How To Downgrade a Gingerbread T-Mobile G2 So It Can Be Rooted

So the latest official Gingerbread update for the T-Mobile G2 seemed to have broken the ability to get root access. That is until a few developers from XDA got a hold of it and managed to be able to gain temp root access and then downgrade the device so you can then permanently root it and load ROMs, etc. Here’s how.

Do this at your own risk, as always…

Thanks to agrabren, guhl, and cimer!
Here is the original log from them figuring out how to get temp root etc for your reference.

I. Setup ADB

1. Head to our How To Setup ADB procedure, follow it, and come back here once you can see a serial number at the end of that procedure.

II. Gain Temporary Root

1. Plug in your device via USB if it isn’t plugged in already.

2. Download the latest version of Fre3vo and then copy it to the AndroidSDK\Tools folder from the how to setup adb procedure (needs to be in the same folder that adb is located in, if yours is in platform-tools instead of tools, that is fine).

Fre3vo

3. Download the Misc Version file, and extract it. Then copy the extracted files to the AndroidSDK\Tools folder from the how to setup adb procedure (needs to be in the same folder that adb is located in, if yours is in platform-tools instead of tools, that is fine).

Misc Version

4. Open a command prompt on the computer by clicking on the Start menu and typing cmd and hitting enter in the search box.

5. Then type the following into command prompt with hitting enter at the end of each line:

cd c:\androidsdk\tools\     (we need to cd to the folder with adb in it, if your’s is in platform-tools and not tools, then type cd c:\androidsdk\platform-tools\)

adb push fre3vo /data/local/tmp

adb push misc_version /data/local/tmp/

chmod 777 /data/local/tmp/fre3vo

chmod 777 /data/local/tmp/misc_version

/data/local/tmp/fre3vo -debug

5. This should start scanning and looking for an exploit. If it gets to the end and doesn’t find anything, run that last line above again until it says it found an exploit. Once it finds it, LEAVE THIS COMMAND PROMPT OPEN and head to the next step.

III. Downgrade Misc Version

1. In the command prompt with the # symbol, type the following with hitting enter at the end of each line:

/data/local/tmp/misc_version -s 1.19.531.1

cd /data/local/tmp

chmod 777 misc_version

./misc_version -s 1.19.531.1

sync

dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10

IV. Downgrade the ROM

1. Download the 2.2 ROM version for the T-Mobile G2 and then copy it to the AndroidSDK\Tools folder from the how to setup adb procedure (needs to be in the same folder that adb is located in, if yours is in platform-tools instead of tools, that is fine).

Original 1.19.531.1 ROM

2. Download Fastboot.exe and put it in the tools folder of your Android SDK with adb in it (could be platform-tools for you, just so long as it is the same folder that adb is in).

Fastboot (Under Get the Tools. Get the version for Windows)

3. Open a NEW command prompt window (leaving the original one open) and type the following into the new one with hitting enter at the end of each line:

adb reboot bootloader     (your device will reboot into bootloader mode and say fastboot usb on it, wait for it to do that)

fastboot oem rebootRUU     (your device will reboot to a black screen with an HTC logo, wait for it to do that)

fastboot flash zip PC10IMG.zip     (your device will flash the original ROM)

4. When it says repeat immediately, type the following with hitting enter at the end of the line (it’s the same line as above that is fine):

fastboot flash zip PC10IMG.zip

5. Ok, all done! Once that is done you should be on stock 2.2. If you want to root and load a ROM etc. Head to our How To Root the T-Mobile G2 and then to the next procedure linked at the bottom of that one, etc. Good luck!

 

  • Anonymous

    Previously I refined my notes to get temp root.  Today I’ll make it repeatable, and make the temp root system wide with a modified ‘su’, and busybox for good measure.  This is based in part on Nipqer’s post last month, but I’ll elaborate more.
    From your host terminal run fre3vo:
    adb shell /data/local/tmp/fre3vo -debug -start fb000000 -end FFFFFFFF
    I’ve noticed that the address of the exploit changes with each reboot.  This would be attributed to the code being relocatable.  If it does not find the exploit lower the start value.
    Now when you go to the ‘adb shell’ you will have the magical ‘#’ prompt.  What follows is what I’ve put into the shell script fixsu.sh

    cd /data/local/tmp/

    /system/bin/mount -o remount,rw /dev/block/mmcblk0p25 /system

    ./busybox echo “root::0:0:root:/data/local:/system/bin/sh” > /system/etc/passwd
    chmod 0666 /system/etc/passwd

    ./busybox echo “root::0:” > /system/etc/group
    chmod 0666 /system/etc/group

    ./busybox –install -s /system/xbin/

    /system/bin/rm /system/bin/su 2>/dev/null
    /system/bin/rm /system/xbin/su 2>/dev/null

    ./busybox cp /data/local/tmp/su /system/bin/su

    ln -s /system/bin/su /system/xbin/su

    PATH=”/sbin:/vendor/bin:/system/sbin:/system/xbin:/system/bin”

    This is still just a temp root because we are prevented from writing the changes to /system to the flash drive.  By the numbers this will remount /system read-write, add /etc/passwd amnd /etc/group, install busybox to /ststem/xbin, and place the modified su in /system/bin.  The last line puts /system/xbin before /system/bin on the path.  It’s only useful when you run fixsu.sh locally on the phone.  It does not become system wide.
    Now I need only run these two commands from my computer and the phone will be temp rooted

    adb shell /data/local/tmp/fre3vo -debug -start fb000000 -end FFFFFFFF
    adb shell /data/local/tmp/fixsu.sh

  • HTC G2 User

    I completed all of the steps and my phone is on the “black screen with an HTC logo”, and the the install of 2.2 is complete. I don’t want to harm my phone in anyway so I need to confirm if I should manually reboot my phone from this point to move forward!

    Please advise.

    Cheers!

    • http://www.dolphinfree.net Tenkely

      Type “fastboot reboot” in your terminal window.

  • alexm

    this is rediculous…..

  • Gerard

    The Fastboot download link “Fastboot (Under Get the Tools. Get the version for Windows)” is not working, i cant find the file anywhere on the site? Could someone post a new link?

    • Gerard

      it just takes me to the htcdev website…??

  • J-ONE$

    i keep getting this every time i try to downgrade:
    C:\Program Files (x86)\Android\android-sdk\platform-tools>adb reboot bootloader

    C:\Program Files (x86)\Android\android-sdk\platform-tools>fastboot oem rebootRUU


    (bootloader) erase sector 196609 ~ 197120 (512)
    OKAY [ 0.499s]
    finished. total time: 0.499s

    C:\Program Files (x86)\Android\android-sdk\platform-tools>fastboot flash zip PC1
    0IMG.zip
    error: cannot load ‘PC10IMG.zip’

    C:\Program Files (x86)\Android\android-sdk\platform-tools>fastboot flash zip PC1
    0IMG.zip
    sending ‘zip’ (126272 KB)…
    OKAY [ 21.434s]
    writing ‘zip’…
    (bootloader) adopting the signature contained in this image…
    (bootloader) signature checking…
    (bootloader) zip header checking…
    (bootloader) zip info parsing…
    (bootloader) checking model ID…
    (bootloader) checking custom ID…
    (bootloader) checking main version…
    FAILED (remote: 43 main version check fail)
    finished. total time: 47.752s

    C:\Program Files (x86)\Android\android-sdk\platform-tools>

  • Karim Soumahoro

    how long is the exploit search supposed to be? when i get to the end of part II the last line on the command prompt says “buffer size 8192″ and it stops ther i’ve been waiting for an hour with no breakthrough…