Database Develop

[Newbie Guide] adb/fastboot/bootloader/android 101

The purpose of this document is to clarify a few basics about HTC Android Phones and basic commands to interface with the phones. Think of this as a beginner's guides to the Android device from a non-traditional user's point of view. I'll keep it simple and plain as much as I can for the new users. I'll also try to keep all the technical aspects true as much as I can while keeping it simple.
Before you go on, please read this and understand the basic concepts and how and why following commands are being used. Do not follow anyone's instructions/tutorials/guides without prior basic understanding of what each command do. I do want to believe it's humans visiting this forum and not lemmings. If you do not understand, feel free to ask here. I will or someone else also knowledgeable will answer your questions. DO NOT QUOTE THIS AS A WHOLE. My pet peeves and a complete waste of screen space.
Sometime, depending on your OS, command names may change (e.g: mouse / mouse.exe / mouse-linux / mouse-mac). For general purpose, we'll use mouse instead of an OS specific commands in this instructions.
So to repeat myself, if you understood the concepts of the commands, and you are on a linux system and someone's guide says touch index.php, you will automatically type touch-linux or whatever the name of your executable is on your system.
​
We shall assume you know how to install needed drivers and where to get android sdk and put the sdk binaries (executables) in the system path. If we need to expend this let me know and I'll expend this here.
Further, if I get any parts wrong, PM me and I'll get those parts corrected.
Android Partition, SPL etc.
Partitions:
Followings are a list of partitions on your android phone.
misc - misc partition -
recovery - Recovery Partition - This is where the original HTC recovery or Amon Ra's recovery or any other Recovery would go. Basically if you reboot into recovery it'll boot from here.
boot - This is your boot partition
system - This is where all your system information (ROM resides)
cache - cache (When you factory reset the phone, this area is wiped)
userdata - user data (like your login, your user settings etc) When you factory reset the phone, this area is wiped)
So, if you replace the recovery image, you are pretty much set for updates provided here at XDA. Note: By replacing your recovery image, you may not be able to have OTA updates.
ROM images will normally replace boot and system images at the same time and often time, userdata and cache too; reseting the phone completely.
SPL/Bootloader/Radio/Bricking Phones:
SPL / Bootloader is like BIOS on a computer. At least I think of it that way. SPL can be updated! SPL comes as either Security-On of Security-Off (S-ON/S-OFF).
Note: It is my understanding that radio will boot first, followed by other systems. So it is IMPORTANT that your radio image/version will work with your SPL image/version. This is the one and only reason for phones being bricked. You can not brick your phone by flashing a ROM or Boot image or recovery image. Once you flash the wrong radio for the SPL, the only known method of recovery is to send the phone back into HTC for repair.
How do I know the phone is bricked? A bricked phone can not boot into bootloader, recovery, or into normal operation modes. You can not connect to a bricked phone via adb or fastboot. You can only see one screen on the phone and it will be the first splash screen.
Commands:
adb - Android Debug Bridge - One of the two things you'll need to know if you ever want to do anything non-conventional on your android based phone.
List of commands that can be used by adb can be prompted by typing adb at the system shell (command prompt or terminal)
Notable adb commands:
adb devices - If you don't know anything, this is the ONE thing you have to know.
adb devices will give you a list of devices connected to the computer. This is also a good way to make sure that your phone is actually connected to the computer.
adb reboot (bootloader|recovery)
adb reboot - this will reboot your phone normally.
adb reboot bootloader - this will reboot your phone back into the bootloader (white screen with the android on wheels)
adb reboot recovery - this will reboot your phone back into recovery console (either default or amon_ra's recovery).
adb shell - this will shell into the phone and you can now explore the phone. Remember phone's native backend os is linux so know your linux commands.
adb remount - remounts the system partition on the phone so you can you read/write to it.
adb push xxx yyy - will push xxx file from computer into yyy location/file on phone (needs rooted access)
adb pull xxx yyy - will pull xxx file from phone into yyy location/file on computer (needs rooted access)
Fastboot is protocol used to update the flash filesystem in Android devices from a host over USB. It allows flashing of unsigned partition images.
Notable fastboot commands:
fastboot devices - If you don't know anything, this is the ONE thing you have to know.
fastboot devices will give you a list of devices connected to the computer. This is also a good way to make sure that your phone is actually connected to the computer.
fastboot reboot - this will reboot your phone normally
fastboot oem unlock - this will unlock your bootloader - NOTE THIS WILL VOID YOUR NEXUS ONE WARRANTY
fastboot erase XXX - Will erase the partition XXX (such as userdata, cache) - mainly used for resetting phone and clearing userdata / factory settings.
fastboot flash XXX YYY - This will flash XXX partitionn with YYY image.
e.g: fastboot flash system system_update.img will flash/update your system partition with an image called system_update
If anyone needs me to dig deep into using anything else, please PM me. I'll add it on here. Hopefully this will help all newbies about the basic commands and what they do.
FAQs (UPDATED Feb 09, 2010)
Q: One question about the Android SDK. Do I need it to flash my N1 or just to program new apps? Where can I get it?
A: Android SDK is not entirely needed to flash the N1. However, there are tools in there that you need. Adb / Fastboot etc. Although they can be downloaded by themselves, the windows version of the SDK also have the Drivers that are needed for android devices for USB connection. So, it is recommended to get it. You can get it from developer.android.com
Q:I have never experienced anything like this when I did a hard-spl on my winmo phone. Radio versions are included with SPL's, right?
A: Official packages from HTC did come with nbh packaging, meaning it is a all in one upgrader that will update Radio, ROM, System etc, it is very much common for active development area here at XDA to get the radio or SPL or ROM separately and independently of one another. And as such, you will most likely flash them seperately (who wants to wait 6-8 months). Also, since this phone is released by google, HTC will most likely not update any major Radios. However, it is very likely that we will be hacking in Radio updates or any other "updates" from HTC from their new device - HTC Bravo.
Q: Is there a guide for snow leopard? I'm kind of stuck.
A: I personally ran android SDK and aforementioned executable on both MAC OS 10.5 and 10.6. Like I posted, the commands and the executable names may be slightly different. I may call adb and you may find it as adb-mac. I am not going to write 3 separate documents for 3 separate OSes. You have to know that adb=adb-mac (on your mac), adb-linux (for linux) etc. And yes the above guide will work universally.
Q: Can i replace the splash image..?? (unlocking related)
A: As of the above date (next to the FAQ) no you can not. Issue is probably a few folds. One of them is that splash1.img is not going in due to security lock. Remember, you unlocked the phone. HTC will not like it. Anyhow, I like the current quad color X. If you are thinking of getting rid of the lock logo, good luck. Even if you can get rid of it, you will still have to overcome the pink text that says ***UNLOCKED*** on your bootloader.
Q: Can you run Windows Mobile on Android Phones?
A: With enough resources given, sure. Will it ever happen? No. Why? Windows mobile compiler and builder cost $. As a matter of fact, as of version 5, it was going to cost me $75 per device. That's one of the reasons why handset makers went to Android open platform. Android is free and universal so as long as you use certain chipsets and certain items, you are good to go. Can it ever be ported? Sure. With right amount of time and money anything can be done. But at this point, it's cheaper for you to go buy a windows mobile smartphone.
Q: How do I know the phone is bricked?
A: You can not brick a phone unless you are flashing Radio/SPL packages. Make sure if you are doing that, you follow directions VERY CAREFULLY. A bricked phone can not boot into bootloader, recovery, or into normal operation modes. You can not connect to a bricked phone via adb or fastboot. You can only see one screen on the phone and it will be the first splash screen.
Q: I have installed the Android SDK however, i cannot seem to get the laptop to detect the nexus. What have i left out?
A: Most common item that people forget to enable is USB Debugging. Settings => Applications => Development => USB debugging [checked]
Q: I have rooted n1. when I go to recovery to do backup, I get the triangle with the little green android guy, but phone is stuck there. I have to remove battery to reboot phone. What have I done wrong?
A: You still have the stock (shipping) recovery. If you want a different recovery (Amon RA's), download it, the from fastboot, run fastboot flash recovery downloaded_recovery.img
Q: Which step of the rooting / recovery procedure does it give root?
A: Root and Recovery are two totally different things. Recovery is a partition that contain recovery information. Stock recovery is what allows OTA updates etc. Normally it will search for update.zip in the root folder of the SD card. Amon_RA's Recovery or any other recovery images are there to enhance the traditional stock recovery. Amon Ra's Recovery for example, contains thing such as ability to update from different zip files, and backup/restore of your data/system.
Rooting is not done by recovery but is a kernel level access (simply put) that will give root or "SU". It is done by patching the boot partition of the your android device.
Q: What are the differences, advantages, disadvantages of the different ROM's?
A: They are all different. Some have some features, some are plain stock, some are made for bleeding edge kernel etc. You'll have to try them out and figure out yourself. I may make a chart of what they are (see the bottom at my signature - wiki) but with too many android devices, I will need some major help. One person alone will not have total knowledge of all the ROM releases. There are just way too many devices and ROMs.
Q: Which ROM will allow OTA updates?
A: Stock ROM WITH Stock Recovery.
Q: If the phone is SIM/carrier unlocked and you root do you have to SIM unlock again?
A: SIM/Carrier unlock has nothing to do with rooting your phone. You can still have root and still be carrier locked. Nexus One comes carrier unlocked from factory.
Q: How much space is there for apps? is using the sd card really necessary? (on Nexus One)
A: Search google? The phone has 512MB or space. That SHOULD be more than enough for you. If not, you have some serious issues. I do not believe you will not App2SD for Nexus One. Google did say during the release conference that they will update Android/N1 so that apps can be run/installed to SD but that requires some system and security changes (mainly to prevent pirated software - Yes if I write something, I deserve to get paid for it).
Q: When you do "flash zip from sdcard" or "fastboot flash image" does this merge and overwrite the files in to the partition?
A: When you update a software (via recovery), software my be merged. However, if you fastboot flash, just like the word flash says, it will flash and overwrite the partition.
Q: Which partition does "flash zip from sdcard" affect?
A: Depends on what you are flashing. It could be any or all of the partitions such as SPL, Boot, System, Recovery, Radio. You should study first before randomly flashing things.

