HTC Visionhttp: / /
www.htc.com/us/products/t-mobile-g2
http://forum.xda-developers.com/forumdisplay . php? f = 750
HTC Desire Z -
http://pdadb.net/index.php?m=specs&i..._visionTmobile G2 -
http://pdadb.net/index.php?m=specs&i..._htc_visionThe Missing 2GB
11-12-10: The following is our best understanding of the issue at -present. Scotty2 says this is \including the removable micro-SD card), once the phone was released, users quickly noticed that only ~ 2GB appears to exist.
Several theories for the \shadow \where the Android kernel's flash controller couldn't find it.
Apparently, none of these theories were correct.
So where is the missing 2GB?
To answer this, it is first necessary to understand a bit about how internal flash cards, such as theSandisk card (also known as an \particular attention to the discussion of SLC (single-level cell) and MLC (multi-level cell) in Chapter 5.
In an SLC configuration, a single bit is packed into each memory cell. In a multi -level cell, you can fit 2, 3, 4 or more bits in each cell. You get a lot of capacity with more bits per cell, but at the expense of speed and reliability.
In trying to figure out where the missing 2gb went, scotty2 noticed that most of the Sandisk card's block device (that is, the part with Android on it) had been partitioned within the regular \/ p>
Note that when we talk about partitioning the emmc, we're not talking about regular MBR partitions like / dev / whatever. An emmc partition is a very low-level partition of the flash. Each emmc partition constitutes a full block device, which can then be further partitioned into a bootloader, / system, / data, etc.
The card's datasheet wasn't too clear about what the \was so different from the regular User Data Area, although one thing was clear - once its parameters was set, you couldn't \during the device life-cycle (one-time programmable ).\tmzt found this. It's an article by Toshiba that suggests what's going on:
Those areas requiring better reliability are SLC or can be programmed as SLC... the Enhanced User Data Area, which may store, for example, system log files, are SLC. The User Data Area, which may store music,
ecco boot, pictures, videos and other files is MLC... Each 1 bit configured as SLC results in 2 bits less of MLC. Theoretically an 8GB e-MMC device (densities are defined in MLC terms), could be configured virtually all as SLC and thus would be approximately 4GB. In most cases, it is more likely that the majority of the memory would be configured as MLC to support higher density.
You've probably figured out by now what's likely happened here. Assuming the Sandisk emmc works like Toshiba's, the 4GB flash has probably been,
ecco shoes sale, save for a few tiny partitions such as the radio, irreversibly configured to use SLC, rather than MLC. If so, the benefit is faster performance and perhaps greater stability (and more read / write cycles). But its capacity / density would be cut in half.
And that, my friends, may very well be where your 2GB has gone.
So To Conclude ...
Assuming the above is a correct understanding of the issue,
ecco shoes on sale, the following appears to be the case:
The HTC vision has a 4GB firmware cardIt has been irreversibly partitioned to use a faster / more reliable configuration called SLCThis has resulted in a practical capacity / density of ~ 2GB
Update: Initial investigations from over a month ago reported that T-Mobile attributed this issue to \) This may correlate with the explanation provided above.
Update 12/6/10: A more technical discussion of this (with pictures) is here.
Bootup Key Sequences
Bootloader ( HBOOT): Volume Down + power on
Fastboot: Touchpad button + Power
Reboot phone from within HBOOT or Fastboot: Power + Volume Down + Touchpad button
Navigating Recovery Mode
Show / Hide Log Text: Volume Up + Power
Navigate Menu: Volume Up / Down
Select Action: Power
November 2010 OTA Update
T -Mobile released an OTA update for the G2 on 3 November. It enables Wi-Fi calling as well as Wi-Fi tethering (with a T-Mobile tethering plan).
The OTA does not include a new hboot (hboot cannot be downgraded once upgraded), but does include a newer kernel,
ecco boots, recovery, and radio image, all of which can be downgraded from this OTA to the shipping versions. # g2root now considers it safe to install the OTA.
Note that if you do decide to apply the OTA, and you've used paulobrien's Google Goggles remover, then you won't be able to cleanly install. You will have to reflash to the original ROM to update.
Rooting the G2Introduction
We would like to be a model of openness as a stark contrast to HTC's and T-Mobile's closed attitudes. Allegiances to any particular teams or groups are far less important than a willingness to help, and all who want to help are welcome. Credit will always be given where it is due, so don't worry about anyone claiming your work as his own. Catch up on our current progress below and join us in ; IRC.
