Can't S-OFF with Hboot 2.15... - HTC One S

Hi everyone,
I need your help because I can't S-OFF my HTC One S (s4) : Latest official ROM 3.16.401 (if I remember well), Bootloader unlocked, SuperCID and Hboot 2.15
I can't S-OFF with Facepalm, cause I have Hboot 2.15 right ?
And I can't either with Moonshine cause only compatible with :
3.14.531.11 (T-MOB)
3.16.666.9 (BM)
3.16.111.10 (TMO_DE)
3.16.661.4 (Telus)
So if I am SupedCID i must be able to flash any firmware above mine right ? Or do I need to match the CID anyway ?
In fact I didn't succeed in, at first with bootloader unlocked it said error in parsing android-info file (tried with 2 RUUs) then I tried with bootloader relocked and then it says "remote 12 : signature verify fail"
So...I am a little bit lost, what should I do ? Any idea ?
Thanks.

A bit off topic but still kinda related.
So i got my phone used, and when i got it, it was already bootloader unlocked and s-off. Now my question is, a lot of people are having trouble getting s-off on 2.15 hBoot, but that's what i have, along with TMOB010 CID.
I want to know how this device got s-off, and the thing is, in bootloader it doesn't even have **tampered** showing on there.
Anyone have any idea? I just want to know so that if i mess up the phone I'd know how to get it back to its previous state.
Sent from my One S using XDA Premium 4 mobile app

Noplait said:
Hi everyone,
I need your help because I can't S-OFF my HTC One S (s4) : Latest official ROM 3.16.401 (if I remember well), Bootloader unlocked, SuperCID and Hboot 2.15
I can't S-OFF with Facepalm, cause I have Hboot 2.15 right ?
And I can't either with Moonshine cause only compatible with :
3.14.531.11 (T-MOB)
3.16.666.9 (BM)
3.16.111.10 (TMO_DE)
3.16.661.4 (Telus)
So if I am SupedCID i must be able to flash any firmware above mine right ? Or do I need to match the CID anyway ?
In fact I didn't succeed in, at first with bootloader unlocked it said error in parsing android-info file (tried with 2 RUUs) then I tried with bootloader relocked and then it says "remote 12 : signature verify fail"
So...I am a little bit lost, what should I do ? Any idea ?
Thanks.
Click to expand...
Click to collapse
If you have SuperCID then yes you can flash RUU above yours. I did, but for me moonshine still didn't work but occasionally Facepalm did.
---------- Post added at 12:25 AM ---------- Previous post was at 12:20 AM ----------
JiroPrinz8 said:
A bit off topic but still kinda related.
So i got my phone used, and when i got it, it was already bootloader unlocked and s-off. Now my question is, a lot of people are having trouble getting s-off on 2.15 hBoot, but that's what i have, along with TMOB010 CID.
I want to know how this device got s-off, and the thing is, in bootloader it doesn't even have **tampered** showing on there.
Anyone have any idea? I just want to know so that if i mess up the phone I'd know how to get it back to its previous state.
Sent from my One S using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Tampered flag can be removed by tool revone.
This time I know just 2 methods how to do S-Off, moonshine and facepalm.

Can't think of one!
------> Noplait
Managed to S-Off mine with the following specs...
Baseband version : 1.12.50.05.05_10.28.50.08L
Software number : 3.16.61.10
Android version: 4.1.1
Hboot: 2.15.0000
Followed the instructions Exactly.
1. Bootloader unlock via HTCDev.
2. Steps 1,2&3 as found here
http://forum.xda-developers.com/showthread.php?t=1583427
3. SuperCID as found here
http://forum.xda-developers.com/showthread.php?p=26516911#post26516911
4. Bootloader unlock via HTCDev
(Out of curiosity did you go back to HTCDev and go through the unlock process again? As this is what I did (as per instructions)?).
5. Facepalm S-Off as found here
http://forum.xda-developers.com/showthread.php?t=2155135
(Note: for instructions 5, I dragged the appropriate zip into the command prompt line from where I had downloaded zip file,
and for instruction 7 dragged the appropriate file from the folder into the first command prompt line only - adb push <locaction of this file only: soffbin3> /data/local/tmp/
Then copied and paste the remaining two commands one at a time, remember to press enter after each of the 3 commands)
Hope that helps.

