~ ~ ~ CREDITS ~ ~ ~
HUGE thanks to everyone whose research and work aided us in discovering a way for downgrading from HBOOT 1.19/1.15 down to HBOOT 1.12!
I will do my best to mention all of the sources that were used here but please do forgive and let me know if I failed to mention you for your work.
- Fuses and the rest of Team Unlimited for their awesome original work on emmc_recover!
- closeone for starting work on the LiveCD HBOOT Downgrade Toolkit as soon as he heard the news! We're all looking forward to using this.
- yarrimapirate for narrowing down the list of action steps that needed to be taken and proving for this method to work on HBOOT 1.19! He also did an awesome job consolidating and documenting the steps that needed to be taken, and posting an updated downgrade package.
- 18th.abn and niceppl for their work on HTC One X methods which inspired this.
- The great community of like-minded Android fans who posted thought provoking questions, suggestions, and their daring results. Thank you, everyone!!
WARNINGS AND DISCLAIMERS:
- UNTIL FURTHER NOTICE, I'M WARNING EVERYONE THAT IS *ALREADY S-OFF* TO NOT TRY THIS METHOD!!!
- You are solely responsible for your own actions and the potential for permanently BRICKING your device.
- Do NOT attempt to hold anyone liable for the damages caused by your decision to use this information.
- RISK! RISK! RISK! THIS MAY NOT WORK AS EXPECTED RESULTING IN A BRICKED PHONE!
- Doing a soft-brick is part of this procedure; however, you run the risk of actually killing your phone if you don't have enough patience, time, and attention to detail.
- I can not stress enough how important it is to be very careful and read this whole post in order to see what the procedure entails and to gage your confidence in yourself and weigh the risks.
- Before you modify anything on your phone: BACKUP! You will not regret it.
- Finally, only those brave and experienced enough should attempt these steps! Please understand that you could turn your phone into A PERMANENT BRICK.
- STOP and WAIT if you have any reservations on this, an easy-to-use solution is on the way. You've waited perhaps months, you can probably wait another week for a safer solution!
SOME EXPERIENCE NECESSARY
- THIS POST ASSUMES THAT YOU HAVE SOME PREVIOUS EXPERIENCE AND MODERATE UNDERSTANDING OF THE TERMS, TOOLS, METHODS, AND CONSEQUENCES OF INTENTIONALLY CORRUPTING AN eMMC PARTITION AND PUTTING YOUR PHONE IN QC DOWNLOAD MODE.
- THIS IS NOT A N00B-FRIENDLY GUIDE, SORRY!
- If you are new here, WELCOME!
- Do have a look here to learn more about Android hacking.
- Also, check out Don't Panic -- A must read for beginners, includes troubleshooting guide by om4.
Please DO NOT go onto Team Unlimited IRC for help with the downgrade!They can only assist you with the tools that they directly created and advertised as supported via Team Unlimited IRC. If you have questions regarding the downgrade method, please post here or on yarrimapirate's thread.
NOT ON SPRINT?
If you are NOT USING SPRINT, flashing HTC STOCK RUUs mentioned in this guide will revert you to the stock Sprint programming!
~ ~ ~ U P D A T E S ~ ~ ~
October 31, 2012
NO-DOWNGRADE S-OFF for 1.19 and 1.15!
Team Unlimited has just given a word that they are about to release a NO-DOWNGRADE S-OFF for 1.19 and below.
Please see their post here.
HBOOT 1.15/1.19 downgrade tool (Linux)
yarrimapirate has created a dedicated thread for his new Linux-based downgrade tool. This is in beta testing as of October 21 but it appears to be very stable and successful.
Be careful and follow his instructions!
Please see his post HERE.
Hands-on downgrade for the tech savvy
yarrimapirate has proven for this to work on HBOOT 1.19. So now this means that both 1.15 and 1.19 can be downgraded! yarrimapirate also narrowed down the eMMC partition list to just one for the QC Download Mode. He kindly rewrote the directions and tweaked them to work with the newer discoveries.
Please see his post HERE.
HBOOT LiveCD Downgrade Toolkit
closeone has kindly taken on the task of making a Downgrade LiveCD and posted an update on his HBoot Downgrade Toolkit. It's still in private testing stage but we expect to see the testing come to a closing and the Toolkit maturing into an easy-to-use solution.
Check it out here.
~ ~ ~ ARCHIVE ~ ~ ~
ORIGINAL DOWNGRADE INSTRUCTIONSPress SHOW CONTENT button to view the OP from October 11, 2012.
- My immediate goal here is to get this information out regarding my successful downgrade from HBOOT 1.15/1.19 to 1.12 followed by LazyPanda S-OFF.
- This post will be initially rough. Check back in often.
- Do note that this was all done in Linux on Ubuntu 12.04.1 32-bit VM and Fedora 16 32-bit physical host. There is no reason that I used two different distros other than what was at hand. If you got skillz, you can do this all in a VM but beware of the pains when you are dealing with a device that changes USB modes very frequently during the flashing of eMMC
- Prior to starting this, a factory RUU restore to an HTC ROM that comes with and supports HBOOT 1.15. Some users chose to not bother with this and it seemed to work for them.
- After you do all of the steps and you get your device to boot from the softbrick on HBOOT 1.12, you will need to do another factory RUU restore to an HTC ROM with the version of the HBOOT that you are downgrading to. So since we are going to 1.12 HBOOT you need an HTC STOCK ROM with HBOOT 1.12 to flash all the other partitions into compliance. You don't want to have HBOOT 1.12 and all else that runs on 1.15! Plus, LazyPanda requires you to use a STOCK 1.13 ROM. Otherwise, you're gonna have a bad time...
- HTCDev unlock OR a temp root method. This is needed to mess with eMMC.
