Tuesday, March 22, 2011

HTC Thunderbolt hand-on

So you went ahead and got Verizon’s first 4G LTE phone, the HTC Thunderbolt, eh? The phone is great, but you want to do more, do you? Well, below is a tutorial for rooting the device and unlocking the bootloader. This is by no means for someone who doesn’t know what they are doing. If you think you have what it takes, read on!
You’ll need:
ADB set up correctly (some knowledge how to use it would help, too)
Patience (look through the tutorial before you begin. If using the command line is new to you, you may want to wait until a more elegant root method comes along.) Double check that you’ve typed the correct commands.
Know that this will void your warranty
This could potentially brick your phone. We take no responsibility if this happens. You’ve been warned.
Make sure your Thunderbolt is fully charged before proceeding.
1. Download the following files (mirrors are available below from the source link below)
  • RUU_Mecha_VERIZON_WWE_1.03.605.10_Radio_1.02.00.01 03_2r_NV_8k_1.37_9k_1.52_release_165253 (md5sum : aae974054fc3aed275ba3596480ccd5b): DOWNLOAD
  • Exploits package (md5sum : 3b359efd76aac456ba7fb0d6972de3af):  DOWNLOAD
  • Custom RUU mirrors (md5sum : aff07b8256628a175c40938d408fa16f): DOWNLOAD
2. Unzip the Exploits package, and push : psneuter, busybox, and misc.img to data/local
adb push psneuter /data/local/
adb push busybox /data/local/
adb push misc.img /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
3. “This step will gain temp root and flash the custom misc.img. Run:”
  • adb shell
You should then see a “$” in the command line, now run:
  • /data/local/psneuter
ADB will restart as root (#) – Now confirm the md5 of the misc.img
  • adb shell
If you see the “#”, run the following:
  • /data/local/busybox md5sum /data/local/misc.img
If the output is anything other than “c88dd947eb3b36eec90503a3525ae0de” , download the misc.img file again, and push it again.
If the md5 is correct, now you need to write the image
  • dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
  • exit
4. Now it’s time to rename the custom RUU file (Third file you downloaded) to PG05IMG.zip
After the file has been renamed, put it on the root of your SDcard (inside no folders) and run:
  • adb reboot bootloader
Choose the bootloader option from the screen, and press power. This will flash the ROM. When it asks you to upgrade, choose yes. This can take a while, so don’t worry.
After it’s complete, reboot the device and delete the PG05IMG.zip file from your SDcard.
Now we’re going to set up the two-part exploit to get root and unlock the MMC:
Push wpthis, busybox, and psnueter:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell chmod 777 /data/local/wpthis
Now run the following:
adb shell
/data/local/psneuter
To unlock eMMC:
adb shell
/data/local/wpthis
exit
6. Potential phone-bricking step:
Now we’re going to push the eng bootloader. You’re messing with system partitions right now, so this can be dangerous if you do no complete the step correctly.
Run:
adb push hbooteng.nb0 /data/local/
adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
The output number should be “6991368ee2deaf182048a3ed9d3c0fcb“. If it does not match exactly that, then stop, delete the file, and re-download it. It, too, is a part of the Exploit package. If it does match, carry on.
Run:
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Run the following to ensure the file was written succesfully:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If you don’t get “6991368ee2deaf182048a3ed9d3c0fcb” as the output code, try again. (If you’ve tried several times, seek help in the IRC chat – chat.andirc.net in channel #thunderbolt.) If you get the correct code, proceed.
Reboot the phone – place the custom RUU (PG05IMG.zip) onto the SD card again, and flash it.
Run:
adb reboot bootloader
“After it flashes, you will be running release firmware with S-OFF.”
7.
Push busybox, SU, and psneuter -Run:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push su /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
Time to gain root access!
Run:
adb shell
/data/local/psneuter
Now we remount the /system and set up SU-
Run:
adb shell
mount -o remount,rw -t ext3 /dev/block/mmcblk0p25 /system
/data/local/busybox cp /data/local/su /system/xbin/su
chown 0:0 /system/xbin/su
chmod 6755 /system/xbin/su
8.
Reboot your phone
Go to the Android Market and install Superuser
Reboot your phone again
You should now have full root.
9.
Now all you have to do is install ROM Manager and flash the Thunderbolt recovery. You’re done!
Posted by m2cmobile.com at 6:21 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)