Hi guys,
I am a newbie so i dont know many things about the languages of development. I was trying to root my HTC Cha Cha but they say that it is for HTC Cha Cha ( S-off) only. And i dont understand what is S-off, and how can i know my phone is S-off or not, and how to turn it into S-off???Thanks alot
S-OFF: In a nutshell, S-OFF means that the NAND portion of the device is unlocked and can be written to. The default setting for HTC’s devices is S-ON, which means that neither can you access certain areas of the system nor can you guarantee a permanent root. Most noticeably, S-ON (security on) will read-lock your /system and /recovery partition, to name a few. Furthermore, signature check for firmware images is also ensured by the S-ON flag.
Check status:
(1) Go to settings -> Power -> uncheck "Fastboot"
Turn off the phone
Hold VOL Down + Power for 5 seconds
(2) The phone will boot to HBOOT, and will show S-ON/S-OFF status.
(3) Choose reboot.
How to S-OFF:
The S flag is stored in the Radio NVRAM (very "deep" into the phone). For this reason, the only currently working solution is to buy "XTC Clip" (£39.80 from http://xtcclip.com/new-products.php). Or, you can visit any GSM service shop, which most likely has a xtc clip (at least that's how I did it).
Another future option might be to crack the HBOOT. Let's hope that AlphaRev (http://alpharev.nl/) will support ChaCha in future HBOOT releases.
Related
I've read through most of the forum, and I can't seem to find the answer to this question.
Does turning the ChaCha into S-Off mode make the phone unlocked? That is, able to be used by any carrier?
If not, how do I go about doing that?
After unlocking your phone using xtc-clip, your simlock should disappear and you could use sim cards of every operator... If you mean that?
I used the hboot tool from HTC to change it to S-Off.
I'm just unsure how that relates to the Phone being unlocked for any carrier.
The tool from htcdev doesn't turn it S-OFF unfortunately.
The phone it's still S-ON but the bootloader it's now unlocked and it allows us to flash custom roms.
So it doesn't have anything to do with the simlock
Well, then mine came S-Off, because I confirmed it by a restart holding down the vol down button.
S-Off means I have an all carrier phone, or is there some additional work to do?
nuhertz said:
Well, then mine came S-Off, because I confirmed it by a restart holding down the vol down button.
S-Off means I have an all carrier phone, or is there some additional work to do?
Click to expand...
Click to collapse
The SuperCID (CID=111111) allows you to use any carrier SIM. The SuperCID is automatically set by the XTC clip when S-OFF is set.
Seeing as I don't have the XTC clip, how can I check to see if this is the case on my phone?
Is there a software fix to get the SuperCID if I do not have it?
I do not have the XTC clip, so anything pertaining to that doesn't help. Thanks in advance.
From market download CID Getter and check your CID. IIRC there are a few software hacks that sim unlocks your device (if that is the case).
Hello all,
I have an idea and I would like to ask someone to prove or confute it.
Given a Desire S out of box, full stock. What if we downgrade it to the oldest RUU, and S-OFF with the Revolutionary way. install engineering HBOOT, and tries to restore its stock status (standard HBOOT, S-ON, unrooted etc). The question is: what if we upgrade it to the latest (2.3.5 w/ Sense 3.0) RUU? What will be seen in the bootloader's header? LOCKED or RELOCKED? Because if you unlock your phone via HTCDEV.com, the new software version (or how to call it) will record this somewhere, but downgrading to an older version this can't be seen (but we know it is there). So if it is only because of the behaviour of the latest software, can we circumvent it with a downgrade?
In other words (just to clear thing up):
known to void warranty: HBOOT 2.00.0002 --> unlock via HTCDEV.com --> fastboot oem lock --> bootloader shows RELOCKED (downgrading makes this disappeared, but comes back after upgrading to current version)
method in question: HBOOT 2.00.0002 --> downgrade to 0.98.000x --> unlock/S-OFF via Revolutionary --> relock/S-ON --> upgrade to HBOOT 2.00.0002 --> bootloader shows ???
