Root Evo 4G to Boost Mobile Guide/Evo 3D

[new optimus]

Either works

 

[kolosus]

Hiya. New Optimus. How are you. So this is where you've been spending most of your time. I just found this thread... wasn't actually looking hard... but I'm going to jump in and help out here. I see you've been doing your share time for me to do mine. Anyone got any new (or old) questions they haven't got answered ask away.

 

[new optimus]

Hiya. New Optimus. How are you. So this is where you've been spending most of your time. I just found this thread... wasn't actually looking hard... but I'm going to jump in and help out here. I see you've been doing your share time for me to do mine. Anyone got any new (or old) questions they haven't got answered ask away.

hey man, how you been.

Ya I sometimes go to the evo forum and once in a while manage to look at a few prevail posts

 

[joseph.g]

unfortunately the exploit used to root the evo 4g then has now been closed so this root method will not work. do you know what your hboot is? go to the bootloader screen. power off (make sure that fastboot is disabled, settings>apps>uncheck fastboot) then press and hold power+vol down. report back what you see on the screen.

ok i think i got this one sorted out. i used rooting guide found here on the forums and was able to root the evo. i also downgraded the radio to 2.15.00.11.19 and installed a different operating system. the phone is working fine and i think it should be ready for the switch-over so now back to the incognito.

i am now on round 4. i got everything so far but i am now stuck on...

"Continued

 

[new optimus]

Service programming is part of QPST

 

[joseph.g]

Service programming is part of QPST

what is QPST? is that something that i need to download?


edit..

i downloaded the program and was able to do what i needed...

however, i am now on ROUND 7.
in the process of zeroing out the memory locations.
i am on the 12th line of the memory location provided on the text file for 2.15.00.11.19.
as soon as i zeroed this one out the phone restarted on it's own and now i'm stuck.

the com port is now not recognized and i cannot connect using qxdm. i tried having the phone on storage mode and was able to view the sd card through windows explorer. so i know that the cable is working. but it wouldn't connect to either cdma workshop or qxdm.

help!!

 

[new optimus]

Yes reread the first post

 

[kolosus]

the com port is now not recognized and i cannot connect using qxdm. i tried having the phone on storage mode and was able to view the sd card through windows explorer. so i know that the cable is working. but it wouldn't connect to either cdma workshop or qxdm.

Use "open sesame door" method. Google is your friend.

Get the phone on a com port again and after pulling out the files use a hex editor. That's just for reference. The method will outline everything for you.

 

[joseph.g]

alright i am sooooo close i think.

i did everything the first post said and was actually able to flash my incognito into my evo 4g.

the evo can now make/receive phone calls and regular texts. the only thing that is missing is 3g (data).

i am getting error 67 no data.

how can i go around this problem?

 

[kolosus]

alright i am sooooo close i think.

You're VERY close. Extremely even!

I'm going to assume that you have an incognito donor. I'm also going to assume that you got some familiarity with the process since you already got voice working at this point. Meaning, this is not idiot proof but you should be ok.

Turn your donor on one last time and connect with CDMA ws. Read memory location 466. Save it somewhere. It'll look something like the following...

[NV Items]
[Complete items - 1]

0466 (0x01D2) - OK
00 06 73 65 63 72 65 74 00 00 00 00 00 00 00 00
00 00 10 A1 88 87 A6 02 E2 B2 86 37 F4 2E D7 6D
6C FA xx 00 00 00 00 00 00 00 00 00 00 00 00 00

Make it into
736563726574
A18887A602E2B28637F42ED76D6CFAxx
Save this somewhere too.
Once saved turn off your donor. You wont be needing it anymore. If you change donors you can just refer to the file you just saved. If you already read the file before you do not have to reread it. Just use the one you got before.

Turn on your Evo. Connect to it using QPST. Zero out the Directory # on the CDMA tab or press the Set Default button. Use this picture as reference
http://4.bp.blogspot.com/_F742kHyU-r4/TJxcofx-aWI/AAAAAAAAAE0/lNyQGREmq80/s1600/008-852.jpeg

Once that's done mosey over to the MIP tab (M.IP) and write in the information for your profile 0. Refer to this chart.

