HTC Sensation
S-Off
S-Off[1] means that the NAND portion of the device is unlocked and can be written to. Most phones are S-On to prevent messing around with the internal NAND memory. To get permanent root access to the phone, we must achieve S-Off. To check the status of our HTC Sensation, we go into HBOOT:
- Turn off phone, perhaps even take the battery out (and put it back in)
- Press and hold "Volume Down" and turn on the phone again, HBOOT should come up. There we can see if S-On or S-Off is active.
We can achieve S-Off with one of the following options:
HTCdev
Go to http://www.htcdev.com/bootloader/ and follow the instructions:
- Select device
- Click on "Begin Unlock Bootloader"
- Confirm, Proceed to Unlock Instructions
- Remove and reinsert the battery.
- Press and hold "Volume Down" and press "Power" to start the device into HBOOT.
- Select "Fastboot and boot the device.
- Connect the device to the computer via a USB cable
- Download Fastboot binary (Mac)
- unzip fastboot-mac.zip
- chmod +x fastboot-mac
- ./fastboot-mac oem get_identifier_token
revolutionary.io
- Download Revolutionary for your operating system (Windows, Linux)
- Windows users will have to install the HTC USB drivers:
- HTC USB TETHERING DRIVER (01.17.2012). This might also be included in the HTC Sync Manager package.
- HTCDriver from unrevoked.com
- Windows users will have to install the HTC USB drivers:
- Execute...
TBD!
Recovery
TWRP
TWRP[2] is pretty stable from what I can tell (and also supports encrypted devices), let's install it via fastboot:
$ md5sum openrecovery-twrp-2.6.3.0-pyramid.img e305489436076d3945465086186b01d5 openrecovery-twrp-2.6.3.0-pyramid.img $ adb reboot bootloader $ fastboot flash recovery openrecovery-twrp-2.6.3.0-pyramid.img
Now reboot into recovery and TWRP should be installed.
4EXT
While there are several recovery images out there, the HTC Sensation had success with the 4EXT Recovery image. We have to download[3]. To flash the image via fastboot, download just the recovery.zip and verify its checksum:
MD5 (recovery_4ext-1.0.0.5RC5.zip) = 959efe1ed21a2173ba857e6f7cb9198f
Unzip and flash:
$ unzip -d 4ext recovery_4ext-1.0.0.5RC5.zip $ md5 4ext/recovery.img MD5 (4ext/recovery.img) = 8e756b40c3183abf90ec6479d2c5e775 $ fastboot flash recovery 4ext/recovery.img sending 'recovery' (6116 KB)... OKAY [ 1.514s] writing 'recovery'... OKAY [ 9.191s] finished. total time: 10.705s
Since the phone is still in its bootloader, choose "Recovery" to boot into the new recovery partition.
Root
Getting root usually requires S-Off and differs from the Android version.
Android 4.0
For Android 4.0 (ICS) there is a guide[4] to gain root access. The process in short:
- Download root-sensation-windows.zip. Verify the checksums for this package:
MD5(root-sensation-windows.zip)= 0371e59a14e7d86593988501e94af6fe MD5(Superuser.apk)= 65bd72996c68f289c5fa0b81f0874127 MD5(adb.exe)= 8a1c5cd46f8662f6162e4ec7ba4b13b8 MD5(busybox)= 4eaf08d657fa5ebb5175765fbf36588d MD5(su)= d1a9de9724c662a50a9a128e48b1fb37
Extract the package, disregard the *.dll files. There's a root.bat command file included - for Linux and MacOS you can use root.sh. Both need a working adb binary to function. When using root.sh, the rooting process looked like this:
