The story is under the limitation that I did not want to unlock my bootloader, although finally I have to unlock it to unbrick my phone.
Yesterday, I used the one-click root tool on this website http://www.mgyun.com/vroot to root my Y300. After the process finished(it does exactly what the tool said, just one click and your phone is rooted), my phone is rooted with a customized Superuser application. However, the tool also installed some promoted applications. As I am always concerned about the phone’s security, I decided to clean the current root and replace it with Supersu.
The first thing I did is to download Supersu from Google Play. I opened it and it said “old su binary” and suggested me to upgrade it. It offered two options, one was “normal”(?), the other one was “using TWRP/CWM”. But sadly, the first option did not work and the second was not available because the stock recovery. I’ve also tried utilizing the “moving to /system” option in the settings of Supersu. It did not work either.
Later I was thinking about using the flashable zip file to replace the root files. Although I did not have a custom recovery, I could somehow using the root privilege I already have to simulate what the recovery will do. I am not sure whether could root user delete su binary and replace it with new one (later information on Google search about unroot shows it is possible). So I came up with the idea that I could install a custom recovery with locked bootloader.
Here come the question, which partition was the recovery files in? There was little information about the partition table. Luckily I find it from the TWRP project. I extracted the recovery.img of TWRP for Y300, and find one file contains the partition mapping relationship. (I should know this in the beginning, as developing a custom recovery requires the understanding of the hardware of the device. Of course partition table is an important one). So the recovery is located in /dev/block/mmcblk0p13.
Using dd command, I copied the custom recovery image to mmcblk0p13. After that I typed in to the adb shell, “reboot recovery”. However, the phone rebooted and stopped with a warning sign, it sais “image signature verify failed”. It asked me to update the image to official one. But there is no way I can do this without unlocking my bootloader. I can not boot into the system. Only fastboot works, but I could not use it to flash recovery. So it seemed like that the phone had been bricked. After careful thinking, I realized that the only way to unbrick it was unlocking bootloader, which may bypass the signature verification. The success chance is about 80%, because in a post it said the phone need a official recovery to unlock, while another post, which is exactly the same circumstance as I have, said he unbricked the phone by unlocking bootloader again.
Here comes another problem, how can I get the product ID that Huawei requires to submit the unlock request form. I read from the web that one may send IMEI and S/N without product ID to the email mobile@huawei.com to get the unlock code. But I tried and they just reply to request on the Huawei website, which means product ID is required. I must admit that I almost lost my hope after I received the reply. I sadly searching the web in a hope that some one may posted a way to get the product ID of an already bricked phone. The most luckily thing happened. About half a month ago, a developer lived in south Asia posted a tool called Huawei Product ID Generator. It requires your phone’s IMEI and product model, then the product is calculated instantly. I tried the output on Huawei’s website and it succeeded! I got the unlock code within a day and I used the code to unlock bootloader. My phone is back to life.
Apr. 5th 2014, update:
According to adge40, there is an app called “Huawei Bootloader Unlocker” on Google Play, which could be used to unlock the bootloader without the unlock code from Huawei official website. Use it at your own risk.
Shaobo Zhang's Wordpress site 