Sunday, September 29, 2013

Unlocking an HTC Magic: 2009 called, they want their unlocking guide updated

The HTC Magic running Android 2.2 has a locked bootloader. This means that you can't install any other operating system, only the official one.

Last year HTC had a change of heart about locking the bootloader and provide a way on their website to unlock your phone. Unfortunately, the HTC Magic ships with software that is too old to recognise the unlock command the website uses. You need to first update this software (the "HBOOT") to a version that is unlockable by HTC.

Go to HTC Dev and create an account. Select HTC Magic and click the unlock button.
HTC Dev

As shown on that screenshot, you are warned that the HBOOT will need to be updated.

This takes you to the section to download the software, called RUU, that updates the phone's HBOOT. RUU probably stands for ROM Unlocking Updater, who knows. Select the RUU corresponding to your model of Magic. I used the one marked Vodafone (AU/FR/DE/IT/NL/NZ/ES/UK/ RO/PTG/CH-GER/Mobilkom).

This RUU software is a Microsoft Windows executable file. In theory you have to use Windows to proceed. However, I don't have a Windows machine available. I got creative. You could probably use this technique on Windows if you have problems, since it sounds like the RUU requires HTC Sync, drivers and other gubbins. If you can run the RUU on Windows, run that and it should update the HBOOT. Follow the HTC Dev instructions, you're almost done. If not, here is what you could do...

According to this xda-developers post the executable unpacks a zip file as part of the process. I figured that if I ran the executable with wine it might extract the file too. The EXE didn't run to the first step though, but did show a progress bar before crashing out.

RUU under Wine on Debian "wheezy"
I paused wine just before the program crashed by hitting ctrl-z, ran find ~/.wine -name rom.zip and bingo! There was the rom.zip I neeed.

Copy this rom.zip file to an SD card. The file must be named exactly SAPPIMG.zip. The file name is case sensitive.

You have to format the SD card as fat32. Fat16 will not work. I should know, as originally I had the card as fat16. I used gparted to format a 1Gb card to fat32.

Start the phone in "HBOOT mode" - which you do by holding down the power and volume down buttons when switching it on. HBOOT mode boots very quickly. All being well, after approximately 5 seconds the blue light will go off and the screen will show some green text (checking SAPPIMG.zip, more or less).

It will ask if you want to continue, hit action (the trackball) to confirm, and then the phone reboots.
Now use the fastboot executable from the htcdev website to extract a token unique to your phone. In Debian I had to use root to do this or it just hung waiting for find devices, so that's sudo ./fastboot oem get_identifier_token

This spat out the following:
/tmp$ sudo ./fastboot oem get_identifier_token
... INFO
INFO< Please cut following message >
INFO<<<< Identifier Token Start >>>>
INFO41BF2ABF132C78CC414238FC47D43442
INFO898C7C87E0CEB4D1C5D55FCDC17647E2
...
INFOBCF34E9487BE0F794BCAEA48646A3870
INFO2946D797752D6167278226973D86BE33
INFO<<<<< Identifier Token End >>>>>
OKAY

Copy this chunk:
<<<< Identifier Token Start >>>>
41BF2ABF132C78CC414238FC47D43442
898C7C87E0CEB4D1C5D55FCDC17647E2
...
BCF34E9487BE0F794BCAEA48646A3870
2946D797752D6167278226973D86BE33
<<<<< Identifier Token End >>>>>

Be careful not to include INFO or have trailing newlines. Paste it into the form on the page on the HTC website. I have no idea of the security implications, so I've not included all of the token here - you get the idea hopefully. You need all the random numbers and letters and the << >>> lines.


HTC will email you a binary file, which you flash to the phone:

sudo ./fastboot flash unlocktoken Unlock_code.bin

The following image shows the unlock screen. It's taken with a Nintendo 3DS in low light, hence the terrible quality.



Press Volume UP to take the red pill, er, I mean unlock the bootloader... then press the power button. The phone will wipe all of your data. Oh no.

That is all. You have unlocked the phone. If you boot into HBOOT again (power, volume down) it should now display UNLOCKED against a fetching fuchsia background.