continue.

    go back to the Android Market and download ROM Manager by Clockworkmod. this will also install ClockworkMod Recovery Image. allow it to do its thing.

    now find what ROM you wish to run (ie: DangerRom, Cynogenmod, Fresh, Zen... etc...) download it to your computer and copy it to your SDCARD.

    next boot the phone in recovery mode. to do this turn the phone off. press and hold Home and Power until you get to the Clockworkmod recovery screen.

    using the trackball to scroll and select move down to Nandroid. and create a backup of your phone. (note: make sure that you have at least 30% battery before starting nandroid backup or restore.)

    once the backup is complete the Green text menu will appear at the top. use the back button on your phone to go back.

    now 'Wipe data/factory reset' and confirm.
    also clear the dalvik cache on your phone.

    now choose 'Install zip from sdcard' then 'choose zip from sdcard' locate the ROM you want to install and select it. confirm your selections.

    wait for green menu to appear again select 'reboot system now' if this isn't an option use the back button and then choose it.

    this first boot will be a very very long one (can be up to 10 min). be very patient.

    if the phone goes into a 'bootloop' don't panic
    (this is described as the phone showing the HTC logo then the ROM logo then repeats over and over again. please note that it is normal on some roms for the HTC logo to come back once just before the getting started app loads)

    to fix a bootloop pull the battery from the phone to stop the process then boot in to recovery (home and power) and Wipe the data and the Dalvik cache. then reboot.

    if you are still stuck in a bootloop go back to recovery and choose nandroid -> restore and restore to your previous rom.

    I hope that this helps everyone that is looking to root and/or install custom rom on their Cellular South Hero.

    NOTE: there is a lot of talk about radio versions and upgrading. if you decide to do this you, are on your own. flashing a bad radio is the only known way to completely brick your phone. only flash a new radio if you are absolutely 100% sure that it will work with your phone and have checked the MD5 checksum.
    1
    Have you tried One click Root APK for CDMA Hero by jcase? It worked for the new cellular south update.
    1
    Anybody have success with ngholson's instructions for a root/custom ROM on a nTelos Hero?

    I rooted using his AndRoot instructions. I installed CM 6.1 and gapps following the Full Update Guide for the CDMA Hero on cyanogenmod's wiki (sorry, can't post a link since I'm a n00b). ngholson's instructions look similar, but if it's your first time, the ones on the wiki are pretty complete and foolproof.