$ unzip root-sensation-windows.zip $ cd root-sensation-windows/ $ sh root.sh /path/to/adb CONNECT YOUR PHONE NOW! * daemon not running. starting it now on port 5037 * * daemon started successfully * List of devices attached HT12AA345678 device PRESS ENTER IF YOUR PHONE IS LISTED HERE, PRESS CTRL-C IF NOT! rm failed for /data/local/installbusybox, No such file or directory rm failed for /data/local/installbusybox2, No such file or directory rm failed for /data/local/root, No such file or directory rm failed for /data/local/root2, No such file or directory rm failed for /data/local/sysro, No such file or directory rm failed for /data/local/sysro2, No such file or directory rm failed for /data/local/sysrw, No such file or directory rm failed for /data/local/sysrw2, No such file or directory rm failed for /data/local/unroot, No such file or directory rm failed for /data/local/unroot2, No such file or directory rm failed for /data/local/busybox, No such file or directory rm failed for /data/local/su, No such file or directory rm failed for /data/local/Superuser.apk, No such file or directory DON'T TOUCH THE DEVICE OR UNPLUG WHILE ROOTING! PUSHING FILES... 4266 KB/s (837916 bytes in 0.191s) 3361 KB/s (22364 bytes in 0.006s) 3566 KB/s (843503 bytes in 0.230s) rm failed for /data/local.prop, No such file or directory FIRST REBOOT PRESS ENTER WHEN THE PHONE BOOTED PROPERLY/COMPLETELY
After the first reboot, the phone came back...in a somewhat disturbing state. The background was gone, only the upper status bar was displayed, but it would not react to any swipes and could not be unlocked or used. I even went so far and rebooted the phone myself, taking the battery out and booted it again - but the phone came back in the same strange state. Plugged the phone in again to USB, and pressed ENTER:
SECOND REBOOT PRESS ENTER WHEN THE PHONE BOOTED PROPERLY/COMPLETELY
Phone came back again, this time it looked "normal". Pressed ENTER again:
MOUNTING ROOTFS AND /SYSTEM... NOT FAILED YET ...ITS RUNNING GOOD THEN EVERYTHING DONE..ROOT SUCCESS...ONE FINAL REBOOT NOW
And this was it, now the phone was rooted.
Restore
There are many ways[5] to restore the phone to its original ROM. In any case, we'll need the actual ROM image (aka RUU or ROM Upgrade Utility[6]), in our case:
RUU_Pyramid_TMOUS_1.50.531.1_Radio_10.56.9035.00U_10.14.9035.01_M_release_223976_signed.exe SHA-1: cd03e3e5d4cc08712cb44295f745a1380caf0049
RUU_PYRAMID_ICS_TMOUS_3.32.531.14_Radio_11.69A.3504.00U_11.23.3504.07_M2_release_256085_signed.exe
SHA-1: a19865b9248e5612dd8fa4770de051b3392424c9
For the Fastboot and SDCard method, we will need the rom.zip file included in the RUU. Since the RUU is an We will need a Windows executable, we'd need a Windows system for this:
- Start the RUU and continue just until the actual update process.
- Go to %TEMP% in your home directory, e.g. c:\documents and settings\alice\local settings\temp\
- There should be a rather cryptic named directory, like {18abb736-d55c-4fa4-a3e5-7c78512fa924} containing (amongst other files) a file called rom.zip
- Copy rom.zip to a safe place and name it PG58IMG.zip
- If we just wanted to extract the rom.zip, we can close the RUU utility now. Otherwise, continue with #RUU.
Fastboot
The phone can be restored to its original ROM via fastboot. As we have alread obtained the rom.zip, let's verify if our CID (CustomerID) is included in the ROM.
Boot the device into the bootloader, either via Volume-Down & Power or via adb:
adb reboot bootloader
Once in bootloader, we can do:
$ fastboot devices HT12AA345678 fastboot $ fastboot getvar cid cid: T-MOB010
This is our CID. Let's see if this CID is included in the ROM:
$ unzip -p rom.zip android-info.txt modelid: PG5810000 cidnum: T-MOB010 mainver: 3.32.531.14 hbootpreupdate:12 DelCache:1
If the CID was not included, we have downloaded the wrong RUU. If we still want to use this ROM, we have two options:
- Append our CID to android-info.txt in rom.zip or
- Write the SuperCID to the device via fastboot oem writecid 11111111.