sorry, got it!

blakestimac said:
i apologize if this is the wrong place for this but, but i have adb setup perfectly, but fastboot is not recognized at all. could i have missed something?
Click to expand...
Click to collapse
I need your system info.
What os are you running? where did you get fastboot? what are you trying to do?

Don't forget fastboot boot for testing images. My most used command

I still have no idea how to use or setup adb i have downloaded the sdk and used fastboot and superboot to root my phone and am currently running the cm 5.0 beta 2 rom and want to learn how to use adb so i can enable the ram. Thanks, Joe

really a noob question here.....it wa easier with Hero.
i have installed the Android SDK
however, i cannot seem to get the laptop to detect the nexus.
what have i left out?

wishmaker738 said:
really a noob question here.....it wa easier with Hero.
i have installed the Android SDK
however, i cannot seem to get the laptop to detect the nexus.
what have i left out?
Click to expand...
Click to collapse
Check the FAQ.

dylanfan424 said:
I still have no idea how to use or setup adb i have downloaded the sdk and used fastboot and superboot to root my phone and am currently running the cm 5.0 beta 2 rom and want to learn how to use adb so i can enable the ram. Thanks, Joe
Click to expand...
Click to collapse
Ok. I need to know what you actually did. I am not understanding what you are trying to do.

Can't run adb commands - device not found
Thanks for the info. I am having an issue with running adb commands. My phone is rooted via superboot and I tested it with Nexus Torch which works. Now I am trying to install the new kernel so I can run the wireless tether app... but I can't get any of the adb commands to recognize the phone. I boot the phone by holding the trackball and power button. I am in USB debugging mode. When I run fastboot devices, the phone serial number shows up. When I run adb devices, it says no device detected. And when I try to run any other adb commands they do not work, even though fastboot commands work. Any ideas? Thanks.

Sorry i was pretty vague before i down loaded the sdk and also installed the adb setup file included with the superboot pack but just have no idea how to get it to work and add things through adb. I tried typing adb commands into comand line with the phone connected to the computer but nothing happend. just said not recognised command so i just basically need a rundown of how to setup adb.

dylanfan424 said:
Sorry i was pretty vague before i down loaded the sdk and also installed the adb setup file included with the superboot pack but just have no idea how to get it to work and add things through adb. I tried typing adb commands into comand line with the phone connected to the computer but nothing happend. just said not recognised command so i just basically need a rundown of how to setup adb.
Click to expand...
Click to collapse
I'm a noob so can't offer much help...but I would make sure the usb drivers are installed if you're using windows....this probably should have happened when you installed the sdk, but you can also install it through the device manager and point it to the folder where the usb drivers are located. Also make sure the phone is in USB debugging mode. also you may need to reboot your pc. Make sure you have setup running when you run the adb commands. you need to be in the same directory as the adb file, or in the case of the superboot pack you need to type "adb-windows" not just "adb". you may also need to put .exe, ie adb-windows.exe.

pwnvds said:
Thanks for the info. I am having an issue with running adb commands. My phone is rooted via superboot and I tested it with Nexus Torch which works. Now I am trying to install the new kernel so I can run the wireless tether app... but I can't get any of the adb commands to recognize the phone. I boot the phone by holding the trackball and power button. I am in USB debugging mode. When I run fastboot devices, the phone serial number shows up. When I run adb devices, it says no device detected. And when I try to run any other adb commands they do not work, even though fastboot commands work. Any ideas? Thanks.
Click to expand...
Click to collapse
You run fastboot from the white screen. Android on non-white screen. It's one or the other. It's ADB or Fastboot (depending on the mode of the phone).

dylanfan424 said:
Sorry i was pretty vague before i down loaded the sdk and also installed the adb setup file included with the superboot pack but just have no idea how to get it to work and add things through adb. I tried typing adb commands into comand line with the phone connected to the computer but nothing happend. just said not recognised command so i just basically need a rundown of how to setup adb.
Click to expand...
Click to collapse
Is the directory where ADB/fastboot (SDK) is installled in your system path?
I am guessing it's not. If it was, just by typing adb alone (without commands), it'll give you a list of commands. Click here if you want to know how to change your system path to include a particular folder.
We're now in the age of nintendo pilots and point and click OS that no one knows how to use command lines and system paths anymore.

recovery
I have rooted n1. when I go to recovery to do backup, I get the triangle with the little green android guy, but phone is stuck there. I have to remove battery to reboot phone. What have I done wrong?

umplarry said:
I have rooted n1. when I go to recovery to do backup, I get the triangle with the little green android guy, but phone is stuck there. I have to remove battery to reboot phone. What have I done wrong?
Click to expand...
Click to collapse
Answered in FAQ area.

seraph1024 said:
Answered in FAQ area.
Click to expand...
Click to collapse
I tried that before I posted. I searched the FAQ again. Maybe I am a complete DA, but still can't find answer. I don't mind searching, it will help me to learn, but could you point me in the right direction in FAQ?

umplarry said:
I tried that before I posted. I searched the FAQ again. Maybe I am a complete DA, but still can't find answer. I don't mind searching, it will help me to learn, but could you point me in the right direction in FAQ?
Click to expand...
Click to collapse
Q: I have rooted n1. when I go to recovery to do backup, I get the triangle with the little green android guy, but phone is stuck there. I have to remove battery to reboot phone. What have I done wrong?
A: You still have the stock (shipping) recovery. If you want a different recovery (Amon RA's), download it, the from fastboot, run fastboot flash recovery downloaded_recovery.img
Click to expand...
Click to collapse
There you go.

seraph1024 said:
There you go.
[/B]
Click to expand...
Click to collapse
Thanks for your help

seraph1024 said:
There you go.
[/B]
Click to expand...
Click to collapse
I had it downloaded, just had not flashed it

I've been looking all over, but I probably need to check the HTC Dream forum or something.
How do I install a custom ROM? I know you have to adb push update.zip somewhere, but I can't find any info about this. Please help.

