How To Downgrade a Gingerbread T-Mobile G2 So It Can Be Rooted
So the latest official Gingerbread update for the T-Mobile G2 seemed to have broken the ability to get root access. That is until a few developers from XDA got a hold of it and managed to be able to gain temp root access and then downgrade the device so you can then permanently root it and load ROMs, etc. Here’s how.
Do this at your own risk, as always…
Thanks to agrabren, guhl, and cimer!
Here is the original log from them figuring out how to get temp root etc for your reference.
I. Setup ADB
1. Head to our How To Setup ADB procedure, follow it, and come back here once you can see a serial number at the end of that procedure.
II. Gain Temporary Root
1. Plug in your device via USB if it isn’t plugged in already.
2. Download the latest version of Fre3vo and then copy it to the AndroidSDK\Tools folder from the how to setup adb procedure (needs to be in the same folder that adb is located in, if yours is in platform-tools instead of tools, that is fine).
3. Download the Misc Version file, and extract it. Then copy the extracted files to the AndroidSDK\Tools folder from the how to setup adb procedure (needs to be in the same folder that adb is located in, if yours is in platform-tools instead of tools, that is fine).
4. Open a command prompt on the computer by clicking on the Start menu and typing cmd and hitting enter in the search box.
5. Then type the following into command prompt with hitting enter at the end of each line:
cd c:\androidsdk\tools\ (we need to cd to the folder with adb in it, if your’s is in platform-tools and not tools, then type cd c:\androidsdk\platform-tools\)
adb push fre3vo /data/local/tmp
adb push misc_version /data/local/tmp/
chmod 777 /data/local/tmp/fre3vo
chmod 777 /data/local/tmp/misc_version
/data/local/tmp/fre3vo -debug
5. This should start scanning and looking for an exploit. If it gets to the end and doesn’t find anything, run that last line above again until it says it found an exploit. Once it finds it, LEAVE THIS COMMAND PROMPT OPEN and head to the next step.
III. Downgrade Misc Version
1. In the command prompt with the # symbol, type the following with hitting enter at the end of each line:
/data/local/tmp/misc_version -s 1.19.531.1
cd /data/local/tmp
chmod 777 misc_version
./misc_version -s 1.19.531.1
sync
dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
IV. Downgrade the ROM
1. Download the 2.2 ROM version for the T-Mobile G2 and then copy it to the AndroidSDK\Tools folder from the how to setup adb procedure (needs to be in the same folder that adb is located in, if yours is in platform-tools instead of tools, that is fine).
2. Download Fastboot.exe and put it in the tools folder of your Android SDK with adb in it (could be platform-tools for you, just so long as it is the same folder that adb is in).
Fastboot (Under Get the Tools. Get the version for Windows)
3. Open a NEW command prompt window (leaving the original one open) and type the following into the new one with hitting enter at the end of each line:
adb reboot bootloader (your device will reboot into bootloader mode and say fastboot usb on it, wait for it to do that)
fastboot oem rebootRUU (your device will reboot to a black screen with an HTC logo, wait for it to do that)
fastboot flash zip PC10IMG.zip (your device will flash the original ROM)
4. When it says repeat immediately, type the following with hitting enter at the end of the line (it’s the same line as above that is fine):
fastboot flash zip PC10IMG.zip
5. Ok, all done! Once that is done you should be on stock 2.2. If you want to root and load a ROM etc. Head to our How To Root the T-Mobile G2 and then to the next procedure linked at the bottom of that one, etc. Good luck!
i emailed these guys a few days ago asking them for a how to bout this…..glad that they did a write up =]
Thanks michael for sending this in! Didn’t see a name or email to reply to in the form you sent so couldn’t let you know when it was up, glad you found it! Hope it helps some people!
no prob…i left my email address when i sent it in but its fine. im glad you guys put it up….i used this same guide to downgrade and now i have CM7 Nightly on my G2 =’)
Hello. Does it work also for Desire Z? Thanks
Hello,
It should but you will need a different Misc Version file and a different stock ROM… if you find ones that work, let us know and we’ll add them to this procedure. Good luck!
how long should it take to scan region 3d00000000000000?
