UPDATE (July 29, 2011):
S-OFF Exploit has been released!
The exploit is called 'Revolutionary,' and it is packaged by the unrevoked and AlphaRevX teams. Here is the official page for the exploit: Revolutionary
Here's a rundown of what you need to do:
0) read the revolutionary documentation page here:
public:revolutionary [RootWiki]
1) you need to have USB debugging enabled on the phone: Settings > Applications > Development > USB debugging (check the checkbox)
2) you need to make sure you have the fastboot drivers installed for your phone. The revolutionary site links to it on their documentation page.
3) download revolutionary and extract everything in the .zip file into a temp folder anywhere you want. Plug in your phone to the PC via the usb cable. Note that the revolutionary website brings you to a page where you can generate a beta key. You'll use this a bit later.
4) make sure windows isn't complaining about drivers at this point. If so, you need to resolve that before moving on.
5) run the revolutionary executable file. A DOS window will appear. It will auto-detect your phone's serial number. Go back to the beta key generation form on the revolutionary website and generate your key using that serial number (without space characters). Enter in your generated key into the prompt in the revolutionary DOS window.
6) sit back and watch the phone load up HBOOT a few times. On the 3rd time, you will have S-OFF. On the fourth and final time, it will be bannered with a magenta Revolutionary label.
7) say yes to download and flash clockworkmod recovery.
Note: some people (including myself) had an issue where clockworkmod was not flashed. Others are reporting no issues at all; they have clockworkmod. If you don't have a recovery image after running Revolutionary, you will need to manually flash one. See this thread for a detailed guide on how to do this:
http://androidforums.com/evo-3d-all...nually-flash-recovery-image-via-fastboot.html
8) at this point, the Revolutionary tool will complete and close. For the final step in the rooting process, you need to flash the superuser binary .zip file with your new recovery image. The .zip file can be downloaded on the Revolutionary documentation page. This .zip file adds superuser to your existing ROM. All of your apps and data will be preserved.
Congrats, you are now fully rooted! Might want to go into recovery and do a NANDroid backup!
And remember, now that you are rooted, do NOT accept any more OTA updates from HTC! You'll be getting updates by manually flashing a rooted version of the OTA ROM. Accepting an OTA while rooted may cause you to loose root, or worst case, brick your phone.
If you are concerned about accidentally accepting an OTA, there's a way to disable the notifications: Settings > System Updates > HTC software update > Scheduled check (uncheck this box).
And now that we have full root, you may find yourself needing to boot into the bootloader (HBOOT) often. Here's how to do it for the Evo 3D:
http://androidforums.com/evo-3d-all-things-root/362270-how-boot-into-bootloader-hboot.html
If you read all this and are still scratching your head, take a look here for a good rooting vocabulary primer:
http://androidforums.com/evo-4g-all-things-root/129648-quick-intro-rooting-those-new-rooting.html
More to come...
Historical information:
S-OFF Exploit has been released!
The exploit is called 'Revolutionary,' and it is packaged by the unrevoked and AlphaRevX teams. Here is the official page for the exploit: Revolutionary
Here's a rundown of what you need to do:
0) read the revolutionary documentation page here:
public:revolutionary [RootWiki]
1) you need to have USB debugging enabled on the phone: Settings > Applications > Development > USB debugging (check the checkbox)
2) you need to make sure you have the fastboot drivers installed for your phone. The revolutionary site links to it on their documentation page.
3) download revolutionary and extract everything in the .zip file into a temp folder anywhere you want. Plug in your phone to the PC via the usb cable. Note that the revolutionary website brings you to a page where you can generate a beta key. You'll use this a bit later.
4) make sure windows isn't complaining about drivers at this point. If so, you need to resolve that before moving on.
5) run the revolutionary executable file. A DOS window will appear. It will auto-detect your phone's serial number. Go back to the beta key generation form on the revolutionary website and generate your key using that serial number (without space characters). Enter in your generated key into the prompt in the revolutionary DOS window.
6) sit back and watch the phone load up HBOOT a few times. On the 3rd time, you will have S-OFF. On the fourth and final time, it will be bannered with a magenta Revolutionary label.
7) say yes to download and flash clockworkmod recovery.
