scotty85
Extreme Android User
*read this as many have noticed,multiupload has effed it up for us. 
im in the process of mirroring all files,starting with the basics and downgrade RUU,then the upgrade RUUs. since free time is limited and uploads are slow,please bear with me. if youd like a specific upgrade ruu,please PM me,or post at the end of the thread and ill move it up to the top of the priority list.
sorry for the inconvenience.
_________________________________________________________________
this is a guide to root the htc merge. there are a couple out there allready,all ive done is try and simply the process,i take no credit for any of this. this is geared toward folks who are somewhat overwhelmed at the thot of setting up the android SDK and adb.
it should work on froyo or gingerbread,on any carrier,with the creation of a gold card.
*DISCLAIMER im not responsible if your phone melts,explodes,or becomes otherwise unuseable
*WARNING this will wipe your data
*DISCLAIMER(READ THIS!) flashing a different carriers stock software and firmware can potentially destroy APN and other settings that make multi-media messages and mobile data work. it can be difficult to restore these settings to make the device function normally on that service. i have not had any trouble whatsoever using any of the ruus on verizon,and usc users do not seem to have trouble either. smaller carriers such as bluegrass wireless and nTelos are more likely to encounter these issues. we are working on resolving these issues,but please proceede with caution.
first and foremost to give credit where credit is due:
-drellisdee on xda for figuring out how to downgrade to s-offable vzw firmware. check out his original thread here where 95% of the links,code,and files came from. please donate to him so he can continue developing for the merge.
-alpharev/unrevoked for their zergRush temp root tool and everything they do for the root community
-Scotty2 & Tmzt who wrote and developed the wpthis & gfree exploits for the G2 without these s-off for lexikon wouldn't have been possible. special thanks to them.
-sele and the crew in the "rescue squad" on the thunderbolt forum for what i like to call the "mini-adb" concept.
-B Rich for being the first tester
-chill0398 for providing images for the bluegrass wireless firmware
-prolly more,that ill add as i think of them.
1)make a goldcard. this is neccessary in order to flash a different carriers RUU. you can skip this step if your merge happens to be a verizon model.
directions can be found here
use the app goldcard helper from market. if you use it skip right to the step of "Go to this page and enter this new number into the SD Card Serial (CID) field" and enter the output of the sdcard cid for mmc2 into the goldcard generator site.
2)download these files
-miniadb_merge_updated contains neccessary root files and some adb tools
Multiupload.com - upload your files to multiple file hosting sites!
md5:04020226dcba83470e0f0bb527983130
mirror: http://www.mediafire.com/?f6pxu06p1vfccby
mirror md5: 8450a229737f6e467dc4cf3260129b00 (mirror updated)
-VZW leak 1.23.605.1 ruu.zip leaked,exploitable RUU. named rom.zip
xda-developers - View Single Post - [RUU] HTC Lexikon 1.23.605.1 from Verizon [Leak]
mirror:/PD42IMG-vzw-leak
md5: 6d37a0f3526295ebb779f4465a328c96
-merge_eng_su_toolkit
signed_merge_su_eng_toolkit.zip
mirror: http://www.mediafire.com/?wrkpcx3hn6fc56c
md5: accc46ee4260a4853ecafc97b512f623
modified HTC drivers from http://unrevoked.com/rootwiki/doku.php/public/revolutionary
3)choose and download a custom upgrade RUU
*special note: if your current firmware and carrier is not one of these, you will need to substitute step 5 in this post,for the one in the second post,so you have backups of the important images to make an upgrade and stock RUU.
