The T-Mobile G2 is a Android based smartphone capable of HSPA+ (4G) from T-Mobile USA, and is manufactured by HTC as a variant of HTC Desire Z. For advanced users of T-Mobile G2, the device is now able to be rooted (jailbreak) permanently to gain access to low-level and full system administration privileges, and install root-capable apps.

Originally, the T-Mobile could only be rooted with VISIONary temporarily as tethered root due to a NAND lock safety mechanism which deployed by HTC to deter hacking attempt. The NAND lock stops the RAM in a phone that has being modified. When a root access request is detected, the device will automatically revert itself to factory default. Thus, the phone needed to be connected to computer on every reboot to re-root. With permanent root, the safety mechanism is hacked, cracked, defeated and bypassed.

Hackers at have released a one-click root tool called VISIONary which is an application that can be installed on the mobile device temproot (root temporarily until reboot) or permroot (root permanently) the device, using the ‘rageagainstthecage’ exploit.

Note that the attempt to root T-Mobile G2 may brick the phone, and users has to take their own risks. For the brave, here’s the guide on how to use VISIONary to temp-root or perma-root the T-Mobile G2 (only).

  1. Download and install (on T-Mobile G2) VISIONary r14: com.modaco.visionaryplus.r14.apk (mirror)
  2. Choose one of the following option on the app:

    Temproot on boot – automatically Temproot on each boot.
    Run after root – run script at /data/local/ (as root) after rooting.
    Set system r/w after root – Leave the /system partition at read/write state after root.
    Temproot now – root temporarily (the root wil be lost after reboot).
    Attempt permroot now – attempt to apply a permanent root.
    Unroot now – Unroot the device.

The ‘Temproot’ option of VISIONary should be completely safe. It executes rageagainstthecage-arm5.bin to exploit a security vulnerability loophole and installs an application (Superuser) in the conventional way and then sets up a ‘ramdisk’ for the other parts, which is wiped on boot. No system partition is touched.

‘Permroot’ complements the temp-root method by modifying the /system partition of the device, which involves installation of a small file to /system/xbin. Permroot has the highest risk of brick the phone, and cause the phone can’t boot until reinstall with stock ROM.