Note: some people (including myself) had an issue where clockworkmod was not flashed. Others are reporting no issues at all; they have clockworkmod. If you don't have a recovery image after running Revolutionary, you will need to manually flash one. See this thread for a detailed guide on how to do this:
http://androidforums.com/evo-3d-all...nually-flash-recovery-image-via-fastboot.html
8) at this point, the Revolutionary tool will complete and close. For the final step in the rooting process, you need to flash the superuser binary .zip file with your new recovery image. The .zip file can be downloaded on the Revolutionary documentation page. This .zip file adds superuser to your existing ROM. All of your apps and data will be preserved.
Congrats, you are now fully rooted! Might want to go into recovery and do a NANDroid backup!
And remember, now that you are rooted, do NOT accept any more OTA updates from HTC! You'll be getting updates by manually flashing a rooted version of the OTA ROM. Accepting an OTA while rooted may cause you to loose root, or worst case, brick your phone.
If you are concerned about accidentally accepting an OTA, there's a way to disable the notifications: Settings > System Updates > HTC software update > Scheduled check (uncheck this box).
And now that we have full root, you may find yourself needing to boot into the bootloader (HBOOT) often. Here's how to do it for the Evo 3D:
http://androidforums.com/evo-3d-all-things-root/362270-how-boot-into-bootloader-hboot.html
If you read all this and are still scratching your head, take a look here for a good rooting vocabulary primer:
http://androidforums.com/evo-4g-all-things-root/129648-quick-intro-rooting-those-new-rooting.html
More to come...
Historical information:
-------------------------------
UPDATE (July 19, 2011):
The Evo 3D's sister phone, the Sensation, was successfully hacked by team AlphaRevX. Here's a video showing a Sensation being given commands via USB from a desktop (not pictured), and note when S-ON changes to S-OFF, and then later, the purple watermark giving credit to AlphaRevX. This is promising news for the Evo 3D unlocking effort.
AlphaRevX - HTC Sensation (Pyramid) HBOOT 1.17.0011 S-OFF - YouTube
*edit*
Now, a screenie showing an Evo 3D with S-OFF on a SHIP HBOOT:
xda-developers - View Single Post - Sensation given S-Off by AlphaRev, Evo 3D coming soon?
Source threads:
Sensation given S-Off by AlphaRev, Evo 3D coming soon? - Page 4 - xda-developers
Root: shaking something loose [WIP] - Page 66 - xda-developers
-------------------------------
UPDATE (July 12, 2011):
Building upon the Fre3vo exploit, eugene373 over at xda has come up with a clever way to keep root somewhat persistent. He's announced the final version:
(TOOL) Perma-Temp Root Final! 100% Stable *7/12*/2011* - xda-developers
Keep in mind that this is still a temp-root; if you reboot, you lose it, but unlike before, the root is maintained as long as you don't reboot. Bootloader status remains unchanged (S-ON).
For a guide on how to apply the various temp root solutions out there, see this thread:
http://androidforums.com/evo-3d-all-things-root/373898-evo-3d-temp-rooting.html#post2942011
courtesy of wake69.
-------------------------------
UPDATE (July 10, 2011):
HTC has released an official statement via facebook about its intention on rolling out OTAs for unlocking the bootloader. See here:
https://www.facebook.com/note.php?note_id=10150305151453084
What's all the hoohaw about "locked bootloaders?" See here:
http://androidforums.com/evo-3d-all-things-root/342046-encrypted-bootloader-properly-defined.html
Still not happy with HTC's decision? Here's their contact info:
http://androidforums.com/evo-3d-all-things-root/342244-htc-petitions-change-bootloader-policy.html
-------------------------------
UPDATE (JULY 7, 2011):
All dev efforts are currently to get S-OFF (removing NAND protection). Take a look at the following thread for the latest brainstorming; this is as technical as it gets. If you're just now joining us, just follow the tail end of the thread for the latest.
Root: shaking something loose [WIP] - xda-developers
-------------------------------
UPDATE (July 1, 2011):
agrabren has released the exploit for a temp root:
[GUIDE] Fre3vo / Fre3dom Official Thread - xda-developers
Keep in mind that this root is not sticky; you lose it if you reboot. Also, NAND protection is still on (S-ON) so some root apps, including Titanium Backup, may not function correctly.
-------------------------------
UPDATE (June 30, 2011 4pm ET):
Evo 3D has been successfully temp rooted on both release and OTA versions!
Now we wait for the sticky root exploit to be made public. Stay tuned.
IRC transcript with the developer who found the exploit is here:
http://androidforums.com/evo-3d-all...dev-agrabren-describing-new-root-exploit.html
Other notable threads to follow:
[FAQ/Summary] HTC EVO 3D DEV FAQ's, Root Status, etc.
[WIP][S-OFF] Got Root?
The ROM (we have a while to go before you can flash this, but here it is):
Evo 3d Stock rooted rom
Phandroid Announcement:
HTC EVO 3D Gets Root Courtesy of Team Win
I'll clean all this up once the dust settles.
-------------------------------
UPDATE (June 30, 2011):
A hole, albeit a very unstable one has been found. It may or may not turn into a root exploit.
-------------------------------
The bootloader that came with the latest OTA (v1.40) is still cryptographically signed.
UPDATE (July 19, 2011):
The Evo 3D's sister phone, the Sensation, was successfully hacked by team AlphaRevX. Here's a video showing a Sensation being given commands via USB from a desktop (not pictured), and note when S-ON changes to S-OFF, and then later, the purple watermark giving credit to AlphaRevX. This is promising news for the Evo 3D unlocking effort.
AlphaRevX - HTC Sensation (Pyramid) HBOOT 1.17.0011 S-OFF - YouTube
*edit*
Now, a screenie showing an Evo 3D with S-OFF on a SHIP HBOOT:
xda-developers - View Single Post - Sensation given S-Off by AlphaRev, Evo 3D coming soon?
Source threads:
Sensation given S-Off by AlphaRev, Evo 3D coming soon? - Page 4 - xda-developers
Root: shaking something loose [WIP] - Page 66 - xda-developers
-------------------------------
UPDATE (July 12, 2011):
Building upon the Fre3vo exploit, eugene373 over at xda has come up with a clever way to keep root somewhat persistent. He's announced the final version:
(TOOL) Perma-Temp Root Final! 100% Stable *7/12*/2011* - xda-developers
Keep in mind that this is still a temp-root; if you reboot, you lose it, but unlike before, the root is maintained as long as you don't reboot. Bootloader status remains unchanged (S-ON).
For a guide on how to apply the various temp root solutions out there, see this thread:
http://androidforums.com/evo-3d-all-things-root/373898-evo-3d-temp-rooting.html#post2942011
courtesy of wake69.
-------------------------------
UPDATE (July 10, 2011):
HTC has released an official statement via facebook about its intention on rolling out OTAs for unlocking the bootloader. See here:
https://www.facebook.com/note.php?note_id=10150305151453084
What's all the hoohaw about "locked bootloaders?" See here:
http://androidforums.com/evo-3d-all-things-root/342046-encrypted-bootloader-properly-defined.html
Still not happy with HTC's decision? Here's their contact info:
http://androidforums.com/evo-3d-all-things-root/342244-htc-petitions-change-bootloader-policy.html
-------------------------------
UPDATE (JULY 7, 2011):
All dev efforts are currently to get S-OFF (removing NAND protection). Take a look at the following thread for the latest brainstorming; this is as technical as it gets. If you're just now joining us, just follow the tail end of the thread for the latest.
Root: shaking something loose [WIP] - xda-developers
-------------------------------
UPDATE (July 1, 2011):
agrabren has released the exploit for a temp root:
[GUIDE] Fre3vo / Fre3dom Official Thread - xda-developers
Keep in mind that this root is not sticky; you lose it if you reboot. Also, NAND protection is still on (S-ON) so some root apps, including Titanium Backup, may not function correctly.
-------------------------------
UPDATE (June 30, 2011 4pm ET):
Evo 3D has been successfully temp rooted on both release and OTA versions!
Now we wait for the sticky root exploit to be made public. Stay tuned.
IRC transcript with the developer who found the exploit is here:
http://androidforums.com/evo-3d-all...dev-agrabren-describing-new-root-exploit.html
Other notable threads to follow:
[FAQ/Summary] HTC EVO 3D DEV FAQ's, Root Status, etc.
[WIP][S-OFF] Got Root?
The ROM (we have a while to go before you can flash this, but here it is):
Evo 3d Stock rooted rom
Phandroid Announcement:
HTC EVO 3D Gets Root Courtesy of Team Win
I'll clean all this up once the dust settles.
-------------------------------
UPDATE (June 30, 2011):
A hole, albeit a very unstable one has been found. It may or may not turn into a root exploit.
-------------------------------
The bootloader that came with the latest OTA (v1.40) is still cryptographically signed.
