A high-level DHD/Inspire manual S-OFF hack concept for advanced users


Okay, stop the hating. Here’s a high level DHD/Inspire manual (as in not automated) S-OFF hack concept for advanced users. I am NOT going to detail it further or support it.

#include <std_disclaimer.h>
/*
Your warranty is now void. I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because you can’t tether. Please do some research if you have any concerns about this process before attempting it! YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
*/
(Disclaimer borrowed heavily from cyanogenmod)

Just because the hack kit is going away doesn’t mean the Inspire/DHD can’t be set s-off. Here’s a high level how-to that advanced users should have no issue with. This is NOT a step-by-step, but a description of the activity.  This is deliberate.  If you don’t know what you are doing and don’t understand what’s going on – DON’T EVEN TRY THIS. I am NOT going to detail it further or support it

High Level Steps (some detail deliberately NOT included)

  • htc dev unlock, install cwm recovery and root ONLY
  • dd the stock boot image to /data/local/tmp and pull it to your pc HD (/dev/block/mmcblk0p22 is boot)
    • adb shell dd if=/dev/block/mmcblk0p22 of=/data/local/tmp/boot.img
    • adb pull /data/local/tmp/boot.img
  • make a goldcard (for all CIDS not in android-info.txt in the firmware.zip to be flashed)
    • adb push goldcard /data/local/tmp
    • adb shell chmod 775 /data/local/tmp/goldcard
    • adb shell cat /sys/class/mmc_host/mmc2/mmc2:*/cid  (returns sdcard cid)
    • adb shell /data/local/tmp/goldcard -c <sd card cid above>  -o /data/local /tmp/goldcard.img
    • adb shell dd if=/data/local/tmp/goldcard.img of=/dev/block/mmcblk1 (this writes the goldcard.img to the sdcard.  Mileage on used sdcards may vary)
  • push misc_version to the phone and use to lower the mainversion (need to lower the  mainversion in order to flash the firmware downgrade)
    • adb push misc_version /data/local/tmp
    • adb shell chmod 775 /data/local/tmp/misc_version
    • adb shell /data/local/tmp/misc_version -s 1.11.111.1 
  • relock the bootloader
  • flash firmware.zip with from the zip below (this firmware contains the original radio exploit used by gfree)
    • fastboot oem rebootRUU
    • fastboot flash zip firmware.zip
    • fastboot reboot-bootloader
  • unlock the bootloader again (use the same unlocktoken bin)
  • flash your stock boot.img to boot (this will get the current rom working again)
    • fastboot flash boot boot.img
  • flash recovery.img to recovery (from the zip below – this recovery has a kernel that works with the radio exploit)
    • fastboot flash recovery recovery.img
  • boot to recovery (yes, the screen may well be blank, but adb should work fine)
    • adb push gfree /tmp/
    • adb shell chmod 775 /tmp/gfree
    • adb shell /tmp/gfree -f   >> yeilds – s-off, supercid, sim-unlock
  • reboot to bootloader and check success.

Notes:

  • The firmware.zip in the package below does not contain an hboot, so it should be safe for all Inspire/DHD devices, even those shipped with Gingerbread.
  • Flashing a froyo hboot to a device shipped with Gingerbread is a terrible idea. If you do this after all that has been posted about it, you’re an idiot.  EARLY S-OFF METHODS DID THIS.
  • If you read this carefully, you will realize that this is S-OFF ONLY.  The radio will need to be updated again, it is not rooted, nor does not have working recovery on most devices.  There are 1000s of threads on how to do all that with S-OFF, so no, we are not going into any of that here.
  • Included are the two HBOOTs Hyuh hacked up for us with some ENG functionality. There is one for Sense 3 devices and one for pre-sense 3 devices. Use the correct one – partition layouts are different.

Tools here: ace-tools.zip
md5: 91a551d72f16883a35b8e8f9a7e5bcb1 ace-tools.zip

This should be a useful process outline, and I hope it helps people who have a clue to start with. I am NOT going to detail it further or support it.

Once again, I AM NOT GOING INTO FURTHER DETAIL OR SUPPORTING THIS PROCESS. IF YOU DON’T GET IT, TOO BAD.