Update 12-1-10: A new way of \safer / recommended way to get permanent access to read-write.
How To Get R / W Access (Permanent Root / \with potential for screwing things up. Do so at your own risk. The many authors of this guide assume no responsibility for any damage to your phone, health, general well-being, or anything else untoward with respect to these instructions or you following them .
12-1-10: THESE INSTRUCTIONS HAVE CHANGED RECENTLY. UNTIL THEY ARE BETTER TESTED, CONSIDER THEM \
Disable Visionary auto-run or uninstall it completely.Download files and put in / data / localGet temp root using rageRun \the (now permanently writable) / system partitionRebootOPTIONAL: Install an engineering bootloader. Only recommended after full phone backup.
Note: If you are not technically inclined, you may want to wait for the automated version to be released.
Procedure
There's already a guide here for obtaining permanent root using VISIONary, but some folks in # G2ROOT are having issues with the way that VISIONary can potentially write dirty cache pages back to flash. VISIONary will need to be disabled or uninstalled so that it does not cause any adverse issues. Using rage directly is a bit cleaner, since you know exactly what it's going to touch at each step of the way.
REQUIREMENTS
Disable auto-run or uninstall Visionary if you have it (I know I said this but it's important!) Android Terminal Emulator appadb (installed as part of the Android SDK.) gfree_temp-root.zipgfree_02.zipMake sure your phone's sdcard is mounted by your phone and not your computer when following these instructions. Also ensure that you have at least 5MB free on your sdcard.Make sure usb debugging is turned on on the phone (Applications> Development, then enable USB debugging)
In the commands to run below, $ or # represent the prompt and should NOT be entered as part of the commands.
TEMP ROOT
ON YOUR PC : Unzip the gfree_temp-root.zip files to a folder. From a cmd window or terminal, navigate to that folder and execute these commands:
$ adb push su / sdcard / su
$ Adb push Superuser.apk / sdcard / Superuser.apk
$ Adb push rage / data / local / tmp / rage
$ Adb push busybox / data / local / tmp / busybox
$ Adb push root / data / local / tmp / root
$ Adb shell chmod 0755 / data / local / tmp / *
ON YOUR PHONE:
Launch Terminal Emulator $ / data / local / tmp / rageWait for the message: \, it Force Closes. Launch a second time, and you'll have a root shell ** NOTE **: in the original directions from the XDA thread, you are instructed to run the / data / local / tmp / root script here. DON'T do this just yet. Leave the terminal window open.
PERMAROOT (using \current version 0.02 gfree supports the following options:
gfree usage:
gfree [-h |-?|-- help] [-v | - version] [-s | - secu_flag on | off]-h | -? | - help: display this message-v | - version : display program version-s | - secu_flag on | off: turn secu_flag on or off-c | - cid : set the CID to the 8-char long CID-S | - sim_unlock: remove the SIMLOCK -f | - free_all: same as - secu_flag off - sim_unlock - cid 11111111
In the following steps the-f will be used to mimic the behavior of the original gfree version that will do radio S-OFF, Super-CID and simunlock in one go.
If you are only interested in permanent root you only need radio S-OFF and then it is sufficient to use
#. / gfree-s off
instead of
#. / gfree-f
in the following commands.
And gfree can now also be used to set radio S-ON by using the \\are on your computer, and type:
$ adb push gfree / data / local
Gfree should now be in your phone at / data / local
ON YOUR PHONE:
You should still have terminal emulator up, at a root prompt from earlier.
Now run:
# cd / data / local
# Chmod 777 gfree
#. / Gfree-f
# Sync
You now have read-write access to your / system, hboot, and recovery partitions. But you still need to \So just do:
# / data / local / tmp / root # sync
Wait a few seconds for the changes to \have read-write access to your / system! But more than that, your phone should also be SIM-unlocked, so that you can use a SIM card from any carrier (T-Mobile, AT & T, Vodofone, etc.) See ; below for more info about that.
At this point you might consider downloading the 'Rom Manager app from the Android market and using it to install the Clockwork recovery and back up via the nandroid \option should things go terribly wrong for you in the next (optional) step.
Also, gfree created a backup of your original partition 7 at / sdcard/part7backup- . bin - You might consider copying this to a safe location on your computer!
VERIFY (using \can use gfree_verify to verify the state of your locks.
Download gfree_verify.zip from gfree_verify_v01.zip
ON YOUR PC:
Unzip gfree_verify_v01.zip to a place on your computer. Navigate to where the file is on your computer, and type:
$ adb push gfree_verify / data / local
gfree_verfiy should now be in your phone at / data / local
Open a shell using adb (ON YOUR PC):
$ adb shell
Use this shell to run the gfree_verify (IN THE ADB SHELL ON YOUR PC).
# su
# Cd / data / local
# Chmod 777 gfree_verify
# Stop ril-daemon
#. / Gfree_verify
You should see the following output:
gfree verify_cid returned: @ CID: 11111111 OK gfree verify_secu_flag returned: @ secu_flag: 0 OK gfree verify_simlock returned: @ SIMLOCK = 00 OK
Start the interface layer again (IN THE ADB SHELL ON YOUR PC) - (or reboot your phone):
start ril-daemon
Did it work? Here's what you're looking for:
@ CID: 11111111
Good luck!
Subsidy Unlock, SuperCID, and Radio S-OFFBackgroundOne at a time. What is Subsidy Unlock and why do I want it?
When you buy your Vision phone from T- Mobile, sold as the \mode, and you will be charged up the ass. Now, what can you do about this? You may wish to purchase a local, pre-paid SIM Card in the country in which you're traveling to make calls or perhaps to buy a few day's worth of Internet access. But if you try, you'll find your phone won't take foreign SIM cards.
Similarly, if you're a T-Mobile customer with a G2 and you wanted to use another phone network within the US that uses a GSM network, such as AT & T, you will be unable to use an AT & T SIM card in your phone. It just won't work.
Why won't your phone take non-T-Mobile Sim cards? Because it's been \your phone will offer the benefit of allowing you to use your phone with other carriers.
NOTE: T-Mobile does offer an unlock code to its loyal customers who are traveling overseas. You can call them and request it . However, as the XDA-forums can attest, some people have had difficulty with their codes, causing the phone to be unable to establish a connection to ANY network.
We want to fix that.
Got it. Next - what is this \a little number that restricts which software can be installed on a phone. The CID determines for example, that only an officially-signed T-Mobile radio can be installed on a T-Mobile phone. And it's why you can't flash a Vodafone ROM onto a Bell Desire Z.
It may be helpful to think of the CID as a kind of \player. But if you hack your DVD player, you could switch it from a European player to a North American one. Or you might even hack it to play both.
You can do the same with phones. SuperCID is, as the name implies, a universal CID where the phone will accept any kind of firmware image from anyone.
Finally, what's Radio S-OFF and What Does It Mean to Me?
The \for \works-normally when you boot up, HBOOT (the bootloader) says to the radio, \commands, and WILL write protect system and recovery. If the radio says \Even phones that have been \what permaroot is all about, isn't it?! So surely the radio must already be S-OFF!
Nope. You've had \/ p>
As scotty2 puts it, \hacked HBOOT. But here's the problem - people have been getting into trouble by flashing factory firmware over their rooted firmware. First thing it does before writing the ROM is overwrite their patched HBOOT. HBOOT turns on read-only mode on the recovery and / system, and the poor folks get locked out of their phones with the old firmware still there.
Having \-of-reflashing-factory-firmware. \> Unlock the Phone, Set SuperCID, and Turn Radio S-OFF
Now featuring scotty2's new method: gfree.
NOTE: If you have NOT permarooted your phone previously with the HBOOT / wpthis method, doing so using the new \'t yet permarooted, look at those instructions.
WARNING: Be aware that by following these instructions you are messing with your phone with potential for screwing things up. Do so at your own risk. The many authors of this guide assume no responsibility for any damage to your phone, health, general well-being, or anything else untoward with respect to these instructions or you following them.
gfree and kernel versions
gfree uses a dynamic in-memory patch of the kernel to remove the kernel's write protection of the radio settings partition.
So, for those of you who have permarooted the old HBOOT way and put on new kernels - -The following kernel versions that are known NOT to work yet with gfree. If you have one of the following kernel versions on your phone install a different (stock, OTA or cyanogen) kernel before starting this procedure:
Kernelpershoots 11/30 buildpershoot's 2.6.32.26 OC-UV-NEON_FP (1.516GHZ) 2.6.32.26-cm-virtuous-v1.0 rmk @ droid # 1
Okay. So we're assuming you've permarooted already. You might want to back up your phone with nandroid on the Clockwork recovery image first,
ecco shoes store, just in case. Make sure you have USB Debugging turned on and at least 5MB on your sdcard.
Note: If you hanker to do it the longer, manual, harder, and more dangerous way, or are just curious what gfree does, see the wiki history for the old instructions.
No? Then let's begin.
1 . Download gfree and verify sdcard is not mounted by your computer
You will need to download a program called gfree that will first copy partition 7 of the phone, then patch it, then reflash back to your phone. (verified to work with the g2 and desire z as well as the desire hd). (You will also need adb, which you can download as part of the Android SDK.)
Unzip gfree_02.zip to a place on your computer.
Make sure your computer is not mounting your phone's sdcard.
gfree version 0.02 and its options
Since the current version 0.02 gfree supports the following options:
gfree usage:
gfree [-h |-?|-- help] [-v | - version] [-s | - secu_flag on | off]-h | -? | - help: display this message-v | - version : display program version-s | - secu_flag on | off: turn secu_flag on or off-c | - cid : set the CID to the 8-char long CID-S | - sim_unlock: remove the SIMLOCK -f | - free_all: same as - secu_flag off - sim_unlock - cid 11111111
In the following steps the-f will be used to mimic the behavior of the original gfree version that will do radio S-OFF, Super-CID and simunlock in one go.
But you can use the same procedure as below with different options to either just set one of these or to go back to radio S-ON and your original CIN
2. Run gfree on the phone
On your computer's terminal / command line, navigate to where the gfree file is, and then ...
adb push gfree / data / local
adb shell
This copies gfree to your phone, then puts you in your phone's terminal. Then (IN THE ADB SHELL) do this:
su
cd / data / local
chmod 777 gfree
. / Gfree-f
sync
Wait a few moments for the sync to \/ part7backup-. bin you might consider copying this to a safe location on your computer.
Now you can try using a new SIM card to verifiy that it worked. Also, if you had to flash a different kernel before running gfree, you may now reflash the kernel you originally had.
Here are some optional steps to make sure you did it right:
3. (OPTIONAL) Verify you did it right
There is a newer method to verify your success using gfree_verify -> see VERIFY using gfree_verify
To verify all went well, do this:
Plug in your phone to your computerIn the Terminal / command line, type this:
adb shell
this puts you in the phone's shell. now it's a simple matter of the following:
(note the # is your prompt. Don't type the \. The lines without the # are returned by the phone.)
# su
# Stop ril-daemon
# Cat / dev/smd0 &
# Echo-e 'ATE1 \ r'> / dev/smd0
0
#
# Echo-e 'ATV1 \ r'> / dev/smd0
OK
# Echo-e 'AT @ CID? \ R'> / dev/smd0
@ CID: 11111111 OK
echo-e 'AT @ SIMLOCK? 40 \ r'> / dev/smd0
# AT @ SIMLOCK? 40
@ SIMLOCK = 00 OK
# Echo-e 'AT @ SIMLOCK? AA \ r'> / dev/smd0 AT @ SIMLOCK? AA
@ Secu_flag: 0 OK
It should look something like that anyway. It may look slightly different if you were typing while the computer was sending you back information. Alternatively, you could open two terminals that connect to your phone: one for sending command (except for the cat / dev/smd0 & command which is used to read back data), the other just issue the remaining command \/ p>
Did it work? Here's what you're looking for:
@ CID: 11111111 <--- this response means you have superCID! Congrats!
@ SIMLOCK = 00 <--- this means your simlock is off. Mazel Tov!
@ secu_flag: 0 <--- this means your radio is S-OFF. Hurrah! ReferencesDocumentation and Sources
SanDisk iNAND e.MMC Datasheet - Verified correct datasheet as per IC markings from this post, \this is the correct version, but for a possible SPI mode the 4.2 version is referenced below. Specifically, here are the parts applying to write protection.
4.2 eMMC Documentation
HTC Desire Z kernel source almost certainly T-Mobile G2 kernel source as well
HTC Wildfire kernel that has some MSM7x30 code in it
Code Aurora Forums (CAF) - More specifically, as it relates to the G2
Github of current modules
IntuitiveNipple's Vision site, containing ongoing analysis of HBOOT and RADIO images. Check in for HBOOT reverse engineering info
On XDA
XDA Discussion Thread # 1
XDA Discussion Thread # 2
Kinda unrelated, but here is HTC's response to their gpl violation.
IRC
Freenode IRC channels:
# G2ROOT