Profile0
NAI: DonorMEID@hcm.sprintpcs.com
HA Password: 736563726574 (this should stay the same regardless of donor)
AAA Password: A18887A602E2B28637F42ED76D6CFAxx (edit this according to YOUR donor)
Home address: 0.0.0.0
Primary HA address: 68.28.15.12
Secondary HA address: 68.28.31.12
SPI: 4D2
SPI: 4D2

Leave profile 1 alone. Set Active User to 0. Write to phone.

The phone will reboot. When it comes up it'll go into OTA activation. Let it. Sit. Wait. Do not interrupt. When your phone gets activated click on OK to proceed to the next step. Your PRL will be updated. This one usually takes a bit longer, wait. Next will come the firmware update. You can cancel that.

If the phone reboots, let it. If it doesn't, do it manually. Spread the love. :smokingsomb:

If you do not have an incognito donor then you might have to take a slightly different approach to reading 466. Let me know and I'll help you out on that. After reading 466 the rest of the steps are the same. May the Force be with you!

 

[new optimus]

I have never had luck with my evo of just writing profile 0 and letting it update I have always needed to get the current profile 1 AAA key from the donor and write it to the evo

 

[new optimus]

To get the incognito profile 1 data you will use QXDM and use this part of the guide

Continued…
Close Service Programming and open up QXDM. In the command input windows type. Password 01f2030f5f678ff9 hit enter. Requestnvitemread ds_mip_ss_user_prof 1 . This will find your Ha Shared and AAA Passwords for profile 1.

And for the first part you do need to type Password as well as the numbers and letters.

 

[kolosus]

I have never had luck with my evo of just writing profile 0 and letting it update I have always needed to get the current profile 1 AAA key from the donor and write it to the evo

In my experience writing profile 1 gives more error 16s and sometimes doesn't work outright. As long as you have a VALID profile 0 you should not have trouble doing the OTA.

I have noticed that doing a ##786# reset after writing the new meid and before over writing profile 0 does seem to give better results. Obviously YMMV in this case.

PS: Incorporate the reset into the above instructions.

 

[new optimus]

In my experience writing profile 1 gives more error 16s and sometimes doesn't work outright. As long as you have a VALID profile 0 you should not have trouble doing the OTA.

I have noticed that doing a ##786# reset after writing the new meid and before over writing profile 0 does seem to give better results. Obviously YMMV in this case.

PS: Incorporate the reset into the above instructions.

I dont know why, maybe the hardware version phone I have, (my spare can update with fewer problems) but It wont update profile, or activate I have tried several times and with a few different ways of getting there.
My spare has been successful with both profile updates and activation but not every time.

 

[jivenene]

Big picture Question here:

I have a Evo 3D that I want to use on my current Mobi PCS (local HI Sprint reseller) account to replace my EVO 4G. Do I use the same technique as described in the 1st post but use my EVO 4G as a donor phone?

The process seems so long, but if I bring it into the cell phone store (not corporate Mobi PCS store like in the mall, but an independent re-seller), it only takes him 5-10 mins to do it. What is he doing that makes it so fast?

 

[new optimus]

Big picture Question here:

I have a Evo 3D that I want to use on my current Mobi PCS (local HI Sprint reseller) account to replace my EVO 4G. Do I use the same technique as described in the 1st post but use my EVO 4G as a donor phone?

The process seems so long, but if I bring it into the cell phone store (not corporate Mobi PCS store like in the mall, but an independent re-seller), it only takes him 5-10 mins to do it. What is he doing that makes it so fast?

Most likely he bought the new version of cdma ws using that it only takes one step for me to get all info from the donor then write it to the evo and it can change the Meid as well

 

[MsL]

The cheapest phone I can find in my area to purchase as a donor phone is the Rumor Reflex. Can that be used to root from sprint to boost?

 

[new optimus]

I have heard yes but i had no luck doing it. Could not get the nv unlocked

 

[kolosus]

Big picture Question here:

I have a Evo 3D that I want to use on my current Mobi PCS (local HI Sprint reseller) account to replace my EVO 4G. Do I use the same technique as described in the 1st post but use my EVO 4G as a donor phone?

What New Optimus said is correct. But if you want to use the 3d as your new phone do not need to used the 4g as the donor... use your original donor. For extra points reset the meid of the 4g to what's under the battery and put it up on ebay!

 

[kolosus]

The cheapest phone I can find in my area to purchase as a donor phone is the Rumor Reflex. Can that be used to root from sprint to boost?

From what I've read you need a program called LGNPST to play around with LG phones. I've personally stayed away from LG phones. The cheapest donor currently is the Prevail that I'm aware of. That's my donor.

