[HOWTO] Create a GoldCard - Bypassing the RUU/SPL CID check to Root/Downgrade

[Jesterz]

If you are stuck on a ROM you don't like (t-mobile/asian carrier etc.) you can use this howto to create a goldcard to bypass the CID checks so you can downgrade and root your Hero.


01. Download QMAT 5.06 here
It’s a demo version so will only run for 10 minutes.

02. Format your SD card to FAT32. Please keep in mind some brands of SD cards do not work.

03. Use adb to run this command: adb shell cat /sys/class/mmc_host/mmc1/mmc1:*/cid

04. Copy the SD card cid code displayed after the adb command.

05. Start Qmat and Click on Cyptoanalysis Tools > Crypto Toolbox.

06. Look at the bottom, there is a text box (beside the “Reverse String” button) enter the SD card cid code you got earlier.
Click on the “Reverse String” button, the result is reversed…
Example: 532600bd227d9c0347329407514d5402

07. Copy the reversed SD card cid code.

08. Go to QMAT goldcard site here to generate your goldcard (yes it says for G1 but works for our Hero too).

09. Enter your email. For the correct SD card cid code, you need to replace the first 2 characters to 00.
Example: From “532600bd227d9c0347329407514d5402” to “002600bd227d9c0347329407514d5402”

10. Click Continue and you will receive the goldcard.img in .zip format in your email.

11. Go to your email, download the zip file and save it to a directory and unzip it to goldcard.img

12. Download HxD Hex Editor from here

13. Install and launch HxD Hex Editor program. (make sure you use "Run as Administrator" under Vista and win 7)

14. Go to Extra tab > Open Disk. Under Physical disk, select Removable Disk (Must be your SD card), uncheck “Open as Readonly), click OK.

15. Go to Extra again, Open Disk Image, open up goldcard.img which you’ve saved/unzipped earlier.
Now, you should have two tabs, one is your removable disk, the other is goldcard.img. Press OK when prompted for “Sector Size” 512 (Hard disks/Floppy disks), click OK.

16. Click on goldcard.img tab. Go to Edit tab > Select All, edit tab again > copy.

17. Click on the “removable disk” tab. Select offset 00000000 till offset 00000170 (including the 00000170 line), click on Edit tab and then Paste Write.

18. Click on File > Save. now you can exit the program.

19. Reboot your phone with this SD Card (now GoldCard) inside

20. Use the Official HTC RUU to downgrade to 2.73.405.5 (which you can get here) from which you can fastboot boot and/or root your phone with flashrec.

Done.


Credits:
Original heads up by tangzq with link to this
That site used the XDA Sapphire goldcard howto here

And apparently myself and XDA as this builds on the HTC knowledge from the old days (here)


In any case, enjoy your new found freedom

 

[kazuni]

Holy ****znit it works! Downgrading!!!!!

 

[kazuni]

Hmm. I've followed the guide and successfully skipped the CID lock check of the device and flashed it to version 2.73.405.5 WWE. Problem is, I can't seem to get the device to boot into recovery mode after using flashrec (I did download and flash it just fine). the recovery mode (home + power) booted the device but it hangs at the boot screen where it says HERO. Any idea?

Edit: Ah. a little bit of the update. while the buttons do not work, i can use adb shell reboot recovery; however, after using flashrec, it still shows the old recovery screen ?

Edit2: confirmed, recovery flasher doesn't work now im using the SEA rom
I'll try the RUU_Hero_HTC_WWE_1.76.405.6_WWE_release_signed_NoD river.exe rom later

 

[d0s]

I had the same issue with Recovery Flasher I couldn't to boot into recovery. I was also unable to downgrade to the 1.7 roms due to a bootloader version error, arghhh. Anywho, managed to work my way round it, i'll explain below. I've got a T-Mobile G2 updated to the latest rom (so no root access).

I first followed the instructions on making a goldcard and then flashed the 2.73.405.5 WWE rom fine.

Now make sure you have the cm-hero-recovery.img (http://content.modaco.net/dropzone/modacopatchedrecovery-1.0.zip) on the root of your sdcard. Aswell as Instant Root (http://neilandtheresa.co.uk/Android/) now install Instant Root on the phone. It should pop up with a notification "instant root was sucessfully" or along those lines. (If you have a problem installing Instant Root make sure Settings>Applications>Unknown Sources is checked)

Instant root then allows for root access with adb shell using the following 2 commands:
1) adb shell
then
2) su
the icon should change from a $ to #.

Now flash the recovery image with the following command:
1) flash_image recovery /sdcard/cm-hero-recovery.img

This shouldn't take that long once completed it will go back the # prompt example below.