[GUIDE] Turkeys' Ultimate Guide to Root Wildfire v42.1.2 (Easy & Safe!)

Turkeys' ULTIMATE Guide to Rooting v42.1.2
Note: It does not work on 2.2.1 Wildfire's (i.e. - Any bought after Feb - March 2011)
Like this guide? Hit the thanks button at the bottom left of this post
Before You Start
This is a new type of guide, an experiment if you like. The whole point is to get you with a fully functioning, rooted phone. But also to teach you something. Each step first tells you what you're going to do before you do it. By the end not only should you have a rooted phone but you will hopefully have priceless knowlege of how Android works.
Enjoy.
Need Help?
If at any point during this guide you need help, something's gone wrong or you need some extra clarification. Hit the help button.
The help button will link you to the #rootmydroid IRC help chat channel, where you can ask questions or get walked through the whole thing if you really need to. We have experts on hand to help you out.
PLEASE NOTE: At peak times our experts may be busy so please be patient.
So, Mr. Turkeys, what have you got for us today?
Root Guide
Post 1 - Intro
Post 2 - UnrEVOked (Rooting)
Post 3 - Flashing a ROM
Post 4 - Flashing a new Radio
Other Guides
Unroot
A2SD
More Coming Soon... Stay tuned!
So, click a link to the guide you want and get cracking, enjoy!
Donate
Should you feel the crazy need to donate to me, you can do so below.
GBP
EUR
USD

So, you wanna root?
Rooting is not easy like some people make it out to be. All these 1 click Noob-Proof tools can actually go wrong. And they do.
But lets get this clear, IT'S ALMOST impossible to brick. I'd put the odds on about a 99.9% chance you will not brick beyond repair. However, things probably will go wrong, which is why you will need to follow the instructions very carefully.
Pre-Root Info
I want to make sure the rooting process goes well for as many as you as possible, so get ready to read lots of information that will turn you from a Noob into a lean, mean rooting machine.
And for those of you who like to slack off and think "I cba to read all that crap", I've made it so you have to answer a question to get the download links. Aren't I nice. Seriously though, it really will be a lot easier for you if you read all of this, you will thank me for it one day.
Pro users who know what HBOOT is, how to flash a ROM and can use ADB can safely skip this step
Android Glossary
This page is probably the most valuble bit of information you will ever need during your rooted life. Behold, the VillainROM Android Glossary. (Cheers Pulser )
http://bit.ly/9HtICk
Read it. Read it ALL. No questions asking for these terms will be tolerated in this thread and you will be teased so much you will want to die. So please, read it carefully.
Downloads
Now, for the bit you've been dreading. 2 downloads. 2 questions. One answer will link you to the download. The other two will link you to a humorous fail picture. (And for all you sneaky cheaters out there, I've bit.ly'd the links. Take that.)
Question 1 - UnrEVOked download
What do you use to flash a ROM?
A) UnrEVOked
B) ADB
C) Recovery
Question 2 - Other Stuff Download (We may ask you to use this on the help channel)
What is a RUU?
A) A tool to root your phone
B) A tool to return your phone to 'stock' (unroot)
C) A tool to flash a ROM
You can also get countless lulz from adding a + to the end of those links and comparing the wrong answers to the correct ones. Yes people really don't read the information.
OK, I've talked enough now, let's get down to business...

So, hopefully you now know all the terms, which makes my life a lot easier as I don't have to explain everything. Let's begin.
Root Guide - Pt. 2 - UnrEVOked
1) Ensure you have downloaded and extracted the first download in the above post to somewhere you can remember and access easily. For the purpose of this guide, I will refer to that folder as the 'Root Pack'.
Next, we are going to prepare the UnrEVOked program to run. If you are a Windows user, this means installing the drivers, if you use Linux or Mac you just have to run the app as mentioned later. We have to install HTC Sync to get adb drivers and we have to uninstall it again as it interferes with UnrEVOked. The drivers however remain which is why you need to install it.
2) (Windows Only) If you have not already, download HTC Sync and install it. Then uninstall HTC Sync as well as any other software that may interfere such as doubletwist. Next, follow this guide to set up the hacked HBOOT drivers. Make sure you reboot your PC after doing this.
Next, we need to prepare your phone. We will make sure USB Debugging is on as UnrEVOked needs this to send adb commands to the phone. We also need to enable Unknown Sources so that UnrEVOked can push busybox and SuperUser Permissions apps to the phone.
3) With your phone go to Settings > Connect to PC > Default connection type > Charge Only and untick Ask Me. Then go to Settings > Applications > Development > Make sure USB Debugging is ticked. Then go back to Applications and make sure Unknown Sources is ticked.
Next, we're going to run UnrEVOked. What it does is reboot into HBOOT mode, and use an exploit to gain a temporary NAND unlock. Then it uses fastboot to flash a recovery image, and then pushes the su files required for root.
4) WINDOWS USERS: Right click on the 'unrevoked.exe' file (Or something similar) in the Root Pack and click 'Run as Admin' (Not required for XP)
LINUX USERS: Right click the 'ClickHereToRoot.sh' file and UnrEVOked will start. (Make sure you chmod 755'd it first)
MAC USERS:
mattbeef said:
Unrevoked, if your a mac user like myself then drag the app inside the dmg to the desktop and run it from there. Most mac users are lazy and will try to run it from the dmg.
Click to expand...
Click to collapse
GETTING A MISC RELATED ERROR? See post eight.
Your phone should now reboot and then congratulations! Your phone is rooted. However, the root that UnrEVOked gives you is basic. No ROMs or good stuff. So you must read on to the next post to flash a custom ROM...

Now you've rooted, let's flash a ROM. We will backup all your apps then flash a ROM then restore your apps. Ready?
Pt. 3 - Flashing Your First ROM
**NOTE: You can repeat Pt. 3 every time you want to flash a new ROM or update
Next we're going to download and use Titanium Backup to backup all your apps as we will have to wipe your phone to install the ROM. You can use the same method if you ever want to backup/restore in the future too.
1) Download & Install Titanium Backup from the market. Open it and hit the 'Problems' button to download busybox, a suite of commands for rooted phones.
Then hit menu then batch, and tap the button next to Backup All User Apps + System Data. Let it complete before moving on to the next step.
Next we're going to reboot into recovery mode to flash the ROM. You can use this if you ever need to get into recovery in the future.
2) Turn your phone off and turn it on again holding POWER + VOL DOWN to enter HBOOT mode. Wait a few seconds while it checks for images before using the VOLUME KEYS to scroll and POWER to select Recovery. Your phone will now vibrate and reboot into recovery mode!
Next we're going to do a full backup of your phone using Nandroid. This will backup the entire state of your phone in case you ever
want to go back. You should really do this every time you flash a new ROM.
3) Use the TRACKBALL to scroll down to where it says Backup or Nandroid or Backup / Restore. Then select Backup and wait for it to finish.
Now we need to wipe your phone. Whenever you flash a different ROM you should Always do this, when you are updating the ROM you should check on the release thread for information.
4) If you are not on the Main Menu in recovery, hit back a couple of times to get there. Then, use the TRACKBALL to navigate down to 'Wipe Data / Factory Reset' and accept the scary warning to wipe your phone.
Now we can flash the ROM! Ensure you have downloaded a ROM and it is on the root (Not in any folders) of your SD card. The flashing process may take a few minutes.
5) From the Main Menu, scroll down to and select Install zip from SD Card and then select Choose zip from SD Card then select where you put your ROM and wait for it to complete. Then, select Reboot System Now to reboot into your shiny new ROM!
Your phone will now reboot, it may take a while to reboot as it's rebuilding the Dalvik Cache. If it still doesn't boot up after 10mins, pull the battery and consult the ROM thread for troubleshooting.
Now we're going to restore that Titanium Backup you made before starting Pt. 3. It will restore all your apps back but not system data. (ie Settings) You can use Titanium Backup any time you want to backup/restore your phone.
6) Download & Install Titanium Backup again and tap Menu Button > Batch > Restore Missing apps + data. It should prompt you to reinstall every app again.
--------
Congratulations, you have qualified with a rooted phone from the Turkeh Root School!
(Unless you're reading this without having actually done any of this guide)
So, go off and ask questions, answer questions, and contribute to the community! We'd also really appreciate it if you could hang out in the help channel to help other people trying to root too.
Thanks for rooting! You can also follow some of the other guides to install all apps on the SD card, Unroot & S-OFF