Step 3 (changig CID) seems to cause trouble to users with base 3.16.401.8, including me.
It looks like mmcblk0p4 is write protected here, so the changing of the CID just does not work.
I also didn't find a working way around yet...

Hello! I need some help here.Probably not the right place,sorry about that!
My problem is that I'm s-on,and it's seems that I can't do the supercid witch is the first step for Facepalm process.
I red a lot about this topic, everything what I have found.
It appears that I got the hboot 2.15 version with Jb ota Update ,because of this the mmcblk0p4 file is write protected... so the cid overwrite is undone.
Tried on ViperOneS 1.2.1 - 2.2.0,on Tricktroid 7-9.1 and on Jb Stock also.The adb ,the termal emulaton on phone ,hex editing works well.
This is my hboot:
*** TEMPERED ***
*** UNLOCKED ***
VLE PVT SHIP S-ON RL
HBOOT-2.15.0000
RADIO-1.11.50.05.28
OpenDSP-v31.1.0.45.0815
eMM-boot
Dec 14 2012,17:10:57:-1
My cid is Tim--401 so not Moonshine s-off compatibile.
Is exist any other method to gain S-off? or the only solution is riff/jtag?
I red the folowing treads about supercid:
http://forum.xda-developers.com/showthread.php?t=2446750&highlight=hboot+2+15+supercid&page=5
http://forum.xda-developers.com/showthread.php?t=2460148
http://forum.xda-developers.com/showthread.php?t=2453595&highlight=hboot+2+15+supercid
http://forum.xda-developers.com/showthread.php?t=1671643&page=48
http://forum.xda-developers.com/showthread.php?p=26516911#post26516911

gforums said:
Step 3 (changig CID) seems to cause trouble to users with base 3.16.401.8, including me.
It looks like mmcblk0p4 is write protected here, so the changing of the CID just does not work.
I also didn't find a working way around yet...
Click to expand...
Click to collapse
You're certain it's .8 and not the .9
I did it on 8 with no problems way back.
Verzonden vanaf mijn HTC One S met behulp van Tapatalk now Free

Here is what worked for me to get supercid 22222222 then facepalm to S-Off. Easy as Pie! But that was for me, hboot 2.15. I take no responsibility! Lol

LibertyMonger said:
Here is what worked for me to get supercid 22222222 then facepalm to S-Off. Easy as Pie! But that was for me, hboot 2.15. I take no responsibility! Lol
Click to expand...
Click to collapse
I had the 3.16.401.9, en after de ruu of 3.16.401.8 it is still write protected.
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
worked for me.

robertus12 said:
I had the 3.16.401.9, en after de ruu of 3.16.401.8 it is still write protected.
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
worked for me.
Click to expand...
Click to collapse
It was very relieving huh? I thought we couldn't do it! Glad it worked! :good:

Hi,
This ia maybe very noop question but i gonna give a shot.
I have also 16.401.9 version with hboot 2.15 i will a root access.
Unlock bootloader already done.
But supercid en s-off is mess.
I read here about special line that you must typ in command AFTER su permission.
Can somebody tell me how you gonna get SU permission? When i typ it down is tell me not found? Pfff
Sorry for my english.
Sent from my HTC One S using xda app-developers app

cashvillle said:
Hi,
This ia maybe very noop question but i gonna give a shot.
I have also 16.401.9 version with hboot 2.15 i will a root access.
Unlock bootloader already done.
But supercid en s-off is mess.
I read here about special line that you must typ in command AFTER su permission.
Can somebody tell me how you gonna get SU permission? When i typ it down is tell me not found? Pfff
Sorry for my english.
Sent from my HTC One S using xda app-developers app
Click to expand...
Click to collapse
1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.
2. Type "su" and hit enter. You now have root privileges.