Unfortunately I don't own a DS personally, but one of my friends do, but he doesn't want to put a custom ROM on his phone until he is sure it is possible to keep the warranty this way.
Any answer is appreciated, and of course thanks in advance.
Already reported by several people on the forum. Will show RELOCKED. As you said yourself, the status bits don't change with downgrade, and when upgrading back - the new bootloader reads just what there was before the downgrade.
Thank you, but what really interests me is the oldest RUU. Is this bit set by this also? 'cause I understand what you wrote, this bit is there whether you are using the 1.28.401.1 or the 2.10.401.9, but is this bit set by both and read only by the latter? In this case it is a no go for my friend without void the warranty
So I'm curious does 1.28.401.1 also set this bit to "tampered"?
craftman said:
Thank you, but what really interests me is the oldest RUU. Is this bit set by this also? 'cause I understand what you wrote, this bit is there whether you are using the 1.28.401.1 or the 2.10.401.9, but is this bit set by both and read only by the latter? In this case it is a no go for my friend without void the warranty
So I'm curious does 1.28.401.1 also set this bit to "tampered"?
Click to expand...
Click to collapse
This "feature" was implemented in Sense 3 update after the launch of htcdev.com. It is present on previous versions like 1.28.401.1, therefore nothing is read by the bootloader. But the flag is there and nobody managed to find and change it so far.
Sent from my HTC Desire S
That's a pity. Then he has to wait for the offical ICS with Sense 3.6 which is not so far (hopefully).
Thanks for both of you for helping out a newbie.
Hello,
I am quite confused about the term SuperCID and what it means. My sister got a HTC One S. I unlocked and unrooted it for her quite a long time ago. Now, I want to get S-off but I can't do it because I don't have SuperCID. I read on the forum and some people say that Super CID means your phone is unlocked, while other say you have to use the command "fastboot oem readcid" to check if you get SuperCID.
I use "fastboot oem readcid" on the HTC One S and it shows TMOB010. Then does that mean that I don't have SuperCID? Then what exactly is SuperCID when the HTC One S is already shown "Unlocked and Tampered" on the fastboot screen. Pleas let me know. I am quite confused with all this terminology. I can look up direction to get SuperCID but I want to be sure that the phone has it or not before I proceed.
Thank you for your help
vi6s said:
Hello,
I am quite confused about the term SuperCID and what it means. My sister got a HTC One S. I unlocked and unrooted it for her quite a long time ago. Now, I want to get S-off but I can't do it because I don't have SuperCID. I read on the forum and some people say that Super CID means your phone is unlocked, while other say you have to use the command "fastboot oem readcid" to check if you get SuperCID.
I use "fastboot oem readcid" on the HTC One S and it shows TMOB010. Then does that mean that I don't have SuperCID? Then what exactly is SuperCID when the HTC One S is already shown "Unlocked and Tampered" on the fastboot screen. Pleas let me know. I am quite confused with all this terminology. I can look up direction to get SuperCID but I want to be sure that the phone has it or not before I proceed.
Thank you for your help
Click to expand...
Click to collapse
SuperCID will be a seven digit string of the same number (1111111, 2222222 etc). These CIDs gain special access to partitions normally locked down (how they test stuff). Having this CID means you can do more stuff, meaning write different sectors etc.
So TMOB010 means you don't have it.
To make a complete answer; unlocked is just when you unlock your phone via HTC's website which allows you special access to partitions and fastboot, however not all partitions are accessible - whereas with SuperCID you can access them all.
ZackehSoul said:
SuperCID will be a seven digit string of the same number (1111111, 2222222 etc). These CIDs gain special access to partitions normally locked down (how they test stuff). Having this CID means you can do more stuff, meaning write different sectors etc.
So TMOB010 means you don't have it.
To make a complete answer; unlocked is just when you unlock your phone via HTC's website which allows you special access to partitions and fastboot, however not all partitions are accessible - whereas with SuperCID you can access them all.
