When the Droid DNA was first announced, we were all surprised to find that the bootloader was unlockable at HTCdev.com. Because of this, the device actually got root, recovery, and custom kernel days before the official release. Unfortunately, by the time the device became available in retail channels, Verizon pulled the plug  and it was no longer unlocked through official means.

Thankfully, there's another way (isn't there always?). The softmod below will effectively change the carrier information, allowing it to once again be unlocked via HTC's official tool.

Before we get started, special thanks to Sean Beaupre, who stepped in at the last minute and made this release possible. I was unable to release one of the original exploits due to a conflict of interest, and Sean provided a working replacement that we could release.

What you need:

  • Modern ADB that supports backup/restore (ICS and up)
  • 1GB free space on your phone

Downloads:

With all the requisites taken care of, let's get started.

Disclaimer: Android Police isn't responsible for any harm to your device - proceed at your own risk.

Unzip DNA_TeamAndIRC.zip. Put runme.sh, CIDGen.apk, and backup.ab in the directory with adb.

Check the README.txt before continuing!

adb install CIDGen.apk

Run the CIDGen app from your phone and follow the directions on the app. Then ensure the /sdcard/CIDBLOCK.img file exists on your phone with the following command:

adb shell ls -l /sdcard/CIDBLOCK.img

If CIDBLOCK.img does not exist after running the app, do NOT proceed. Try re-running CIDGen.apk on your phone again, then re-run the above command to verify CIDBLOCK.img's existence.

If it does exist, continue with these commands:

adb push runme.sh /data/local/tmp/

adb shell chmod 755 /data/local/tmp/runme.sh

adb shell /data/local/tmp/runme.sh

This process will loop forever and give out lots of "No such file" or "link failed" errors, so just leave it running for now.

In a second terminal/command prompt use adb to restore the modified backup. After running this command the phone will ask for your permission to restore the file, so go ahead and allow it.

adb restore backup.ab

After the restore is finished you will need to stop the runme.sh script in the first terminal (use control+c or just close the window).

From this point forward, you're past the point of no return. Do not continue if you will not be able to follow the instructions 100%, as rebooting or powering down the phone at the wrong time will brick the device. Ensure your phone has at least 50% battery life remaining before continuing.

adb shell rm /data/data/com.htc.usage/files/exploit/*

adb shell mv /data/DxDrm /data/DxDrm_org

adb shell mkdir /data/DxDrm

adb shell ln -s /dev/block/mmcblk0p5 /data/DxDrm/DxSecureDB

adb reboot

adb wait-for-device

Now repeat the first exploit:

adb shell /data/local/tmp/runme.sh

This process will also loop forever and give out lots of "No such file" or "link failed" errors - again, just leave it running.

In a second terminal/command prompt use adb to restore the modified backup. After running this command the phone will ask for your permission to restore the file - just like before, go ahead and allow it.

adb restore backup.ab

After the restore is done you will need to stop the runme.sh script in the first terminal (use control+c or just close the window).

adb shell mv /data/DxDrm /data/DxDrm_trash

adb shell dd if=/sdcard/CIDBLOCK.img of=/dev/block/mmcblk0p5

adb reboot

You can now unlock using HTCDev.com - simply select "All other supported models" for your phone type. Finally, for recovery and root following unlock please visit the HTC Droid DNA forums on RootzWiki. The support thread for the unlock can be found here.

If you would like to further support developments of roots and unlocks, donations for test devices, (& brick replacements) can be made to here.

Credits:

  • Original development: jcase
  • Awesome saver of the day: Sean Beaupre
  • Crash test dummy: dsb9938 (I bricked his phone making this!)
  • Artem and all @AndroidPolice for putting up with my nonsense.
  • Special thanks to Fuses for recommending a better target, and the numerous testers that let me play with their new phones.