Since there is significant risk to your phone with this bootloader unlock method, which I might remind you is unofficial, neither Rootzwiki, jcase or myself can be held responsible for any damage done to your phone. Also, the bootloader unlock is irreversible - you will not be able to re-lock it. You do this at your own risk, so I recommend you adhere exactly to the following instructions:
- Download the Android SDK if you haven't already done so (you'll see the Windows installer and the archives for MacOS and Linux when you click "Download for Other Platforms" and scroll down to the "SDK Tools Only" section).
- Download backup.ab and DNA_TeamAndIRC.zip
- backup.ab (mirrors)
- DNA_TeamAndIRC.zip (mirrors)
- backup.ab (mirrors)
- Make sure you have at least 1 GB of free space on your phone.
- Unzip DNA_TeamAndIRC.zip.Put runme.sh, CIDGen.apk and backup.ab in the android-sdk/platform-tools/ directory (where your adb application resides). Read the README.txt before continuing!
- Open a command prompt in your android-sdk/platform-tools/ directory and type adb install CIDGen.apk
- Run the CIDGen app from your phone and follow the directions on the app, then please ensure the /sdcard/CIDBLOCK.img file exists on your phone.
- Type adb shell ls -l /sdcard/CIDBLOCK.img
- If CIDBLOCK.img does not exist after running the app, do NOT proceed.
- If it exists, continue with these commands:
- adb push runme.sh /data/local/tmp/
- adb shell chmod 755 /data/local/tmp/runme.sh
- adb shell /data/local/tmp/runme.sh
(this process will loop forever and give out lots of No such file or link failed errors, leave it running for now)
- adb push runme.sh /data/local/tmp/
- In a second terminal/command prompt we will use adb to restore our modified backup, after running this command the phone will ask for your permission to restore the file, allow it.
- Type adb restore backup.ab in your second terminal/command prompt window. After the restore is done you will need to stop the runme.sh script in the first terminal (use control + c or just close the window).
- PAST HERE IS THE POINT OF NO RETURN, do not continue if you will not be able to follow the instructions 100%. Rebooting or powering down the phone at the wrong time will brick your phone. Ensure your phone has at least 50% battery life remaining before continuing.
- Type the following commands:
- adb shell rm /data/data/com.htc.usage/files/exploit/*
- adb shell mv /data/DxDrm /data/DxDrm_org
- adb shell mkdir /data/DxDrm
- adb shell ln -s /dev/block/mmcblk0p5 /data/DxDrm/DxSecureDB
- adb reboot
(wait for it to reboot) - adb wait-for-device
- adb shell rm /data/data/com.htc.usage/files/exploit/*
- Now we repeat the first exploit:
- adb shell /data/local/tmp/runme.sh
(this process will loop forever and give out lots of No such file or link failed errors, leave it running for now)
- adb shell /data/local/tmp/runme.sh
- In a second terminal/command prompt we will use adb to restore our modified backup, after running this command the phone will ask for your permission to restore the file, allow it.
- Type adb restore backup.ab in your second terminal/command prompt window. After the restore is done you will need to stop the runme.sh script in the first terminal (use control + c or just close the window).
- Type the following commands:
- adb shell mv /data/DxDrm /data/DxDrm_trash
- adb shell dd if=/sdcard/CIDBLOCK.img of=/dev/block/mmcblk0p5
- adb reboot
- adb shell mv /data/DxDrm /data/DxDrm_trash
If you would like to further support developments of roots, and unlocks, donations for test devices, (& brick replacements) can be made to jcase here (https://www.paypal.c...d=U3JKACE7SN7RC).
Credits:
- Original development: jcase
- Awesome saver of the day: Sean Beaupre (http://forum.xda-dev...er.php?u=711482)
- Crash test dummy: dsb9938 (I bricked his phone making this!)
- Artem and all @AndroidPolice for putting up with my nonsense.