Click to expand...
Click to collapse
correction.
supercid does not allow special acces of different partitions, who told you that.
its just a masterkey for stock softwareversion implementation, nothing more.
its either a eng-hboot or a s-off implementation that gives you that freedom.
real187 said:
correction.
supercid does not allow special acces of different partitions, who told you that.
its just a masterkey for stock softwareversion implementation, nothing more.
its either a eng-hboot or a s-off implementation that gives you that freedom.
Click to expand...
Click to collapse
That's incorrect. You can have a stock HBOOT and be S-ON with SuperCID. SuperCID isn't the implementation, it's a way to gain the implementation. And it allows you special access in that it's a masterkey...
Example; I gain S-OFF with Moonshine. Does that mean I have SuperCID? No. Does that mean I have an ENG HBOOT? Yes. Can I reflash that HBOOT to stock and keep S-OFF? Yes.
SuperCID allows the flashing of any ROM regardless of the carrier it was meant for (special access) and it also allows for the writing of Ext_ROM (special access, again - see CID LOCK).
ZackehSoul said:
That's incorrect. You can have a stock HBOOT and be S-ON with SuperCID. SuperCID isn't the implementation, it's a way to gain the implementation. And it allows you special access in that it's a masterkey...
Example; I gain S-OFF with Moonshine. Does that mean I have SuperCID? No. Does that mean I have an ENG HBOOT? Yes. Can I reflash that HBOOT to stock and keep S-OFF? Yes
SuperCID allows the flashing of any ROM regardless of the carrier it was meant for (special access) and it also allows for the writing of Ext_ROM (special access, again - see CID LOCK).
Click to expand...
Click to collapse
No supercid is just a generic cid.
It has no hardware advantage over a stock cid. It's mainly used for unbranding.
I always have my devices on stock hboot and stock cid. Only s-off is what I want.
Haven't found anything I couldn't flash.
Like your link says VENDERLOCK thus software.
It's the unlock (xda-dev) part that provides the access of certain partitions.
With s-off even more is available.
S-off and hboot have no direct relation.
Example: Lower stock hboots can flash radio with only a unlocked device. Higher can't.
What's the difference a device unlocked supercid and a device unlocked unbranded cid. ?
Is there any rom custom that can't be flashed with just unlocking,
Lets make it supercid can I flash more roms?
Its just an coincidence that with the newer devices supercid was needed for getting s-off. It didn't used to be that way.
Hell easy unlocking didn't even exist.
It was s-off or bust mostly.
The link you give is not that clear.
ext_rom have you read there description?
I don't think that's a really secured partition. Do you?
Typing on a phone is fukd if it gets to big.
Verstuurd van mijn HTC One S met Tapatalk
real187 said:
No supercid is just a generic cid.
It has no hardware advantage over a stock cid. It's mainly used for unbranding.
I always have my devices on stock hboot and stock cid. Only s-off is what I want.
Haven't found anything I couldn't flash.
Like your link says VENDERLOCK thus software.
It's the unlock (xda-dev) part that provides the access of certain partitions.
With s-off even more is available.
S-off and hboot have no direct relation.
Example: Lower stock hboots can flash radio with only a unlocked device. Higher can't.
What's the difference a device unlocked supercid and a device unlocked unbranded cid. ?
Is there any rom custom that can't be flashed with just unlocking,
Lets make it supercid can I flash more roms?
Its just an coincidence that with the newer devices supercid was needed for getting s-off. It didn't used to be that way.
Hell easy unlocking didn't even exist.
It was s-off or bust mostly.
The link you give is not that clear.
ext_rom have you read there description?
I don't think that's a really secured partition. Do you?
Typing on a phone is fukd if it gets to big.
Verstuurd van mijn HTC One S met Tapatalk
Click to expand...
Click to collapse
Yeah exactly it removes the vendor lock which gives you access to write partitions you otherwise wouldn't be allowed to in that way.
I think we're actually arguing the same point here dude Think I misread your point about HBOOT in the second post.
ZackehSoul said:
Yeah exactly it removes the vendor lock which gives you access to write partitions you otherwise wouldn't be allowed to in that way.
I think we're actually arguing the same point here dude Think I misread your point about HBOOT in the second post.
Click to expand...
Click to collapse
Hmm...., so, based on the info, it means SuperCID is not that different from generic CID. However, you need it to get S-Off, which in turn allows you to write to different partition. Because my ultimate goal is to get S-off to update my sister phone to the CyanogenMod 10.2. Is that correct or did I miss anything?
vi6s said:
Hmm...., so, based on the info, it means SuperCID is not that different from generic CID. However, you need it to get S-Off, which in turn allows you to write to different partition. Because my ultimate goal is to get S-off to update my sister phone to the CyanogenMod 10.2. Is that correct or did I miss anything?
Click to expand...
Click to collapse
Blunt answer: you need superCID for S-OFF, unlock isn't enough by itself.
I am merely posting this here for all those considering to go S-Off but haven't found the courage for it yet or just aren't sure what S-Off actually is. So to ease your minds a little bit I wish to explain S-Off.
For starters, S-Off and root ARE TWO COMPLETELY DIFFERENT THINGS!
HTC has been securing their phones by locking the internal flash memory (NAND or eMMC)(eMMC in our case) to stop it from being written to, unless the file being flashed is signed by a private key only known to HTC. This is controlled by a flag (@ secuflag) and is identified as the device being S-ON. Telling the HBoot the device is Security Off (S-OFF) stops this check for the key, and allows us to write anything to any partition, which is what we are aiming for.
There are actually two levels of S-OFF. The Bootloader (HBoot) and the Radio. Getting S-Off on the HBoot gives us everything we need, but doesn't actually turn off the @ secuflag which is set in the radio - instead, the HBoot ignores it and therefore thinks it is S-Off, but this is not TRUE S-Off. It is possible to flash a HBoot that believes the Radio is set to S-OFF, as the HBoot is responsible for setting that flag.
Once the HBoot on the phone is S-OFF, we can write to all the partitions and basically do whatever we want, but it is possible to go one step further. Flashing a radio that is S-OFF and actually setting the @ secuflag to S-off gives us 100% total access to every part of the phone and it's software, as it becomes network unlocked allowing you to use any SIM and also allows you to flash a ROM from any carrier (known as Super CID). It also makes it practically impossible to permanently loose root no matter what you flash. Once you have radio S-OFF, it makes it much easier to flash new HBoots and ROMs even if you flash something that is locked down tight.
Setting the Radio to S-Off is not necessary, and gaining S-OFF on the HBoot is more than most people will ever need. Radio S-Off is just the last step of the puzzle, but it is worth noting that you can permanently brick your phone if flashing a radio or a HBoot, if either of these go wrong you will end up with a shiny expensive paper weight so there is risk involved. If this helped you in any way then feel free to click on the thanks button. Meanwhile, happy hunting!
Sent from my C525c using XDA Premium 4 mobile app
To determine if you are S-OFF via HBoot or Radio you can do one of two things.
1: Go into fastboot and type
Code:
fastboot oem readsecureflag
If you get secure_flag with the number zero then congrats - you are radio S-Off
If you get secure_flag 3 then I am sorry, you are not radio S-Off. - your modded HBoot is ignoring the radio in regards to @ secureflag.
2: (I don't recommend this lol)
You can flash a stock HBoot and then reboot your bootloader. If you see S-On after already having S-Off then this means you were S-Off via HBoot. However, I would like to note that some HBoots are written out to prevent themselves from being over written so S-Off isn't lost, but this prevention does not always work and is usually patched by HTC relatively quickly.
