grelbar just another hacker's blog

Voiding Warranties..again

- Disclaimer - I won't be responsible for anything you do to your phone, voiding waranties, setting small cats on fire, or causing your local subway system to stop working -Disclaimer-

I recently got the HTC Desire Z. Slightly older, but it has the qwerty slider, which i wanted. Anyway, the HTC Sense UI default "shell" put on top of Android is great. By far better than the Samsung uh.. Touch Wiz thing. Smoother, and smarter. But i won't get into that. What comes with Sense UI on this phone (and i'll bet a lot of other HTC phones), is a bunch of applications. Applications that i didn't need. So obivously i tried to remove some of those applications. Turns out, to remove apps like Facebook or Twitter (that i do not want on my phone), you have to have root. I didn't find any smart way of getting rid of the apps without root, because it requires modification or removal of files that are in directories that are not world or group-writable.

So, after some internal debate between me and myself, i decided to root the phone. I quickly realized that the operation would not be as easy as on the Samsung, which has a fairly established and easy-to-use toolset for doing both rooting and rom management. Samsungs can also be exploited on pretty much any version of the OS.

However, on the HTC, i found that i had to first downgrade the firmware, so that i could use an exploit to gain root. And to make matters worse, this didn't work on it's own. I had to turn my microSD card into a "goldcard", then do the downgrade, then the exploit to gain root, and then flash the new firmware on top. In this case, i ended up with Cyanogen Mod 7.1. again, since i had good experiences with it.

So, let's go through the process that i had to go through. Reading a bunch of forums, i quickly got the picture that your mileage will vary. First of all, let's start with what i had. I had the HTC Desire Z (known as the HTC Vision G2, i think, in the US). I had the latest firmware, which in this case meant uh.. Android 2.3.4 (or 2.3.5), called the HTC Sense version 2.1. Anyway, the latest version available through the HTC OTA update. The phone was bought October of this year.

I started out with the Cyanogen Mod instructions for downgrading the phone to an exploitable firmware version on this page. Or actually, i started out by installing the android sdk, but on arch linux it was as easy as installing android-sdk from the AUR. I use yaourt as a frontend, so i did a yaourt android-sdk. On a 64-bit system, i had to enable the multilibs repository, to get the necessary lib32 libraries.

I ran through the steps of  pushing fre3vo and misc_version on the phone, which went fine. I then did the chmods and the debug, which then got me a root shell on the phone temporarily. The next step has me setting the version for a misc_version, and then pushing the actual downgrade onto the phone. All good so far. Next step is to reboot the phone bootloader using adb (the android debugger). This also worked.... until i got a dreadful message. "CID incorrect! Upgrade fail!". CID? Wtf? Okay. Step back for a moment and google this fucker.

Turns out certain phones need some finetuning to be able to downgrade, due to either..carrier lockin, or some branding put on the phone, or perhaps an unknown reason (maybe hardware or software revisions?). I found this thread on the Cyanogenmod forums, which helped me onwards. The thread describes my exact issue, though with a slightly different downgrade firmware than mine. In any case, i decided to give it a try. The process involves the creation of a "goldcard", which is then used as a place to store the downgrade firmware. The goldcard is simply a microSD card, with the first few bytes overwritten with some new data.

The steps were basically:

• Download the goldcard helper application from the Android market. The phone was still bootable and fully operational, as no downgrade had taken place, so i was able to download and install this.
• Using the goldcard helper, get the reverse CID for your MMC2 card. That's your microSD card. MMC0 is your internal memory and can't be used for this, as far as i've read.
• Taking the reverse CID for your microSD card from the program, input it into the goldcard page (a link is also in the application).
• The site generates an image, which you will download
• Download also a hex-editor, such as HxD
• Take your microSD card out of your phone and put it into a memory card reader (i also read you can use your phone as the reader, but i used a Kingston reader instead), and open up the card from the HxD editor using the extra tab, then the open disk menu and under physical disk selected the removable disk which was the microSD card. Make sure that read-only is not checked when opening the microSD card.
• Open up another tab by opening from the extra tab "open disk image", and load the .img file that you got from the goldcard site. Also uncheck the read-only checkbox here. Use the default 512 byte sector size. You should now have two tabs open.
  
