This one is sure to make plenty of people happy: it looks like there's finally a root method for the latest EVO OTA. The method was discovered by XDA-Devs user Dan Wager and is based on Sebastian Krahmer's Droid 2 root - although this seems to achieve root by downgrading to Android 2.1 and flashing unrevoked. Just like the Droid 2 root, the method is new and thus still pretty complex:
Make sure your phone is unplugged from your computer until I tell you to plug it in!
If you already have the Android SDK and HTC Sync set up on your computer, skip to Step 4 nowStep 1: Download the Android SDK here
Step 2: Extract the Android SDK zip. Move the contents of the extracted zip to C:
Your Android tools folder path should now be C:android-sdk-windowstoolsStep 3: Download HTC Sync 2.0.40 here
Run the installer. Move on once installed. If reboot is required, do so and then move on.Download my evo-root.zip.
It contains a few files necessary to root the EVO.
Unzip the contents of the zip to your android sdk tools folder.Download the unrevoked-forever.zip
Place this zip in your tools folder as well, as a zip, not extracted.Download this PC36IMG.zip (This is the same as running an RUU, so it will delete all of your user data when we use it later in the guide, so backup everything you want to save on your phone first)
Put this zip in your sdk tools folder as well, as a zip, not extracted.
After unzipping the contents of evo-root.zip to your android sdk tools folder and placing the PC36IMG.zip and unrevoked-forever.zip in the folder, move on.
Step 4: Make sure USB Debugging is ON (checked) on your EVO. Go to Settings > Applications > Development > and make sure it is checked.
Step 5: Plug your phone into the computer via USB, Make sure that the connection type in the Notification Pull-Down Bar is "Charge Only", not "Disk Drive" or else this won't work.
If your computer asks you to restart after the new drivers were installed, do that now.Once ready, type these commands in cmd prompt from your adb tools directory.
Code:
adb push unrevoked-forever.zip /sdcard/ adb push flash_image /data/local/ adb push rageagainstthecage-arm5.bin /data/local/tmp/ adb push mtd-eng.img /sdcard/ adb push PC36IMG.zip /sdcard/now we chmod a few things
Code:
adb shell chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin chmod 0755 /data/local/flash_imageOk now for the root shell.
On your phone, go to Settings > Wireless & Networks
After you do these next 2 commands, start toggling Airplane Mode over and over until you acheive the desired results mention in a few steps.
(still in adb shell)
Code:
cd /data/local/tmpCode:
./rageagainstthecage-arm5.bin(This is where you start toggling airplane mode)
You will now see some text on your cmd prompt screen explaining the exploit.
Wait for the adb shell to go away, and it will dump you into your windows command prompt again (no shell) should look something like this:
C:android-sdk-windowstools>
If it dumps you to a $ instead, repeat those 2 commands again, toggling airplane mode again.
Once that dumps you out of the shell, type
Code:
adb shelland you will see you now have a
Code:
#instead of
Code:
$now type
Code:
cd /data/local ./flash_image misc /sdcard/mtd-eng.imgthat will flash your misc partition with Toast's mtd-eng.img.
after that, you need to type
Code:
reboot bootloaderRemember how you pushed that huge PC36IMG.zip to your sdcard earlier? This is where that comes in handy. Once you booted into hboot, Select "bootloader" with your volume up/down buttons and hit the power button. Let it sit for a little bit while it loads the PC36IMG.zip. This can take up to 5 minutes. When it finally asks if you want to apply this zip, choose YES. (Remember, this is the same as running an RUU, so it will delete all of your user data).
Once it is finished, select restart. You now are on the stock 2.1 build of Android.
Next step, mount your sdcard on your computer, and delete the PC36IMG.zip from it. This is because the next step requires using hboot, and you don't want to sit and wait while it loads up again, just for you to say "no" to the install. Please follow this step, for it saves 5-10 minutes of waiting ahead.
I worked extensively with Matt Mastracci, so this rooting guide will use the unrevoked method to root 2.1. This is what worked for me testing on my brother's EVO, so if you do end up trying something else to root 2.1 with, PLEASE do not post it here or ask questions, for I will only support the unrevoked team.