Pt. 4 - Flashing a New Radio
Flashing a Radio
The radio is the lowest part of your phone. (ie It's the very first thing that loads when you turn your phone on.
Most ROMs will have a required radio version, but most will agree that it's best to be on the latest as they often improve battery life etc.
You can downgrade your radio and you can find your radio version by going to Settings > About Phone > Software Information > Baseband Version.
Your ROM should tell you on it's thread what the recommended radio version is, so download it, transfer it to the root of your SD card as you did in Pt. 3 then follow this.
Now we're going to reboot into recovery mode as we did in Pt. 3 to flash the new radio. There is also an app on the market called 'Quick Boot' which you can use to quickly get into recovery. The next step will assume you have this.
1) Open Quick Bootand tap Recovery then tap Allow on the SuperUser permissions prompt.
Note: The SuperUser Permissions app will prompt you whenever an app is requesting to use root. You should look over which app is requesting this before you allow it.
Next, we need to flash the radio. You do this exactly the same way as you flash a ROM, which you did in Pt. 3.
2) Use the same method you flashed the new ROM in Pt. 3 to flash the radio. You do not need to Nandroid backup or wipe to do this, just flash the zip.
Note: Your phone may reboot a couple of times and will show a picture of the Android Robot while it is flashing the radio. It has NOT crashed, it is flashing it. DO NOT pull the battery, it will reboot when it is done.
Your new radio has now flashed!

A2SD
Note: It has come to my attention that doing this with ROM Manager doesn't work most of the time. If you have problems please partition your card another way. (I recommend GParted - There is a Live CD if you don't have Linux)
First, we need to partition your SD card with ROM Manager. This will wipe all the data on your SD card so please backup before continuing.
1) Open ROM Manager (Download it from the Market if you don't have it - Although you will need the Market Mod to show all apps) and press Menu > Manually Override Recovery **Not sure exactly what it says, pls could someone help me out here** Then scroll down to Partition SD Card. Choose the ext size you want for your apps to be installed on, then tap 0 for swap size, then tap OK to reboot into recovery and start partitioning!
Note: While it's partitioning it will show a picture of an Android. You can press (Power?) to see what it's actually doing and if there's any errors.
Now, you need to check the ROM thread for info. Most ROMs activate it automatically when it detects an ext partition on your phone. On some others you need to flash a special update.zip. If you are unsure hit the help button on post 1 and we'll help you out.
Congratulations, you now have Apps2SD! Exactly what you will have (dalvik2sd etc) will vary between ROMs.

Unroot
These RUU programs that you use to unroot are Windows only, but fortunatley I wrote a tool for Linux called OpenRUU so you can flash them on there. If you are a Mac user, take a moment to ask yourself 'Why am I using a Steve Jobs product?' as there is no way for you to run the RUUs.
First, we are going to identify what RUU you need to download and flash then download it. (Bravo is the codename for Desire, all RUUs use this name)
1) Go to shipped-roms.com, click on the Android Robot then click on Buzz. Now, you need to recall what version of Android you were on before you rooted. If you had a carrier supplied device you should also get the one that is applicable, but if you are unsure or your carrier is not listed go for one that says WWE. (World Wide English - All Languages) Or come on our IRC channel for advice.
Note: HTC Sync must be installed before continuing. The next step will also wipe all your apps + settings!
Next we're going to run the RUU, this should take around 5-10mins. DO NOT touch your phone during the flashing process!
2) Double click on the RUU file you downloaded in step 1, read the readme, and click to start the flashing process.
After it's done! Your phone now should be completley back to stock status!
If you get an error during the flashing process, try again and then come on our IRC help channel for assistance if it persists.

Fixing the Annoying unrEVOked Backup CID Missing errors
NEW, EASY METHOD
I managed to find unrEVOked 3.2. If you want to use that as a fast-track then that's fine, but please read the following carefully:
Code:
[B]DISCLAIMER:[/B]
Please be aware that this build was pulled from unrevoked.com because it was not safe.
USE AT YOUR OWN RISK!
If it ****s up and you point the finger at me, I will laugh at you.
This is only for 'Backup CID Missing' errors. if you use this on any other type of misc error it might brick.
Download. Run in replace of unrEVOked 3.21 in the standard guide.
You can still use the old, misc editing guide below:
(Guide edited from http://home.kennynet.co.uk/~kenny/bcid-fix.txt to be more noob-friendly)
This fixes:
Backup CID Missing
Unfortunately, because a couple of people corrupted their misc partitions during the testing of unrEVOked 3.2, they brought in a load of stupid, annoying safety features that included checking the misc partition on your phone.
/rant
What is misc?
Misc is a partition on your phone. It holds various switches and stuff, such as your:
Official HTC ROM Version
Your CID (Which tells the phone what carrier/region your phone is)
However, sometimes, the CID is not in misc or your misc is corrupted. This process will add in the CID to misc and reflash misc. (which may fix other misc related errors but probably wont)
Warning! Misc is quite an important part of your phone. If it gets severely corrupted you may loose USB access. Me or anyone on our IRC help channel take no responsibility if you **** up somehow.
This guide is designed for Windoze, Linux users use common sense adapting the instructions and can use a Linux hex editor like ghex. (Works just the same)
Please ensure you have downloaded the other stuff file on the second post before continuing and have extracted it to C:\root.
First, we need to use adb to grab misc off your phone. We will get temporary root then grab misc.
1) Open a command prompt on your computer by going to Start > Run and typing cmd then pressing enter. Now type the following pressing enter on each line. (Make sure your phone is connected and you have the drivers installed.)
Code:
cd \
cd root\adb
adb-windows devices <---- Make sure it finds your phone before continuing
adb-windows shell <----- You should see a $
$ /system/__unrevoked_su <---- Getting temp root
# cat /dev/mtd/mtd0 > /sdcard/misc.img <---- Copying misc to your SD Card
# getprop ro.cid <----- This is your CID. Remember what this says, it should say something like HTC_000 or 1111111 if you have a goldcard
# exit
adb-windows pull /sdcard/misc.img misc.img <---- Getting the misc we copied before
You should now have a file called misc.img in the C:\root\adb folder.
Now come on to the IRC help channel here. We will stick the CID into the misc.img so you can carry on as it really is complicated. You can also post here if nobody is avalible and I will sort it ASAP.
(If you've done hex editing before, all you do is put the CID you got above in at position 0 then add a 00 at the end so the hex string looks something like "48 54 43 5F 5F 30 30 31 00")
Make sure you save the file that we give you back to C:\root\adb overwriting the original misc.img file.
Next we're going to push misc back on to the phone using a similar method to step 1. Have open a command prompt and cd to the correct directory as in step 1 before proceeding.
2) Type the following in the command prompt:
Code:
adb push misc.img /sdcard/new-misc.img <---- Pushing misc back to your SD card
adb-windows shell
$ /system/__unrevoked_su <---- getting temp root again
# /data/local/flash_image misc /sdcard/new-misc.img <---- Using flash_image to flash the new misc
# exit
Now rerun unrEVOked and everything should be as shiny as the plastic Samsung use to make their phones.
Click to expand...
Click to collapse

Reserved for good measure.