Thanks to:

  • Revskills for their fantastic gold card algorithym
  • GenePoole for the kickass android goldcard binary based on above and a new version of gfree built w/o need for certain dependencies.
  • scotty2 for finding the vold exploit and the author of psneuter
  • Guhl for misc_version and gfree
  • hyuh for misc_version revisions and Hboots with ENG features

 

The AAHK is retired


The Ace Hack Kit and all support is sundowned (retired).  This has been a long time coming for the following reasons:

  • The Inspire/DHD are legacy devices.  Because the kit can render devices unusable without support to complete the process, I can’t in a clear conscience make it available without support.The majority of people hacking them now are not the type of people who should be hacking smartphones.  Most of those people have moved on to better, more current devices.  This user mix makes supporting the hack kit more difficult.
  • Despite not taking a dime for Hack Kit Support and instead requesting that users “pay it forward” by learning and assisting with support in the IRC channel, no such help has emerged, save one person in South America.  Other than that, support consists of the same core of people since day one.  This is pathetic.  I have never seen such a bunch of whiney, selfish people as I have since I started hacking smartphones.  I am not saying that is what the majority of users are, but I am saying that’s what the majority of users seeking help are.  We are all about done doing this.

The AAHK has between a quarter million and a half a million downloads.  The vast majority of those downloads have NOT resulted in requests for help or support.  The majority of help requests have come from people that do not bother to read and follow directions or otherwise have no business attempting this.  Stupid people should not hack smart phones.

To those who think you “need” AAHK for your DHD/Inspire – you don’t.  If you haven’t managed to obtain S-OFF before it gets pulled, I don’t care.  I don’t owe anyone a hack.

To everyone who has used and appreciated the hack kit that I’ve never heard from; cheers – I’m glad you were competent enough not to be a pain in our asses.

To people who have earnestly tried to follow directions but got jammed up anyway that we managed to help; you’re welcome.

To the rest of you who feel like taking shortcuts by ignoring all instructions and then feel entitled to support -  we’ve never taken a dime for this and I am glad, because now I can say fuck you with a clear conscience. This action is partly because of you.

 

 

 

 

 

 

 

Advanced Ace Hack Kit (retired – saved for posterity)

The Advanced Ace Hack Kit – for HTC Desire HD and HTC Inspire

AAHK will work on Inspires on AT&T’s latest ROM, 3.20.502.52 only after following the steps outlined here:   http://tau.shadowchild.nl/attn1/?p=88 .

Warnings:

  • Do not attempt to hack a phone with a broken control (like a volume button).  We will not help you.  There is good reason for this; if the phone gets to an unbootable state, then you can’t recover it.  Stay stock.
  • If your PC environment is not ready to run this kit, there is a good chance your device will not boot properly until you fix your PC or switch to another and re-run the hack kit from the partial boot. READ THIS ENTIRE POST and READ THE EFFEN MANUAL! There is no substitute for READING for COMPREHENSION
  • Do NOT use earlier versions Ace Hack Kit (12.x and lower) on Inspire or DHD devices shipped with Gingerbread.
  • Do NOT attempt to downgrade a Inspire or DHD shipped with Gingerbread with a Froyo RUU.
  • Do NOT attempt to install earlier ENG HBOOTs on these models. AAHK now has Hboots that safely support fastboot image flashing.
  • Doing this WILL severely degrade bootloader performance on Inspires and DHDs and causes issues trying to install RUUs. In other words, it WILL jam you up. (Note: Issue confirmed on later DHDs – ignore at your own risk).
  • Sense 3, including those with RELOCKED HTC BOOTLOADERS (NOTE: NOT UNLOCKED – MUST BE LOCKED OR RELOCKED) is auto-detected in hack step. Option is given to download a GB RUU and downgrade or abort. This WILL wipe data.

#include <std_disclaimer.h>

/*

Your warranty is now void. I am not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because you can’t tether. Please do some research if you have any concerns about features included in this tool before running it! YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.

