Wednesday, March 23, 2011

How To: Permanent Root and Flash CyanogenMod on Newer MyTouch 4G's

So, I purchased my MyTouch 4G back in October of last year and had no problem rooting it using the methods that came out in November.  However, I just got another brand new MyTouch 4G through work that also needed to be rooted and I ran into big problems.  After about 6 hours of tinkering I finally found out that the new phone had a non-engineering HBoot.  This means that there isn't as much flexibility in what you can and can't do with it and you have a greater chance of bricking if something goes wrong.  So, how do you know which HBoot you have?  Simple, reboot the phone into the bootloader by holding the power and bottom volume button.  Then on the boot loader screen it will either say 0.86.000 or 0.85.2007.  If it is the .85 then you have the engineering HBoot and any permanent root method should work.  If it says .86 then you don't have an engineering HBoot and you need to use this method.  To be clear, I didn't create these methods, I am simply aggregating the three steps needed to perm root and load CyanogenMod. 
This tutorial assumes you are familiar with adb, if not look here.  If you are running a 64 bit version of Windows you may have problems loading the adb driver.  This thread should provide the solution.

Then this method will perm root the phone:

These instructions below were extracted from the link above for convenience.  I fitted them for .86 boot loader situation.

Download this file: New version of gfree with more options! See below.
md5sum: b73c56ca0e21664c5756d4ad295063c5

1. Now unzip the file into your SDK tools directory.

2. Plug your device into your computer.

3. Now open explorer and hold down shift at same time you right mouse click on your SDK tools directory (platform-tools if you have the R8 version of the SDK). Select open command window here. If you are in linux (ubuntu) right mouse click on your SDK tools folder, choose actions, and choose open command window(or whatever it's called). Otherwise, open a command prompt and cd your way to your SDK tools directory.

4. Type "adb push gfree /data/local" and hit enter.

Optionally, you could dl the file to your phone use androzip or something like it to unzip the file and then use root explorer to move the file named gfree to /data/local. Not the gfree.h file. All the other files are source code inlcuded for the gnu license. This would skip the first 4 steps. 

5. Now unplug your device from the computer.

6. Run visionary to gain temp root. (If you were already permarooted w/s=off ignore this step.)

7. Open terminal emulator on your device, type "su", and hit enter to gain root privileges.

8. Type "cd /data/local" and hit enter.

9. Now type "chmod 777 gfree" and hit enter to make the program executable.

10. Type "./gfree -f" and hit enter.

New features in gfree.
gfree usage:
gfree [-h|-?|--help] [-v|--version] [-s|--secu_flag on|off]
-h | -? | --help: display this message
-v | --version: display program version
-s | --secu_flag on|off: turn secu_flag on or off
-c | --cid : set the CID to the 8-char long CID
-S | --sim_unlock: remove the SIMLOCK

With the new features you can turn off one thing at a time. You can also turn security back on and set the CID back to stock if you wish. To turn simlock back on you still have to follow the revert procedures on this page as the information that is patched to turn the lock off is encrypted and we can't write back to it other than restoring the entire image.

So, if you wanted to leave simlock on but turn security off and set super CID the command would be "./gfree --secu_flag off --cid 11111111" + enter. The -f switch after ./gfree that is now in the above step (./gfree -f) just tells gfree to patch everything.

11. Wait for the program to finish and then reboot into HBoot to see if S=Off. Also, check your bootloader version. If it says s=off and has bootloader version 0.86.0000 it worked.

12. Run visionary again (temproot w/set system r/w after root checked and then attempt permroot) to make root privileges permanent and then reboot again. Now "su" should work properly for you.

Gfree writes a backup of the file that it patches named Part7backup-numbers.bin on your sdcard. I suggest putting this file in a safe place as it is the only way to revert if you need to.

Next, follow these steps to flash the engineering bootloader
1. Restart your phone and plug it back into your computer.

2. Download this file:
md5sum: df4fd77f44993eb05a4732210d2eddc6

3. Copy the file to your SDK tools directory.

4. Open a command prompt again and cd into your SDK tools directoty (platform-tools if your on the new R8 SDK).

5. Type "adb push hboot_dhd.nb0 /data/local" and hit enter.

6. Now open terminal on your device and type "su" and enter to gain root priviliges.

7. Type "cd /data/local" and enter.

8. Now type "dd if=hboot_dhd.nb0 of=/dev/block/mmcblk0p18" and hit enter.

9. You should see something like: 2048 bytes in 2048 bytes out 1048576 bytes copied blah blah blah.

10. Now restart the device into hboot and check if your bootloader version is 0.85.2007. That is what you want to see.

Congratulations, you now have a TRUE root and engineering bootloader on your shiny MT4G!!!

Once CyanogenMod is loaded, you will need to pull out and then replace the battery to get WiFi working.

Enjoy CyanogenMod!!

No comments: