<Collaboration><Dev><Ideas> HTC Evo 2.3.3 Gingerbread Root Collaboration.

[skatrwannabe3]

Hey, great idea. Just so you know, there is no "bounty" on rooting the ota. I dont even know where that term came from. I just started a thread to say that I am desperate for root, I will pay for someone to figure it out. I never asked anyone or expected anyone else to throw money in on it too. It has since grown into a 600+ dollar pot, and I think that its a good thing. The people that take the time to root it should get a pat on the back.

On topic: I see a bunch of people saying to downgrade, isnt temp root gonna come before that? Shouldnt temp root be the thing to focus on first?

Didn't mean to add the negatory spin I've been reading up on the topic to sort of get an handle on the whole first root thing. The main goal is S-Off. To do that we use a method like Unrevoked, if one exists and there are none for 2.3, right? And we can't crack the bootloader since we don't have HTC's goods for an "official" signed zip. Many people suggest "tricking" the phone, but more people report using the PC36img doesn't work at all (because of the bootloader?). What other way can we make the phone think it's flashing an "upgrade" to Froyo?
I dunno what comes first, but mikey said temp root. What do we need to achieve that?

 

[backspacepc]

Didn't mean to add the negatory spin I've been reading up on the topic to sort of get an handle on the whole first root thing. The main goal is S-Off. To do that we use a method like Unrevoked, if one exists and there are none for 2.3, right? And we can't crack the bootloader since we don't have HTC's goods for an "official" signed zip. Many people suggest "tricking" the phone, but more people report using the PC36img doesn't work at all (because of the bootloader?). What other way can we make the phone think it's flashing an "upgrade" to Froyo?
I dunno what comes first, but mikey said temp root. What do we need to achieve that?

I agree, but what I was wondering is which files are used for signing the stock update in order to trick it.

Sent from the land of motorcycles!

 

[Nick N]

Many people suggest "tricking" the phone, but more people report using the PC36img doesn't work at all (because of the bootloader?). What other way can we make the phone think it's flashing an "upgrade" to Froyo?

So maybe 3.70 repacked and signed to look like a 4.25 update? If I had a Froyo Evo with S-On, I could use the current version of UnrEVOked to get S-off today?

In my recent experience the 4.24 file renamed to PC36IMG.zip loaded and updated just fine, obviously it reset the phone. The 3.70 file renamed PC36IMG.zip loaded but gave the error message:

Main Version Older! Update Fail!

 

[backspacepc]

So maybe 3.70 repacked and signed to look like a 4.25 update? If I had a Froyo Evo with S-On, I could use the current version of UnrEVOked to get S-off today?

In my recent experience the 4.24 file renamed to PC36IMG.zip loaded and updated just fine, obviously it reset the phone. The 3.70 file renamed PC36IMG.zip loaded but gave the error message.

Yes, that's what I was talking about.

Sent from the land of motorcycles!

 

[1gr8papa]

excellent idea for the thread. can we look at the hboot.img, boot.img, and recovery.img from the evo 4g 2.3.3 witha hex editor? configure them to look like a future update? or look for the sig in the same .img's from 3.70, grab the sig copy to 4.24? Just hoping! this is taking forever to get s-off. any word if the evo 3d or sensation perma-temp root will work for legacy evo's?

 

[backspacepc]

I've tried the temp root from the 3d and it will not work on the EVO.

Sent from the land of motorcycles!

 

[JBO1018]

excellent idea for the thread. can we look at the hboot.img, boot.img, and recovery.img from the evo 4g 2.3.3 witha hex editor? configure them to look like a future update? or look for the sig in the same .img's from 3.70, grab the sig copy to 4.24? Just hoping! this is taking forever to get s-off. any word if the evo 3d or sensation perma-temp root will work for legacy evo's?

The problem with trying to take an RUU and modify it to trick the phone into downgrading is anytime you change ANYTHING in an RUU it breaks the signature. Which means to make that RUU flash on a s-on device you would need to resign it with HTC's private key.


Sent from my HTC Thunderbolt

 

[xbiker321]

Keep up the good work guys. I have a friend who has an EVO 2.3.3 and needs it rooted.

 

[Nick N]

Has anyone (inside or outside EVO 4G dev) verified that it has to be signed with HTC's signature or simply signed with a later version number?

 

[HipKat]

First off, Brilliant thread!