 

[new optimus]

What New Optimus said is correct. But if you want to use the 3d as your new phone do not need to used the 4g as the donor... use your original donor. For extra points reset the meid of the 4g to what's under the battery and put it up on ebay!

your evo 4g would probably be the easier donor to pull the info from, I do not know what the original phone was but I can tell you the evo info is easy to pull.
kolosus his 4g was water damaged several things, like mic, wifi (i think) and bluetooth do not work, but it still makes calls and gets 3g data.

From what I've read you need a program called LGNPST to play around with LG phones. I've personally stayed away from LG phones. The cheapest donor currently is the Prevail that I'm aware of. That's my donor.

I have LGNPST my first android was an Optimus M
That program is very simple to use if you have what you need, the problem I had with the rumor reflex was finding the correct dll to allow it to be recognized, my understanding is with that you can then use LGNPST to unlock and read the nv

 

[jivenene]

your evo 4g would probably be the easier donor to pull the info from, I do not know what the original phone was but I can tell you the evo info is easy to pull.
kolosus his 4g was water damaged several things, like mic, wifi (i think) and bluetooth do not work, but it still makes calls and gets 3g data.

That is correct, it boots and works but some hardware is screwed, so the phone is unusable.

I want to point out there was no donor phone when I activated my new Mobi PCS account. The phone was not activated when I bought it off eBay, and I took it to the cell shop to have the guy "flash" it to Mobi. The MEID HEX matches on the label and in the settings->About Phone on the old EVO 4G that I am replacing, so there is no original "donor phone". He opened up my account at Mobi PCS with this EVO 4G.

 

[MsL]

your evo 4g would probably be the easier donor to pull the info from, I do not know what the original phone was but I can tell you the evo info is easy to pull.
kolosus his 4g was water damaged several things, like mic, wifi (i think) and bluetooth do not work, but it still makes calls and gets 3g data.


I have LGNPST my first android was an Optimus M
That program is very simple to use if you have what you need, the problem I had with the rumor reflex was finding the correct dll to allow it to be recognized, my understanding is with that you can then use LGNPST to unlock and read the nv

@new optimus Can you tell me the steps needed with using LGNPST and the dll for the rumor. Would this step be before installing the drivers for the rumor or is this to get the drivers for the rumor?

 

[kolosus]

Ah. I see this is an old issue that New Optimus in familiar with and I'm not. He's correct.

After you meid match the two devices you can pull four files using efs explorer. The files you have to pull are on the evo. They are 465, 466. 465_1 and 466_1. Those are your profile 0 user, profile 0 passwords, profile 1 user and profile 1 passwords, respectively.

As mentioned before, pull them off the evo using efs explorer, and open up your new phone (the 3d) using the same efs explorer and replace the ones there with the ones from your evo.

After meid matching this will match your profile 0 and 1 too. You should be set. You might also want to pull nam1 and nam2 off the evo and write it to the 3d.

BTW: On a side note. My wife has a 3d. I have a Design. The work on the 4g surpasses both those phones. Even now the dev behind the 4g puts the other phones to shame! I'm seriously thinking about ditching my Design and going back to the 4g.

 

[jivenene]

Ah. I see this is an old issue that New Optimus in familiar with and I'm not. He's correct.

After you meid match the two devices you can pull four files using efs explorer. The files you have to pull are on the evo. They are 465, 466. 465_1 and 466_1. Those are your profile 0 user, profil 1 user, profile 0 passwords and profile 1 passwords, respectively.

As mentioned before, pull them off the evo using efs explorer, and open up your new phone (the 3d) using the same efs explorer and replace the ones there with the ones from your evo.

After meid matching this will match your profile 0 and 1 too. You should be set. You might also want to pull nam1 and nam2 off the evo and write it to the 3d.

BTW: On a side note. My wife has a 3d. I have a Design. The work on the 4g surpasses both those phones. Even now the dev behind the 4g puts the other phones to shame! I'm seriously thinking about ditching my Design and going back to the 4g.

Awesome if it is that easy (wait, did i just jinx myself?)!
Do I have to SPC/MSL unlock the new EVO 3D from Sprint?
Also, I also got off eBay and seller said "Bad ESN".

thanks!

Oh yeah, totally would have stayed with my EVO 4G, if I had not thrown it in the washing machine and broken it!!!