Now open up your web browser on your computer and navigate to http://www.unrevoked.com
Click on the little EVO picture, and then on unrevoked3. Go here for more info on unrevoked3.
Choose the correct operating system to download for. Once downloaded, run the program on your computer. Make sure your EVO is plugged in with USB DEBUGGING ON! Do not touch your phone while this process is going. It will reboot to the bootloader, and pause for a little while and then do some reboots.
As soon as it is booted into recovery, you are done with that.
Next in recovery go to
Code:
Flash zip from sdcardand choose the
Code:
unrevoked-forever.zipThis will flash the unrevoked forever hboot unlock. You are now completely rooted. You can now reboot to recovery and flash a custom rom, or reboot into the rom and accept the OTA update. Even if you accept the OTA update, you will still have the s-off flag from unrevoked forever, so you can flash a custom recovery from the bootloader using
Code:
fastboot flash recovery /sdcard/recovery.imgassuming that you are booted in the bootloader and have the recovery image on your sdcard as recovery.img.
I am sorry if this is a little confusing, but I had to get this out tonight. I will update this as best as I can tomorrow. Thanks again for all of your patience tonight!
Dan Wager
[Update] Important step mentioned by a commenter (and unrevoked): make sure you uninstall HTC Sync before running unrevoked.
Yea, it's a doozy - probably not something a novice rooter wants to try. A much simpler method should be coming soon though, as a lot of the commands can probably be automated with a relatively basic batch file.
The source files and original post can be found at the source link below. If anyone takes the dive, be sure to let us know how it goes in the comments below.
[Source: XDA-Devs]
46,128
32,812
21,533
1,988
Loading ...
![gingerbread_man[8]](http://cdn.androidpolice.com/wp-content/uploads/2012/01/gingerbread_man8_thumb.gif "gingerbread_man[8]"){kind=small}
49 Comments
Nice. Very nice
Yea, I know a lot of people have been waiting on this. Not the cleanest solution, but anything is better than nothing.
Thanks for the walk-thru! Worked like a champ. Only suggestion: I had to uninstall HTC Sync before getting Unrevoked to run correctly (as the unrevoked FAQs mentioned). You might update your guide to include the HTC Sync uninstall before launching Unrevoked. Thanks for your work and posting the guide!
Thanks, added it in! Glad it worked out for you.
Had to uninstall HTC Sync myself but got it rooted.
So... just to be sure... I can run the OTA update and I will still have clockwork mod/nandroid? This is the only reason I need to have root--so I can do backups via the Power/Vol + bootup combination.
Hmmm... so I guess I no longer have the Power/Vol + option. When I do so it vibrates and nothing happens, even when just pressing POWER, until I take out the battery and just boot back into the OS.
Status: OTA Update not yet installed. Right after root instructions specified in article.
I think that once you're rooted, you're basically never supposed to do OTA's. Doing so unroots you, AFAIK.
I would install the rooted OTA Froyo ROM that can be found on the forums at XDA-Devs.
I installed the rooted HTC Froyo ROM from the XDA-Devs. Love it. All the HTC Sense widgets I like, none of the bloatware I don't! (used Titanium Backups to uninstall Sprint Football, etc).
@SanityKills : If you want to boot into recovery to run a backup, use the Vol - key with power on, not the Vol + key. Hope that helps!
I'm sorry, I'm new to this. Where it says "Once ready, type these commands in cmd prompt from your adb tools directory," I don't know where cmd is. Could you help me?
In Windows 7 or XP go to START > RUN (or start menu search windows of Windows 7) and type CMD then hit your ENTER key. It's also known as a DOS command/prompt in the Windows start menu.
Once you have the black window open, type this exactly with the exception of adding a back slash between the * and the t in andr*tools (the comment form removes it):
cd
cd andr*tools
Then proceed.
I want to do this, but I'm a doofus and I know I'll end up bricking my EVO. I'll wait for a less complicated root to hit the interwebz.
I am totally with you there!
It's a pretty complicated method. I'd agree that if you're not used to this sort of thing, it's probably better to wait. I don't think it will be too much longer anyway
everytime i try to run the unrevoked program it says it cant finf the image for android 1.0. i did everything you said an keep getting the same error
Hmm... not sure what that could be. I'd suggest taking the question to the thread in the source link and posting there. Sorry I couldn't help!