- Install TWRP 2.+ recovery once you root.
OVERVIEW OF HOW THIS WORKS:
- Qualcomm Download [QHUSB-DLOAD] mode is what we need
This QHUSB-DLOAD mode is significant because it gives us a chance to flash to mmcblk0p12 (HBOOT partition) and restore the backed up mmcblk0p5 partition that came from YOUR EVO. The only partition that actually needs to be corrupt is mmcblk0p5 (alternatively p4 but that is not recommended by Fuses).
~~~ STUFF HERE IS A LITTLE OUT OF DATE AND ASKS YOU TO DO SOME UNNECESSARY STEPS. I WILL BE UPDATING THIS IN A BIT. IF YOU ABSOLUTELY CAN NOT WAIT FOR A LIVECD, YOU MAY WISH TO FOLLOW WHAT yarrimapirate MADE AT THE LINK TOWARD THE TOP. DO BEWARE ALL OF THE CONSEQUENCES! ~~~
Make sure to follow the instructions of the script closely and for the sake of you succeeding *** BACKUP *** the partition that you are about to corrupt! You will not be able to get your phone working again (a strong hunch here ) without the correct partitions!
Brick your phone by corrupting p5. Then go to the emmc_recover steps below to fix the brick from your backed up partitions and flash a signed HTC HBOOT 1.12.
Basically, you want to run emmc_recover and tell it to use a specific byte chunk size of 24576 (so far I had the best results with that chunk size) to flash all of the needed partitions. Be patient, this will be slow as the tool only has 7-8 seconds at a time to write to eMMC. Then the device acts as a USB modem. This is the chance to recover the intentionally corrupt partitions AND put a new, lower version HTC HBOOT! The greatest usability of this tool, thoughtfully written by Fuses, takes the painstaking calculations and memorizations for sector offsets out and just does it for you. Slowly but surely.
Thanks to Fuses (got the latest source code from his Git repo), emmc_recover compiled on my Fedora box supports loading code to eMMC in increments, resuming at a sector at which the task was left off. I found that setting the chunk size to 24576 worked best at a cost of more time needed. I tried setting the value higher but that did not get the phone to post even after all partitions and HBOOT were flashed back, even HBOOT 1.15 did not POST. So stick with the 24576 byte chunk.
Commands to recover from the brick and downgrade hboot:
This is the order that I went by but theoretically it does not matter as long as you end with the HBOOT flash to sdb12 or sdc12 (maybe even sdd12 depending on your box).
The order I flashed in:
- Plug in your phone already in Qualcomm Download Mode aka brick and in the terminal typeto see if qcserial ttyUSB0: Qualcomm USB modem converter now connected to ttyUSB0 comes up. If you see it, good. If not, runCode:sudo dmesgand checkCode:sudo modprobe qcserialagain.Code:dmesg
- Make sure that all of your files are ready, backups specifically, binaries, and a . Open up 2 or more terminal tabs and runin tab 2.Code:sudo modprobe -r qcserial
- Now make a placeholder ttyUSB0 withstill in tab 2.Code:sudo mknod /dev/ttyUSB0 c 188 0
- In tab 1, run but don't press enter too many times just yet, else the tool will complain.in tab 2, after you are at the second 'press enter' prompt -- wait and jump into tab 2 to enable qcserial again withCode:sudo ./emmc_recover_new -f hboot_1.12.0000_signedbyaa.nb0 -d /dev/sdb12 -c 24576.Code:sudo modprobe qcserial
- Now you can hit enter in tab 1 to kick off the procedure and sit back. Once the HBOOT is done, do the magic partition 5 and cross your fingersCode:sudo ./emmc_recover_new -fmmcblk0p5 -d /dev/sdb5 -c 24576
- By the time you flashed the mmcblk0p5 image file to sdb5 or sdc5, you will get a pleasant surprise when your phone does yet another reset and this time you will see the HTC logo on your phone Don't let the ROM fully load (but it shouldn't be too bad if you do) and reboot into the bootloader (Vol - & Power) and check out your hboot version!
- Do the RUU restore to the ROM which contains HBOOT 1.12. As mentioned above, you don't want to be running HBOOT 1.12 with all the other bits of your phone expecting HBOOT 1.12.
- In the fastboot-usb, use your fastboot binary and run.Code:fastboot oem rebootRUU
- Once you see the plain HTC logo on your phone, do the. If you have a SuperCID you will see a warning about that, then you flash again and pre-ROM checks and flashed get done. You really know the rest for here.... I hopeCode:fastboot flash zip [ROM zip name here]
From here on, the rest is up to you, my friends!
Report back if you decide to try this method and let us know if you get stumped.
FREQUENTLY ASKED QUESTIONSI am going to comb through the posts here and pick out relevant Q&A's to post here. Feel free to PM me anything that you think should be here.
If you did understand the risks of doing this and now you find yourself stuck, please post and let people know. Don't freak out and try not to call up your carrier for a replacement. Chances are there's a simple way out. Practice patience and give yourself plenty of time when doing complex things such as this.
If you find yourself waiting for LazyPanda to reboot and it has been more than the 30 second average, wait a couple of minutes and then you will have to do one of the things below.
For a more complete FAQ, please check out yarrimapirate's FAQ here.
- The easiest is to just reboot your phone by hand and that should take care of it, <http://forum.xda-developers.com/showpost.php?p=32773482&postcount=159>.
- Use the official LP unbricker tool, <http://unlimited.io/lteunbricker.htm>.
- Could be simpler than #2 but I haven't tried it for this purpose, <http://unlimited.io/qhsusbdload.htm>.
- Also, check out post #2 in this <http://forum.xda-developers.com/showpost.php?p=27974032&postcount=2>. Thanks to lowetax for the link.