I'm sure this will help many people. Should be sticky'd

HCDR.Jacob said:
I'm sure this will help many people. Should be sticky'd
Click to expand...
Click to collapse
Good Idea!!!
For the rru you need to click on the windows mobile section and select buzz NOT bravo

Added A2SD guides, misc fix & unroot guide. Bump to v42.1.2

Many Thanks,
Helps loads confirm my thinking after a couple of days reading, I just have to grow some balls n take the plunge
My main concern is my WF is a UK Voda PAYG which I believe is locked n I'm unsure whether I should get n unlock code before doing anything.
I did read in a Desire thread that updating a stock rom without a sim could unlock, but haven't seen any other refs to unlocking WF other than code.
Note: Unroot section still refers to Desire Bravo not WF Buzz
Thanks agin

PanGalactic said:
Many Thanks,
Helps loads confirm my thinking after a couple of days reading, I just have to grow some balls n take the plunge
My main concern is my WF is a UK Voda PAYG which I believe is locked n I'm unsure whether I should get n unlock code before doing anything.
I did read in a Desire thread that updating a stock rom without a sim could unlock, but haven't seen any other refs to unlocking WF other than code.
Note: Unroot section still refers to Desire Bravo not WF Buzz
Thanks agin
Click to expand...
Click to collapse
You shouldn't need to unlock or anything.
Thanks, I'll change that bit now

42turkeys said:
You shouldn't need to unlock or anything.
Thanks, I'll change that bit now
Click to expand...
Click to collapse
And buzz is under windows mobile for some reason

The guide really great....but the shipped rom website don't have RUU for Buzz

coltrain said:
The guide really great....but the shipped rom website don't have RUU for Buzz
Click to expand...
Click to collapse
Look under windows mobile - who put it there? Those files do work.

This thread still not stickied?

Piece of art already. Should be stickied for sure.

I thought a bit about 'reporting' the thread to make a mod notice it but it said specifically what report was to be used for , so i didn't do it , i guess we'll have to bump it up so it gets stickied. Great post !!

[GUIDE] Changing your Bluetooth/Wi-Fi MAC Address

Hi guys
Well, I had an Atrix for a few days, but had some issues with AT&T and had to return it and deal with some customer service issues before I can re-purchase the device. I didn't let that slow me down though
While I had it, I made a few dumps of the NAND, and have been working on disassembling things. Thanks to the help from a number of great people on IRC (#xda-devs irc.freenode.net) I have been able to successfully change the Bluetooth and Wi-Fi MAC addresses, and discovered a way to write to the flash, bypassing the bootloader security.
The full writeup can be found at pocketnow.com
I will be posting more info about the bootloader bypass as soon as I get it 100% working, right now we are able to write data directly to the NAND, bypassing bootloader security, and also provide a false signature, allowing the device to boot. However there are some remaining issues (a custom kernel that was flashed to the device failed to boot properly) - stay tuned

You the man, thanks for the efforts !

Sweeeet!
Wonderful work!

Excellent, can't wait to see the end result. Hopefully custom kernels and ROMs will be coming soon.

Devs you guys are amazing! Thank you for the hard work that is put into all this! I know the challange is fun for you all, but it really helps us non dev ppl out a lot!
Sent from my MB860 using XDA App

nicely done Da-G.... great work as always glad to see you again and i hope to continue using your work as i did back in old winmo cooking !!!
quick question, is there really a reason why to change the bluetooth/wifi MAC drivers??? are there any benefits or basically just the same exact reasons when you do it on pc's

Main reason to change MAC address is to be able to join Wi-Fi networks that have whitelisting.
You could also use it to simplify device administration on your network.
Beyond that I can also imagine a few black-hat reasons to do it
Atrix is one of the few smartphones that can pull it off easily though, others I am aware of are the LG Optimus One and the SGS series (although it's not so easy on SGS)
There are plenty of other interesting datas in /pds, it is the device provisioning partition (NVRAM) and is equivalent to /efs on the i9000/Captivate (which is the last device I used, so easy for me to compare with)
Careful messing with it though, on the Captivate changing the wrong bit would kill your cellular radio until you restored an EFS backup, I suspect the same danger is here with the Atrix too! And we don't have a quick way to restore a PDS backup yet like with odin on SGS (although I am hot on the heels of a method to do so)

Omfg I'm excited! If this device gets real ROMs an even custom kernels, its going to be an even more amazing device
Sent from my MB860 using XDA Premium App

i'm exited about the bootloader bypass, i thought the firmware would do a complete checksum of it, so if it's partial then we should be able to find out exactly what gets checked.
i'm curious to see if you have been able to find something regarding sim unlock, just like the sgs was holding the lock very easily changeable with a simple hex editor. i bought the code already but maybe other people will get lucky

I've asked for a backup of /pds prior to and after locking over in the general forum, hopefully a few people can send those my way. I suspect a good hard look at that will reveal the location and provide an easy unlock method (I think I located it already, but as /pds is not restored via flashing the leaked SBF, i'm loathe to have someone else try it in fear of brickage)
I'll hammer it out once I get my device back in hand, whenever AT&T decides to allow me to purcahse

Da_G said:
I've asked for a backup of /pds prior and after locking over in the general forum, hopefully a few people can send those my way. I suspect a good hard look at that will reveal the location and provide an easy unlock method (I think I located it already, but as /pds is not restored via flashing the leaked SBF, i'm loathe to have someone else try it in fear of brickage)
I'll hammer it out once I get my device back in hand, whenever AT&T decides to allow me to purcahse
Click to expand...
Click to collapse
i will do it, but i am getting a permission denied.
Code:
C:\Users\fjleon\Desktop\android-sdk-windows\platform-tools>adb shell tar zcvpf /
sdcard-ext/pds-backup.tar.gz /pds/
tar: can't open '/sdcard-ext/pds-backup.tar.gz': Permission denied
i tried adb shell su and accepted super user on the phone, but i still cannot do it

wow bypass= custom roms...... this would be ingenious hope u get it working....
how does rsd lite 5 flashing work??? it seems to create an image and then re sign it.... would backtracking and try to use the same method work?

@franciscojavierleon:
Make sure you don't have usb internal/sd storage mounted when you issue the command, or the sd card will be unaccessible from device
@ahjdmarchi:
I didn't study the program too much yet. I'll look to that if the current method i'm working on proves to be a failure

Da_G said:
@franciscojavierleon:
Make sure you don't have usb internal/sd storage mounted when you issue the command, or the sd card will be unaccessible from device
@ahjdmarchi:
I didn't study the program too much yet. I'll look to that if the current method i'm working on proves to be a failure
Click to expand...
Click to collapse
heres a tattoo that i have on my chest
"failure is not an option" good luck brudda hope all turns well

Da_G said:
@franciscojavierleon:
Make sure you don't have usb internal/sd storage mounted when you issue the command, or the sd card will be unaccessible from device
Click to expand...
Click to collapse
i unmounted it and tried again and still get the same error. i killed root explorer first since i had it open and no dice

@franciscojavierleon:
Try this instead.
Code:
adb shell tar zcvpf /data/local/tmp/pds-backup.tar.gz /pds/
adb pull /data/local/tmp/pds-backup.tar.gz
adb shell rm /data/local/tmp/pds-backup.tar.gz

RadioComm
You really need to take a look at RadioComm if you haven't yet.
The BT MAC address can be edited directly in the NVM on all Motorola devices.
On CDMA chipset devices it is located in seem 01bf record 0001 bytes 0006 and there is also a module and special set of TCI commands for managing this called HOB restore.
There are also flags set in the firmware for whether the HOB is verified during the flash cycle or not.
just an FYI!

@cellzealot:
Checked out RadioComm already, but none of the commands work for Atrix. Have you tried it? Perhaps you have a more updated version?