# flash_image recovery /sdcard/cm-hero-recovery.img (I typed this)
flash_image recovery /sdcard/cm-hero-recovery.img (this pops up)
# (this shows the flash completed)

Now pull out your usb cable and battery, turn on the phone with the battery in place while holding the home button and it should boot into the custom recovery .

Well, I hope this helps someone and I didn't just waste my time . Oh, thanks for posting the goldcard instructions.

 

[csasek]

it worked!!!

Thanks so much! I did the exact process before (see other thread) but I must have missed something. Following this process exactly is what did it. I am guessing something about the reboot and the RUU is where i went wrong before.

I can confirm this works on the 2.73.707.9 ROM

 

[salmanbodla]

Yaaahaaaayyhaahhahahaahaayyyyyyyyyyyy!!! I feel so happy for all you guys who had this problem (although I myself did not!!)

 

[kazuni]

I kind of half gave up at 6:00 am yesrterday and i just woke up (1
:27pm) and followed the instructions here and BAM! got a working nandroid backup and a custom rom \o/!!! thanks to all of you!

 

[tianci86]

so it's tested and proven for 2.73.707.9?great!

 

[dying4004]

umm ... guys.. if u dont mind me asking...... why do we need it?

do we have hero versions which cant be rooted with any methods?

 

[Jesterz]

umm ... guys.. if u dont mind me asking...... why do we need it?

do we have hero versions which cant be rooted with any methods?

yup, we couldn't root certain asian carrier roms and t-mob rom and they couldnt downgrade so the where stuck, until now....

 

[awsy44]

so it's tested and proven for 2.73.707.9?great!

CONFIRMED! it works on 2.73.707.9 , just got 2.73.405.5 , im so happy , thanks soo much guys your the best

 

[masterpfa]

My Hero..... lol



Thanks, I thought I would be owned by T-Mobile for ever after the ROM update
Now I'm back to the HTC default ROM (NOT T-Mobile G2 Touch!!!), cup of coffee time before Rooting flashing etc and remaining from now on faithful to Paul and the MoDaCo ROM

 

[gyounut]

hey guys!

i have a question

im a owner of an tmobile g2 touch and want to have the new firmware of the htc hero can i use this hack to update to the newest firmware because at the moment it says if i want so update: error this rom is not for your device, and so on..

thx !
bye


sry for my english im from germany

 

[Jesterz]

hey guys!

i have a question

im a owner of an tmobile g2 touch and want to have the new firmware of the htc hero can i use this hack to update to the newest firmware because at the moment it says if i want so update: error this rom is not for your device, and so on..

thx !
bye


sry for my english im from germany

ja das stimmt

 

[taz5176]

thx jesterz
successfully update singapore hero 2.73.707 to 2.73.405, rooting in a while...

 

[burgess_boy]

I had the same issue with Recovery Flasher I couldn't to boot into recovery. I was also unable to downgrade to the 1.7 roms due to a bootloader version error, arghhh. Anywho, managed to work my way round it, i'll explain below. I've got a T-Mobile G2 updated to the latest rom (so no root access).

I first followed the instructions on making a goldcard and then flashed the 2.73.405.5 WWE rom fine.

Now make sure you have the cm-hero-recovery.img (http://content.modaco.net/dropzone/modacopatchedrecovery-1.0.zip) on the root of your sdcard. Aswell as Instant Root (http://neilandtheresa.co.uk/Android/) now install Instant Root on the phone. It should pop up with a notification "instant root was sucessfully" or along those lines. (If you have a problem installing Instant Root make sure Settings>Applications>Unknown Sources is checked)

Instant root then allows for root access with adb shell using the following 2 commands:
1) adb shell
then
2) su
the icon should change from a $ to #.

Now flash the recovery image with the following command:
1) flash_image recovery /sdcard/cm-hero-recovery.img

This shouldn't take that long once completed it will go back the # prompt example below.

# flash_image recovery /sdcard/cm-hero-recovery.img (I typed this)
flash_image recovery /sdcard/cm-hero-recovery.img (this pops up)
# (this shows the flash completed)

Now pull out your usb cable and battery, turn on the phone with the battery in place while holding the home button and it should boot into the custom recovery .

Well, I hope this helps someone and I didn't just waste my time . Oh, thanks for posting the goldcard instructions.

Did it last night and got it working, used the AMON Hero recovery image instead and partitioned my sd card without going through the manual adb solution.

Cheers

 

[keatonreckard]

could this be adapted for the sprint hero?

 

[salamandar]

Sprint Hero support request strongly seconded, i am desperate to get my CDMA Hero rooted.

 

[kazuni]

have you guys tried using thesame method and got anywhere? I mean, from what I know is that you can't even boot in to recovery mode right? have you guys tries the adb method to boot into rec mode at least?

 

[Funkym0nkey]

Aces!!!!

Worked on Indian 2.73.720 like a charm.
Thanks.