- It wasn't already upgraded to Donut (1.6). Cupcake (1.5) had a nasty little vulnerability that would allow obtaining root access with one simple click. Unfortunately, this was fixed in Donut.
- The HT-03a has a "perfect" SPL (see section 1.4 here).
Here is what we will need to do (If you already have a goldcard image file, skip to the portion about how to write it to the SD card:
- Install the Android SDK and a Java Development Environment (INTEL MAC ONLY)
- Create a goldcard image file
- Write the goldcard image file to the SD card
Install the SDK and a Java Development Environment
Instructions for downloading and installing the SDK are on the Android developer's site and are pretty straight forward. Eclipse seems to be the recommended environment. I downloaded the 64-bit cocoa version because I am running 10.6 snow leopard. Once you've got this up and running, you will probably want to add the tools folder of the SDK to your path.
Open up Terminal.app and type the following
ls -a ~
If you don't see a file called ".bash_profile", then you will need to create one. If you are not comfortable with vi, you can you TextEdit.app. Create a new text file (Format > Make Plain Text) and type in the following text, using of course the path to where ever you saved the SDK and the name of the SDK folder if it is different than the example below.
Now save the file as .bash_profile (the dot is important) and say OK to the warning about this creating a system file or something like that. Do not add the extension txt, though sometimes Mac OS will add it anyway so you need to verify the name of the file.
ls -a ~
If you see .bash_profile.txt, do the following.
mv .bash_profle.txt .bash_profile
Now you should be able to type in adb commands without having to switch to the tools directory.
Create a goldcard image file
This is pretty much the biggest pain in the butt, although it has gotten a lot easier. Referencing TheUnlocker's How to: Create a Goldcard writeup, follow the first three steps: 1) put in an extra unused micro SD card (I used a 1 GB card), unmount and format it, and activate USB debugging.
Next for step 4, there is no need to switch directories since you added the tools folder to your path. Check to see that your device is recognized
and open an interactive shell. To exit the shell later, simply type "exit".
Copy the output and continue with next steps stopping at number 9 when the guide calls for the installation of a windows-only hex editor. There is a much more simple and easy way to proceed from here on a unix-like operating system.
Write the goldcard image file to the SD card
Next, mount the goldcard-to-be on your computer. You can simply leave it in the phone to do this. I pulled this information from here. Back in the Terminal type the following to figure out what your disk is called.
Your SD card will probably be disk1 (or sdb or something like that on linux)
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *1.0 GB disk1
1: Windows_FAT_32 NO NAME 1.0 GB disk1s1
Next you need to unmount the SD card
diskutil unmountDisk /dev/disk1
Finally, simply make the goldcard with one simple command.
sudo dd bs=512 if=~/Downloads/goldcard.img of=/dev/disk1
Enter your admin password and out should pop the following
0+1 records in
0+1 records out
384 bytes transferred in 0.004157 secs (92373 bytes/sec)
I have verified that the goldcard that I made works by dropping on a sappimg.nbh file and fastbooting. I haven't gone any farther yet because it is late in the day and I've spent way too much time on this already. I've also noticed what seem to be some apparent inconsistencies in TheUnlockr's howtos (like how to name the sappimg file), so I will wait to root until I've properly sorted out the next few steps.