Edited. Nevermind just saw you needed it before unlock as well. I've got my PDS folder from my unlocked phone if you need it (not sure)

i should get my unlock between today and tomorrow, so with my locked pds backup i will do a diff to see if anything gets changed at all.

[DUAL-BOOT][RECOVERY] Ouya Boot Menu for Support of Kernel Image Chain-loading

Hello everyone! Just like others here, I've been somewhat spooked by our inability to enter Ouya's Recovery partition at the earliest stage of booting, meaning a bad flash of the Boot partition would leave the device inoperable. When I heard that Ouya's stock firmware updates were possibly bricking a few units out there, I decided to block updates on mine and see if I could transform the Boot partition such that it would become a logical extension of the bootloader. What I ended up with is something close to the "Ouya Safe Recovery" project, where a user should only need to flash Boot one additional time, along with chain-loading support as well.
Chain-loading in this case refers to the booting of ROM kernel images that reside as regular IMG files under the /sdcard and/or /system filesystems. With this capability it is possible to choose an image to run when the Ouya turns on. As an example, one may wish to set up a 2nd/test kernel+ramdisk image to use with your installed ROM, or he may wish to run Tuomas Kulve's Debian project from time-to-time without having to set up the USB cable for Fastboot mode. When dealing with distinctly different ROMs (not just alternate kernels), only one of them may install to the Ouya's built-in storage (e.g., /system); others must have been designed/created to use external storage.
An image for the Recovery partition is available along with the Boot. The former may be helpful if you wish to try out the boot menu before performing the flash of the Boot partition, or are generally okay with bouncing to Recovery before invoking a chain-load. Either of these may be tested from Fastboot mode, but do note that a successful chain-load requires that the image actually be flashed to the Ouya. (Otherwise it just reboots.) The ClockworkMod (CWM) recovery application is available on both images and is accessible from the boot menu.
Additional Information
There are a few things to consider when deciding if this approach makes sense for you:
- Users of the "Ouya Safe Recovery" project may want to stay put unless the dual-boot aspect is of interest. If so then it would be cleanest to choose my Boot image; the Recovery partition (your ROM image) could be left alone.
- The images here are not compatible with Ouya's stock firmware, due to the auto-update nature of Ouya's ROM. Either your flashed Boot image would get overwritten, or an installed non-Ouya Recovery might cause that update to hang. Therefore, you should be prepared to switch to one of the ROMs here at XDA. If you're currently on stock and don't want to switch right away, that's fine; we'll go over how to block updates for the time being.
- The Ouya CM10 ROM is nice in that it provides the IMG file separately, allowing us to handle it as we wish. However, the other ROMs end up placing their boot.img in the main ZIP. This is standard practice for other devices, but we need to be careful ensuring our Boot partition doesn't get reflashed as part of the ROM installation. Therefore, it would be necessary to investigate repackaging the ROM with an alternate updater-script prior to installation. See my StockPlus post on page 2 for more. (This shouldn't affect those who've opted for my Recovery image.)
This feature is based on CWM's initial ramdisk, and includes a new boot menu application that comes up prior to CWM itself. Basically, CWM shows up later if the menu application exits for any reason. The Ouya stock kernel (561) has also been compiled with HDMI's copy protection turned off, and includes two patch sets:
- KExec-HardBoot is the key to chain-loading on our platform. It overcomes standard KExec's lack of hardware reset (and thus failed execution) by triggering a reboot in the middle of the preparation of the new kernel. This ingenious system has been developed by Tasssadar and others over in the Nexus forums. (Be sure to enable CONFIG_TEGRA_HARDBOOT_RECOVERY if interested in compiling a Recovery kernel.)
- HDMI visual stability has been improved with a little hack of mine: a significant relaxing of a timer in the driver. (The latest Android source has corrected the instability with a significant design change, but my hack seems fine enough for this project.) Also picked up specific Android fixes in the area of Framebuffer double-buffering, as that needs to be working for CWM usability.
Installation
If you're on Ouya's stock firmware, then you should make sure that any future updates do not get applied. There is a project here ("Mod Collection For Ouya") that should help. I personally side-loaded the Baxy custom launcher to avoid Ouya's update environment. It is also likely necessary to stay out of the Ouya/Discover store if going the custom launcher route as I believe the store app can trigger an update.
At this point you can download your chosen image (Boot or Recovery) and unzip to get the IMG file. Boot your Ouya to a working Root/BusyBox environment (ROM or Recovery), and then transfer the IMG to the Ouya. (An example using ADB would be "adb push boot102513.img /sdcard/boot102513.img".)
Bring up the Ouya command prompt (e.g., "adb shell") and run these commands to get started:
su [command not present on CWM - that's okay]
cd /dev/block/platform/sdhci-tegra.3/by-name
ls
You should see the various 3-letter partition names from that last command. Your command prompt should also contain the "#" character to denote root-level access. This next step will save off your current ROM image, both because we may end up overwriting it, and because the saved file will end up as your main bootable kernel for the chain-loader. Run:
cat LNX > /sdcard/kernel.img
(If configured for "Ouya Safe Recovery," then replace the preceding "LNX" with "SOS".)
We are near the flashing stage. Check to make sure your Ouya has a reliable source of power, preferrably from an uninterruptable power supply. Recall that a bad flash of my boot image can leave the device inoperable, but I feel the risk is very low provided the following directions are heeded. Fortunately the flash process only takes a few seconds.
For the Boot image option, verify by running:
md5sum /sdcard/boot102513.img
Do not proceed unless you get "e4b1b1ad553e55ad0b2ce3fb8f5bf623".
Again for the Boot image option, flash to the Ouya by running:
dd if=/sdcard/boot102513.img of=LNX
For the Recovery image option, verify by running:
md5sum /sdcard/rcvy102513.img
Do not proceed unless you get "dda0811a7e8e82a7d4ad3fa4c3ae35e4".
Again for the Recovery image option, flash to the Ouya by running:
dd if=/sdcard/rcvy102513.img of=SOS
You may optionally verify (post-flash) by running "md5sum" on the partition name. Finish up with these commands:
sync
reboot
Usage / Configuration
The menu should come up, defaulting to "kernel.img" for the Boot image and "CWM" for Recovery. That default will then launch after ten seconds of inactivity. You may also briefly press the Ouya power button during the wait to advance through the options. The option list is 1) kernel.img, 2) kernelA1.img, 3) kernelA2.img, 4) CWM, and 5) Recovery Partition.
The defaults from above should be fine for most everyone, but it is possible to fine-tune them. An optional configuration file (/sdcard/bootmenu_b.cfg for Boot, /sdcard/bootmenu_r.cfg for Recovery) may be established to specify the default menu entry as well as the inactivity timeout. As an example, the following command would make Recovery start kernelA1.img after five seconds:
echo "2 5" > /sdcard/bootmenu_r.cfg
It is hoped that the menu would never hang. If it does, then waiting a full minute should allow CWM to start. Otherwise, it may be necessary to attach a wired/USB keyboard and type in the Alt-SysRq-X sequence, similar to Ctrl-Alt-Delete on a PC. The sequence might have to be done early on in the menu startup process, and should blink the Ouya light and place it in Fastboot mode.
The menu may unexpectedly place you in CWM, which would indicate an issue with a chain-load. The reason may be due to a missing or corrupt IMG file. Otherwise you should be able to determine why by checking /tmp/bootmenu.log against the attached source code.
---
I hope this project will be of help to others!
An additional support forum that everyone should be able to post at is available: http://forum.xda-developers.com/showthread.php?t=2450711.

Wow, really great. Thanks a lot for your effort
Gesendet von meinem One X+ mit Tapatalk

nchantmnt said:
Wow, really great. Thanks a lot for your effort
Click to expand...
Click to collapse
My pleasure, nchantmnt. Hope your new Ouya is helping you feel at home!