• From the goldcard.img tab, do a select all, then copy. Go to the microSD tab, and select offsets 00000000 to 00000170 and from the edit menu do a "paste write". This will paste the content of the goldcard.img, to the first offsets of the microSD card.
• From the file menu, save what you've done. Accept / ignore all warnings.
• Ok, now you have a gold card.

Proceed by copying over the downgrade image to the newly created goldcard. Continue with the CyanogenMod instructions.Following the instructions for the downgrade, you can safely redo all the steps to make sure. Once you are ready, reboot the bootloader again. You should now have great success, in the words of Borat. Navigate with the volume up and down keys, and select using the power or the navigation-touchpad thing-button. Select bootloader, then select fastboot. Confirm that you want to go ahead if necessary.

This will take a moment. You'll then be downgraded to an earlier version of the firmware, which has a known exploit, allowing us to root the phone. The phone will (i think) reboot on it's own, and give you an older looking Sense UI.

Continue with the rooting instructions here. Basically you are downloading and pushing onto the phone a bunch of packages that are needed. Then, you're running the actual exploit which should find a register in the memory, which we will use to sneak in (i think this is a correct analysis of what goes on, though i'm no programmer). Remember to match those md5 sums listed in the instructions before going on.

After this you have a rooted phone, hopefully with clockwork recovery mod installed. You can now keep using the Sense UI thing (i'm not sure that it'll OTA upgrade anymore?), or install Cyanogenmod, using these instructions. For some reason, i either failed some part, or something failed, but i didn't have clockwork recovery mod installed after this process. No sign of CWM anywhere. So, i headed on to the market, and downloaded the thing from there. I was now ready to install Cyanogen, which went without incident.

Note, that if you can't get into recovery mode using the restart into recovery (from the normal shutdown menu, after installing CWM), shut down the phone, and use Power, volume down and the navigation thing pressed all together.

Ok, so now i have Cyanogenmod 7.1.0 on my HTC Desire Z, with Android 2.3.7 on the bottom. Nice! Quadrant scores (yes yes, synthetic benchmarks..) went from 900 to about 1900 compared to the latest Sense UI. Phone feels snappy.

One thing to note was that market kept crashing! I was getting worried for a moment, but then i remembered the internet, found that thread, and fixed the problem. After downgrading, rooting and installing Cyanogen, i had the phone set to a language called English HD. I selected English US, and my problem was gone. So note this.

Winamp keeps crashing now, but it did that on the Sense UI side, so i doubt it has anything to do with Cyanogen. Version 1.2.6 is the latest as i'm writing this, and there is no later version available. The default media player, though, is pretty usable in any case, so i'm just using that for now.

Now, if i could just install this Cyanogen Nightly build...

HTPC Ubuntu 10.10 Upgrade

Yesterday i started upgrading the HTPC to Ubuntu 10.10. I was having some problems with audio (no doubt related to pulseaudio....) and i had a bunch of updates waiting to be installed that i didn't dare install. I have this nagging feeling that every time i do an apt-get upgrade, something breaks in XBMC. Might just be a feeling. Might not. Anyway. I started with a clean install of 10.10, installing propietary codecs and updates from the web during the install. After the installation, i tried to remove pulseaudio. I did an apt-get remove --purge pulseaudio, which still left some libraries like libpulse0 and others. I tried removing them by hand, but that resulted in some dependency-errors. Further trying to remove that resulted in me not having a stable gnome desktop to log into. It started GDM, but after that i just got returned to the login window. I did an apt-get install ubuntu-desktop, and a reboot, which fixed the problem. Then again apt-get remove pulseaudio, and left it at that.