*us cellular:
froyo(2.04.573.2)
USC-FROYO-2.04.573.2
md5: eded6cd618b167494d2d0356f844b780
gingerbread(3.10.573.1)
USC-GB-3.10.573.1
mirror: md5: [COLOR="red"]51cc65a61d6cd19b...2IMGcustomAlltel.zip"]alltel-FROYO-2.04.671.1
md5: 0d4ba05cf110e7b56a03dcea9e90b479
*us south cellular:
froyo(2.04.573.3)
USSC-FROYO-2.04.573.3
mirror:
md5: 1fa5d85bd39f8cdff1cf9fc0b71a24c1
*verizon:
froyo(1.49.605.1)
VZW-FROYO-1.49.605.1
mirror:
md5: 85ea6fa8c8204b5c27f1e017c3e04f7e
*bluegrass wireless
froyo(2.05.557.03)
BLUEGRASS-FROYO-2.05.557.03
md5: a903e463f71fef87843cb5a9523de33d
*nTelos wireless
gingerbread(3.08.557.1)
nTelos-GB-3.08.557.1
md5: 86eb8204e0db9f812ff1e65c94c4941e
*additional merge files
engineering bootloader http://www.mediafire.com/?ojnnh6w7ap6xmog
md5: 957c34ce63f386099f90a2b5c60d8c7d
Amon recovery (in case you need to flash recovery after running a stock RUU)
PD42IMG_lexikon_ra_3.04.zip
mirror: http://www.mediafire.com/?4ihomf1b6dd49d6
md5: e7ae3aefc7f1235043fff8c4692e6704
superuser 3.0.7
Superuser-3.0.7-efgh-signed
md5: a5d14dc42323a61caf71549a885af8c3
*flash this updated superuser if for some reason you have trouble with the merge toolkit superuser
stock 1.49.605.1 (in case you need it for "back to stock" purposes,its not officially available)
stock-1.49.605.1
md5: 6af0bcb7f90c10b718f2c80484e355d3
stock 2.05.557.03 (in case you need it for "back to stock" purposes,its not officially available)
stock-bluegrass-2.05.557.3
md5: 3aa77a14b989d6bdacf8ce3b11b0bae0
stock nTelos 3.08.557.1
to be added later
md5: 5b63e00a0de1c676c6909b48631d949c
team win recovery v2.0 for merge: http://teamw.in/project/twrp2/84
**make sure to check the md5 sums match those listed!**
if you dont have an md5 sum verifier on your PC,there are many out there for free. heres an example: Home of the MD5summer check it on your phone with scary aliens AFV
4)prepare to downgrade
-extract the miniadb_merge.zip place the extracted folder on the root of your c\ drive. it contains the exploits,the misc downgrade image,and some adb tools.
-install the drivers linked above by running the .exe file. alternatively,htc sync drivers may work also.
-place the downgrade leak ruu on the root of your gold card and rename PD42IMG. now is a good time to verify that your gold card is formatted "FAT32" by right clicking on the drive that is your phones sd card,then click "properties". if you find your card is formated anything else,youll have to re-format it. start by backing up all files to your PC as reformatting WILL wipe it clean. using your PC,do a full format to FAT32. you can then transfer the files back. *this is important-as your phone will not find the downgrade PD42IMG unless your card is formatted to FAT 32,and the file is correctly named.
-if you were using a card reader to do the above step,power off and insert the gold card into your phone.
5)downgrade with adb. make sure your phone is charged to 100% before starting.
-on windows 7,click the start bubble and type "command" in the search box. this should open a small black command window. from this point forward,all code will be in bold so you know what lines to copy and paste(or type,if you really want to type them all in). additional comments will be blue,and should not be copy/pasted. please note that each line is one command. copy/paste it into the prompt in your command window,and push enter. one line at a time.
-make sure phone is plugged in and usb debugging checked on in charge only mode
-at the promt in your command window:
cd c:\miniadb_merge this should change your command promt to "miniadb_merge>",indicating youre using that directory.
adb devices this should output your phones serial number,indicating its recognized
adb push zergRush /data/local/
adb shell this will change your promt to a $
chmod 755 /data/local/zergRush
/data/local/zergRush
this will cause zergRush to start,and it shoudl say "found a gingerbread!" or "found a froyo!" followed by a bunch of other funny stuff.
last thing it says will be: Killing ADB and restarting as root... enjoy!
you should then be returned to your "miniadb_merge>" prompt
adb push busybox /data/local
adb shell this should change your promt to a #
chmod 0755 /data/local/busybox
Next we backup our existing misc partition:
dd if=/dev/block/mmcblk0p17 of=/sdcard/misc-stock.img bs=4096
/data/local/busybox md5sum /sdcard/misc-stock.img
/data/local/busybox md5sum /dev/block/mmcblk0p17
Make sure the md5sum of the misc-stock.img matches the one from /dev/block/mmcblk0p17
exit to get back to miniadb_merge> prompt
reflash the misc image to allow donwgrading to older firmware:
adb push misc-downgrade.img /sdcard/
adb shell
dd if=/sdcard/misc-downgrade.img of=/dev/block/mmcblk0p17
sync
now you can flash the exploitable vzw firmware
exit to get back to the miniadb_merge> promt
adb reboot bootloader this will boot your phone into fastboot. press "power" to select bootloader
assuming you have made your gold card and preformed the above steps correctly,you should see a status bar as the phone checks the downgrade RUU,then asks to update. choose yes and allow the update. if this is the first time youve ever flashed an RUU in hboot,dont panic,it will take a few minutes.
