USB brick/rickrolled/b0rked -> FIXED!

[Guest IEFtm]

As most of you know, people have been hard at work to fix the USB issues we've been seeing due to recovery setting us into USB debugmode.

After unsuccessful attempts to change the kernel commandline , eg. to:

disable_uart3=0

usb_h2w_sw=0

we've been successful in discovering (with the help of XDA-developers) that these switches are stored in the first NAND partition, mtd0, or 'misc'.

You must be rooted to try the following, it seems you can't write to mtd0 without root.

Do step 1 again if you have to.

Also, SD card functionality has to work. For this, do 'fastboot oem enableqxdm 0' in fastboot mode.

Steps involved:

1. Find out your CID. Go into fastboot mode, and do 'fastboot oem boot'.

The log will say something like the following:

#INFOTAG:Ramdisk OK

#INFOTAG:smi ok, size = 0

#INFOTAG:hwid 0x0

#INFOTAG:skuid 0x21F04

#INFOTAG:hero panel = 0x0

#INFOTAG:engineerid = 0x0

#INFOMCP dual-die

#INFOMCP dual-die

#INFOTAG:mono-die = 0x0

#INFODevice CID is not super CID

#INFOCID is HTC__E11

In this specific case, the CID is HTC__E11.

2. Get the following mtd0.img from here or from here: mirror provided by SgtDavePwnage.

Edit this image to the CID you found above with a hex editor.

3. Get flash_image from here or from here: mirror provided by SgtDavePwnage.

Move this to /data/ , and flash the modified image using:

"/data/flash_image misc /data/mtd0.img"

You can move both mtd0.img and flash_image by putting it on your sdcard, and issueing the following command in a terminal emulator:

'cat /sdcard/flash_image > /data/flash_image'

'cat /sdcard/mtd0.img > /data/mtd0.img'

You might have to do 'chmod u+x /data/flash_image' before you run the commands (or chmod 755 /data/flash_image)

4. Repeat step 3 a couple of times if it doesn't seem to work well.

5. All done! Reboot, you should have normal usb connectivity. Post your 'fastboot oem boot' log and intermediate steps if it fails.

Credits:

-kubino @ XDA for providing us with the 'misc' information

-TheProfessor @ irc.freenode.net #modaco for being the first test subject + debugging

-adam235 @ irc.freenode.net #modaco for being a test subject as well + debugging

-SgtDavePwnage @ irc.freenode.net #modaco -> moral support + debugging :(

-DrMon @ irc.freenode.net #modaco -> being brave enough to test on his non-bricked device!

Click here to DONATE :(

Edited May 30, 2010 by IEFtm

[Guest vib_]

the best info :(

thnx :(

my legend non-bricked img:

INFOCID is HTC__032

INFOsetting->cid::HTC__032

mtd0.img

Edited May 30, 2010 by vib_

[Guest demandart]

Hi, when i try to 'chmod u+x /data/flash_image' i get "bad mode",

if i try 'chmod 755 /data/flash_image' i get "No such file or directory...

Doing something wrong? :(

[Guest ricky812]

IT WORKED :( thanks

Edited May 31, 2010 by ricky812

[Guest OlegKrikun]

HTC__A07

mtd0.img

big thx for all =)

[Guest MichaelAlexanderBull]

Do we know why the devices are getting bricked and how to stop it happening now?

[Guest hensk]

Do we know why the devices are getting bricked and how to stop it happening now?

yep,there is explenation :(

[Guest Ale Baba]

yep,there is explenation :(

I was about to ask that too but didn't quite get your response.

[Guest demandart]

Ok ok ok... so.. IT WORKS!!

If there's someone with a mac out there that need the steps i followed, just ask!!!

So, thank you all for your great work, i was going to send the phone to htc soon, but, they can wait :(

[Guest KL君]

God damn me! I've rolled back to the HTC ROM that l lost the root.

Can I flash this img in fastboot?

Edited June 1, 2010 by KL君

[Guest SgtDavePwnage]

God damn me! I've rolled back to the HTC ROM that l lost the root.

Can I flash this img in fastboot?

Redo step 1 of the rooting process. This will give you the required access :(

[Guest KL君]

Redo step 1 of the rooting process. This will give you the required access :(

Thx man. Mine was done.

Thanks all guys who provided this solution.

My CID: HTC__044

mtd0.img

Edited June 2, 2010 by KL君

[Guest kerakwaja]

Thanks a lot guyz.... i was thinking of selling my Legend for another symbian phone.... :(

luckily i've found this guide... THNXXX!!!

My CID : HTC_044

i did it thru terminal emulator.... i redo step 3 like 3 or 4 times... and it's done!!

[Guest borgfather]

For this, do 'fastboot oem enableqxdm 0' in fastboot mode.

can please someone explain how to do this ?

i can enter the recovery but get :

error: device not found

as a result

Edited June 8, 2010 by borgfather

[Guest Ale Baba]

i can enter the recovery

Doesn't it say "in fastboot mode"? You tried to enable fastboot in the menu?

[Guest borgfather]

in the fastboot menu :

bootloader

reboot

reboot bootloader

power down

but no "fastboot oem enableqxdm 0"

i also cant het into the recovery boot

it says

Legedimg.nbh

no image or wrong image!

hope you can help me

[Guest Ale Baba]

Fastboot is enabled as soon as you start the phone with back key held down. Make sure ist says "fastboot usb" (which means the device is connected). You then need the fastboot binary to execute the above command.

