Tuesday, November 27, 2012

How To Unlock the HTC Droid DNA's Bootloader

When the Droid DNA was first announced, many got surprised to find that the bootloader was unlockable at HTCdev.com. Because of this, the device actually got root, recovery, and custom kernel days before the official release. Unfortunately, by the time the device became available in retail channels, Verizon pulled the plug  and it was no longer unlocked through official means.

That, however, never put the developer community off, and famous Android developer Justin Case has released a softmod that will work around that for you, making your phone once again vulnerable to the same official tool that previously supported it.

The whole concept and set of instructions provided are credited to Justin Case, and Android Police, where the guide was initially published, and whose exclusive property it remains. With due credit to them, we lay down these instructions and related requirements for the benefit of our readers.

You should also remember that this process involves some serious modifications to your phone – ones that can render the device absolutely bricked (with no hope of recovery) if not followed to the letter. Do read through the whole guide first before doing anything. We will not take any responsibility if something goes wrong. You have been warned!

Windows/Linux PC with ABD for ICS or above configured.
Minimum 1GB of free space in your Droid DNA’s internal memory.
At least 50% charge on your phone’s battery (full is recommended).
Patience and ability to follow instructions as they are given.
You can grab all the needed files from the source link at the footer of this post.

Step 1: Download both the files mentioned above. Extract the contents of DNA_TeamAndIRC.zip, and place the runme.sh, CIDGen.apk and backup.ab files in the same directory where you have ADB installed.

Step 2: Launch a command prompt or terminal instance, and run the following command:

adb install CIDGen.apk

Step 3: Launch CIDGen on your phone, follow the instructions on screen, and verify the existence of CIDBLOCK.img in the root of your Droid DNA’s SD card/internal memory using this command:

adb shell ls -l /sdcard/CIDBLOCK.img

Step 4: Proceed only if CIDBLOCK.img exists; otherwise, just run the app again and try verification once more. Once the file has been verified, run these in terminal or CMD:

adb push runme.sh /data/local/tmp/

adb shell chmod 755 /data/local/tmp/runme.sh

adb shell /data/local/tmp/runme.sh

Step 5: Open a second terminal or command prompt instance, and restore the modified backup using the command below. Do note that the first window will enter into an infinite loop, and throw various error messages. Just leave them as they are for now, do not get alarmed.

adb restore backup.ab

Step 6: Allow the modified backup to restore on your phone. Once that is complete, stop the first command prompt by simply closing the window (this will kill the runme.sh script).

Step 7: In the second command prompt window that you had opened, run the following set of commands. Justin warns that any interruption at this point – reboot, disconnection from PC, power off et al – will permanently brick your device.

adb shell rm /data/data/com.htc.usage/files/exploit/*

adb shell mv /data/DxDrm /data/DxDrm_org

adb shell mkdir /data/DxDrm

adb shell ln -s /dev/block/mmcblk0p5 /data/DxDrm/DxSecureDB

adb reboot

adb wait-for-device

Step 8: At this point, you’ll need to run the runme.sh script again. Command is same as before, and will put it in an endless loop as well:

adb shell /data/local/tmp/runme.sh
Step 9: Again, launch another command prompt/terminal window, and restore the modified backup once again, just like we did in step 5:

adb restore backup.ab

Step 10: Once it’s restored again, terminate the runme.sh exploit by closing the previous window, and run these commands:

adb shell mv /data/DxDrm /data/DxDrm_trash

adb shell dd if=/sdcard/CIDBLOCK.img of=/dev/block/mmcblk0p5

adb reboot

There you have it. After this reboot, you have essentially changed your Droid DNA’s carrier information, and it can once again be unlocked through HTCDev.com.

A huge thanks to Justin Case and Android Police for these instructions. Do check out the source link below for details and any comments/concerns that you may have.

[ via Redmond Pie ]


Post a Comment

Twitter Delicious Facebook Digg Stumbleupon Favorites More