1 Title: Unlocking HTC Desire HD on Linux using unruu and fastboot
2 Tags: english, debian, bootsystem, sikkerhet, opphavsrett
5 <p>Yesterday, I tried to unlock a HTC Desire HD phone, and it proved
6 to be a slight challenge. Here is the recipe if I ever need to do it
7 again. It all started by me wanting to try the recipe to set up
8 <a href="https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy">an
9 hardened Android installation</a> from the Tor project blog on a
10 device I had access to. It is a old mobile phone with a broken
11 microphone The initial idea had been to just
12 <a href="http://wiki.cyanogenmod.org/w/Install_CM_for_ace">install
13 CyanogenMod on it</a>, but did not quite find time to start on it
14 until a few days ago.</p>
16 <p>The unlock process is supposed to be simple: (1) Boot into the boot
17 loader (press volume down and power at the same time), (2) select
18 'fastboot' before (3) connecting the device via USB to a Linux
19 machine, (4) request the device identifier token by running 'fastboot
20 oem get_identifier_token', (5) request the device unlocking key using
21 the <a href="http://www.htcdev.com/bootloader/">HTC developer web
22 site</a> and unlock the phone using the key file emailed to you.</p>
24 <p>Unfortunately, this only work fi you have hboot version 2.00.0029
25 or newer, and the device I was working on had 2.00.0027. This
26 apparently can be easily fixed by downloading a Windows program and
27 running it on your Windows machine, if you accept the terms Microsoft
28 require you to accept to use Windows - which I do not. So I had to
29 come up with a different approach. I got a lot of help from AndyCap
30 on #nuug, and would not have been able to get this working without
33 <p>First I needed to extract the hboot firmware from
34 <a href="http://www.htcdev.com/ruu/PD9810000_Ace_Sense30_S_hboot_2.00.0029.exe">the
35 windows binary for HTC Desire HD</a> downloaded as 'the RUU' from HTC.
36 For this there is is <a href="https://github.com/kmdm/unruu/">a github
37 project named unruu</a> using libunshield. The unshield tool did not
38 recognise the file format, but unruu worked and extracted rom.zip,
39 containing the new hboot firmware and a text file describing which
40 devices it would work for.</p>
42 <p>Next, I needed to get the new firmware into the device. For this I
43 followed some instructions
44 <a href="http://www.htc1guru.com/2013/09/new-ruu-zips-posted/">available
45 from HTC1Guru.com</a>, and ran these commands as root on a Linux
46 machine with Debian testing:</p>
50 fastboot oem rebootRUU
51 fastboot flash zip rom.zip
52 fastboot flash zip rom.zip
56 <p>The flash command apparently need to be done twice to take effect,
57 as the first is just preparations and the second one do the flashing.
58 The adb command is just to get to the boot loader menu, so turning the
59 device on while holding volume down and the power button should work
62 <p>With the new hboot version in place I could start following the
63 instructions on the HTC developer web site. I got the device token
67 fastboot oem get_identifier_token 2>&1 | sed 's/(bootloader) //'
70 <p>And once I got the unlock code via email, I could use it like
74 fastboot flash unlocktoken Unlock_code.bin
77 <p>And with that final step in place, the phone was unlocked and I
78 could start stuffing the software of my own choosing into the device.
79 So far I only inserted a replacement recovery image to wipe the phone
80 before I start. We will see what happen next. Perhaps I should
81 install <a href="https://www.debian.org/">Debian</a> on it. :)</p>
projects / homepage.git / blob