To get into recovery-mode you have to launch the script provided with the rooting-package (e.g. recovery-windows). Currently there is no recovery mode, not even for rooted Legends, without pushing some files (which is done by recovery-*).

Edited June 8, 2010 by Ale Baba

[Guest borgfather]

3. Get flash_image from here or from here: mirror provided by SgtDavePwnage.

Move this to /data/ , and flash the modified image using:

"/data/flash_image misc /data/mtd0.img"

You can move both mtd0.img and flash_image by putting it on your sdcard, and issueing the following command in a terminal emulator:

'cat /sdcard/flash_image > /data/flash_image'

'cat /sdcard/mtd0.img > /data/mtd0.img'

You might have to do 'chmod u+x /data/flash_image' before you run the commands (or chmod 755 /data/flash_image)

Click here to DONATE :)

do i have to do this in recovery mode ?

i cant get into it i get an error

Legedimg.nbh

no image or wrong image!

after that i get an alert symbol on the screen

any sugestions ?

PS : i can startup the device and run connectbot

can these command be run in a terminal in connectbot app ??

Edited June 9, 2010 by borgfather

[Guest borgfather]

I get an : [1] segmentation fault

what can i do ?

edit extra : i did some testing , the command flash_image couses an crash ( [1] segmentation fault )

even without parameters

is there an other way to flash the mtd0 ?

Edited June 11, 2010 by borgfather

[Guest borgfather]

I keep on getting an segmentation fault when i try to run the flash_image

I'm affraid ther is more wrong with my mtd0 and it is influencing the behavior of the system

is there an ather way to get this fixed ?

[Guest borgfather]

in the disire section it is asked to mpost the "fastboot oem boot" log if the flash fails

here it is:

~/htclegend/ANDROID/r4-legend-root$ ./fastboot-linux oem boot

... INFOsetup_tag addr=0x60000100 cmdline add=0x9D078D14

INFOTAG:Ramdisk OK

INFOTAG:smi ok, size = 0

INFOTAG:hwid 0x0

INFOTAG:skuid 0x22F00

INFOTAG:hero panel = 0x0

INFOTAG:engineerid = 0x0

INFOMCP dual-die

INFOMCP dual-die

INFOTAG:mono-die = 0x0

INFODevice CID is not super CID

INFOCID is HTC__E11

INFOsetting->cid::HTC__E11

INFOserial number: HT039NX00037

INFOcommandline from head: no_console_suspend=1 console=null

INFOcommand line length =441

INFOactive commandline: board_legend.disable_uart3=1 board_legen

INFOd.usb_h2w_sw=1 board_legend.disable_sdcard=0 diag.enabled=0 

INFOboard_legend.debug_uart=0 smisize=0 userdata_sel=0 androidbo

INFOot.emmc=false  androidboot.baseband=7.05.35.26L androidboot.

INFOcid=HTC__E11 androidboot.carrier=HTC-Dutch androidboot.mid=P

INFOB7610000 androidboot.keycaps=qwerty androidboot.mode=normal 

INFOandroidboot.serialno=HT039NX00037 androidboot.bootloader=0.4

INFO3.0001 no_console_suspend=1 console=null

INFOaARM_Partion[0].name=misc

INFOaARM_Partion[1].name=recovery

INFOaARM_Partion[2].name=boot

INFOaARM_Partion[3].name=system

INFOaARM_Partion[4].name=cache

INFOaARM_Partion[5].name=userdata

INFOpartition number=6

INFOValid partition num=6

INFOmpu_nand_acpu_rw 8F2 1000

FAILED (status read failed (Protocol error))

if someone has an idear why I get the segmentation fault please tell

thanks

[Guest borgfather]

OK so finally i got it working

PFfff you cant Imagen how happy I am :)

I would like to thank every body involved for making this fix and in special thanks to IEFtm for providing some extra help

Thanks !!

[Guest gutter]

Can anyone post a step by step guide for mac? I am still having trouble getting this to work.

Thanx

ok. Here is the fix i used, step by step. works every time.

if your phone can't even see the memory card, enable first with:

fastboot oem enableqxdm 0

Do the above step in Recovery mode.

Once the memory card is visible, transfer the files "flash_image" and "mtd0.img" to the memory card

howevor is possible.

Restart the phone, and install connectbot from the market.

Open connectbot, and through terminal (local) issue the following commands:

su

cat /sdcard/flash_image > /data/flash_image "then press enter"

cat /sdcard/mtd0.img > /data/mtd0.img "then press enter"

chmod 755 /data/flash_image "then press enter"

/data/flash_image misc /data/mtd0.img "then press enter"

It will give you an error, on the last command, but ignore it and restart the phone

It should be fixed.

Edited June 25, 2010 by gutter

[Guest HappyLegend]

HELPPPP PLEASE

when i digit on connectbot cd /sdcard/flash_image > /data/flash_image appairs : cannot create /data/flash_image : permission denied

What can I do?

HELP PLEASE AND SORRY FOR MY BAD ENGLISH

Edited June 30, 2010 by HappyLegend

[Guest HappyLegend]

Hi, when i try to 'chmod u+x /data/flash_image' i get "bad mode",

if i try 'chmod 755 /data/flash_image' i get "No such file or directory...

Doing something wrong? :lol:

Sorry man can you helo me???

also to me by the same errors

thank you very much and sorry for my bad english