HOME › 
TECH › 
COMPUTING

How To Unlock HTC Droid DNA Bootloader

Posted on the 26 November 2012 by Skateroren @ProgramsAlive

Requirements
  • backup.ab
  • DNA_TeamAndIRC.zip
  • Windows/Linux PC with ABD for ICS or above configured.
  • Minimum 1GB of free space in your Droid DNA’s internal memory.
  • At least 50% charge on your phone’s battery (full is recommended).
  • Patience and ability to follow instructions as they are given.
You can grab all the needed files from here.
Procedure
Step 1: Download both the files mentioned above. Extract the contents of DNA_TeamAndIRC.zip, and place the runme.sh, CIDGen.apk and backup.ab files in the same directory where you have ADB installed.
Step 2: Launch a command prompt or terminal instance, and run the following command:
adb install CIDGen.apk
Step 3: Launch CIDGen on your phone, follow the instructions on screen, and verify the existence of CIDBLOCK.img in the root of your Droid DNA’s SD card/internal memory using this command:
adb shell ls -l /sdcard/CIDBLOCK.img
Step 4: Proceed only if CIDBLOCK.img exists; otherwise, just run the app again and try verification once more. Once the file has been verified, run these in terminal or CMD:
adb push runme.sh /data/local/tmp/

adb shell chmod 755 /data/local/tmp/runme.sh

adb shell /data/local/tmp/runme.sh
Step 5: Open a second terminal or command prompt instance, and restore the modified backup using the command below. Do note that the first window will enter into an infinite loop, and throw various error messages. Just leave them as they are for now, do not get alarmed.
adb restore backup.ab
Step 6: Allow the modified backup to restore on your phone. Once that is complete, stop the first command prompt by simply closing the window (this will kill the runme.sh script).
Step 7: In the second command prompt window that you had opened, run the following set of commands. Justin warns that any interruption at this point – reboot, disconnection from PC, power off et al – will permanently brick your device.
adb shell rm /data/data/com.htc.usage/files/exploit/*

adb shell mv /data/DxDrm /data/DxDrm_org

adb shell mkdir /data/DxDrm

adb shell ln -s /dev/block/mmcblk0p5 /data/DxDrm/DxSecureDB

adb reboot

adb wait-for-device
Step 8: At this point, you’ll need to run the runme.sh script again. Command is same as before, and will put it in an endless loop as well:
adb shell /data/local/tmp/runme.sh
Step 9: Again, launch another command prompt/terminal window, and restore the modified backup once again, just like we did in step 5:
adb restore backup.ab
Step 10: Once it’s restored again, terminate the runme.sh exploit by closing the previous window, and run these commands:
adb shell mv /data/DxDrm /data/DxDrm_trash

adb shell dd if=/sdcard/CIDBLOCK.img of=/dev/block/mmcblk0p5

adb reboot