Database Info

[Q] How to actually root desire s hboot 2.00.0002

(im no expert on anything really :- I dont know anything on roms, adb and whatnot)
I've been reading loadsssss of guides and posts etc. on rooting, and basically what I've gathered for this hboot version 2.00.0002, you first have to downgrade and then use the revolutionary to get S-OFF. So to downgrade you have to use zergrush which is in this thread; http://forum.xda-developers.com/showthread.php?t=1399331
I want to know is this the only way & the best way of downgrading? and if it is, how do I exactly use the misc-version (I understood you need to download this and when I click the link the guy provided to get it, it tells me what it does and it has attachments - misc version 1 and misc version 2 which you can download)
Do I just download one?
And after downloading this and zergrush - do I have to place them in a particular area because when using the cmd prompt/terminal you have to type ;
[adb push zergRush /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/zergRush
adb shell chmod 777 /data/local/tmp/misc_version] As posted by mtothearkus
*so surely when typing these it will locate the downloads that you placed in that area for it to work?
- And also you need a RUU - whatever that is :L
-the link posted in the thread to get the unbranded one doesn't work.
So what do I exactly do......
lets say everything works fine and I downgrade to 0.89something. Do I then go straight to the revolutionary thing, or do I have to unlock my bootloader?
Do I need to unlock bootloader right from the start using HTCdev?
I HAVE NO IDEA!!!!
So if you can help it will be much appreciated.
sorry for this long and confusing message.

As with many others, your problems come from not reading the guide thoroughly.
Step 3 says:
run the Terminal (Windowsbutton + R --> cmd) and change into the folder where the files are (change folder with 'cd')
Click to expand...
Click to collapse
The part that you were looking for is bold and underlined.
Then you go to google.com and look for Desire S RUU, and see what you find. Or try to find a dedicated thread here with all RUUs gathered (which will most likely be in which section? You can probably guess). And if you don't understand, what it is - you go to google.com, write "what is ruu", and read what it is.

Since I did not need to downgrade, I cannot tell you how to do that. I'm sure you'll be fine if you follow the guides here correctly.
But I did s-off my phone, so I can tell you for sure that you don't have to use htcdev in any way. Just ignore it. If you downgraded your bootloader, you can s-off using revolutionary and then install recovery like 4ext touch. And that is all. You can flash roms now. But be sure you always make a backup from recovery before you change anything on your phone (flashing etc.)
Sent by my fingers to your head.

You'll find that most of the links that you require will be in whats referred to as the INDEX and don't worry about needing reassurance or having to ask questions, as you must be confident in what you are doing as the device isn't cheap to replace.
I feel that you've done whats important and have at least attempted to read the guides available.
Best thing to do IMO (although not the easiest) is to downgrade your HBoot, then S-OFF with revolutionary, then flash ENG HBOOT and then happily use whatever custom ROM you want!

i think the best way is downgrid and then s-off and root your device.

Welcome to xda-devs, turkmyster.
IIRC you need the misc-version to 'fool' the RUU into installing a stock ROM with an older, AlphaRev-compatible HBOOT.
For RUUs, look at the thread that lists Desire S/Saga RUUs somewhere in this forum. It's there, and you'll likely find an RUU for your region and device there.
For downgrading your HBOOT, this method by shadi22 worked for me nicely: http://forum.xda-developers.com/showthread.php?t=1443636

And remember, Do not unlock you boot loader using HTC-dev, otherwise the above mentioned method won't work. Have you unlocked the bootloader, then just lock it again using the command: "fastboot oem lock".

[MISC] Flashing ENG HBOOT | Rolling back to S-ON - The Noob Way

Hi all
I noticed that many of us while trying to flash HBOOT's brick our devices as there is no single thread and no single unified noob proof solution for flashing Revolutionary's S-Off 'ed+ Rooted Desire S all the way from HBOOT version 6.98.1xxx to 0.98.2000 (PG8810000).
Hope this helps..
Ok, less talking; more work
This Thread will help you if:
- if you want to change your HBOOT version to 0.98.2000 (PG8810000)
- if you want to S-On your previously S-Off 'ed Desire S as to make use of warranty (as there is no way of making a S-Off device having Revolutionary's HBOOT v.6.98.1002 -to- S-on again without flashing the HBOOT again).
- AFAIK, if you want to flash an RUU (read ROM Update Utility AKA the stock ROM installer) you won't be able to do it you are S-off 'ed using revolutionary method. So for doing that again you need to have the HBOOT version as something like 0.98.xxxx or 6.98.2000 (experts need your comments on this one)
This guide won't be telling you of how to make it S-on again (though theres a link to youtube step-by-step video tutorial of how to do it in the update section below; Do NOT ignore the video's ending ) but just of how you can go ahead with changing your Revolutionary's default flashed HBOOT version 6.98.10xx -to- v.6.98.2000 and then -to- v.0.98.2000 (PG8810000).
For more updated info please refer to "UPDATE" section below:
UPDATE:
Regarding the "Returning to Stock/making your phone S-ON" issue:
ok..I have not tried this but this right here guides you of how to S-ON and return your phone to total* factory like condition by installing an RUU thereby removing just everything..revolutionary, CWM..u name it; just like a real stock phone
But pls note that using an RUU (read ROM Update Utility AKA the stock ROM installer) will erase all your data! as you are flashing a stock RUU
And for this you need to change your HBOOT to 6.98.2000 (PG8810000) (as in the video linked above) OR to 0.98.2000 (PG8810000); so thats one of the other advantages of my guide..
Hope this helps..
Also, a lot of good folks here have been asking/suggesting me over why this method..? and why not the "dd commands method" / adb command(s) method? (all manually )
ok here's my take on this
Click to expand...
Click to collapse
Prerequisites:
- you need an HTC Desire S phone
- HBOOT version 6.98.1xxx (how to check HBOOT version? just read step#4 & step#5 to find out your HBOOT version)
- S-OFF and Root 'ed using Revolutionary (also known as AlphaRevX; its the old name 'duh)
- your data cable and a working PC with HTC Fastboot Drivers installed (get them here)
- make sure you don't have HTC Sync software installed (check it in Add/Remove Programs found in Control panel of your PC); if it is then please remove it before starting with the following process!!!
WARNING:
DO NOT..I REPEAT AGAIN..DO NOT DISCONNECT IN-BETWEEN THE FLASHING PROCESS(Step#6 onwards) OR YOU MAY DAMAGE (READ "BRICK") YOUR PHONE IN A VERY BAD WAY!
Instructions:
1- download and extract the attached zip file in a empty folder (make sure NOT to touch/merge any of its contents)
2- make sure USB debugging is switched "ON" in your phone's: application settings menu >> development settings
3- also make sure that fastboot mode is switched "OFF" in your phone's: Power settings menu and by default your phone is configured to switch to charging mode when the cable is connected (JUST DO NOT CONNECT IT YET)
4- Now, reboot your phone into bootloader mode by first switching off your phone and then press the Power button and the volume down key simultaneously.
5- you should be able to see white screen with things like Revolutionary on top, S-OFF, HBOOT ... 6.98.10xx etc.
6- now go into the fastboot mode and then just connect you phone until the "fastboot" turns into "usb fastboot" OR "fastboot usb" either of these
7- now go inside the extracted folder named "FlashENGHBOOT698"
8- click on bat file named "Click This" and sit back
9- a black screen should popup as soon as you click on the bat [email protected] step#8 and you should see "OKAY" at the end of successful flash but it would be too quick so keep on lookout
10- select reboot on the bootloader's menu
11- reboot back to bootloader's menu to check if HBOOT's version has been changed to 6.98.2000
12- repeat the process from step 8 BUT make sure this time you go inside the other folder named "FlashENGHBOOT098" (notice the ZERO before 98)
13- follow the steps upto step#11 to check if the HBOOT's version has been changed to 0.98.2000 (PG8810000)
Voila!
Note:
This is just a compilation and a slightly edit of the batch file code to flash the second flash Image for the 0.98.2000 HBOOT All credits goes to the following people:
Credits: (Yay!! time for beer)
Would like to thank Maarten for his post and tool here
lgl0 for all his valuable info here
DesireFanatics for his step-by-step tutorial video here
Last but not the least anchemis for sticking and guiding me all the way
And to all those who have helped me here and here.
Disclaimer:
I won't be responsible for any damages done to your phone. Please attempt/flash with caution. though this method has been tested personally by me and is working fine; have also tested rebooting my phone so as to make sure bootloader does not give up on me.

MODS pls sticky this thread as newbie/newcomers really won't get it the first time they look at the [index] @ XDA
And this right here is the solution for Flashing their HBOOTs almost painlessly
Regards,
sky770
- Reserved for future use -

great guide, just have one question, currently I am using reengineered 2.00.002 hboot - 7.00.1002, my phone was s offed by revolutionary, will it work as well?

esideboi said:
great guide, just have one question, currently I am using reengineered 2.00.002 hboot - 7.00.1002, my phone was s offed by revolutionary, will it work as well?
Click to expand...
Click to collapse
:|..*gulp*
ok..as am a newbie so I would be needing experts in here
btw..have you gone through the Index/threads? coz thats what i did

esideboi said:
great guide, just have one question, currently I am using reengineered 2.00.002 hboot - 7.00.1002, my phone was s offed by revolutionary, will it work as well?
Click to expand...
Click to collapse
You have the latest hboot. If you don't want to s-on and unroot your phone again there is no need for you to downgrade the hboot (afaik )
Edit: accidentally pressed thanks.. never mind

sky770 said:
Hi all
I noticed that many of us while trying to flash HBOOT's brick our devices as there is no single thread for flashing Revolutionary's S-Off 'ed+ Rooted Desire S to 0.98.2000 (PG8810000).
Hope this helps..
Ok, less talking; more work
This Thread will help you if:
- if you want to change your HBOOT version to 0.98.2000 (PG8810000)
- if you want to S-On your previously S-Off 'ed Desire S as to make use of warranty (as there is no way of making a S-Off device having Revolutionary's HBOOT v.6.98.1002 -to- S-on again without flashing the HBOOT again).
- AFAIK, if you want to flash an RUU (umm noob translation for this would be original stock ROM?) you won't be able to do it you are S-off 'ed using revolutionary method. So for doing that again you need to have the HBOOT version as something like 0.98.xxxx or 6.98.2000 (experts need your comments on this one)
This guide won't be telling you of how to make it S-on again but just of how you can go ahead with changing your Revolutionary's default flashed HBOOT version 6.98.10xx -to- v.6.98.2000 and then -to- v.0.98.2000 (PG8810000)
Prerequisites:
- you need an HTC Desire S phone
- HBOOT version 6.98.1xxx (how to check HBOOT version? just read step#4 & step#5 to find out your HBOOT version)
- S-OFF and Root 'ed using Revolutionary (also known as AlphaRevX; its the old name 'duh)
- your data cable and a working PC with HTC Fastboot Drivers installed (get them here)
- make sure you don't have HTC Sync software installed (check it in Add/Remove Programs found in Control panel of your PC); if it is then please remove it before starting with the following process!!!
WARNING:
DO NOT..I REPEAT AGAIN..DO NOT DISCONNECT IN-BETWEEN THE FLASHING PROCESS(Step#6 onwards) OR YOU MAY DAMAGE (READ "BRICK") YOUR PHONE IN A VERY BAD WAY!
Instructions:
1- download and extract the attached zip file in a empty folder (make sure NOT to touch/merge any of its contents)
2- make sure USB debugging is switched "ON" in your phone's: application settings menu >> development settings
3- also make sure that fastboot mode is switched "OFF" in your phone's: Power settings menu and by default your phone is configured to switch to charging mode when the cable is connected (JUST DO NOT CONNECT IT YET)
4- Now, reboot your phone into bootloader mode by first switching off your phone and then press the Power button and the volume down key simultaneously.
5- you should be able to see white screen with things like Revolutionary on top, S-OFF, HBOOT ... 6.98.10xx etc.
6- now go into the fastboot mode and then just connect you phone until the "fastboot" turns into "usb fastboot" OR "fastboot usb" either of these
7- now go inside the extracted folder named "FlashENGHBOOT698"
8- click on bat file named "Click This" and sit back
9- a black screen should popup as soon as you click on the bat [email protected] step#8 and you should see "OKAY" at the end of successful flash but it would be too quick so keep on lookout
10- select reboot on the bootloader's menu
11- reboot back to bootloader's menu to check if HBOOT's version has been changed to 6.98.2000
12- repeat the process from step 8 BUT make sure this time you go inside the other folder named "FlashENGHBOOT098" (notice the ZERO before 98)
13- follow the steps upto step#11 to check if the HBOOT's version has been changed to 0.98.2000 (PG8810000)
Voila!
Note:
This is just a compilation and a slightly edit of the batch file code to flash the second flash Image for the 0.98.2000 HBOOT All credits goes to the following people:
Credits: (Yay!! time for beer)
Would like to thank Maarten for his post and tool here
lgl0 for all his valuable info here
Last but not the least anchemis for sticking and guiding me all the way
And to all those who have helped me here and here.
Disclaimer:
I won't be responsible for any damages done to your phone. Please attempt/flash with caution. though this method has been tested personally by me and is working fine; have also tested rebooting my phone so as to make sure bootloader does not give up on me.
Click to expand...
Click to collapse
you have not mentiond the dd commands tut. this is used because of the re engineerd hboot 7.00.1002 upgrade people are doing, u cannot use any other method to get another hboot to your device after using 7.00.1002 hboot. as no fastboot and using the PG88IMG method just gets bypassed. so the only way is the dd commands. please add this to your guide thanks

If i pass your guide, will my phone be s-on or s-off?
Is it possible to apply this hboot version after? Or can i apply this hboot version right now?
Currently im on hboot-6.98.1002.
Hope someone will guide me real quick. Thanks!

@muselmann88 : 1. The bootloader is Eng S-off!
2. You're now with the Revolutionary Hboot and there is no reason to change. As long as you're using the dd commands to directly write the bootloader partition every bootloader can be uploaded. I haven't had any problems with this method.

marioemp2k7 said:
@muselmann88 : 1. The bootloader is Eng S-off!
2. You're now with the Revolutionary Hboot and there is no reason to change. As long as you're using the dd commands to directly write the bootloader partition every bootloader can be uploaded. I haven't had any problems with this method.
Click to expand...
Click to collapse
I read that i'll have boot problems with sense 4 roms, isn't that correct?
Could you please list the dd commands that i'll succeed in writing the bootloader to the partition.

How about other eng hboot?
Sent from my HTC Desire S using XDA

muselmann88 said:
I read that i'll have boot problems with sense 4 roms, isn't that correct?
Could you please list the dd commands that i'll succeed in writing the bootloader to the partition.
Click to expand...
Click to collapse
I have PM you mate i have sent u everything u need to get yourself on the new eng hboot with that new eng hboot u can use ANY Rom without any problems

The hboot version that should be overwritten by "dd" command is 6.98.1002.
All the others are perfectly rewritten by a RUU or PG88IMG with a higher version.
Only Revolutionary (not AlpharevX) hboot has write protection. There is not only version check in that process

Thanks to the OP!
Just got a Desire S and so far done this little lot:
I've downgraded the ROM to 1.28 to get HBOOT 0.98
S-OFF'ed using Revolutionary.
Installed 4EXT Recovery 1.0.0.5 Touch RC3
Flashed VanillaICE ROM
and just followed this guide to get off the Revolutionary HBOOT and to the ENG HBOOT 0.98.2000.
And it worked flawlessly!
Thanks again!
EDIT: and somewhere in that lot I have also updated the radio to the latest one from the Radio thread!

htc-phones said:
you have not mentiond the dd commands tut. this is used because of the re engineerd hboot 7.00.1002 upgrade people are doing, u cannot use any other method to get another hboot to your device after using 7.00.1002 hboot. as no fastboot and using the PG88IMG method just gets bypassed. so the only way is the dd commands. please add this to your guide thanks
Click to expand...
Click to collapse
Hi,
The fastboot method gets bypassed if we try to flash it by directly picking up the *.zip file from SD Card's root (that good 'ol PG88IMG.zip method).
Using the above method (my method at post#1) we are just literally pushing it through fastboot>>adb>>phone to get it flashed.. no questions asked from phone's side
srry abt the newbie/layman terms answer but this is how it actually works
Also regarding, the "dd commands" are never meant to be used for "noobs" as they are quite dangerous...more..more dangerous than to use fastboot instead of directly using adb commands.
Just because dd commands method exist doesn't mean we should go to that extent to brick our phone (a noob can easily do that while sipping beer and typing some command as bik instead of blk)
And hence I would not like newbie(s) coming in here, bricking their phones and stalking me
UPDATE:
Excerpt taken from here
There are actually two levels of S-OFF. The Bootloader (HBoot) and the Radio. Getting S-Off on the HBoot gives us everything we need, but doesn't actually turn off the @secuflag which is set in the radio. What it is possible to do is to flash a HBoot that believes the Radio is set to S-OFF, as the HBoot is responsible for setting that flag. Once the HBoot on the phone is S-OFF, we can write to all the partitions and basically do whatever we want, but it is possible to go one step further. Flashing a radio that is S-OFF and actually setting the @secuflag off gives 100% total access to every part of the phone and it's software, as it becomes network unlocked allowing to you to use any SIM and also allows you to flash a ROM from any carrier (known as Super CID). It also makes it nigh on impossible to permanently loose root no matter what you flash. Once you have radio S-OFF, it makes it much easier to flash new HBoots and ROMs even if you flash something that is locked down tight.
Setting the Radio to S-Off is not necessary, and gaining S-OFF on the HBoot is more than most people will ever need. Radio S-Off is just the last step of the puzzle, but it is worth noting the only points you can permanently brick your phone is flashing a radio or a HBoot, if either of these go wrong you will end up with a shiny expensive paper weight so there is risk involved.
Click to expand...
Click to collapse
So pls pls suggest newbie(s) to flash with caution :|

muselmann88 said:
If i pass your guide, will my phone be s-on or s-off?
Is it possible to apply this hboot version after? Or can i apply this hboot version right now?
Currently im on hboot-6.98.1002.
Hope someone will guide me real quick. Thanks!
Click to expand...
Click to collapse
As it looks to me, if you're running hboot-6.98.1002 already then you must have used revolutionary's tool to S-off your phone.
Therefore you are eligible to use the above guide to re-flash your hboot.
Infact you're having the same hboot version as I had after using revolutionary.
changing your hboot version to 0.98.2000 (PGI880000) will make sure that you can flash any RUU (official stock ROM) so that you could be s-off again
Though I am still getting working on it to have a simple 1-click solution for this too for ya noobs
Also, make sure you're rooted (though I would like some expert to comment on this; but AFAIK root is needed to flash the *.img file over fastboot; just search around forum as to be sure.)
Do it now! and you won't regret..
Regards,
sky770

marioemp2k7 said:
@muselmann88 : 1. The bootloader is Eng S-off!
2. You're now with the Revolutionary Hboot and there is no reason to change. As long as you're using the dd commands to directly write the bootloader partition every bootloader can be uploaded. I haven't had any problems with this method.
Click to expand...
Click to collapse
I would not really recommend using "dd commands" please see my reply over here
Regards,
sky770

muselmann88 said:
I read that i'll have boot problems with sense 4 roms, isn't that correct?
Could you please list the dd commands that i'll succeed in writing the bootloader to the partition.
Click to expand...
Click to collapse
Sense 4 requires you to have umm... HBOOT version 2.xxx and above? (experts?) anyways.. that cannot be categorized as "problem" its just another "prerequisite" for sense 4 based ROMs though am not sure if its an "official prerequisite" or a non official non
Also, please read my post abt dd commands here.
Regards,
sky770

Dreamtheater2003 said:
How about other eng hboot?
Sent from my HTC Desire S using XDA
Click to expand...
Click to collapse
Can take some time here to try some custom(s) ROMs first
Anyways, now that am here on XDA lets get started..
Regards,
sky770

htc-phones said:
I have PM you mate i have sent u everything u need to get yourself on the new eng hboot with that new eng hboot u can use ANY Rom without any problems
Click to expand...
Click to collapse
any ROM?
you sure about RUU (stocks) ??
if yes then plz forward tht PM to me too pls
Regards,
sky770

amidabuddha said:
The hboot version that should be overwritten by "dd" command is 6.98.1002.
All the others are perfectly rewritten by a RUU or PG88IMG with a higher version.
Only Revolutionary (not AlpharevX) hboot has write protection. There is not only version check in that process
Click to expand...
Click to collapse
aha! Right on point
And thats one more reason I won't really..really recommend using dd commands to a noob/newcomers just for flashing from 6.98.10xx -over to-0.98.2000 (PGI880000).
Regards,
sky770

[GUIDE] Root, SuperCID & S-Off for Evita Hboot 2.14 - Firmware 3.17 [Orange UK]

This is for International hTC One XL/Evita - Hboot 2.14 & firmware 3.17 (Orange UK)
If you own AT&T One X please look elsewhere, this guide is not for your phone
There is an abundance of information scattered in these forums and not all root methods/exploits work universally due to variation in firmware builds and Hboots.
I had to read a lot of threads to figure out how to S-off my Orange UK One XL with Hboot 2.14 and firmware build 3.17.
I was only interested in attaining S-off but had to start with HTCDev bootloader unlocking which I didn't really want to do but none of the known root exploits worked on my firmware.
I am sharing this hoping it would help others avoid taking pills for headaches when pursuing this noble quest
AIM:
Provide a short guide to others with similar device and configuration on where to start and simple clear steps to follow with needed links.
PREREQUISITES:
1. latest htc drivers for your Windows PC/laptop if you have one of those. Check here.
2. a working adb environment preferably from latest Android SDK, if you don't have this already set up please check here.
3. "USB debugging" must be checked under Phone settings>Developer options
4. an original htc USB cable is strongly recommended.
5. phone charged at above 50%
6. basic knowledge of using command prompt (cmd) in Windows and adb commands.
STEPS:
So in my case the steps were:
[1] Unlock bootloader through htcdev.com
[2] Flash/install TWRP recovery
This is done manually. All-In-One Toolkit didn't work for me BTW.
1. download latest TWRP recovery for One XL/Evita from here
2. you can rename file for easier command prompt typing later, like TWRP5.img
3. place file recovery file in your adb/fastboot folder
4. connect phone in fastboot mode to PC, make sure it displays fastboot USB on phone before you proceed.
5. start command prompt from within fastboot folder by right clicking inside folder and choosing "open prompt here", type following command:
Code:
C:\yourFastbootFolder> fastboot flash recovery TWRP5.img
Not a bad idea to test your recovery by making a nandroid backup before proceeding to next step.
[3] Flash a custom rom (root)
All custom roms are rooted by definition. If you chose e.g. ViperXL like I did remember to flash boot.img extracted form same rom zip afterwards, otherwise bootloop!
You can of course flash a SuperSU zip instead to gain root but I don't see the point.
[4] SuperCID
This is the simplest way that I found accidentally during my endless searches, all credit goes to @beaups for this one and @Austempest for sharing :good:
1. connect phone to PC in Android mode (mode where you can use phone)
2. Run the following command from command prompt (CMD):
Code:
C:\>adb shell
To enter adb shell, then enter following commands after each other:
Code:
# su
# echo -ne "11111111" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
3. Reboot to bootloader and hopefully you'll see 11111111 as your CID ...... yes
[5] S-Off
Now that your are rooted with SuperCID you can just follow @beaups simple steps for S-Off found here Facepalm S-Off
That is it.... you broke your shackles :laugh:
I am not a dev and for sure not taking credit for other people's work, merely giving back and hoping this assists clarify stuff and save some time.
Cheers!

the one clicks would not work for you because you dont have an att one x so the supercid exploit doesnt work on our phones
all phones go through htcdev.com to unlock, att phones just need supercid first.
you should make a not in your guide that this guide wont work for at&t phones.

exad said:
the one clicks would not work for you because you dont have an att one x so the supercid exploit doesnt work on our phones
all phones go through htcdev.com to unlock, att phones just need supercid first.
you should make a note in your guide that this guide wont work for at&t phones.
Click to expand...
Click to collapse
Thanks for this important reminder, note added in red on top!
You mentioned one click is only for AT&T phones, I guess you mean All-In-One Toolkit by hason2000, you see even in the tool's thread it's not stated explicitly that tool works only for AT&T, while the respective threads for these exploit state that it's for AT&T One X not negating other international versions!
Most guides/tools are for North America and some Australia but very few for Europe which BTW only recently came on board with 4G/LTE.
So figuring out, especially for noobs, what is what with all these international variations for one device and huge amount of information, while searching doesn't always provide an answer is a tedious task and can end up miserably :crying:
I hope it's in order to add some info for European Evitas
guys kindly don't quote whole post(s), thanks

Only AT&T Phones are different in the case of unlocking/rooting because they can't use HTCDEV. Every other onexl is the same for unlocking/rooting.

Great guide, thanks you! it worked !
Now i'm stuck at the next step. ha :crying:

i cant get root, because my touchscreen not functional after flashed a custom rom. i had success until step 3, i cant proceed to step 4 as i cant use my touches when the rom loaded. i didnt have any back up. i already searched around to dgrade my touchscreen firmware, but it needs root. im stuck here, i can flash custom cwm recovery, install custom rom but cant touch screen. the default cm10.1 dont have android debugging enabled by default, i cant enable it cos i cant touch the screen. if i restore to stock ruu, i can touch screen n all works, but i had a problem sync google contacts.
The reason im getting my hands on custom rom is bcos my stock XL(Asian version) will neve sync google contacts properly, i tried to flash JB stock RUU, but its same. then, i started to tamper my fon with unlocking bootloader via htcdev, flash cwm(twrp mess on my sdcard storage). i had experience on older htc devices but its my 1st time on the htc one series. right now, im on evita s-on, unlocked bootloader, hboot 2.14, cwm recovery(twrp mess on my sdcard storage), not-super CID. I 'm left with a non-touchable cm10.1, i can flash any rom that supports s-on. tried to relock bootloader but i cant flash stock ICS ruu.flashing stock JB RUU is ok. my target now is to s-off n superCID.
i can :
flash RUU 3.17, running a stock RUU 3.17.
unlock bootloader
flash custom recovery(twrp mess with my internal storage)
i cant :
root my device on stock rom
touchscreen wont work on custom rom
any help will b greatly appreciated.

Do not make multiple posts about the same thing. It is strictly against XDA rules.

sorry, may i know how to delete it? i click on edit/delete but cant see any options to delete my post.

You cannot
Sent from my One X using xda app-developers app

sir how to back or normal cid help me
sir how to back or normal cid help me i have a one x its allredy super cid how get back normal cid

Fastboot oem writecid whateveryourcidwas
This will only work once with s-on after supercid but will work as many times as you want if s-off.
Sent from my One X using xda app-developers app

ignore this post. found a relevant thread

How to upgrade bootloader to 2.14
So what if you are not on HBoot 2.14?
EDIT:
Warning: It is not a good idea to upgrade only the bootloader if you intend to flash the latest CM10 builds! Avoiding RUU and unlocking again out of laziness will probably get you in trouble afterwards. RUU is definitely the safer way. You'll find a good collection of ROMs here
http://forum.xda-developers.com/showthread.php?t=2119610
and the tutorial for upgrading RUU on a previously modded phone here
http://forum.xda-developers.com/showthread.php?p=26260005
I found these threads which helped me SuperCID, S-Off and finally upgrade the HBoot of my already rooted evita.
First you need the superCID from this post:
http://forum.xda-developers.com/showthread.php?p=42351491
Next Step S-Off:
http://forum.xda-developers.com/showthread.php?t=2155069
Then RegawMOD the appropriate bootloader from this thread and flash:
http://forum.xda-developers.com/showthread.php?t=1786498
The procedure was easy once I had found the appropriate threads on XDA

You should not update hboot that way. It only updates one file and not all the firmware files. Ruu or flashing firmware.zip are the best ways.
Sent from my HTC One XL using xda app-developers app

New CM10 and derivates require HBoot 2.14
exad said:
You should not update hboot that way. It only updates one file and not all the firmware files. Ruu or flashing firmware.zip are the best ways.
Click to expand...
Click to collapse
I simply needed an updated bootloader in order to enable flashing the latest CM10 nightlies. This did the job.

ernstlustig said:
exad said:
You should not update hboot that way. It only updates one file and not all the firmware files. Ruu or flashing firmware.zip are the best ways.
I simply needed an updated bootloader in order to enable flashing the latest CM10 nightlies. This did the job.
Click to expand...
Click to collapse
That's exactly why you should not do it that way. You may get issues along the way as a result of the software not properly utilizing your hardware. This is why you're supposed to update hboot. What you did is more like tricking it into thinking you updated the firmware.
Sent from my HTC One XL using xda app-developers app
Click to expand...
Click to collapse

ernstlustig said:
I simply needed an updated bootloader in order to enable flashing the latest CM10 nightlies. This did the job.
Click to expand...
Click to collapse
As exad said, CM 10 didnt want you to update just the hboot it wanted you to flash 3.18 RUU or equal to get updated firmware.
The requirement to install 3.18 RUU is listed as a requirement for CM. The hboot is what is checked but things like radio, adsp and wcnss are what actually needed to be updated, which you have not updated.
All you have successfully done is beaten the basic check for if you flashed the 3.18 RUU without actually doing what you were told to do.

How did you get s-off? i have a rogers version

salt204 said:
How did you get s-off? i have a rogers version
Click to expand...
Click to collapse
Links to XDA threads updated. (Sorry.) Please look again.

Has anyone tried successfully to write SuperCID into hboot 2.15 S-On devices?
as the instructions is for hboot 2.14, and I would like to S-Off the device with hboot 2.15 and it is S-On.
I have tried the hex with adb method, but it doesn't work.

[Q] Won't load, no custom recovery and s-on!

SAGA PVT SHIP S-ON
HBPOT - 0.98.0000
RADIO-38.03.02.11_M
eMMC-boot
I tried to revert to stock but now the os won't load, can't get the htcdev unlock to work either so can unlock the boot loader and the ruu I'm using is throwing a 140 error. Tried to htc unlock but when asking for the code for it it shows an error in the command.
I feel like I need an older ruu or a way to upgrade the hboot but I'm not sure.
Any help would be appreciated!

chapmana81 said:
SAGA PVT SHIP S-ON
HBPOT - 0.98.0000
RADIO-38.03.02.11_M
eMMC-boot
I tried to revert to stock but now the os won't load, can't get the htcdev unlock to work either so can unlock the boot loader and the ruu I'm using is throwing a 140 error. Tried to htc unlock but when asking for the code for it it shows an error in the command.
I feel like I need an older ruu or a way to upgrade the hboot but I'm not sure.
Any help would be appreciated!
Click to expand...
Click to collapse
Error 140 may ussualy reffer to wrong bootloader version,
the numbers however, are not always the same for similar
issues they reffer to,or perhaps the numbers differ according to
different circumstances they describe- i`m not able to tell you beyond doubt,
but in your case (0.98.xxx) it could be something more like
CID, or region version error,
http://forum.xda-developers.com/showthread.php?t=2143855
posts: #2 and #3- `issues with flashing RUUs`
will sheed some light on that matter for you,
providing that other steps like:
- locking bootloader before flashing a RUU
-always choosing higher RUU version
than the one running on the device
(in a normal circumstances, one is not able to ovewrite higher
bootloader version by the lower one- not without
support of < misc_version >)
you where aware of and complied with.
As for the command, they could sometimes be
little tricky to execute,and must therefore be issued
precise to the letter,
so, always try to find that error in the command first,
before assuming it`s been caused by something like:
- no/broken comunication: PC <--> Phone via ADB,etc..
(but you may also try to look it to that corner
and assure- the obstacle is
not comming from that side)
..To tell you the truth, while flashing RUU- with
all requirements for that procedure fulfilled,
there is very little that might go wrong,
in the end, this is an official conduct that is supported
by device`s manufacturer,...
Another method of loading the stock rom on the NAND,
would be to use PG88IMG method:
-extract the rom.zip from the RUU, (google how to)
-rename it to PG88IMG
-load it on your device`s sdcard
-reboot to bootloader,
let it find an update (this very file)
and flash it...
As for unlocking procedure, it is probably
required to be on a stock rom to proceed-but i might
need a correction here,
or having kept the code obtained in the past-and use that binary,
you've said,you were attempting to come back to stock,
May i ask:
-from what?
-has your device been S-off'ed
in the past-by any chance?
- is 0.98.xxx the hboot that use to be in the device,
or, was that changed after unsuccessful RUU flash,
-what was the original system and sense version
your phone was shipped with,
-and most obvious-most overlooked:
is your phone sim /or firmware branded
to any carrier?

well i tried to use this one:
RUU_Saga_TMO_UK_1.30.110.2_R_Radio_20.28b.30.0805U_38.03.02.11_M_release_180106_signed
i got the 140 error and when i tried this one:
RUU_Saga_S_HTC_Europe_2.10.401.5_Radio_20.4801.30.0822U_3822.10.08.04_M_release_219480_signed
i also tried erasing the boot image and the recovery image using the fastboot commands but im getting some sort of access denied error.
there also seems to be no recovery image so my options are limited, any further thoughts?
I really appreciate your help, hopefully my wife wont kill me!

chapmana81 said:
well i tried to use this one:
RUU_Saga_TMO_UK_1.30.110.2_R_Radio_20.28b.30.0805U_38.03.02.11_M_release_180106_signed
i got the 140 error and when i tried this one:
RUU_Saga_S_HTC_Europe_2.10.401.5_Radio_20.4801.30.0822U_3822.10.08.04_M_release_219480_signed
i also tried erasing the boot image and the recovery image using the fastboot commands but im getting some sort of access denied error.
there also seems to be no recovery image so my options are limited, any further thoughts?
I really appreciate your help, hopefully my wife wont kill me!
Click to expand...
Click to collapse
Try to use <gold card>as my next blind thought,
With a stock recovery, one is limited anyway...
I'd say:
In your case, bootloader is your only recovery

[Q] Can't s-off!

Hi everyone
You must be pretty bored of threads like these!
Basically I can't s-off, so I was hoping for some advice. Here is my fastboot info:
TAMPERED, UNLOCKED
M4_UL PVT SHIP S-ON RL
HBOOT-2.21.0000
RADIO-1.23.40e.00.26
OpenDSP-v19.2.0268.0927
OS-
eMMC-boot 1024MB
I'm running TWRP 2.7.1.1 through which I installed JmzM4StockRootedOdex-WWE-1.22.401.1.zip and JmzM4_Kernel-09-4-13.zip. SuperSU is configured.
I have tried rumrunner, revone and firewater.
Rumrunner: Fails during Test 2. Tried two different PCs running Windows 7 and Ubuntu respectively. Last three entries are:
Rebooting into bootloader (again)
Waiting for fastboot (7/120)
FATAL: Download updated package at rumrunner.us
Revone: ./revone -P gives error message 2 as it should, then after reboot I get error 1 with ./revone -s 0 -u
Firewater: Error: "Kernel contains anti-firewater patch".
So, does anyone have any ideas as to what I can try next? I have seen a couple of other people on the forum who can't s-off under similar circumstances. I don't usually have problems with this sort of thing, but this one has me stumped.
Any help would be appreciated. Thank you.

Any news? I'm in the same boat.
European unlocked regular HTC One Mini.
Have been running 4.3 and I think 4.4.2 ok for a while (don't even know).
I'm 'tampered', 'unlocked' but 's-on'. Hboot 2.21.
Can't supercid, can't flash firmware.
I can flash the twrp 2.7.1.1 though.
I'm now running the JmzM4StockRootedDeOdex-WWE-1.22.401.1.zip rom, with regular SuperSU flashed after it was installed.
Fast boot is off, usb-debugging is on.
Rumrunner gives 'fatal, download updated package at www.rumrunner.us'
Revone gives the 'error -2' when doing ./revone -P.
But after rebooting, 'revone -s 0 -u' just gives 'error -1' and fails, without an error message.

dipje said:
Any news? I'm in the same boat.
European unlocked regular HTC One Mini.
Click to expand...
Click to collapse
Interesting. Glad to hear I'm not alone! What is your CID, out of interest?

moomoomoo2 said:
Interesting. Glad to hear I'm not alone! What is your CID, out of interest?
Click to expand...
Click to collapse
INFOversion-bootloader: 2.21.0000
INFOversion-main: 2.12.401.1
INFOversion-misc: PVT SHIP S-ONINFOplatform: HBOOT-8930
INFOmodelid: PO5820000
INFOcidnum: HTC__E11
revone just keeps giving errors -1/-2.
firewater finally bails out saying I'm running a kernel that has the anti-firewater patch. But I'm running custom kernels that are in the howto's. I flashed boot.img manually through fastboot and made sure by 'uname -a' that I'm indeed running the intended kernel. Tried 'JmzM4_Kernel-09-4-13.zip' and the 'bubba kernel' from 01-nov-2013.
And as I said, rumrunner seems to run OK. (during 'hold please' where you see the **** that become --- slowly, the bar fills up. After that it says it's rebooting into bootloader again, and after that it bails by saying 'FATAL: Download updated package at www.rumrunner.us'.
Different firmware packages I tried to flash all bail with some 'android_info' error, even after making sure the CID and model-ID match. But the way I see it I need to be s-off before those packages work anyway.

Sounds like we've both tried the exact same things. Hopefully someone will be able to help.
I take it you are going through this pain to get sense 6?

Have you guys tried going to SuperSU and change the Default access to grant? And then run rumrunner?

Everest_ said:
Have you guys tried going to SuperSU and change the Default access to grant? And then run rumrunner?
Click to expand...
Click to collapse
Yup, that's how I have my SuperSU. Thank you for your reply.

I will check and try again, but I can't imagine it having an impact, since I'm running firewater and revone from a root-prompt already, and rumrunner runs happily but bails _in_ one of the later fastboot things.
I tried relocking and unlocking through the HTC dev thing again, just in case. Of course (I forgot) that has the effect of my entire /data (including 'sdcard') being wiped, so I now have to push a rom through ADB into recovery to flash and get the device running again.
From that I can turn usb-debugging on again, flash supersu and try setting it to always-grant and try again.
@moomoomoo2: Did you have your device sent to HTC for repairs by any chance?

dipje said:
@moomoomoo2: Did you have your device sent to HTC for repairs by any chance?
Click to expand...
Click to collapse
Not me personally, but I bought the phone second-hand in October 2013 so theoretically it could have been sent to HTC before then.

Hey guys. I am in the same situation. I have htc one mini Europe version with:
Android 4.4.2
Sense 5.5 stock
Hboot 2.21
Unlocked
Rooted
S-On and CID HTC_035
And I can't get S-Off. I tried rumrunner, firewaters, revoke. Same errors like you.
I really want the sense 6 ))
Sent from my HTC One mini using XDA Free mobile app

Seems there's a pattern emerging! For the record, my CID is ORANG001.

Can you guys (or girls) report if your device was ever sent to HTC or not? Just a sneaky suspicion. Mine is, the original posters 'could be'.. until we get a definitive 'no' I'm having a feeling that they did something at the HTC repair .
Right this moment I managed to get my device pretty much back to stock 4.4.2 / sense 5.5 (in detail, firmware 3.10.401.4). I'm 'relocked' (so still tampered) and on the firmware package (hboot, kernel, radio, recovery) that came in the european OTA update.
The thing is, that OTA update was ment to bring me to 3.10.401.6 (the last number is different). My software version now says .4.
If I do the 'search for software updates' it says there is nothing available?! It should report an upgrade to .6 or to the new Sense6 rom I guess. It's the regular european / international version.... my CID and model ID is in the sense6-OTA update's firmware... so I should be able to flash it...
Maybe I'll try that. Flash the untouched firmware that is in the sense6-OTA (it's an OTA file for my model anyway, no idea why it's not showing in the software-updates scan),

The same situation, device was sent to HTC repair.

Well, I'm no closer to the s-off business...
I locked my htcdev bootloader, flashed the firmware from the OTA Europe-3.10.401.6 (4.4.2, Sense 5.5). Then unlocked the bootloader again (Wiping /data, grr) and installed TWRP 2.7.1.1 again.
Then I managed to install Europe-2.12.401.1 from a odex'ed full rom dump here on XDA. Simple flash from TWRP.
Once it is loaded it detects an OTA update to Europe-3.10.401.6 (I already had the OTA files, exactly the same as posted on XDA here).
I kinda modified the update-script for it. Removing the cid checks from the start, and removing the md5-check and patch for '/system/bin/app_process', and then making sure the mount() and unmount() calls matched (no double mounts, etc...) the update-script ran fine from TWRP! I removed the firmware business from the update-script (was already running it) and added an 'app_process' to the system folder so it would be copied. I also removed the 'fota' business at the end of the script.
And it ran! So ignoring the single app_process file (which I took from a 3.10.401.4 dump here on XDA) I was running a pretty good stock 4.4.2-Sense5.5 rom, with official matching firmware. Once the rom loaded up, it detected the OTA update to Europe-4.09.401.3 (4.4.2-Sense6).
I first booted back to fastboot mode, and flashed the official recovery that was in the 3.10 OTA (so I got the proper stock recovery) but left the device unlocker. Booted the ROM back up, started the OTA download and just clicked 'install now' at the end.
It took some time, but the OTA update ran without any modification perfectly it seems. It even flashed the new firmware (I got a slightly new boot logo and I'm on hboot 2.22 all of a sudden) without me needed to relock and unlock the device, and the new 4.09 rom seems to run just fine. It boots, runs fast, camera works, I got signal and wifi works.. I think it's ok. It's late, the rest I gotta check out tomorrow.
Mental note for me: Now make backups of your system dump since it's nice clean and stock, and don't forget to make a backup of the /data/preload folder in case you wipe your /data again. I can still flash TWRP, so getting root should be easy.
I now wonder if just using the supplied firmware package in the Sense6-thread, and modifying it to match my CID and MID would've worked anyway. I tried it, didn't work.. but I didn't know you had to relock the bootloader before flashing firmware as s-on. Anyway, I got my device up to the latest official firmware as stock as it's going to be (hboot, recovery, kernel, system, preload, all stock at the moment. Only htcdev-unlocked and it shows 'tampered'. Feels as a nice base to root and just use it for now .
All this still doesn't answer why our devices will not get s-off working at all.. but the reason I wanted s-off is done now for me, so I'm afraid I don't care anymore

Hi dipje,
I am exactly in the same situation like you was.
But my htc was never send to service.
If your kind please could you write down the process you did step by step and attach some links where needed with the location of the firmware, roms etc that you used and the files that you modified to not check the cid and other.
I will be very thankful.
Thank you very much.
Ovidiu
Sent from my HTC One mini using XDA Free mobile app

Excellent work dipje. Some more info would be great, including the modified script if you still have it. Regarding Europe-2.12.401.1 - was this vrvr's straight dump, or tr1gg3r84's international odex?

This worked for me because I apparently had the right device (right CID). Since we can't change CID without s-off, I was lucky. Also, I was on the 4.4.2 3.10 firmware I believe from an official OTA, but to be honest, I have no clue. Since I'm s-on I could only have installed official firmware files from OTA packages, so I guess I was on hboot 2.21 from the start. Just FYI.
If your CID is not in the list of supposed devices for these OTA updates, you're **** out of luck. At least, as far as I know, I'm not all knowing and only got into flashing my mini not too long ago. My CID is HTC__E11 and that _is_ in the list of supported CIDs for these OTA packages (and the 2.12 international rom we start with). That might be something to check first if you start down this path.
Do yourself a favour, try installing the firmware from OTA 3.10 (it's in the instructions below, you need to relock your device first, try to flash it by reading the fastboot commands, then you can htcdev-unlock again).. If that 'takes' and works OK, you're in the right CID list .
REMEMBER, ALL OF YOUR /DATA (including internal storage) WILL BE GONE!!
(because htcdev-unlocking does that, and to install an official firmware package we have to relock and then unlock again afterwards... If I'm wrong about this, please let me know ).
Anyway, yes I've used "Stock2.12.401.1Odex(tr1gg3r84).zip" as a starting point (http://forum.xda-developers.com/showthread.php?t=2575766).
Then get the 3.10 OTA from http://forum.xda-developers.com/showthread.php?t=2722370. Or, once you have 2.12 booted up let it download the OTA package, but _do not_ execute it. Once downloaded it should be in 'Download' in your internal storage/sdcard. Transfer it to your PC.
Install TWRP 2.7.1.1, then use it to flash tr1gg3r84's 2.12 as is. Start it up, do as minimal setup as you can, make sure you disable fast-boot in the power options (to be sure) and I always enable USB debugging first. (google how to do it if you don't know, it's a sort-of hidden option these days).
Then, relock your bootloader. Go to the bootloader menu and choose fastboot if you have to (hold vol-down while restarting / booting up).
From your PC, use the command line 'fastboot oem lock'. In the command line it will do some stuff (and read error at the end, don't worry) and your device should reboot automatically. After it is booted up, go to the bootloader / fastboot _again_, and this time give the command 'fastboot oem rebootRUU'. Your device should restart quickly to a black screen with a small white HTC logo. Give the command 'fastboot flash zip firmware.zip'. That firmware.zip file is the file that is _inside_ the 3.10 OTA, so you need to extract that first.
If correct, it will start doing stuff and a green bar will slowly fill up. It will _NOT_ reach the end. In your command-line window it should say it completed OK.
Ok, so now we have a 2.12 rom installed with the 3.10 firmware installed. Unlock your device again through htcdev.com, and install TWRP again.
If all is OK, you should be able to flash my modified 3.10 patch (http://clients.maxx-traxx.eu:8080/tmp/xda/mine3.10.zip)
I hope the bandwidth will be OK for that server, if it will be too much I have to upload it somewhere else.
That's what I used in the end, and should be able to install it without problems.
How I created it: The only file from trigger84's 2.12 rom that fails to MD5 check is the modified '/system/bin/app_process'. So I took the file from another 3.10 full dump (the 3.10.401.4 one from trigger too) and placed it inside the /system folder of the extracted OTA update. It will be copied automatically. I removed the lines from the updater-script that try to verify and patch /system/bin/app_process, but left the 'setting permisions' alone. Then I removed all the CID-checking from the start of the script (TWRP can't do that apparently) and removed all the 'fota' stuff from the end ( no clue what it is). Also, remove the lines that try to transfer the firmware.zip package. And as I said, fixed some unmatched mounts/unmounts. With that I mean everytime /system is mounted, it should be unmounted first before trying to be mounted again. The script tries to mount /data multiple times and only unmounts it once or something, and that tends to fail on TWRP.
I've attached my updater-script if you want to check it out and try to do it yourself. Compare the differences between mine and the original in the OTA to see what I mean.
You can delete the fota*** files and the firmware.zip from the OTA package, rezip it (properly, take care of the folder structure, ahem ) and try to flash it.
In the end, it should update OK, and since you already were on the firmware from 3.10, it should boot up OK like normal, _IF_ we flash the correct kernel. So before booting up 3.10 (it will bootloop if you try, no big problem) go to bootloader-fastboot mode again, and give the command 'fastboot flash boot boot.img'. The boot.img is the file that is inside the 3.10 Firmware.zip. The 3.10 should now boot up OK.
So, now you're on 3.10 ROM with 3.10 firmware (notice, 3.10.401.6, not the .4 version). Now, we're gonna install the stock 3.10 recovery again.
Take the 3.10 OTA extracted firmware.zip, and take the recovery.img out of it. Go to bootloader-mode again, and use 'fastboot flash recovery recovery.img' to install it. You now have your stock 3.10 recovery installed, but are still htcdev-unlocked. Start the ROM again.
A software update should be available to 4.09.401.3. Let it download, and let it execute. It should work without any problems, and your phone should reboot a couple of times.
At the end, after Sense6 is up and running, you can go into bootloader-mode again, and flash TWRP again, and use TWRP to flash the SuperSU update package to get root. (Because we're still unlocked, we don't have to do the htcdev-unlock thing this time).
Remember, your /system/bin/app_process file is not stock for sure, and there might be other files. The 4.09 OTA update (Sense6) just doesn't touch those files so it runs without modification, but with a next OTA we might not be so lucky and might have to modify the OTA package again. Do yourself a favour and make a backup of your current /system layout (I guess TWRP can do it), and yourself another favour by also making a backup of the /data/preload folder as it is now. Those files can be hard to come by later on, and if you ever do the htcdev-unlock thing again, they are gone (/data is wiped). Use a root-file-explorer app or something to copy the /data/preload folder to your sdcard/internal storage. Then copy it your PC and zip it up, label it preload-eu-4.09.401.3.zip and keep it safe .
This is not the most noob-friendly guide, but then it isn't intended to be. People who've been fighting to get s-off should know most key-shortcuts, fastboot and adb commands by now

Great guide dipje. Will hopefully help those who have the more generic CIDs. Counts me out unfortunately, but hopefully someone will figure out how to s-off the damn thing!

Hi everybody,
Just for information, i am french (sorry for my poor English ) and i am in the same situation :
One mini rooted, TWRP 2.7.1.1, S-ON, hboot 2.21.0000, revone : fail, rumrunner : fail, firewater : fail...
And my HTC also was sent for repairs (cracked shell, speaker HS, software update).
i am desperate...

I'm getting the feeling that (EU?) hboot 2.21 is simply protected against s-off tricks.
Is downgrading hboot possible with s-on? Guess not.