*/

(Disclaimer borrowed heavily from cyanogenmod)

Features:

  • COMPLETELY INTEGRATED/INVISIBLE GOLD CARD PROCESS
  • Custom AAHK Bootloaders support popular ENG S-OFF functions for both Sense 2 and Sense 3 partition layouts
  • Only ONE menu step – HACK ACE
  • No ROM downgrade required (only radio/kernel) for devices not running sense 3
  • The original ROM is retained (except when downgrade from Sense3-GB is required)
  • No wiping data for devices not running sense 3
  • Rom is fully functional (yes, inc wifi)
  • Fully rooted with insecure boot image (supports adb remount for rw system)
  • Busybox manager app installed
  • Radio S-Off, superCid & carrier sim unlock
  • Correct Radio is automagically restored for HSPA+ operation
  • Clockworkmod Recovery included
  • All known Inspire/DHD builds supported
  • Easy return to stock for SOME builds (See the Effen Manual – not all carrier RUUs are available)

Notes:

  • Please do NOT run the hack step if you are already S-OFF AND are running a custom ROM. It’s pointless, and while it won’t brick you, you can get jammed up a bit. This is for stock devices only.
  • You MUST read the ENTIRE EFFEN MANUAL in order to run the hack kit.
  • Do NOT try to run this from a VM – particularly VirtualBox. You WILL get jammed up and may wind up flashing an RUU to recover, losing data in the process.
  • Do not use USB 3.0 ports – use USB 2.0
  • After kernel downgrade – video is lost on boot – this is okay as adb is working and can be used to finish the process. If the process fails, it can be restarted once the PC environment is corrected. When the process completes successfully, everything is restored and fully working.
  • Youtube videos are neat demos, but they make poor guides. READ THE EFFEN MANUAL. “There is no substitute for reading for comprehension.” – GenePoole
  • Make sure you extract the hack kit to your pc maintaining the directory structure in the archive you downloaded. The docs will be in the root directory of the unarchived kit, as will the scripts. READ THE EFFEN MANUAL.
  • I can’t believe that so many people are asking where the effen manual is. THE EFFEN MANUAL IS IN THE EFFEN HACK KIT.
  • This kit should work fine on HTC Inspire and HTC Desire HD Software versions below 3.06.405.1 which require the radio/kernel downgrade before a root exploit is available.

Windows Prep:

  • IMPORTANT – disable all malware (Antivirus detection etc) detection before unarchiving the hack kit. Keep it off thoughout the hack kit processes. Many Windows malware detection programs report false positives, deleting or binding critical files required by the process.
  • IMPORTANT – Remove or disable all services and daemons you can, particulary anything Apple, blackberry, PDAnet, Microsoft Mobile, anything USB not required for this task, any resource hogs. Also disconnect all un-needed USB devices and USB HUBs.
  • Remove HTC Sync and drivers.
  • Only after completing the above steps, install the drivers contained in the Hack Kit (see the Effen Manual) BEFORE plugging in the phone.
  • Connect the phone to the computer via a USB port connected to the system board – not a front panel port or a hub or extention port.
  • Verify successful android device driver installation in device manager.

Issues during downgrade:

  • IMPORTANT: BEFORE SWITCHING FROM DISK DRIVE TO CHARGE ONLY MODE, ALWAYS EJECT THE SDCARD WITH PC SOFTWARE TO FLUSH WRITE BUFFERS AND AVOID CORRUPTING THE SDCARD.
  • model ID incorrect update fail – this is because your goldcard is not working.
  • READ THE EFFEN MANUAL. Reading is fundamental.

Download:

Note: AAHK filename uses ddmmyyyy naming convention.

aahk-11092012.zip
md5: 5727960aa167b305b8f3561ffbbb1360

viperbjk is with Revskills, and his contribution is key to finally allowing one step processing where a goldcard is required. The entire process is now one menu step. A second step will be required to clear your conscience –
DONATE to:
Revskills.
and/or
Electronic Frontier Foundation

Note: No money has been accepted for the AAHK or support of the AAHK by myself or anyone working with me on it.

If you have read this post and the effen-manual and get stuck during processing,
help is available in IRC at http://webchat.freenode.net/?channels= – aahkSupport

Yes, there are stupid questions.

Questions that will get you immediately kickbanned from the IRC channel with no further explanation:

Q: Do I need to flash a ROM after the hack kit is finished?
A: Kickban. The hack kit is a complete, one step process. If it finishes correctly, you are finished. What part of “fully functional” is vague?

Q: Do I need to flash a radio after the hack kit is finished?
A: Kickban. The hack kit is a complete, one step process. If it finishes correctly, you are finished. What part of “fully functional” is vague?

Q: The options menu has options to flash radios. Do I need to flash a radio?
A: Kickban. What part of “optional” is vague? This option is to make it easy for people who may have flashed another radio and want to flash back to these particular radios.

Q: Do I need to plug in the phone?
A: Kickban. If you know how to enable usb debugging without a USB connection, then I’ll change this policy. In the meantime, asking such a question just makes me think you have not read anything and/or have dedicated yourself to being an idiot.

Q: What’s the best ROM?
A: Kickban. The whole point of this is to give YOU control and allow YOU to decide. Yes, we prefer CM7 and I think it’s the only real Android choice available, but don’t ask us to think for you. If you don’t see that pretty much everything else is either ripped off or HTC Non-Sense, then you haven’t done your homework and that’s okay. Just don’t ask, because in the end, it’s YOUR choice.

Q: Facebook doesn’t work.
A: Kickban. This has nothing to do with anything but Facebook. Go ask Facebook, not us.

Q: I can’t find the pass key.
A: Kickban. Really? Then you did not really read the Effen Manual. If you really did, then you would not ask. Really.

Q: My phone won’t boot – how do I fix my HBOOT?
A: Kickban. We’ve been warning people not to flash Froyo Hboots (Including HTC ENG ones) on devices shipped with GB for well over a year now. If you do this and screw up, it’s not our fault and you’re on your own.

This IRC channel is for people who read, attempt and get stuck because of PC issues or an occasional bug introduced with a new feature. It’s not for people to troll those who dedicate their time for support without any compensation by asking a series of mindless, inane questions and observations for attention. We’re too busy for that – even if we have nothing to do. It’s beyond annoying and you will be kickbanned without warning. Read, search, think, try, then ask.

The people in #aahkSupport have been helping noobs without compensation for over a year now, with generally very good results and a generally good nature, despite being abused by some on almost a daily basis.

Thanks to:

  • Revskills for their fantastic gold card algorithym
  • GenePoole for the kickass android goldcard binary based on above
  • agrabren for fre3vo, the Gingerbread temproot used
  • scotty2 for finding the vold exploit and the author of psneuter
  • Guhl for misc_version and gfree
  • hyuh for misc_version revisions and Hboots with ENG features
  • jcase for taco root
  • shad0wf0x for his windows scripting contributions
  • ktilcu for DOC contributions
  • anthony1s for his review and unique perpective
  • neolobster for his generous file hosting
  • The > 150,000 downloaders of the hack kit, most of whom seem to get though it without issue.

AAHK Changelog


Advanced ACE Hack Kit Changelog:

AAHK 11092012

  • Added undocumented fastboot mode to simplifiy IRC channel troubleshooting

AAHK 12062012

  • Fixed issue with CID__044 on return to stock (typo)
  • Updated Options menu in Effen Manual to reflect the ability to flash Hyuh’s new Pseudo ‘ENG’ S-OFF HBOOTs

AAHK 07052012

  • Process now installs ‘ENG’ S-OFF Hboot safe for all current Inspires/DHD – including those shipped with Gingerbread
  • Added ability to flash ‘ENG’ S-OFF Hboot for Gingerbread Sense 3 partitions as well as Gingerbread Sense 2 and Froyo from options menu

AAHK 30042012

  • Adjust time delay after zergRush on some downgrades for slower failboxes
  • Numerous new downgrade enhancements
  • All CIDS for all supported RUUS are now available for “return to stock”
  • Many Effen Manual updates

AAHK 13012012

  • Fix windows return to stock function

AAHK 12012012

  • Fix windows goldcard issue with tacoroot process
  • Use direct links to RUUs instead of tinyurl which seems to offend sensibilities of some government censors
  • Fix issue with AU temproot

AAHK 11012012

  • Added support for virtually all known 3.12.x and 3.13.X software versions (Sense 3 Gingerbread)
  • Added support for funky mainversions produced by installing HTC 2.x bootloader
  • Updated Effen Manual; rearranged, added verify section, used more yelling

AAHK 04012012b/c

  • Fix more results from my rectal-cranial inversion on the windows script

AAHK 04012012

  • Got my head out of my butt with tacoroot process
  • Added downgrade support for 3.13.415.2 and 3.13.707.4 main versions

AAHK 02012012

  • Added modified misc_version (hyuh) to compensate for when sdcards won’t mount after tacoroot temproot – impacting Vodafone 3.13.161.3

AAHK 01012012

  • Added downgrade for Vodafone 3.13.161.3 build
  • Added Vodafone to “Return to Stock” menu
  • Added info regarding radio flashing to the Effen Manual
  • Force Sense 3 downgrade process to hboot flash method to simplify multiple passes required due to hboot pre-update requirement.

AAHK 17122011

  • Fix Froyo radio restore derp

AAHK 12122011

  • Added full downgrade support for 3.06.405.1
  • Some Anthony1s effen manual enhancements

AAHK 10122011

  • Deleted the RUU accidentally included (whoops)
  • Added downgrade before hack for Sense 3 version 3.12.405.1 (automatically detected in Hack step)

AAHK 09122011

  • Windows bugfix for rerun after downgrade
  • Busybox installer bugfix
  • Find key in string entered – negate leading/trailing spaces

AAHK 08122011

  • Add HC* serial compatibility for China model
  • Update Clockworkmod Recovery from 4.0.1.4 to 5.0.2.7
  • Added WWE (CID HTC__001) and Telus to return to stock
  • Removed AT&T Froyo from return to stock (bad idea for GB shipped devices)
  • Added Clockworkmod Recovery flash to options menu for those who already have S-OFF.
  • Added AAHK downgrade detection
  • Added SDCard mount detection prior to sdcard writes.
  • Removed older Froyo radio restore from Options Menu
  • Removed Rom Manager (extremely noob unfriendly)
  • Provided further pass key detail in Effen Manual for user browser fail events

AAHK 29102011

  • Clarification in Effen Manual RE: Pass key (now generated by the script)

AAHK 27102011

  • Removed hboot downgrade to return to stock downgrade – not needed.
  • More Effen Manual updates

AAHK 25102011

  • Additions to the Effen Manual
  • Added Pass Key to start (found in the Effen Manual)

AAHK 15102011

  • Revert use of ENG bootloader – causing extremely slow boots on some Inspires.

AAHK 08102011

  • Trap Windows errors and report then exit gracefully when the Windows ENV is damaged and key Windows files are not available.
  • Include ENG bootloader – due to popular demand and contrary to my belief that it is not needed by most users.

AAHK 03102011

  • Another DHD Bugfix – properly ID DHD model when checking adb connectivity

AAHK 26092011

  • bugfix – froyo boot image restore

AAHK 25092011

  • Added service and process stops for some known bad actors in windows
  • Added boot images for both froyo and gingerbread for non-NAM device
  • Stock ROMS should now be fully operational on all DHDs.

AAHK 19092011

  • Increased Windows sleep setting

AAHK 16092011

  • OSX wget bugfix

AAHK 14092011

  • Froyo radio restore fix in hack process

AAHK 13092011-2

  • Added additional serial prefix support for a EU DHD

AAHK 13092011

  • Gold card creation now completely integrated/invisible – Only one step required
  • Complete downgrade no longer required – no data loss
  • Smaller, faster, process (uses small firmware update and not an entire RUU)
  • Original ROM is retained and is fully functional, fully rooted
  • New replacement ROM not required
  • Correct Radio is automagically restored for HSPA+ operation

V12.3 (08-11-2011)

  • Fixed Broken Windows script

V12.2 (08-11-2011)

  • Fixed updated recovery

V12.1 (08-10-2011)

  • Updated Recovery
  • Added Missing OTA Radio update in Linux script
  • Added clean step in options menu

V12 (08-08-2011)

  • Froyo/Gingerbread automatically detected
  • Android 2.3.3 (Software #2.47.502.7) support added via fre3vo. Possibly others.
  • Downgrade failure detection
  • Includes AT&T OTA Radio Option
  • RCDATA included in both radios

V11 (04-29-2011)

  • Menu Driven
  • Now restores sound
  • Perma rooted
  • Fewer steps
  • Far less user interaction
  • Integrated cid reverser,
  • Integrated Goldcard write
  • No more phone term commands
  • No more flashing CWM from ROM manager required
  • Faster, more reliable – MAJOR UPDATE

V10 (Stone aged process)

  • Integrated SDCard CID reverser (OSX/Linux versions (me) and Windows Version (shad0wf0x)
  • Integrated Goldcard image writing for all supported platforms
  • Far fewer Goldcard issues
  • No more terminal commands
  • Much simpler
  • Much faster
  • Far, far, far, far, far fewer user errors. Way less. Really.

< V10 prehistoric