6)gain s-off,simunlock,and superCID: once the 1.23.605.1 firmware is up and running,skip past the set up stuff,re-enable usb debugging.place your phone in disk drive mode,and replace the PD42IMG with your custom upgrade ruu. rename the custom RUU to "PD42IMG".
place your phone back in charge only mode,then in the command window:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb push gfree /data/local/
adb shell
chmod 0755 /data/local/psneuter
chmod 0755 /data/local/wpthis
chmod 0755 /data/local/gfree
/data/local/psneuter (to get temp root again)
adb shell
/data/local/wpthis (to disable emmc write protect)
/data/local/gfree -f (this will supercid, simunlock, and s-off phone)
exit to get back to your miniadb_merge> prompt
7)upgrade and root:
adb reboot bootloader to boot to fastboot. select bootloader with the power button
assuming you have preformed the above steps correctly,your hboot should now say s-off,and hboot will find your custom upgrade ruu and allow it to flash. when it finishes,reboot. if this is the rom you plan to stay on,feel free to go ahead and set it up. immediately plug your phone in and remove PD42IMG from your sd card,and replace it with the merge_su_eng_toolkit.
if you used the vzw custom ruu,you are finished,as this one is pre-rooted. youll find superuser is allready working and in your app drawer
for the rest of you,when youre ready to root,power off,then into hboot by holding volume down/power. select recovery with the volume rocker and power button. after a couple minutes this should take you to Amon_Ra recovery. using the volume rocker and power buttons,make a backup of your unrooted firmware(just in case ). now flash the merge_su_eng_toolkit in recovery. when it finishes,reboot.
congratulations,you are now S-off,sim unlocked,superCIDed,and rooted.
8)restore your stock misc image: after booting to your current carrier firmware,and flashing merge_eng_su_toolkit:
open your command window,and cd c:\miniadb_merge
then:
adb devices
adb shell this will change your promt to a $
su the superuser app should pop up on your phone. make sure "always" is checked,and touch "allow".
dd if=/sdcard/misc-stock.img of=/dev/block/mmcblk0p17
sync
*note- you technically are now done needing a gold card,as your phone is "superCIDed" and will happily flash other carriers RUUs if you wish. so you can replace the gold card with your normal sd card if you want to.
__________________________________________________________________________________
here are copies of my ADB sessions. hopefully its a little less scary to know what the outputs look like for the commands you enter.
the red are my inputs,the blue are additional comments
step 5 session(downgrading to exploitable vzw firmware)
step 6 session(gain s-off,superCID,and sim unlock in exploitable firmware):
donate to my device fund
im in the process of mirroring all files,starting with the basics and downgrade RUU,then the upgrade RUUs. since free time is limited and uploads are slow,please bear with me. if youd like a specific upgrade ruu,please PM me,or post at the end of the thread and ill move it up to the top of the priority list.sorry for the inconvenience.
_________________________________________________________________
this is a guide to root the htc merge. there are a couple out there allready,all ive done is try and simply the process,i take no credit for any of this. this is geared toward folks who are somewhat overwhelmed at the thot of setting up the android SDK and adb.
it should work on froyo or gingerbread,on any carrier,with the creation of a gold card.
*DISCLAIMER im not responsible if your phone melts,explodes,or becomes otherwise unuseable
*WARNING this will wipe your data
*DISCLAIMER(READ THIS!) flashing a different carriers stock software and firmware can potentially destroy APN and other settings that make multi-media messages and mobile data work. it can be difficult to restore these settings to make the device function normally on that service. i have not had any trouble whatsoever using any of the ruus on verizon,and usc users do not seem to have trouble either. smaller carriers such as bluegrass wireless and nTelos are more likely to encounter these issues. we are working on resolving these issues,but please proceede with caution.
first and foremost to give credit where credit is due:
-drellisdee on xda for figuring out how to downgrade to s-offable vzw firmware. check out his original thread here where 95% of the links,code,and files came from. please donate to him so he can continue developing for the merge.