OK, in our case the device's CID was included in android-info.txt and we can continue. As our device is still in the bootloader:
$ fastboot erase cache erasing 'cache'... OKAY [ 3.326s] finished. total time: 3.327s
Reboot into a specia RUU mode:
$ fastboot oem rebootRUU ... (bootloader) Start Verify: 0 (bootloader) Start Verify: 0 (bootloader) erase sector 130560 ~ 131071 (512) OKAY [ 3.307s] finished. total time: 3.307s
After 30 seconds or so the phone should be black with a white HTC logo in the center and the actual installation can begin:
$ fastboot flash zip PG58IMG.zip sending 'zip' (441916 KB)... OKAY [ 60.492s] writing 'zip'... (bootloader) zip header checking... (bootloader) shift signature_size for header checking... (bootloader) zip info parsing... (bootloader) checking model ID... (bootloader) checking custom ID... (bootloader) start image[hboot] unzipping for pre-update check... (bootloader) start image[hboot] unzipping & flushing... [...] (bootloader) [RUU]UZ,hboot,100 (bootloader) [RUU]WP,hboot,100 (bootloader) start image[boot] unzipping & flushing... (bootloader) start image[recovery] unzipping & flushing... (bootloader) start image[system] unzipping & flushing... (bootloader) start image[sp1] unzipping & flushing... (bootloader) start image[dzdata] unzipping & flushing... (bootloader) start image[sbl1] unzipping & flushing... (bootloader) start image[sbl2] unzipping & flushing... (bootloader) start image[sbl3] unzipping & flushing... (bootloader) start image[tz] unzipping & flushing... (bootloader) start image[rpm] unzipping & flushing... (bootloader) start image[adsp] unzipping & flushing... (bootloader) start image[pg2fs_spcustom] unzipping & flushing... (bootloader) start image[radio] unzipping & flushing... (bootloader) start image[rcdata] unzipping & flushing... (bootloader) [RUU]UZ,rcdata,0 (bootloader) [RUU]WP,rcdata,0 OKAY [339.791s] finished. total time: 400.283s
Now the phone needs to be rebooted. In our case the progress bar on the phone was "almost finished" and did not advance any more. After a few minutes I decided to boot anyway:
fastboot reboot
Now the phone should be back to its stock ROM.
SDCard
- Copy rom.zip to the root of your SD card and name it PG58IMG.zip
- Restart your phone into bootloader, possibly via:
- adb reboot bootloader
The phone should reboot and load PG58IMG.zip. This will take a couple of minutes.
RUU
Since the RUU is a Windows executable, we will need a working Windows operating system.
- Connect the phone to the Windows system
- Execute the RUU executable file on the computer and follow its instructions. Afterwards, the device should be back to its original ROM.
Sometimes this method fails, e.g. while trying to connect to the phone. It may stall at "Waiting for bootloader..." or it may be stuck with a black screen displaying only the HTC logo. Eventually the RUU will time out and will display an Error 170: USB connection error.
Running the RUU again (and leaving everything as-is) seems to help...sometimes. The same goes for "re-installing HTC Sync". If this method fails, try the Fastboot or SDcard [7] method above.
S-On
To enable S-ON afterwards, do the following, via ADB:
adb reboot-bootloader fastboot oem writesecureflag 3 fastboot reboot-bootloader
After this has been done, S-ON should appear on the bootloader screen.
- How to Remove Custom Recovery/Root/Hboot and Keep Stock S-Off/Stock S-ON*VIDEO
- How to Unroot the HTC Sensation 4G
ROMs
After gaining S-Off, custom mods can be loaded onto the phone. The HTC Sensation Android Roms website[8] lists popular and updated ROMs for the HTC Sensation.
Codename Lungo
As of 2014, Codename Lungo[9] is still being updated[10] for the HTC Sensation. Installation is pretty straightfoward, via adb sideload:
adb reboot recovery
On the phone, select Wipe Dalvik Cache and Wipe Cache, then Swipe to Start Sideload. Now push the checksum and the update image to the phone:
adb push CodenameLungo-pyramid4.4-20140429.zip /sdcard/sideload.zip.md5 # So that TWRP can verify the checksum adb sideload CodenameLungo-pyramid4.4-20140429.zip # MD5: 0fc646dac3899c1e72aa8c30bbb587f3
Reboot the phone. Important: do not connect to WiFi yet! We have to install Google Apps first. And Codename Lungo brings its own version of gapps[11]:
adb push 4.4.2-gapps-20140510.zip.md5 /mnt/sdcard/4.4.2-gapps-20140510.zip.md5 adb push 4.4.2-gapps-20140510.zip /mnt/sdcard/4.4.2-gapps-20140510.zip # MD5: 86270afcb0c920ee8fa433de09bdc6a5 adb reboot recovery
Install gapps from the SD card, reboot again. Now it's safe to connect to WiFi networks. Additionally more add-ons[12] can be installed, but this did not work here for whatever reason.
CyanogenMod
The most popular would be CyanogenMod. However, for the HTC Sensation[13] the last release was a nightly for CM10[14] (Android 4.1.2).