Sent from my C525c using XDA Premium 4 mobile app
Another note... If you do not have radio S-Off then the following fastboot command will not work nor will it bring you back to S-On:
fastboot oem writesecureflag 3
Reason for this is because you are already S-On, but its being masked by your modded HBoot. So in this case, flash a stock HBoot and that will substitute for the failing command in fastboot
Sent from my C525c using XDA Premium 4 mobile app
Hi,
im currently stuck on the step of changing the CID on a smartphone of a friend. the Current CID is T-MOB101 with an unlocked bootloader ( HBOOT 2.15) S-On and an old CM running)
Id like to update to HBOOT 2.16 but im failing at step one, chaning the CID to the SCID.
Ive tried many times to flash mmcblk0p4 with the modified data (yes, ive done that) but it doesnt stick. No matter what i do i always get
fastboot oem readcid
...
(bootloader) cid: T-MOB101
Ive even verified the uploaded file, its fine.
https://i.imgur.com/nGBDEul.png
Take a look at moonshine or rumrunner.
If I remember correctly, facepalm isn't usable, anymore, with the t-mobile version of the One S if the latest official firmware got installed.
Sent from my HTC One M9 using XDA Labs
Well, both dont seem to work with the CM installed.
I guess i have to roll back to an official FW and try again
Also ive just noticed, im unable to mount /sdcard, in both recovery and rom.
Kinda strange
Facepalm and moonshine definitely don't work with CM. They're both meant to be used with a sense rom.
Rumrunner, on the other hand, should be usable with CM11.
The storage issue should be solvable by flashing a RUU.
Sent from my HTC One M9 using XDA Labs
Well, RR seems to not like my device. All i get is this
==================== rumrunner S-OFF 0.5.0 ==============================
rumrunner S-OFF comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running rumrunner S-OFF lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
Do you understand the implications of this warning?
(Yes/No)
Yes
Dear User: We will expect that YOU:
(1) Know how to use ADB and FASTBOOT binaries
---- [Yes, use these tools to test USB connection BEFORE running rumrunner] ----
(2) Realize that rumrunner S-OFF cannot support every CUSTOM rom in this world
(3) Understand that irc support IS NOT A GENERAL HELPDESK
(4) Are able to identify and download the CORRECT package for YOUR device
(5) Know how to enable USB-debugging on YOUR device (Yes, do that now)
(6) Understand that you may NOT repack or redistribute rumrunner S-OFF
Ok?
(Yes/No)
Yes
!! Do NOT for any reason taunt, unplug, drop, eat or pet your device !!
Please wait....
..........
Checking for updates......
Test 1: Rebooting into bootloader
Waiting for fastboot (7/120)
Waiting
Test 2: Booting device
Waiting for ADB (23/120)
must ferment longer...
must sanitize, skunky rum is nasty
hold please..............................................
[------------------------------------------------------------]
Rebooting into bootloader (again)
Waiting for fastboot (7/120)
FATAL: Download updated package at www.rumrunner.us
Press ENTER to exit
The RRU ive found for my device ( TMO_DE ) doenst like it either, propably because its severy behind the actual FW on the device (2.38.111.10 is the latest RUU ive found, but the current version on the phone is detected as 3.16.111.11)
With S-ON you can only use RUUs that have the same or a higher firmware version than your phone. Downgrading is only possible with S-OFF.
The latest RUU for T-Mobile Germany that I could find euqals version 3.16.111.7. I know that the One M9 accepts older RUUs as long as only the digits behind the last dot mismatch. I'm not sure whether the same applies to the One S, though, since I set my One S S-OFF before I used RUUs for the first time.
Alternatively, you could contact Llabtoofer's RUU service. Be aware that it's not for free.
Rumrunner (like all methods for older devices like the One S) isn't perfect. It might happen that you need to try them up to twenty times before they actually work as intended. Double check whether you followed the prerequisites & instructions on the official website. The HTC Sync Manager still being installed and the usage of an USB 3.0 port instead of an 2.0 port are only two of the possibles reasons why Rumrunner might fail.
Thanks for the RUU
and for trying an USB 2.0 port: My devices dont have them anymore :/
Anyways, im very grateful for your help