TacoRoot is a root exploit for HTC phones by Justin Case/jcase.

The 'vulnerability' was discovered independently by Justin Case, and Dan Rosenberg
in 2011, with Rosenberg finding it first.

How It Works
HTC left the recovery log world writeable, so all we have todo is delete it, symlink
it to the non existant file /data/local.prop and reboot to recovery. Recovery will
write a new log, allowing us to set ro.kernel.qemu=1 and reboot. This will make the
phone believe it's an emulator, and run adbD as root. While the phone will be highly
unstable, and may not fully boot, you will have a root shell with adb. This gives
you the ability to patch misc, and downgrade your phone.

Patching MISC
I have always patched by taking an image of the partition, and taking a hex editor
to it. Due to sdcards not liking to mount on boot with tacoroot, you will either
need to go the hex editor route or use a modified version of misc_version.



These misc_versions below are for EMMC devices only!!!!!

Sensation Version:
21:20 <@hyuh> jcase, done...uploading sensation version now.../data/local/tmp
21:22 <@hyuh> http://www.multiupload.com/9G8Q08R4P0 - cd8f1cbaddb8d74b0479d9e24b615745

"Universal misc_version"
01:06 <@hyuh> Well here's a side disk for the other taco:  https://github.com/hyuh/misc_version_universal/downloads