Ok...newbie here.....old school Oki 900 guy here....
Now, I have the official Sprint OTA .6 froyo .... if i go through with the above-mentioned procedure, it will basically get me back to Android 2.1, allow me to use unrevoked 3 and unrevoked forever, and then allow me to get the froyo from xda that has been modified to be downloaded to a unrevoked 3 / forever modified phone?
I'm I looking at this correct?
Yup, that's exactly correct.
thanks.
now, after its done, will I still have root access...?
Yep, if you flash the rooted ROM you'll keep root.
Okay. I'm about to root as deacribed above.....but I'm in a 3G area, and it may be stopping the download of the pc36img.zip. my save file screen on opera, etc claim the zip is over 167megabytes!
A friend of mine who used unrevoked for ever and unrevoked 3 claims its not supposed to be that big.
Help. Lol.
Thanks.
Yea, it can be pretty big. I think that's about th right size, but I can't check right now. I'd give it a shot, but if you want to wait I'll check once I get home tonight.
Can all of this be done on a Windows vista computer?
Sure can, so long as you install all the drivers listed in the post.
I did everything correctly, but after my phone read pc zip, it didn't ask me yes or no. It's now just sitting with hoot highlighted in blue and fastboot highlighted in blue. No restart option.
Also after I rebooted I checked my software version and its still 2.2......
I attempts to load pcdiag36....no image.....etc then checking pc36img....then nothing but as I described.
Very weird. Not sure what to tell you - I'd try asking at the source link. Sorry I couldn't be more help.
i really need help doing this.. its to confusing.. specially when it comes to putting in all the codes. will anyone help me???
I would suggest waiting for a simpler method to come out. From what I understand, unrEVOked has something in the works. Maybe wait for that
So I'm to the part where we run unrevoked3 from the computer. I run it and it tells me to select HBOOT USB and press power. I do that and nothing happens. It is searching for "PC36IMG.zip" which I was told should be deleted. Am I doing something wrong? Do I need something else to make unrevoked work?
Right before the UR3 step, it says this:
"Remember how you pushed that huge PC36IMG.zip to your sdcard earlier? This is where that comes in handy. Once you booted into hboot, Select "bootloader" with your volume up/down buttons and hit the power button. Let it sit for a little bit while it loads the PC36IMG.zip. This can take up to 5 minutes. "
When I go to the command prompt and start entering the codes, it says "invalid entry...not recognized as an internal or external command". So basically my daemon never starts up and I can't proceed. Assistance please?
At this point, unrEVOked 3.2 is out - it's much much simpler, I'd suggest using that.
If you're dead set on using this method though, go to your "Android SDK" folder -> hold SHIFT and right click on the "Tools" folder -> click on "Open Command Window Here." That should do the trick.
Hello Aaron, another noob question. The only way I get all this info is through tethering so should I down load the custom Rom before I root ? Which ones are compatible? Looking for speed, use of both cams, internet, battery usage, tethering. thanks so much.
You don't have to run a custom ROM if you root - you can root and keep things stock. Rooting just allows you to do things the carrier or manufacturer doesn't want you to do.
after the last step, I can not boot into recovery mode AT ALL
Ok, SO I get to the "Once downloaded, run the program on your computer" I fallow the instructions. It reboots and then I get a windows error asking me to install the android 1.0 drivers. So where do I get the drivers?
So thats where Im stuck. I fallow the directions. Hit hboot usb and I get "windows needs to install software for your android 1.0". Ive tried to download the drivers through the android sdk and just about everything else I can find on google. So how do I get it past this part?
http://www.dkszone.net/unrevoked-root-htc-android-phones-evo-4gdesiredroid-incredible
Hi, Aaron
thanks you for your tutorial, it's very help me. I follow your tutorial step by step until in here "As soon as it is booted into recovery, you are done with that." Now, i litle bit confused with your statement in my qoute
"Next in recovery go to
Code:
Flash zip from sdcard
and choose the
Code:
unrevoked-forever.zip"
what tools can run your code?or this is the correct code in adb tool?'cos my computer can't run the last your code
thanks you for your help
regards
stickybit
Sorry it took so long to reply. Probably useless by now, but the recovery is on your phone. Turn off your phone, then hold power + volume down.