Now, I'm no programmer, but I do believe I excel at common sense, and common sense tells me that what was said above about breaking the signature is the key. Any changes, and the signature fails, so, not knowing the process, it seems to me that the idea of decompiling the code in the pc36img to basically resign the version number is the way to go.

I can only imagine what that consists of, however, but if enough people take pieces of the file and start going through the code, line by line, someone is going to find that needle in the haystack.

 

[1gr8papa]

The problem with trying to take an RUU and modify it to trick the phone into downgrading is anytime you change ANYTHING in an RUU it breaks the signature. Which means to make that RUU flash on a s-on device you would need to resign it with HTC's private key.


Sent from my HTC Thunderbolt

Just run the 3.70 RUU, pull the rom.zip from temp folder. Grab the img's out of there. Then see if we can hex edit it to fool the newer hboot.

 

[ww3kc]

Thanks In Advance

Those of us who want to root our EVO's, but don't know what to do, really appreciate you people who DO know what you're doing!!

 

[1gr8papa]

Hhhm?

Isn't the newer private signature in the new ota? If so, can we grab and use that for the 3.70 PC36IMG? All theoretical of course.

 

[Nick N]

The 4.24 PC36IMG.zip update image is located here:

http://forum.xda-developers.com/showthread.php?t=1133379


Latest Firmware
Must be flashed through hBoot/Fastboot! Not Recovery.
PC36IMG - Radio_2.15.00.05.02 WiMAX_R4623-EVO27243 PRI_2.15_003

 

[bonao1851]

rooting evo

This is a good thing you are doing, let's find a way to root, I'm all ears.

 

[{ParanoiA}]

isnt the word from htc that they will be unlocking bootloaders soon? or is that just for the 3d & sensation? (no promises, i know) either way we need to get root! maybe someone knows someone who knows someone that has inside info on how these files are officially signed? just thinkin outloud...what about hardware hacks? is that even possible?

 

[JBO1018]

If you could take a signed file, pull out what's in there, put in whatever you want and have it pass the signature check then...well it would make signed images useless as a form of security.

Not trying to dis on anyone, Im all for this type of collaborative brainstorming and I am far from an expert.

Sent from my HTC Thunderbolt

 

[NinjaWolf]

Ok, i am rooted, but wanted to share an idea i have, im no root masteer, but i know how the android system works, and was thinking bout ota's today and came up with this:

The HBoot(2.05,2.10,2.16) are made to not accept older hboots, so couldnt we hex edit the 2.10 hboot to be 2.20(higher than .16), then we can make fake new rom(4.25 maybe), and use the same radio's, then build a PC36IMG, flash it,which will trick the hboot to thinking this one is newer, which will be an exploitable one(2.10), then we can s-off since the hboot is exploitable, and then root.theen flash amon_ra.

Take this as a grain of salt, but sounds stable.
Can someone please start testing this theory. By hex editing the 2.10 hboot to show 2.20. then once we get the hex edited hboot, i(or someone else), will build a Fake Ota(2.24, spoofed to be 2.25), then build the pc36img(recovery will be stock, will flash a diff. one after we s-off). I beleive this should work, can someone please verify this.

Hope this leads to you guys getting root.

 

[runcool]

oh oh oh! I know how to root our new phones! We sue HTC and Sprint to get a patch out that for one, gives us an option in the menu to root our phone and also sue android and make them come out with patches that doesn't require our providers to send the updates to us. lol. I like my idea. okay, so it won't work? okay, you're right. :-D But it was an idea.

 

[ca1ne]

Ok, i am rooted, but wanted to share an idea i have, im no root masteer, but i know how the android system works, and was thinking bout ota's today and came up with this:

The HBoot(2.05,2.10,2.16) are made to not accept older hboots, so couldnt we hex edit the 2.10 hboot to be 2.20(higher than .16), then we can make fake new rom(4.25 maybe), and use the same radio's, then build a PC36IMG, flash it,which will trick the hboot to thinking this one is newer, which will be an exploitable one(2.10), then we can s-off since the hboot is exploitable, and then root.theen flash amon_ra.

Take this as a grain of salt, but sounds stable.
Can someone please start testing this theory. By hex editing the 2.10 hboot to show 2.20. then once we get the hex edited hboot, i(or someone else), will build a Fake Ota(2.24, spoofed to be 2.25), then build the pc36img(recovery will be stock, will flash a diff. one after we s-off). I beleive this should work, can someone please verify this.

Hope this leads to you guys getting root.

No way to spoof the signature required to pass the check to start running the ruud, any modification to the files will break the signature.