18
Mar
tbolt root
Last Updated: June 5th, 2012

Update: This method is outdated - please refer to this guide instead.

Jamezelle, jcase (that's me), and all of AndIRC (i.e. everyone - AndIRC is an open dev group), the same folks who rooted the pre-production Thunderbolt in February, proudly present:

A Very Dirty HTC Thunderbolt Root V1.02 2011/03/18

Pros

  • Root with read/write access to /system
  • Ability to downgrade and flash any RUU (i.e. signed firmware)

Cons

  • No custom recovery [yet]
  • No custom kernels [yet]
  • The root procedure currently requires flashing a slightly older version of the firmware (RUU_Mecha_VERIZON_WWE_1.05.605.0_Radio_1.07.00.0108r_NV_8K_1.38_9K_1.54_release_166255), which could potentially have more bugs. Right now, we cannot confirm whether LTE/battery bugs are present in this version or not. However, you can always flash back to stock, thereby losing root, if you experience problems (we will provide instructions for this very soon).

The method of rooting your Android device as described in the article herein is solely for enthusiasts and not for the faint of heart.

IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA.

Android Police and Team AndIRC disclaim all liability for any harm that may befall your device, including - but not limited to - bricked phones, voided manufacturer warranties, exploding batteries, etc.

The instructions below assume you already have a strong familiarity with adb command lines - this is not for beginners.

If you’re unfamiliar with some of the terms, hit up our primers here:

Credits

  • Team AndIRC
  • Busybox was pulled from a CyanogenMod ROM, source should be available here
  • psneuter was pulled from somewhere, credit to scotty2, source here
  • All firmware credit goes to 911sniper
  • Will and Artem from Android Police for editorial help

If I missed anyone in the credits, it was unintentional and I will fix it after some sleep. Lots of people had their hands in on this project.

Note: Watch this space for updates and other improvements to the current root method (updated instructions will be versioned and dated).

Step 1

Update: This method is outdated - please refer to this guide instead.

First, download these files:

Also make sure adb is working prior to attempting.

Step 2

Setup busybox, and psnueter. Unzip exploit.zip and run the following commands:

     adb push psneuter /data/local/

     adb push busybox /data/local/

     adb shell chmod 777 /data/local/psneuter

     adb shell chmod 777 /data/local/busybox

Step 3

Unzip su.zip and push su to /sdcard:

     adb push su /sdcard/su

Step 4

Unzip misc.zip to your sdcard

Step 5

Gain temp root, and flash the custom misc.img:

    adb shell

Now the shell should display "$"

Run:

    /data/local/psneuter

You will now be kicked out of adb, and adb will restart as root. Let's confirm the md5 of misc.img:

     adb shell

At this point, the shell should display "#"

Run:

     /data/local/busybox md5sum /sdcard/misc.img

Output should be c88dd947eb3b36eec90503a3525ae0de. If it's anything else, re-download the file and try again.

Now let's write misc.img:

     dd if=/sdcard/misc.img of=/dev/block/mmcblk0p17

     exit

Step 6

Here you will rename the ruu as PG05IMG.zip and place it on your sdcard, then flash it:

     adb reboot bootloader

Your device should now be booting into the bootloader and checking the image. Once this flashes and you are rebooted, write protection to /system has been disabled. Please repeat step 2 and get psnueter and busybox back on your phone.

Now delete PG05IMG.zip off your sdcard.

After that, make sure to re-enable USB debugging and installing from unknown sources.

Now run:

     adb shell

     /data/local/psneuter

At this point, you should have root.

Now remount /system:

     mount -o remount,rw -t ext3 /dev/block/mmcblk0p25 /system

     /data/local/busybox cp /sdcard/su /system/xbin/su

     chown 0:0 /system/xbin/su

     chmod 4777 /system/xbin/su

     exit

Step 7

Install Superuser from the Market.

Step 8

Reboot your phone. You should be done and have full perm root.

Conclusion

If you have problems getting su to work, a couple extra reboots will likely fix it. If you still have problems come to the chat:

irc.andirc.net #thunderbolt or use http://chat.andirc.net:9090/?channels=#thunderbolt.

We will now start working on getting full S-OFF, which will allow custom recoveries, ROMs, etc.

Donations for further Thunderbolt development are welcomed - team AndIRC and lead developers jcase and Jamezelle don't even have Thunderbolt devices, and while we managed to get this far without one, having it would significantly improve the chances of getting full S-OFF.

You can donate to Jamezelle, even if it's just $1, and get him a Thunderbolt here.

Thank you, everyone - Jamezelle now has a Thunderbolt, thanks to your generosity!

Justin Case
Justin Case is a 30yr old father of four. He has an ever changing array of Android devices, and an eye for mobile security.
  • judeibe

    Good Job jcase. I will be sure to try this out.

  • judeibe1

    holy balls! cream!

  • Hemorrdroid

    Awesome work guys, Jamez lets get a TB in your hands, donation sent.

  • Akira

    Thanks for the cool write up Jamezelle! Just rooted my TB about an hour ago and got the wireless tethering app working. Currently typing this reply while using the wireless tethering app. Keep up the great work!

  • asd

    im going to wait for an easier method..........................................................ok im finished waiting, im going to try it

  • can’t wait to root

    THANK YOU. Is there a way to post the large 400MB firmware file in another location? These mirrors are SO SLOW :-( I've tried nearly all of them... :-(

    Going through root withdrawals.... :-(

  • Call Me A Noob

    When I reboot the phone into recovery with the .zip on the card, is something supposed to happen? The phone just sits there until I reboot it again. Then there's no root after that. HELP!

  • Graham

    Can anyone expand upon step 2? I am confused on setting these up, busybox will not install because it is not rooted....

    • Captainkrtek

      You need to have the android sdk and use ADB (via a terminal/command line) to push busybox then setup the appropriate permissions for it

  • wink

    So I rebooted bootloader, flashed pg05img.zip, then when it finishes it seems to go back through the same step...

    • Joe Bailey

      Had a similar issue. Try dropping the .zip file extension.

  • Mitchell
  • Call Me A Noob

    Everything is working great except for the .zip flashing. I've tried it with the .zip extension and without. Nothing happens when I reboot the phone into the bootloader. Is it supposed to be automatic or do I select any of the options?

  • you suck

    Team Unrevoked forever!

    • http://www.AndroidPolice.com Artem Russakovskii

      Where's Unrevoked solution then? Oh wait, there is none.

  • Mark

    New to this, but the galaxysense mirror page is down. Do you need all three mirrors or are they the same file?

    • Viobass

      This page is old and outdated. Go to the link at the top.

Quantcast