I've tried literally everything I've read to get out of my red triangle situation so please help if you can. This is not your standard "hold volume up and power button" response.
I was trying to get to root using the method at evo4g.me.
And I got a red triangle after the first application of the PC36IMG.ZIP. I then held the volume up and power button and, I get a blue lettered screen with 4 options:
reboot system now
apply sdcard:update.zip
wipe data/factory reset
wipe cache partition
Well, I've seemingly tried everything but I can't seem to get past this screen. I've pulled the battery out and rebooted, I go back to the above screen. Option 1 above gets me back to the same spot. Option 2 says it can't find sdcard/update.zip. I did option 3 but it does that and turns off and on and comes back to this same position. Even when I try to hold the volume button down. When I try to access this using adb, I get "device offline". So I'm at a loss. I really would like to finish this process and get to root, which shouldn't be too hard in my view but here I am.
I could move the SD card elsewhere and put an update.zip file on there but I'm not sure what to do here exactly so I can recover (and hopefully with root).
Thanks a lot!
BTW, I backed up all my apps on my sdcard so I should be fine right? I'm not sure what I'd need to do reinstall them.
Backgrround: I'm new to the Evo 4G and in general new to doing stuff like rooting phones and the like, so please forgive me if my questions (or actions) or too naive. I have been using Unix systems all my life and Linux when there were fewer than 100,000 users of it (back in 1992-1993) and am extremely comfortable with it and do all my science (work) exclusively with Linux.
I'm not sure as you're asking me about a method I'm utterly unfamiliar with (and haven't ever looked at before now). Since evo4g.me is a forum, perhaps post asking there?
FWIW, it sounds like you're using a different recovery. Personally, I hold power + volume down, rather than up. When I do get into recovery, I have more options than that.
Are you having trouble rooting, or are you having trouble loading up a custom ROM after trying to root? If you're rooting, I'm guessing you have some sort of .zip you need to flash in order to achieve root?
Hey Aaron I followed your directions on my old Series 2(?) EVO 4G and they worked perfectly. I just got an insurance replacement EVO 4G Series 4 and I followed the instructions carefully again. When I got to loading PC36IMG.zip it updated everything but the radio, it said that failed. Then after it rebooted automatically, I immediately got the red triangle of death. I successfully booted into the bootloader and tried it again, same issue. Now when I let it try and boot into the bootloader it says loading PC36IMG.zip, the blue status bar fills up, then nothing happens. I try to let the phone reboot but it just sticks at the white htc EVO 4G boot screen and doesn't boot. Any ideas?
OK So I tried downloading the PC36IMG.zip again, saved it to a brand new micro-SD card and ran the bootloader. It automatically extracted and ran the new PC36IMG.zip and had this output which IIR is exactly the same as before:
Parsing …[SD ZIP]
1 BOOTLOADER - Bypassed
2 RADIO_V2 - Fail-PU
3-9 OK
Partition update fail!
Update Fail!
Can not roll back hboot version
After reboot I get the phone icon with the red exclamation like before.
Alright I got it working. Series 4 hardware users should NOT use the above root method but use this guide from XDA-Dev's http://forum.xda-developers.com/showthread.php?t=829045
how did you get it working?? i am in the same situation as you.
which zips did you use? which step did you start from?
so I followed the guide exactly http://forum.xda-developers.com/showthread.php?t=829045 and simply ignored any errors that popped up and kept going. KEY is having a reliable MicroSD USB reader for your PC so you can directly load the ZIP's via USB. I believe what finally broke it for me was renaming PC36IMG-ENG.zip from the hboot202...V* download to PC36IMG.zip and run the bootloader. That finally worked. Once I was able to successfully get into Recovery I loaded the latest FRESH ROM and I was in business, I almost cried I was so happy to have my EVO working again!
FRESH ROM that I used successfully in Recovery mode http://forum.xda-developers.com/showthread.php?t=743079
1 Ping: