Root [FYI] Root to Re-root, Root to Unroot, OTA to root and all that

[erisuser1]

I ran a number of trials tonight, to try and verify different recovery/rollback scenarios.

Some succeeded, some failed. See the summary, and the details if you are interested.

[SIZE=+1](No, none of this applies to leak ROMs; please don't ask.)[/SIZE]


There are only a couple of tidbits of new information here; I am providing this report mostly for informational purposes. Hopefully this will assist some in either bolstering their confidence about certain results reported elsewhere - or confirm their suspicions about others.


Summary of Results:

- Re-Root already Rooted Phone: SUCCESS
- Rollback from Root-ROM state to 1.5 using MR2 PB00IMG.ZIP: FAIL
- Manual rollback to 1.5 from Root-ROM state: SUCCESS
- OTA-2.1 Update from Manual 1.5 rollback state: SUCCESS
- Rollback to 1.5 from OTA-2.1 using MR2 PB00IMG.ZIP: FAIL
- Root phone from OTA-2.1 in "standard" fashion: SUCCESS


Conclusions:

(1)
The Root-ROM is your friend. Use it for disasters not involving the leak bootloader.

(2)
There is a report on this board somewhere that indicates that you can simply use the MR2 RUU Utility to rollback an OTA-2.1 phone to 1.5. I am suspicious of this result.

(3)
Likewise, there is no reason to believe that the MR2 RUU can be used to roll back a root-ROM to 1.5. In fact, this is a hazardous operation in the hands of a neophyte, because it results in a phone with a S-ON bootloader, and possibly no Amon_RA recovery present, either. (Fortunately, this state can be repaired with re-application of the Root-ROM)

(4)
Rooting of OTA-2.1 in the "standard" fashion is confirmed.


[SIZE=+2]Details[/SIZE]

[SIZE=+1]Before Starting: Nandroid Backup![/SIZE]



======

[SIZE=+1]Trial 1: Restore Root ROM Condition From any Rooted ROM[/SIZE]

Method: Using Root-ROM PB00IMG.ZIP on SD card root, Vol-Down+End/Power

MD5 Checksums:
- (Root-ROM) PB00IMG.ZIP 63eacc5ede3b179f95dc22d8ef585f94

Starting Conditions:
- hboot: S-OFF 1.49.2000
- radio: 2.42.00.04.12
- recovery: Amon_RA v1.62
- OS: Official_1.0_OC

Result: [SIZE=+1]Success[/SIZE]


======

[SIZE=+1]Trial 2: Restore to MR2 (1.5 v 1.17.605.1) from Rooted ROM[/SIZE]

Method: Using MR2 PB00IMG.ZIP on SD card root, Vol-Down+End/Power

MD5 Checksums:
- MR2 rom.zip (aka PB00IMG.ZIP) 9e9ad31f01bbcb05157443287f4f38dd

Starting Conditions:
- hboot: S-OFF 1.49.2000
- radio: 2.40.00.01.22
- recovery: root-ROM
- OS: root-ROM

Result: [SIZE=+1]FAILURE - After 1.47.0000 hboot is restored[/SIZE]

The failure message is the usual one: "Main Version is older!"

Note this interesting and slightly frightening result: The "update" actually starts by successfully flashing the 1.47.0000 bootloader, but then fails after the reboot - this leaves the phone in an unusual state: A S-ON bootloader, but a "rooted" engineering ROM... and without a Amon-RA recovery partition. Uh-oh...


======

[SIZE=+1]Emergency 3: Attempt to restore root-ROM from FuBar state 2[/SIZE]

Method: Using Root-ROM PB00IMG.ZIP on SD card root, Vol-Down+End/Power

MD5 Checksums:
- (Root-ROM) PB00IMG.ZIP 63eacc5ede3b179f95dc22d8ef585f94

Starting Conditions:
- hboot: S-ON 1.47.0000
- radio: 2.40.00.01.22
- recovery: root-ROM
- OS: root-ROM

Result: [SIZE=+1]Success - Whew![/SIZE]



======

[SIZE=+1]Trial 4: Manual restore to MR2 from state 3 (Root-ROM) [/SIZE]

Method: Install Amon_RA recovery; Unpack MR2 ROM PB00IMG.ZIP and manually
install using combination of adb and fastboot.
This method is NOT FOR NOOBS - that's why detailed instructions are not given.