After that i added a few PPA's to keep my Nvidia and ALSA-drivers current. Alsa works better with XBMC, handling both Dolby Digital, DTS, as well as MP3 and other stereo audio. The latest Nvidia drivers have not always been problem-free, but i decided to give them a try. The PPA's i added were from this, and this site, and the complete commands were:

/ some dependencies first /
sudo apt-get install dkms python-software-properties

sudo reboot 

/ after the reboot install the nvidia drivers /

sudo add-apt-repository ppa:ubuntu-x-swat/x-updates
sudo apt-get update
sudo apt-get install nvidia-current nvidia-settings

/installing the audio drivers/

sudo add-apt-repository ppa:ubuntu-audio-dev/ppa
sudo apt-get update
sudo apt-get install linux-alsa-driver-modules-$(uname -r)

sudo add-apt-repository ppa:ricotz/unstable
sudo apt-get update
sudo apt-get install linux-sound-base alsa-base alsa-utils

After this, i rebooted, and ran sudo alsamixer. This starts a console-based mixer-application, that you can use to un-mute required outputs. Sometimes tihs is needed to get audio out at all, if you're using for instance HDMI (i haven't tried this), or say some analog output.

Then i added the XBMC ppa, which allows me to install the latest version.

/ some dependencies /
sudo apt-get install python-software-properties pkg-config
sudo add-apt-repository ppa:team-xbmc
sudo apt-get update
/ and the actual xbmc packages /
sudo apt-get install xbmc xbmc-standalone

Finally, starting XBMC produced an error that i didn't have the required packages for hardware acceleration installed. I downloaded the libvdpau package, which cleared the problem.

XBMC seemed really well configured at this point already, because sound worked out of the box (thank you and goodbye pulse, and thank you alsa). Also, video acceleration was configured correctly out of the box. This is a stark difference to some of the old old versions of XBMC i had once installed.

I tried some playback already, but not in the living room with the amplifier and TV, so that's up for later today. The current setup i have is:

• Samsung 40B535 40" LCD television
• Harman/Kardon AVR-235 amplifier
• HTPC
  • Silverstone HTPC-case, incl. 120W power supply (model Lascala SST-LC19S-R) - Current price 173€
  • ASUS AT3N7A-I motherboard with an Intel Atom processor (dual core 1,6 GHz), Nvidia ION chipset/graphics - Current price 155€
  • 2GB DDR2 memory - Current price 28€
  • 1 TB Western Digital Green hard drive - Current price 58€
  • Totally 414€ with current prices
• Connectivity
  • HTPC -> TV with HDMI
  • HTPC -> Amplifier with SPDIF (optical cable)
  • Wireless Logitech mouse with the Universal Nano Receiver (model M215, red)
  • Wireless Logitech keyboard (an older Logitech Comfort)
  • Network: 1Gbit through an HP Procurve 1400-series switch

Things to note here. The price of the entire thing hasn't gone down much in a year or so, which is pretty curious. You can get better ION motherboards now, so that's probably something i'd change. Maybe with WLAN or more i/o ports? Perhaps. The case i am pleased with, though it could be entirely passive. The ION/Atom combo, plus the mechanical hard drive create a lot of heat,  and i think that this set couldn't run without the CPU fan.

I would also switch to a bigger HD, since the amount of media has exploded. A 2TB drive is like 10 bucks more, or so. 3TB drives have just been released, though they are still rather expensive.

A remote control would be nice, but i've yet to spend any time researching that. I'm pretty good with just the mouse so far. I don't need that far of an integration to the living room. It's still a computer to me, and not an appliance.

The final afterthought goes toward a Blu-ray drive. The case fits a slim Blu-ray drive. The price of such a device is like 100-200€ depending on the model (i'm not sure they all fit?). I've read many positive reports that say Blu-Rays work just fine with Ubuntu + XBMC, but i have no first-hand experience. I may go this route, or i may just stick with the PS3, which seems like a great player.