Yes im happy it already arrived, but after a second miscarriage and lots of stress because of a lawsuit with our neighbour i didn't have time nor nerves to play or code. Seriously this year sucks
Gesendet von meinem One X+ mit Tapatalk

nchantmnt said:
Yes im happy it already arrived, but after a second miscarriage and lots of stress because of a lawsuit with our neighbour i didn't have time nor nerves to play or code. Seriously this year sucks
Click to expand...
Click to collapse
Gosh, I'm very sorry to hear that. Do think ahead to the upcoming holiday season, and may it be a time to reflect and anticipate a fruitful 2014.

@Hal9k+1 - THANK YOU!
I was so nervous flashing CWM and StockPlus as there is no real way to fix things if something goes wrong. This should give people more confidence when flashing their Ouya.
I understand the process using ADB...my question is: can this be used from CWM somehow?
PS. I assume new kernel will always be flashable from CWM, the hack does not require 561 specifically.

Ipse_Tase said:
I understand the process using ADB...my question is: can this be used from CWM somehow?
Click to expand...
Click to collapse
Hi Ipse_Tase - I do hope the feature will be helpful to you and others.
As I think about your question, I suppose I could have have created a ZIP that would have been installed by CWM. Similarly I could have worked through some form of installation shell script. But for an important operation such as flashing, I prefer the one-at-a-time approach of the interactive shell.
Note that CWM does have an ADB service running with it. Your Ouya would show up as a different device while in CWM, so you'd need to enter Device Manager (Windows) and point the unknown device to the same ADB driver as used for the main ROM.
Alternatively you could skip ADB for this Ouya Boot Menu installation and set up an SSH server on your main ROM. I personally have installed "SSH Server" (Ice Cold Apps). I recall two screens to set up (does require the trackpad in cases), where I enabled automatic start on both, and also set the port number to 2222. After an Ouya reboot I had SSH/SCP capability and could use PuTTY/pscp from Windows.

Hal9k+1...fast reply, thank you.
Just to put my ever-so-senile brain at ease: so I run StockPlus 519r1, and WHILE in the ROM, I start ADB and follow your instructions .
OR...I enter CWM, make sure I get the right ADB drivers installed for THAT instance and go from there.
For a developer, I'm sure it's easier and more familiar to run ADB commands - for people like me (5%-over-the average-user) a CVM option to flash a zip and do all this would be more in-line with the abilities to hack.
I have rooted 4-5 devices so far and the only time I type any ADB commands is at root/unlock time - sometimes not even then (Nexus 4 and the Root Toolkit).
So if you ever consider creating a recovery flashable file, it would help many. Probably not me, as by then I would have done the ADB trick

Sounds like great work! I was hoping to implement something like this myself, but I haven't made any more time for OUYA-related development in a while (due to positive life events/busyness)
I will definitely take a look at your work when I have time!
~Troop

Ipse_Tase said:
Hal9k+1...fast reply, thank you.
Just to put my ever-so-senile brain at ease: so I run StockPlus 519r1, and WHILE in the ROM, I start ADB and follow your instructions .
OR...I enter CWM, make sure I get the right ADB drivers installed for THAT instance and go from there.
Click to expand...
Click to collapse
You got it! You don't need to worry about booting to the other partition prior to flashing. That is a given partition (LNX/SOS) is no longer being accessed once the image is booted. For CWM's ADB, you'd simply point Windows to the same INF file that you originally used. Hope this helps.

StockPlus Installation
Well, I finally retired this old stock 393 ROM I was on, and moved to StockPlus 519r2. I was not able to install it the normal way given my Boot image is in place here. So I ended up modifying "updater-script" under META-INF/com/google/android, and then repackaged prior to running the install procedure. I'm attaching my changed version in case it helps anyone, and please note that it makes StockPlus the main image (kernel.img).
(You'll need to right-click to save the attachment. Once done it will need to be renamed such that it does not include the ".txt" suffix.)
The Windows "7-Zip" utility is helpful for packaging. You may start by right-clicking the downloaded ZIP, then 7-Zip --> Extract to "OUYA_[...]". Enter the newly created directory, get to the updater-script, and replace it with mine. Now back up to the area with META-INF, system, and boot.img, still in the new directory. Select all three under Windows (Ctrl+Click), right click that area, and then 7-Zip --> Add to "OUYA_[...].zip". Be sure this new ZIP is the one that makes it to the Ouya.

Still haven't tried this out yet, but I hope to soon.
I missed out on news over the holidays though and just noticed this:
Announcing Ubuntu and Android dual boot developer preview
http://developer.ubuntu.com/2013/12/announcing-ubuntu-and-android-dual-boot-developer-preview/
I'm curious of their dual boot implementation and how it compares and if we can synergize with their approach, but haven't looked into the details of how theirs works yet (its sounds like it uses a custom recovery image, and they have the ability to trigger it to reboot into Ubuntu from an Android app and vice versa, which is cool)
It'd be awesome to be able to multi-boot an Ouya ROM, an Android ROM (CyanogenMod), and Ubuntu with that kind of ease.
EDIT: This may be more our speed though: (MultiROM)
http://forum.xda-developers.com/showthread.php?t=2011403
(did you pull anything from there? Sounds like they have a modified TWRP that can flash zips to the other ROM slots, which is something I was also hoping to implement)
~Troop

Thanks, Trooper. Good to see Ubuntu moving further along in the mobile world.
I briefly looked at MultiROM since it originated from the KExec-HardBoot work, but decided not to go in that direction. The main reason is that I decided not to pursue the setup/learning of an Android build environment, but also because it wasn't clear how I'd deal with our lack of a touchscreen and lack of volume up/down buttons. I ended up creating a small application that fits within Ouya's CWM framework and starts up before CWM itself; it monitors the power button for click events and writes to the framebuffer memory region using regular Linux calls.
I'm not too concerned about the dual-boot aspect of this new Ubuntu, but the lack of touchscreen could be a hindrance if mouse/keyboard were not a viable substitute. Whether this Ubuntu is designed to work from external storage is another question, since our /system and /data would be occupied by Android. But in general I think we could boot it from my framework, and if my Boot image were selected over the Recovery one, then the Ubuntu kernel could reside in Recovery and also be bootable from the Android side with the "reboot recovery" command.
Best of luck, and hope you'll have a chance to try it all!

accidental post please delete

S-off with Firewater

Another S-Off script that was sent to me by coremark. Successfully s-off my device and supercid.
http://firewater-soff.com/
Thanks to @coremark.

After gaining S-off on a fully stock device using Firewater + temproot, what is the easiest method for permanent rooting?
Since due to S-off full access is granted to all partitions, is it possible to install the su binary and superuser / superSu apk to the /system partition without flashing a custom recovery? For example by using "adb push" or a root file manager?
Where can I get a su binary? Should I extract it from superSu / superuser recovery ZIP package?
Could anyone walk me through the steps?

edorner said:
After gaining S-off on a fully stock device using Firewater + temproot, what is the easiest method for permanent rooting?
Since due to S-off full access is granted to all partitions, is it possible to install the su binary and superuser / superSu apk to the /system partition without flashing a custom recovery? For example by using "adb push" or a root file manager?
Where can I get a su binary? Should I extract it from superSu / superuser recovery ZIP package?
Could anyone walk me through the steps?
Click to expand...
Click to collapse
I'm afraid you'll need a custom recovery for this. The /system write protection is implemented in kernel (the kernel doesn't sync changes to the actual block device and keeps them in RAM) and S-OFF is completely orthogonal to this. To work around it, you'd need a custom kernel (which is not feasible at the moment since HTC haven't released the full source tree yet, unfortunately) or the wp-mod hack (which I would be afraid of using, to be honest).
Also, why avoid custom recovery when you're already S-OFF and you can flash the stock recovey anytime?