To install CyanogenMod on the HTC Sensation, the following needs to be done:
- Download a CyanogenMod release, verify its checksum
- Download the Google Apps packages (if needed), verify its checksum
- Transfer the .zip files to the phone, possibly in /mnt/sdcard
- Boot into the bootlader
adb reboot bootloader
- On the phone, select Recovery
- Select Wipe data/factory reset
- Select Install from SDCard
- Choose the CyanogenMod .zip file and complete the installation.
- If needed, do the same for the Google Apps .zip file and possible other packages.
- Select Reboot now
The phone should reboot into CyanogenMod now.
Virtuous
At one point I tried to look at the Virtuous ROM series[15] which comes as plain Android (AOSP) and without "HTC Sense", but I haven't installed it yet.
SIM
This particular HTC Sensation had a lock SIM network lock for T-Mobile. When inserting a foreign SIM card, a "network unlock code" was required before the SIM card could be used. T-Mobile has a special procedure[16] to unlock their phones, which can be timesome or even impossible[16].
With the HTC Sensation, the SIM unlock code can be found on the device itself. After rooting the device, use ADB to connect to the phone, then:
root@android:/ # strings -n 8 /dev/block/mmcblk0p6 [...] PG5810000 X1A1234A1011 2011/01/01 => date (?) 12345678 => unlock code 123456789123456 => IMEI T-MOB010 12AB345G123456 12A00134-01
The SIM network unlock code should be right above the IMEI. If it's not and instead a date is displayed, the unlock code is probably not stored on the device.
Bugs
- Is Your HTC Sensation 4G Suffering Data Connectivity Issues? The Fix Is Easy.
- Dial *#*#4636#*#*
- Press "Phone Information"
- Toggle "Ciphering" to OFF, Turn OFF "Radio"
- Turn on "Radio", toggle "Ciphering" to ON
- Re: Sensation 4G Data Connectivity Issues
- K-9 Mail: failed to send some messages
- Unable to display S/MIME signed messages: This mail is still on the server (HTC Mail)
- connectbot enters busyloop (100% CPU) when an ssh tunnel breaks
Corrupt ZIP since upgrade to Gingerbread on Nexus One
$ unzip -t Data_2011_08_01.zip
Archive: Data_2011_08_01.zip
file #1 (mmsfiles/PART_1308645759757):
mismatch between local and central GPF bit 11 ("UTF-8"),
continuing with central flag (IsUTF8 = 0)
testing: mmsfiles/PART_1308645759757 OK
[...]
Links
T-Mobile
- Calling services: Call forwarding
- T-Mobile: Wi-Fi Calling
- Software update: HTC Sensation 4G
- T-Mobile IPv6 Open Trial (2010-07-30)
- tmoipv6beta (Google Groups)
- T-Mobile stepping up enforcement of $14.99 hotspot plan with Sensation 4G's Android 4.0 update (2012-05-12)
S-Off
- Revolutionary S-OFF & Recovery tool
- What Is S-OFF & How To Gain It On HTC Android Phones With unrevoked forever (2010-12-15)
HTC
- HTCdev: Unlock Bootloader
- ROM Flashing Guide: Best Practices
- archive.mozilla.org/pub/labs/android-tools/
- Updates on Android 4.1 (Jelly Bean) and Frequently Asked Questions
References
- ↑ What Is S-OFF & How To Gain It On HTC Android Phones With unrevoked forever
- ↑ TWRP for HTC Sensation
- ↑ TOUCHCOVERY: 4EXT Recovery Touch v1.0.0.5 RC3, 1.0.0.5 with SmartFlash for s-on
- ↑ Juopunutbear S-OFF NO HTCDEV UNLOCK | ROOT (1.2x HBOOTS)--NEW: ONE CLICK ROOT
- ↑ RUU related info (Extracting rom.zip, Restoring stock, going back S-ON, etc.)
- ↑ Rom Update Utility
- ↑ Solved Problem - Error flashing RUU + Guide
- ↑ HTC Sensation Android™ Roms
- ↑ Codename Lungo
- ↑ Android 4.4.2 (2014-04-29)
- ↑ Codename Lungo: Downloads Gimmy, Gimmy
- ↑ CodenameLungo's files for -Android- Generic Device
- ↑ CyanogenMod: HTC Sensation
- ↑ CM10 Android 4.1.2 (2013-10-06)
- ↑ Virtuous Inquisition
- ↑ 16.0 16.1 SIM Unlock your phone