Outline of method:
- Install Amon_RA recovery
- Unpack MR2 PB00IMG.ZIP
- push boot.img, recovery.img, system.img, and userdata.img to folder on SD
- Boot to Amon_RA, start root shell with adb shell
- mount /sdcard
- for /data and /system: mount, erase, unyaffs, unmount (Danger lurks here)
- for boot and recovery partitions, use flash_image
- unmount /sdcard, exit shell
- reboot phone to fastboot-USB state
- from PC, use fastboot to flash radio.img, and hboot_7501a_1.47.0000_091023.nb0
- reboot phone


MD5 Checksums:
- (MR2-ROM) PB00IMG.ZIP 9e9ad31f01bbcb05157443287f4f38dd
contents:

4bc51796c9353efcaeb688bfb2cf54da boot.img
38899da4e5e002e3be22900f5f4eb6f7 hboot_7501a_1.47.0000_091023.nb0
643ce1350c9157501014b5b29cb5e30d nv_1.85.nb
4420cd2760548f56f737c23528fa251d radio.img
71a4b633bdb32de9dcdd8953fef43cdc recovery.img
d3d36f3b9a12d791a79a8135ced07c8f system.img
e0f6d36dfe808e00e3a5794158ec1a8c userdata.img


Starting Conditions:
- hboot: S-OFF 1.49.2000
- radio: 2.40.00.01.22
- recovery: root-ROM
- OS: root-ROM

Result: [SIZE=+1]Success [/SIZE]


Note: This creates an unconfigured MR2 phone, aka 1.5 v1.17.605.1
Booted phone. Got Waving Androids with short audio clip
Goes to "White HTC logo on Black Background with moving highlights". Wait.
No service on black background
Sense Starts up
Unlock Screen
HTC Logo still showing - wait.
"Select your language" shows up - and almost immediately, "System Update Available" in the status bar.

Note: Through all of this, the phone does not need Activation, but only Setup.

Settings->About phone->System updates (accept)
Wait for download - 77 MB
Wait for verify - 77 MB
Accept Install (reboot happens)
Wait for image of open box w/yellow arrow and phone, watch yellow progress bar crawl across screen
When the yellow bar gets to just above the "Back" softkey, it seems to hang - for several minutes!. Leave phone alone, this is normal!
After this step completes, phone goes black, and for a short period of time, a new graphic shows up - a different "open box with a yellow arrow".
Then the phone reboots again, and yet a third update graphic shows up (phone lying down with a green circle/arrows above it - kind of looks like a "recycling" symbol) - briefly.

Finally, the skating androids re-appear, followed by an HTC graphic, followed by Verizon animated splash, followed by Verizon wireless (static) image.

For grins, I did a factory reset at this point



======

[SIZE=+1]Trial 5: Attempt restore to MR2 from OTA-2.1[/SIZE]

Method: Using MR2 PB00IMG.ZIP on SD card root, Vol-Down+End/Power


MD5 Checksums:
- (MR2-ROM) PB00IMG.ZIP 9e9ad31f01bbcb05157443287f4f38dd


Starting Conditions:
- hboot: S-ON 1.47.0000
- radio: 2.42.00.04.12
- recovery: OTA-2.1
- OS: OTA-2.1

Result: [SIZE=+1]FAIL! "Main Version is Older"[/SIZE]

Note that this result is slightly different than before where we saw this failure: this time, the version check causes a fail BEFORE the bootloader is installed.

In a way, that's better; nothing was touched. Let's check something else


======

[SIZE=+1]Trial 7: Attempt to root OTA-2.1 with "standard" method[/SIZE]

Method: Using Root PB00IMG.ZIP on SD card root, Vol-Down+End/Power


MD5 Checksums:
- (Root-ROM) PB00IMG.ZIP 63eacc5ede3b179f95dc22d8ef585f94


Starting Conditions:
- hboot: S-ON 1.47.0000
- radio: 2.42.00.04.12
- recovery: OTA-2.1
- OS: OTA-2.1

Result: [SIZE=+1]SUCCESS![/SIZE]

 

[BlazeD OnE]

(2)
There is a report on this board somewhere that indicates that you can simply use the MR2 RUU Utility to rollback an OTA-2.1 phone to 1.5. I am suspicious of this result. [SIZE=+1][/SIZE]

I know nothing of root, although I have all files downloaded and am trying to read up on as much as I can before jumping ship..
I do know however that, I was manual 2.1 OTA, and was able to go back to 1.5 using MR2 RUU utility

 

[cloudedice]

Thanks for showing all the permutations erisuser1!

I know nothing of root, although I have all files downloaded and am trying to read up on as much as I can before jumping ship..
I do know however that, I was manual 2.1 OTA, and was able to go back to 1.5 using MR2 RUU utility

I found these two threads to be the most helpful:

• Visual Example: The PB00IMG.ZIP update method
• GUIDE: From stock 1.5 to the latest root 2.1

I installed Ivan's 1.0 Official Eris ROM, but feel free to use whatever sounds interesting.

 

[BlazeD OnE]

quick question for whoever can answer, thanks in advance,
What is the benefits of doing the "battery pull method"
I have all my files downloaded ready to root, I think I will be fine,
but if for whatever I want to go back to 1.5, for warranty purposes,
will I be able to go back to 100% stock 1.5?? or is that the benefit of doing battery pull?
or can I go back 100% stock 1.5 without doing battery pull, that is what amon's recovery is?, sorry about the pure-noobiness. I'm trying to learn!

 

[thenestor]

I think the RUU downgrade from OTA 2.1 is only possible if you still have hboot 1.46 instead of 1.47. In other words, you can only do it once.

 

[erisuser1]

I know nothing of root, although I have all files downloaded and am trying to read up on as much as I can before jumping ship..
I do know however that, I was manual 2.1 OTA, and was able to go back to 1.5 using MR2 RUU utility

Hmmm, interesting. There is a difference between the two methods, as the PB00IMG.ZIP method uses HBOOT mode of the bootloader, and the RUU uses RUU mode of the bootloader ( started with "adb reboot oem-78" ).

I was under the impression that the RUU utility on the PC does not have any special privileges from the phone's point of view, so whatever security checks (on the phone) you need to jump doing things manually, also need to be cleared by the RUU utility. Thanks for pointing this out.

quick question for whoever can answer, thanks in advance,
What is the benefits of doing the "battery pull method"
I have all my files downloaded ready to root, I think I will be fine,
but if for whatever I want to go back to 1.5, for warranty purposes,
will I be able to go back to 100% stock 1.5?? or is that the benefit of doing battery pull?
or can I go back 100% stock 1.5 without doing battery pull, that is what amon's recovery is?, sorry about the pure-noobiness. I'm trying to learn!

There are only two advantages - it's faster, since you don't have to wait for the flashing of the other bits that you are not going to use, and you can make a Nandroid backup of your 1.5 configuration, since it doesn't overwrite what is in /system and /data. It does not give you same thing as a full "restore to factory" capability, because you will be changing the bootloader and recovery partitions, which Nandroid backup/restore doesn't touch.

Having said that, I will point out that I didn't use it in any of the above trials, so you bringing it up is jacking my thread

eu1

 

[erisuser1]

I think the RUU downgrade from OTA 2.1 is only possible if you still have hboot 1.46 instead of 1.47. In other words, you can only do it once.

That sounds quite plausible. Way back when (January), I used the MR1 3 times to roll back from 1.17.605.1 -> 1.16.605.1 ... and then "suddenly" it stopped working. Turns out that was just sloppiness on my part: it continued to work, so long as I only used the (mid-December) OTA update to go forward from 1.16.605.1 -> 1.17.605.1.

The OTA didn't flash a new bootloader, but the MR2 certainly did; as soon as I used MR2, the MR1 no longer worked.


BlazeD OnE,

Tell us a little history of your phone: how long ago did you buy it, and prior to the OTA-2.1, had you only done OTA updates (no RUU or PB00IMG.ZIP-style updating)?

 

[BlazeD OnE]

Hmmm, interesting. There is a difference between the two methods, as the PB00IMG.ZIP method uses HBOOT mode of the bootloader, and the RUU uses RUU mode of the bootloader ( started with "adb reboot oem-78" ).

I was under the impression that the RUU utility on the PC does not have any special privileges from the phone's point of view, so whatever security checks (on the phone) you need to jump doing things manually, also need to be cleared by the RUU utility. Thanks for pointing this out.




There are only two advantages - it's faster, since you don't have to wait for the flashing of the other bits that you are not going to use, and you can make a Nandroid backup of your 1.5 configuration, since it doesn't overwrite what is in /system and /data. It does not give you same thing as a full "restore to factory" capability, because you will be changing the bootloader and recovery partitions, which Nandroid backup/restore doesn't touch.

Having said that, I will point out that I didn't use it in any of the above trials, so you bringing it up is jacking my thread

eu1

Sorry for "jacking" your thread. I guess I'm confused. I didn't mean to offend you just throwing in my experience. I am running HBOOT 1.47 and have gone from OTA 2.1 back to 1.5 multiple times.
anyway though, so can you help to explain the nandroid backup to me I am trying to read as much info as I can before I do root, and I am confused about this. Also, If I was to do the battery bull method, is this the way to be able to go back to "factory restore"
Thanks

 

[BlazeD OnE]

That sounds quite plausible. Way back when (January), I used the MR1 3 times to roll back from 1.17.605.1 -> 1.16.605.1 ... and then "suddenly" it stopped working. Turns out that was just sloppiness on my part: it continued to work, so long as I only used the (mid-December) OTA update to go forward from 1.16.605.1 -> 1.17.605.1.

The OTA didn't flash a new bootloader, but the MR2 certainly did; as soon as I used MR2, the MR1 no longer worked.


BlazeD OnE,

Tell us a little history of your phone: how long ago did you buy it, and prior to the OTA-2.1, had you only done OTA updates (no RUU or PB00IMG.ZIP-style updating)?

My phone is a "like new replacement", I received about two weeks before OTA 2.1 officially started rolling out. The phone came with 1.5 obvi.. I manually did the update to OTA 2.1. When word came out you can go back down to 1.5, I gave it a try worked perfect(as soon as I got back down I got the OTA msg notification on phone). I now keep the files saved on my computer(for 1.5 downgrade), and I've upgraded to OTA 2.1 through the phone OTA, and then back down to 1.5 again at least 4 times comparing things. I want to root, but I've had such crappy experience with 2.1 and so great on 1.5, I'm afraid I will root, and then want to go back down to 1.5 again.

 

[erisuser1]

Sorry for "jacking" your thread. I guess I'm confused. I didn't mean to offend you just throwing in my experience.

No offense was taken, I just wanted to make sure that anyone reading my OP didn't think that I had taken some shortcuts (so that my phone might act differently than theirs).

I am running HBOOT 1.47 and have gone from OTA 2.1 back to 1.5 multiple times.

That's very interesting info - especially the part about doing it multiple times. Did you use the RUU on your PC? Seems like there's more going on here than meets the eye. Off the top of my head, the only thing I can think of for sure is that all of the PB00IMG.ZIP methods fool around with NVRAM, where as far as I know, none of the OTA installs do that. Maybe your phone still allows MR2 to work because it hasn't had it's NVRAM flashed to the 2.1 NVRAM file, since you've never used a 2.1 PB00IMG.ZIP update method. (That might also explain why rolling back from OTA-2.1 to 1.5 with the MR2 PB00IMG.ZIP file won't work on my phone - it has been through many, many PB00IMG.ZIP - type installs)

Anyway though, so can you help to explain the nandroid backup to me I am trying to read as much info as I can before I do root, and I am confused about this. Also, If I was to do the battery bull method, is this the way to be able to go back to "factory restore"
Thanks

Could you ask that question in a different thread? I'll respond to it there. ( Please make the title be descriptive of the topic, instead of something like "Question for eu1?" )

My phone is a "like new replacement", I received about two weeks before OTA 2.1 officially started rolling out. The phone came with 1.5 obvi.. I manually did the update to OTA 2.1. When word came out you can go back down to 1.5, I gave it a try worked perfect(as soon as I got back down I got the OTA msg notification on phone). I now keep the files saved on my computer(for 1.5 downgrade), and I've upgraded to OTA 2.1 through the phone OTA, and then back down to 1.5 again at least 4 times comparing things.

Thanks for the further elaboration; consistent with what you said above.

I want to root, but I've had such crappy experience with 2.1 and so great on 1.5, I'm afraid I will root, and then want to go back down to 1.5 again.

I won't ask what you didn't like about 2.1 (did you do a FR after you did the OTA?), but I will say that a careful upgrade process (battery pull) will allow you to restore (a Nandroid backup) to using a 1.5 O/S, configured just as you left it. With a little bit of magic (Linux command line stuff), you could even fix it up so that it would never nag you to do an OTA, too.

eu1

 

[BlazeD OnE]

Thanks eu1!,
Yes I use the RUU method.