koniiiik said:
The /system write protection is implemented in kernel (the kernel doesn't sync changes to the actual block device and keeps them in RAM) and S-OFF is completely orthogonal to this.
Click to expand...
Click to collapse
You are right, that makes sense.
But then how is this possible (if it is at all)? -> http://forum.xda-developers.com/showthread.php?t=2339056
(Pls check out the 2nd post from member "Indirect".)
AFAIK the One has the exact same kind of /system write protection as the 901s. Doesn't it?
Just out of curiosity, why would you be afraid to use wp-mod? Unknown / unpublished source? Bad feedback from users?

edorner said:
You are right, that makes sense.
But then how is this possible (if it is at all)? -> http://forum.xda-developers.com/showthread.php?t=2339056
(Pls check out the 2nd post from member "Indirect".)
AFAIK the One has the exact same kind of /system write protection as the 901s. Doesn't it?
Click to expand...
Click to collapse
To be honest, no idea. All I do know is that on my phone the write protection works the way it does and I don't really see a feasible way around it. Also, I haven't tried these exact steps. It's possible that adb remount does some extra work or something. Moreover, I'm not sure about the adb shell chmod ... command – that would require root, wouldn't it? But since I haven't tried it, I can only guess.
If you don't mind trying it, I'd be interested in the results.
edorner said:
Just out of curiosity, why would you be afraid to use wp-mod? Unknown / unpublished source? Bad feedback from users?
Click to expand...
Click to collapse
The way I understand wp_mod works is that it monkey-patches the running kernel's filesystem driver to skip the check for the /system partition. In other words, it rewrites the code of the running kernel in-memory. This by itself is reason enough to be extremely careful around such code as it has potential for a major disaster. Missing the right memory location by any nonzero number of bytes can result in the kernel doing practically anything (most likely a crash).
Now, to make matters worse, these seem to be only a few binary versions of the kernel module and people seem to just take a binary compiled for one kernel, modify the version information within the file to make it match other kernels and load it on a completely different kernel. This, to me, is borderline insane, considering that the kernel binaries depend on the version of the kernel, used compiler and even compiler flags used when building.
Again, though, I haven't actually looked at the module's source code; can't say I'm suffering from a surplus of free time and I'm also not *that* interested in it. Most likely it's written in a robust enough way to have a high chance of success. (This seems to be backed up by anecdotal evidence – the thing appears to work for people, which is a small wonder for me.) All of the above is actually just my interpretation of stuff I read in some threads here on XDA-developers and I haven't even tried to confirm it myself.
Still, for me, using the recovery for any such changes is a sufficient and acceptable workaround, since I don't need to modify /system that often.

Wow! Thanks for the exhaustive expanation about WP-mod!
If you don't mind trying it, I'd be interested in the results.
Click to expand...
Click to collapse
Well I am also a bit skeptical about this solution. So I am not sure I will be brave enough to try it
But if I do decide to give it a try, I will post the results here, I promise.

edorner said:
Well I am also a bit skeptical about this solution. So I am not sure I will be brave enough to try it
But if I do decide to give it a try, I will post the results here, I promise.
Click to expand...
Click to collapse
As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.

koniiiik said:
As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.
Click to expand...
Click to collapse
Ah, I see. In that case I will definitely try it!
Truth is I am still an Android noob, I used ADB maybe on two occasions so far, and did not have the time yet to properly check out the documentation for these particular commands.
One more question:
If I understand correctly, Firewater (when used together with the temproot) will also unlock your bootloader. Do you think the apps in /data/preloadwill be deleted in this case too? (I.e. does it do a factory wipe like the unlock process via HTCDev?)
If so, how do I restore the apps? Do I simply copy the APK's back to /data/preload with a root file manager, and that's it?
IIRC Helium backup is not really perfect for the purpose, because it is unable to restore those apps to /data/preload, and puts them to the standard app path. Is this what you remember, too?

edorner said:
One more question:
If I understand correctly, Firewater (when used together with the temproot) will also unlock your bootloader. Do you think the apps in /data/preloadwill be deleted in this case too? (I.e. does it do a factory wipe like the unlock process via HTCDev?)
If so, how do I restore the apps? Do I simply copy the APK's back to /data/preload with a root file manager, and that's it?
IIRC Helium backup is not really perfect for the purpose, because it is unable to restore those apps to /data/preload, and puts them to the standard app path. Is this what you remember, too?
Click to expand...
Click to collapse
No idea, I haven't used firewater, but my guess would be that it won't wipe anything…
As for backing up /data/preload, you can for example use temproot to get access to the directory, copy it somewhere on your sdcard and adb pull it. In case it gets wiped, you can just push it back again and voilà. It's going to require some shell-fu, however.
Alternately, you can just download my ZIP of the latest stock ROM and extract it, it contains the latest /data/preload.
And yes, just copying the APK files into /data/preload should suffice *– Dalvik and its package manager is intelligent enough to detect something has changed in there and perform any installation steps necessary. If it doesn't work right away, a reboot should fix things.

Edorner. It won't wipe. I tried it already.
Sent from my GT-I9305 using XDA Premium 4 mobile app

koniiiik said:
As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.
Click to expand...
Click to collapse
So, as promised, I tried the "adb remount" command on my device and it did not work.
Code:
adb remount
remount failed: Operation not permitted
However "mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system" in root shell (acquired by temproot) worked like a charm And the modifications to /system performed afterwards turned out to be permanent. So in the end I was able to gain root without using a custom recovery.
Based on my experiences, I created a guide which summarizes all the steps necessary to S-OFF and root a completely stock device without using HTCDev unlock and custom recoveries.
I investigated a bit as to why "adb remount" would not work, and found two interesting topics on XDA about the issue:
[2013.05.24][ROOT] adbd Insecure v1.30
Can't get ADB Root Access in certain ROMs?
In short, "adb remount" is only available if the ADB daemon is run in "insecure" mode in a particular ROM. And unfortunately our stock ROMs seem to use secure ADB.

edorner said:
So, as promised, I tried the "adb remount" command on my device and it did not work.
Code:
adb remount
remount failed: Operation not permitted
However "mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system" in root shell (acquired by temproot) worked like a charm And the modifications to /system performed afterwards turned out to be permanent. So in the end I was able to gain root without using a custom recovery.
Based on my experiences, I created a guide which summarizes all the steps necessary to S-OFF and root a completely stock device without using HTCDev unlock and custom recoveries.
I investigated a bit as to why "adb remount" would not work, and found two interesting topics on XDA about the issue:
[2013.05.24][ROOT] adbd Insecure v1.30
Can't get ADB Root Access in certain ROMs?
In short, "adb remount" is only available if the ADB daemon is run in "insecure" mode in a particular ROM. And unfortunately our stock ROMs seem to use secure ADB.
Click to expand...
Click to collapse
Fantastic guide, I just read it and wow.
Also, good to know that particular procedure disables the write protection. I'll have to investigate this sometime, because just now I tried and found out that on my device, the changes to /system are rolled back as soon as I remount /system read-only again. Maybe if I left it read-write all the time, they would persist as well...? I'll have a closer look at this later.

koniiiik said:
Fantastic guide, I just read it and wow.
Also, good to know that particular procedure disables the write protection. I'll have to investigate this sometime, because just now I tried and found out that on my device, the changes to /system are rolled back as soon as I remount /system read-only again. Maybe if I left it read-write all the time, they would persist as well...? I'll have a closer look at this later.
Click to expand...
Click to collapse
Thanks
Hm... Strange...
Instead of manually remounting /system as "ro", I simply rebooted the device. (What can I say, I am hopelessly lazy ) After the reboot I checked the permissions of /system by issuing the "mount" command without any parameters. It showed that it was remounted using the original settings:
Code:
/dev/block/mmcblk0p38 /system ext4 ro,noatime,data=ordered 0 0
So in theory, rebooting instead of manually remounting as "ro" should not make any difference. But who knows
After the reboot, I checked the changes I made to /system previously, and fortunately they did not disappear. (su was still there, I could successfully copy it, and execute it.)
Since then, I've performed a couple more reboots and at least one full shutdown-startup cycle as well. And I still have not lost any changes.
Please let me know if you find something out! I am very interested.