The latest myTouch 4G update also has blocked many rooting methods. Do you think this would work on it too?
i think i set the adb up correctly cus i got a device serial # but wen i try to push fre3vo i get a long path blah blah blah error…
btw i tryed so many thing but never got the adb driver thing to work or anything like that till i found a command about killing then starting adb server…somehow thats the only way the device serical # pop up. is that why things r not working out for me or was that fine? pls help me its gettin out of hand.
ya i just keep getting permission denied wtf
buuuuttt this is for 2.3.3 pretty much no root if ya got the 2.3.4 or maybe im just not looking in the right place all the guides are for 2.3.3
on second thought i got over that hump but now im on another hump…i get to these part:
chmod 777 /data/local/tmp/fre3vo chmod 777 /data/local/tmp/misc_version /data/local/tmp/fre3vo -debugand it tells me “chmod is not recognized as an internal or external command, operable programor batch file.”what do i do?
try typing “adb shell ” before those lines dont put the quotations though so it should be typed as “adb shell chmod 777 /data/local/tmp/fre3vo”
I have a problemm on the third line on how to gain temp root I get “chmod is not recognized please help me I really want to root it and get this over with
I have everything setup with the adb just the temprrot is what I’m having trouble with
For the “chmod” sections make sure to start with “adb shell chmod 777”
your a lifesaver!
@72a2e1cd0d4eaa8eb4610659be66fe3b:disqus txs doode i tryed it but i didnt get anything bak after that…think it was coming out ok i just kept goin but wen i came to the part where is said to debug…boom
“the system cannot find the path specified”
i wish someone cus try to post a video…mayb is it becuse im running on windows7?
@twitter-260563375:disqus thx bro…it think it help but i also am not sure i was still doing the rite thing…there was no return on the command but wen i got to last part where it tells me to
/data/local/tmp/fre3vo -debug
it just tells me the path cuddnt b found…did i do something wrong again?
really wish someone cud post a video…btw doode your a huge help…again txs bro
hi i dont know what im doing wrong i try the debug line alone and with adb shell but stay long time scanning region 3d000000… and dont do anything
i reboot it but do the same thing
ok i figure out but when said found an exploit i dont see a comand prompt with the # simbol
how did you get exploit what exactly did you type in
ok i go ahead but when is time of flashing the rom it said remote not allowed and when i hit it again stock sending the sending the zip
I have a problem when I type in the last line on gaining temp root it dosent show the # sighn but it instead goes back to androidsdk/tools/ line…….any help plz
i made it to the -debug step and it doesn’t really finish or anything like i can’t type anything more.. but i think it’s done. Then the instructions just randomly bring up a new cmd window which we should apparently have open already with a hash tag (#) in it..? and then start typing more extensions which probably require “adb shell” even though it doesn’t say that.. and the version s 1.1.531.9.1 or whatever isn’t displayed anywhere. …<tools/data/local/tmp doesn't exist. or even just the data folder for that matter.. even after it successfully pushes the files. so i'm just really confused and this new update fucked my entire phone up, it's the slowest mess ive ever seen. so i'm very frustrated. been searching for 4 hours how to do ANYTHING without it being rooted, which is impossible. ill even send money through paypal for someone that can give individual attention with results asap.
regards.
Ok I’m runing android 2.3.4 still should work right ? this is getting frustratingght plz post a video
would it be too much to ask to make a video of this???
i get a problem that debug cant be found at the end of getting temp root plz help me i wana root my phone
i can’t get pass 3d00000000000000
I can’t get pass this section “/data/local/tmp/fre3vo -debug” I had put adb shell there and it sits and sits and doesn’t do anything.
ok guys i found a way to get out of this ….just follow this link http://forum.xda-developers.com/showthread.php?t=1178912 and when u get to the part after it says exploiting if it dosent show the # its ok just continue on …..im now out of gingerbread and am permanently rooted with 3.0 sense running 😀
I passed the exploiting portion thanks to nick grimm’s (/data/local/tmp/fre3vo -debug -start FBA90000 -end FFFFFFFF) but now im stuck because i didnt get the (#) symbol and when i type (adb shell /data/local/tmp/misc_version -s 1.19.531.1) it says permission denied. Someone plz help!!
mine hangs at buffer size 8192 with nick grims and the one posted in instructions plzz help tried restarting multipale times
i can’t get passed scanning 3d000000….. any ideas?
I got the exploit but it is very unclear in the instructions when it goes to the next step and say to go with the command prompt with the # symbol… have tried several things… can’t figure out what the hell that means…
Well.. I have done this over and over again, get to the exploit but dont get a # at the end of it all, therefore, I cannot continue… anyone know of another way to get this done? I screwed up and put the leaked 2.3.3 GB on not knowing i could have went straight for 2.3.4
I can’t get pass this section “/data/local/tmp/fre3vo -debug” I had put adb shell there and it sits and sits and doesn’t do anything.
Thanks man, going through this now, but I’m passed my previous hang up.
After “/data/local/tmp/fre3vo -debug” it starts scanning and gets stuck on ?Scanning region 3d000000…” any solution? please let me know
When i try “adb push misc_version data/local/tmp/ it says cannot start no such file or directory and it is in there.
./misc_version -s 1.19.531.1
whats suppose to go before this??
This is very poorly written.
This is pure crap.
Here is the missing step:
EXTRACT THE FILES FROM misc_version.zip.
IT WILL NOT READ THE FILES OUT OF THE ZIP FILE. THEY MUST BE EXTRACTED TO THE PERFORMANCE-TOOLS FOLDER.
Ok so far i have not had any issues following this procedure, until the part where i need to type the chmod 777 stuff and i was stuck..then i read about putting adb shell in front and i got the first one done…but when i do the same for adb shell chmod 777 /data/local/tmp/misc_version i get an error… “unable to Chmod /data/local/tmp/misc_version : No such file or directory”
this is shit, it doesn’t work…..
Can someone please make a video? This seems to be a very delicate process.
this process worked for me, its a little different.
http://forum.xda-developers.com/showthread.php?t=1178912
I hope this will clarify the procedure for some.1: Collect the tools and materials; working SDK, fre3vo, misc-version, ROM images..In my linux environ, I have an alias pointing to adb, some might like to put a symlink in ~/bin. This lets me use adb from the folders that hold my android exploits2: Push the materials to your phone adb push fre3vo /data/local/tmp adb push misc_version /data/local/tmp/3: Run ‘adb shell’ and chmod the utilities you just pushed adb shell chmod 777 /data/local/tmp/fre3vo chmod 777 /data/local/tmp/misc_version4: At this point you use fre3vo to search for the exploit that will give you temp root. I have a T-mobile G2 with Android version 2.3.4. The “fre3vo -debug” command would lock up immediately, so I read the reference materials the Generous Contributor pointed us to at the top of his post, and following the link to the pastebin by Cimer I narrowed the search to the exact address at which the exploit for my phone is found. /data/local/tmp/fre3vo -debug -start fba90000 -end FFFFFFFFI expect this number will work with the exact version of the rom I have at this moment, and any updates by T-mobile will probably break this command. In that case one should look for updated versions of fre3vo, and extend the search range in increments to account for such changes.5: When the exploit is complete adb will exit. When you return to the adb shell, you will see a “#” prompt. This is as far as this comment will go. There are still more steps to be done to get applications like Titanium Backup working.
I hope this will clarify the procedure for some.
1: Collect the tools and materials; working SDK, fre3vo, misc-version, ROM images..
In my linux environ, I have an alias pointing to adb, some might like to put a symlink in ~/bin. This lets me use adb from the folders that hold my android exploits
2: Push the materials to your phone
3: Run ‘adb shell’ and chmod the utilities you just pushed
4: At this point you use fre3vo to search for the exploit that will give you temp root. I have a T-mobile G2 with Android version 2.3.4. The “fre3vo -debug” command would lock up immediately, so I read the reference materials the Generous Contributor pointed us to at the top of his post, and following the link to the pastebin by Cimer I narrowed the search to the exact address at which the exploit for my phone is found.
I expect this number will work with the exact version of the rom I have at this moment, and any updates by T-mobile will probably break this command. In that case one should look for updated versions of fre3vo, and extend the search range in increments to account for such changes.
5: When the exploit is complete adb will exit. When you return to the adb shell, you will see a “#” prompt. This is as far as this comment will go. There are still more steps to be done to get applications like Titanium Backup working.
Reposted with nice formatting
hey im not to smart when it comes to this stuff is it easy or should i just pay someone that knows more about it then i do? what would you do and if you mess up when doin it will i make the phone garbage?
I used this guide instead—-
http://forum.xda-developers.com/showthread.php?t=1178912
Previously I refined my notes to get temp root. Today I’ll make it repeatable, and make the temp root system wide with a modified ‘su’, and busybox for good measure. This is based in part on Nipqer’s post last month, but I’ll elaborate more.
From your host terminal run fre3vo:
I’ve noticed that the address of the exploit changes with each reboot. This would be attributed to the code being relocatable. If it does not find the exploit lower the start value.
Now when you go to the ‘adb shell’ you will have the magical ‘#’ prompt. What follows is what I’ve put into the shell script fixsu.sh
This is still just a temp root because we are prevented from writing the changes to /system to the flash drive. By the numbers this will remount /system read-write, add /etc/passwd amnd /etc/group, install busybox to /ststem/xbin, and place the modified su in /system/bin. The last line puts /system/xbin before /system/bin on the path. It’s only useful when you run fixsu.sh locally on the phone. It does not become system wide.
Now I need only run these two commands from my computer and the phone will be temp rooted
I completed all of the steps and my phone is on the “black screen with an HTC logo”, and the the install of 2.2 is complete. I don’t want to harm my phone in anyway so I need to confirm if I should manually reboot my phone from this point to move forward!
Please advise.
Cheers!
Type “fastboot reboot” in your terminal window.
this is rediculous…..
The Fastboot download link “Fastboot (Under Get the Tools. Get the version for Windows)” is not working, i cant find the file anywhere on the site? Could someone post a new link?
it just takes me to the htcdev website…??
i keep getting this every time i try to downgrade:
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb reboot bootloader
C:\Program Files (x86)\Android\android-sdk\platform-tools>fastboot oem rebootRUU
…
(bootloader) erase sector 196609 ~ 197120 (512)
OKAY [ 0.499s]
finished. total time: 0.499s
C:\Program Files (x86)\Android\android-sdk\platform-tools>fastboot flash zip PC1
0IMG.zip
error: cannot load ‘PC10IMG.zip’
C:\Program Files (x86)\Android\android-sdk\platform-tools>fastboot flash zip PC1
0IMG.zip
sending ‘zip’ (126272 KB)…
OKAY [ 21.434s]
writing ‘zip’…
(bootloader) adopting the signature contained in this image…
(bootloader) signature checking…
(bootloader) zip header checking…
(bootloader) zip info parsing…
(bootloader) checking model ID…
(bootloader) checking custom ID…
(bootloader) checking main version…
FAILED (remote: 43 main version check fail)
finished. total time: 47.752s
C:\Program Files (x86)\Android\android-sdk\platform-tools>
how long is the exploit search supposed to be? when i get to the end of part II the last line on the command prompt says “buffer size 8192” and it stops ther i’ve been waiting for an hour with no breakthrough…
i used this guide : http://forum.xda-developers.com/showthread.php?t=1178912 also on that site scroll through the comments and you might find answers to any other questions you might have