-alpharev/unrevoked for their zergRush temp root tool and everything they do for the root community
-Scotty2 & Tmzt who wrote and developed the wpthis & gfree exploits for the G2 without these s-off for lexikon wouldn't have been possible. special thanks to them.
-sele and the crew in the "rescue squad" on the thunderbolt forum for what i like to call the "mini-adb" concept.
-B Rich for being the first tester
-chill0398 for providing images for the bluegrass wireless firmware
-prolly more,that ill add as i think of them.
1)make a goldcard. this is neccessary in order to flash a different carriers RUU. you can skip this step if your merge happens to be a verizon model.
directions can be found here
use the app goldcard helper from market. if you use it skip right to the step of "Go to this page and enter this new number into the SD Card Serial (CID) field" and enter the output of the sdcard cid for mmc2 into the goldcard generator site.
2)download these files
-miniadb_merge_updated contains neccessary root files and some adb tools
Multiupload.com - upload your files to multiple file hosting sites!
md5:04020226dcba83470e0f0bb527983130
mirror: http://www.mediafire.com/?f6pxu06p1vfccby
mirror md5: 8450a229737f6e467dc4cf3260129b00 (mirror updated)
-VZW leak 1.23.605.1 ruu.zip leaked,exploitable RUU. named rom.zip
xda-developers - View Single Post - [RUU] HTC Lexikon 1.23.605.1 from Verizon [Leak]
mirror:/PD42IMG-vzw-leak
md5: 6d37a0f3526295ebb779f4465a328c96
-merge_eng_su_toolkit
signed_merge_su_eng_toolkit.zip
mirror: http://www.mediafire.com/?wrkpcx3hn6fc56c
md5: accc46ee4260a4853ecafc97b512f623
modified HTC drivers from http://unrevoked.com/rootwiki/doku.php/public/revolutionary
3)choose and download a custom upgrade RUU
*special note: if your current firmware and carrier is not one of these, you will need to substitute step 5 in this post,for the one in the second post,so you have backups of the important images to make an upgrade and stock RUU.
*us cellular:
froyo(2.04.573.2)
USC-FROYO-2.04.573.2
md5: eded6cd618b167494d2d0356f844b780
gingerbread(3.10.573.1)
USC-GB-3.10.573.1
mirror: md5: [COLOR="red"]51cc65a61d6cd19b...2IMGcustomAlltel.zip"]alltel-FROYO-2.04.671.1
md5: 0d4ba05cf110e7b56a03dcea9e90b479
*us south cellular:
froyo(2.04.573.3)
USSC-FROYO-2.04.573.3
mirror:
md5: 1fa5d85bd39f8cdff1cf9fc0b71a24c1
*verizon:
froyo(1.49.605.1)
VZW-FROYO-1.49.605.1
mirror:
md5: 85ea6fa8c8204b5c27f1e017c3e04f7e
*bluegrass wireless
froyo(2.05.557.03)
BLUEGRASS-FROYO-2.05.557.03
md5: a903e463f71fef87843cb5a9523de33d
*nTelos wireless
gingerbread(3.08.557.1)
nTelos-GB-3.08.557.1
md5: 86eb8204e0db9f812ff1e65c94c4941e
*additional merge files
engineering bootloader http://www.mediafire.com/?ojnnh6w7ap6xmog
md5: 957c34ce63f386099f90a2b5c60d8c7d
Amon recovery (in case you need to flash recovery after running a stock RUU)
PD42IMG_lexikon_ra_3.04.zip
mirror: http://www.mediafire.com/?4ihomf1b6dd49d6
md5: e7ae3aefc7f1235043fff8c4692e6704
superuser 3.0.7
Superuser-3.0.7-efgh-signed
md5: a5d14dc42323a61caf71549a885af8c3
*flash this updated superuser if for some reason you have trouble with the merge toolkit superuser
stock 1.49.605.1 (in case you need it for "back to stock" purposes,its not officially available)
stock-1.49.605.1
md5: 6af0bcb7f90c10b718f2c80484e355d3
stock 2.05.557.03 (in case you need it for "back to stock" purposes,its not officially available)
stock-bluegrass-2.05.557.3
md5: 3aa77a14b989d6bdacf8ce3b11b0bae0
stock nTelos 3.08.557.1
to be added later
md5: 5b63e00a0de1c676c6909b48631d949c
team win recovery v2.0 for merge: http://teamw.in/project/twrp2/84
**make sure to check the md5 sums match those listed!**
if you dont have an md5 sum verifier on your PC,there are many out there for free. heres an example: Home of the MD5summer check it on your phone with scary aliens AFV
4)prepare to downgrade
-extract the miniadb_merge.zip place the extracted folder on the root of your c\ drive. it contains the exploits,the misc downgrade image,and some adb tools.
-install the drivers linked above by running the .exe file. alternatively,htc sync drivers may work also.
-place the downgrade leak ruu on the root of your gold card and rename PD42IMG. now is a good time to verify that your gold card is formatted "FAT32" by right clicking on the drive that is your phones sd card,then click "properties". if you find your card is formated anything else,youll have to re-format it. start by backing up all files to your PC as reformatting WILL wipe it clean. using your PC,do a full format to FAT32. you can then transfer the files back. *this is important-as your phone will not find the downgrade PD42IMG unless your card is formatted to FAT 32,and the file is correctly named.
-if you were using a card reader to do the above step,power off and insert the gold card into your phone.
5)downgrade with adb. make sure your phone is charged to 100% before starting.
-on windows 7,click the start bubble and type "command" in the search box. this should open a small black command window. from this point forward,all code will be in bold so you know what lines to copy and paste(or type,if you really want to type them all in). additional comments will be blue,and should not be copy/pasted. please note that each line is one command. copy/paste it into the prompt in your command window,and push enter. one line at a time.
-make sure phone is plugged in and usb debugging checked on in charge only mode
-at the promt in your command window:
cd c:\miniadb_merge this should change your command promt to "miniadb_merge>",indicating youre using that directory.
adb devices this should output your phones serial number,indicating its recognized
adb push zergRush /data/local/
adb shell this will change your promt to a $
chmod 755 /data/local/zergRush
/data/local/zergRush
this will cause zergRush to start,and it shoudl say "found a gingerbread!" or "found a froyo!" followed by a bunch of other funny stuff.
last thing it says will be: Killing ADB and restarting as root... enjoy!
you should then be returned to your "miniadb_merge>" prompt
adb push busybox /data/local
adb shell this should change your promt to a #
chmod 0755 /data/local/busybox
Next we backup our existing misc partition:
dd if=/dev/block/mmcblk0p17 of=/sdcard/misc-stock.img bs=4096
/data/local/busybox md5sum /sdcard/misc-stock.img
/data/local/busybox md5sum /dev/block/mmcblk0p17
Make sure the md5sum of the misc-stock.img matches the one from /dev/block/mmcblk0p17
exit to get back to miniadb_merge> prompt
reflash the misc image to allow donwgrading to older firmware:
adb push misc-downgrade.img /sdcard/
adb shell
dd if=/sdcard/misc-downgrade.img of=/dev/block/mmcblk0p17
sync
now you can flash the exploitable vzw firmware
exit to get back to the miniadb_merge> promt
adb reboot bootloader this will boot your phone into fastboot. press "power" to select bootloader
assuming you have made your gold card and preformed the above steps correctly,you should see a status bar as the phone checks the downgrade RUU,then asks to update. choose yes and allow the update. if this is the first time youve ever flashed an RUU in hboot,dont panic,it will take a few minutes.
6)gain s-off,simunlock,and superCID: once the 1.23.605.1 firmware is up and running,skip past the set up stuff,re-enable usb debugging.place your phone in disk drive mode,and replace the PD42IMG with your custom upgrade ruu. rename the custom RUU to "PD42IMG".
place your phone back in charge only mode,then in the command window:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb push gfree /data/local/
adb shell
chmod 0755 /data/local/psneuter
chmod 0755 /data/local/wpthis
chmod 0755 /data/local/gfree
/data/local/psneuter (to get temp root again)
adb shell
/data/local/wpthis (to disable emmc write protect)
/data/local/gfree -f (this will supercid, simunlock, and s-off phone)
exit to get back to your miniadb_merge> prompt
7)upgrade and root:
adb reboot bootloader to boot to fastboot. select bootloader with the power button
assuming you have preformed the above steps correctly,your hboot should now say s-off,and hboot will find your custom upgrade ruu and allow it to flash. when it finishes,reboot. if this is the rom you plan to stay on,feel free to go ahead and set it up. immediately plug your phone in and remove PD42IMG from your sd card,and replace it with the merge_su_eng_toolkit.
if you used the vzw custom ruu,you are finished,as this one is pre-rooted. youll find superuser is allready working and in your app drawer
for the rest of you,when youre ready to root,power off,then into hboot by holding volume down/power. select recovery with the volume rocker and power button. after a couple minutes this should take you to Amon_Ra recovery. using the volume rocker and power buttons,make a backup of your unrooted firmware(just in case ). now flash the merge_su_eng_toolkit in recovery. when it finishes,reboot.congratulations,you are now S-off,sim unlocked,superCIDed,and rooted.
8)restore your stock misc image: after booting to your current carrier firmware,and flashing merge_eng_su_toolkit:
open your command window,and cd c:\miniadb_merge
then:
adb devices
adb shell this will change your promt to a $
su the superuser app should pop up on your phone. make sure "always" is checked,and touch "allow".
dd if=/sdcard/misc-stock.img of=/dev/block/mmcblk0p17
sync
*note- you technically are now done needing a gold card,as your phone is "superCIDed" and will happily flash other carriers RUUs if you wish. so you can replace the gold card with your normal sd card if you want to.
__________________________________________________________________________________
here are copies of my ADB sessions. hopefully its a little less scary to know what the outputs look like for the commands you enter.
the red are my inputs,the blue are additional comments
step 5 session(downgrading to exploitable vzw firmware)
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="Red"]cd c:\miniadb_merge[/COLOR]
c:\miniadb_merge>[COLOR="red"]adb devices[/COLOR]
List of devices attached
HT18YM800022 device
c:\miniadb_merge>[COLOR="red"]adb push zergRush /data/local/[/COLOR]
1324 KB/s (23060 bytes in 0.017s)
c:\miniadb_merge>[COLOR="red"]adb shell[/COLOR]
$ [COLOR="red"]chmod 755 /data/local/zergRush[/COLOR]
chmod 755 /data/local/zergRush
$[COLOR="red"] /data/local/zergRush[/COLOR]
/data/local/zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00000118
[*] Scooting ...
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[+] Overseer found a path ! 0x000161e0
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x401219c4 0x0054
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd1997b 0xafd39a97
[*] Popping 24 more zerglings
[*] Sending 173 zerglings ...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
c:\miniadb_merge>[COLOR="red"]adb push busybox /data/local[/COLOR]
1272 KB/s (1062992 bytes in 0.816s)
c:\miniadb_merge>[COLOR="red"]adb shell[/COLOR]
# [COLOR="red"]chmod 0755 /data/local/busybox[/COLOR]
chmod 0755 /data/local/busybox
# [COLOR="red"]dd if=/dev/block/mmcblk0p17 of=/sdcard/misc-stock.img bs=4096[/COLOR]
dd if=/dev/block/mmcblk0p17 of=/sdcard/misc-stock.img bs=4096
64+0 records in
64+0 records out
262144 bytes transferred in 0.024 secs (10922666 bytes/sec)
#[COLOR="red"] /data/local/busybox md5sum /sdcard/misc-stock.img[/COLOR]
/data/local/busybox md5sum /sdcard/misc-stock.img
16321e08ca123985657d70d152131f6a /sdcard/misc-stock.img
# [COLOR="red"]/data/local/busybox md5sum /dev/block/mmcblk0p17[/COLOR]
/data/local/busybox md5sum /dev/block/mmcblk0p17
16321e08ca123985657d70d152131f6a /dev/block/mmcblk0p17
# [COLOR="red"]exit[/COLOR]
exit
c:\miniadb_merge>[COLOR="red"]adb push misc-downgrade.img /sdcard/[/COLOR]
1153 KB/s (262144 bytes in 0.222s)
c:\miniadb_merge>[COLOR="red"]adb shell[/COLOR]
# [COLOR="Red"]dd if=/sdcard/misc-downgrade.img of=/dev/block/mmcblk0p17[/COLOR]
dd if=/sdcard/misc-downgrade.img of=/dev/block/mmcblk0p17
512+0 records in
512+0 records out
262144 bytes transferred in 0.130 secs (2016492 bytes/sec)
# [COLOR="red"]sync[/COLOR]
sync
# [COLOR="red"]exit[/COLOR]
exit
c:\miniadb_merge>adb reboot bootloader
[COLOR="Blue"]*at this point your phone should boot to "fastboot". select bootloader with power button. you should not see a status bar as the phone checks the downgrade file. assuming the above steps were performed correctly,and gold card was made correctly,next thing youll see is an update prompt. allow the update.[/COLOR]
c:\miniadb_merge>step 6 session(gain s-off,superCID,and sim unlock in exploitable firmware):
Code:
c:\miniadb_merge>[COLOR="Red"]adb devices[/COLOR]
List of devices attached
HT18YM800022 device
c:\miniadb_merge>[COLOR="red"]adb push psneuter /data/local/[/COLOR]
1147 KB/s (585731 bytes in 0.498s)
c:\miniadb_merge>[COLOR="red"]adb push busybox /data/local/[/COLOR]
1614 KB/s (1062992 bytes in 0.643s)
c:\miniadb_merge>[COLOR="red"]adb push wpthis /data/local/[/COLOR]
1556 KB/s (679475 bytes in 0.426s)
c:\miniadb_merge>[COLOR="red"]adb push gfree /data/local/[/COLOR]
972 KB/s (134401 bytes in 0.135s)
c:\miniadb_merge>[COLOR="red"]adb shell[/COLOR]
$ [COLOR="red"]chmod 0755 /data/local/psneuter[/COLOR]
chmod 0755 /data/local/psneuter
$ [COLOR="red"]chmod 0755 /data/local/wpthis[/COLOR]
chmod 0755 /data/local/wpthis
$ [COLOR="red"]chmod 0755 /data/local/gfree[/COLOR]
chmod 0755 /data/local/gfree
$[COLOR="red"] /data/local/psneuter[/COLOR]
c:\miniadb_merge>[COLOR="red"]adb shell[/COLOR]
# [COLOR="red"]/data/local/wpthis[/COLOR]
/data/local/wpthis
Build: 25
Section header entry size: 40
Number of section headers: 45
Total section header table size: 1800
Section header file offset: 0x00014e90 (85648)
Section index for section name string table: 42
String table offset: 0x00014cc7 (85191)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000f80 (3968)
-- size: 0x000000c4 (196)
Kernel release: 2.6.32.17-g788be6b3
New .modinfo section size: 204
Loading module... OK.
Write protect disabled.
Searching for mmc_blk_issue_rq symbol...
- Address: c02a2884, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02a2000
Kernel memory mapped to 0x40001000
Searching for brq filter...
- Address: 0xc02a2884 + 0x34c
- 0x2a000012 -> 0xea000012
Done.
# [COLOR="red"]/data/local/gfree -f[/COLOR]
/data/local/gfree -f
--secu_flag off set
--cid set. CID will be changed to: 11111111
--sim_unlock. SIMLOCK will be removed
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.32.17-g788be6b3
New .modinfo section size: 204
Attempting to power cycle eMMC... OK.
Searching for mmc_blk_issue_rq symbol...
- Address: c02a2884, type: t, name: mmc_blk_issue_rq, module: N/A
Kernel map base: 0xc02a2000
Kernel memory mapped to 0x40000000
Searching for brq filter...
- Address: 0xc02a2884 + 0x34c
- ***WARNING***: Found fuzzy match for brq filter, but conditional branch isn't
. (0xea000012)
Patching and backing up partition 7...
patching secu_flag: 0
Done.
# [COLOR="Red"]exit[/COLOR]
exit
c:\miniadb_merge>[COLOR="red"]adb reboot bootloader[/COLOR]
[COLOR="Blue"]as before,you should now boot to fastboot. select bootloader with the power button. allow your upgrade to flash[/COLOR]
c:\miniadb_merge>donate to my device fund
I consider myself an "advanced" computer user, but haven't messed with a command prompt very much at all.
lol