You have the key!
robertus12 said:
I had the 3.16.401.9, en after de ruu of 3.16.401.8 it is still write protected.
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
worked for me.
Click to expand...
Click to collapse
Could you please elaborate on your process for getting your CID to 22222222? Do I need to modify mmcblk0p4 as the other guides have indicated? Could you please write a short guide?

sliponby said:
Could you please elaborate on your process for getting your CID to 22222222? Do I need to modify mmcblk0p4 as the other guides have indicated? Could you please write a short guide?
Click to expand...
Click to collapse
1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.
2. Type "su" and hit enter. You now have root privileges.
3. Type "echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20" and hit enter. To test if it worked restart the phone into fastboot (type "adb reboot bootloader" and hit enter) and once the bootloader screen comes up
type "fastboot oem readcid" and hit enter. It should read "22222222".
4. type "fastboot oem get_identifier_token" and hit enter. Leave that up on your screen and go to HTCdev.com. Follow the instructions from there.
5. Once you have confirmed you have SuperCID, get started with facepalm.

Thanks!
robertus12 said:
1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.
2. Type "su" and hit enter. You now have root privileges.
3. Type "echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20" and hit enter. To test if it worked restart the phone into fastboot (type "adb reboot bootloader" and hit enter) and once the bootloader screen comes up
type "fastboot oem readcid" and hit enter. It should read "22222222".
4. type "fastboot oem get_identifier_token" and hit enter. Leave that up on your screen and go to HTCdev.com. Follow the instructions from there.
5. Once you have confirmed you have SuperCID, get started with facepalm.
Click to expand...
Click to collapse
Thanks for the quick reply! Unfortunately it looks like I'm stills screwed. I followed your instructions exactly and I'm still getting my CID as TMOBO-10. If you have any other ideas, I'm listening.

sliponby said:
Thanks for the quick reply! Unfortunately it looks like I'm stills screwed. I followed your instructions exactly and I'm still getting my CID as TMOBO-10. If you have any other ideas, I'm listening.
Click to expand...
Click to collapse
you can ask the guys on irc
http://chat.andirc.net:8080/?channels=facepalm
They Know what to do.

You can't get facepalm s-off, but you could get moonshine s-off
Go to moonshine.io and look for the supported RUU versions and install one that corresponds to your cid. Then you could install moonshine s-off.
Sent from my One S using Tapatalk 4

RyogoNA said:
You can't get facepalm s-off, but you could get moonshine s-off
Go to moonshine.io and look for the supported RUU versions and install one that corresponds to your cid. Then you could install moonshine s-off.
Sent from my One S using Tapatalk 4
Click to expand...
Click to collapse
i have tried... after second test, monshine awaits adb for too short time...about 2-3 secs is missing for phone to reboot completly for monshine could connect with adb... after time counts 60 secs, monshine says i need to fix my adb...

try here

EDIT - I found a workaround and have successfully achieved s-off

Related

[ASK] How to S-On again after S-off using alpharevX

Sorry for the nubie question or wrong rom.
Can i get back S-On after S-Off using AlpharevX beta... If i can, how to do it?
can i flash hboot only? from the original hboot from desire s?
Thanks for your sharing..
wind99 said:
Sorry for the nubie question or wrong rom.
Can i get back S-On after S-Off using AlpharevX beta... If i can, how to do it?
can i flash hboot only? from the original hboot from desire s?
Thanks for your sharing..
Click to expand...
Click to collapse
You currently can't do this, the team that brought you alpharevx ares working on this
EDIT: Although, it would seem from the posts below that people have achieved this already!
Sent from my HTC Desire S using XDA Premium App
you can by flashing ENG Hboot then flash any official rom after it
alpharevx Hboot bypasses flashing the bootloader
wind99 said:
Sorry for the nubie question or wrong rom.
Can i get back S-On after S-Off using AlpharevX beta... If i can, how to do it?
can i flash hboot only? from the original hboot from desire s?
Thanks for your sharing..
Click to expand...
Click to collapse
You can use this method via adb:
1. Put the hboot.img you want to flash in the root of the sdcard.
2. In cmd run the following commands (after each command press enter):
adb devices
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/backup.img
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
reboot bootloader
HA4ever said:
you can by flashing ENG Hboot then flash any official rom after it
alpharevx Hboot bypasses flashing the bootloader
Click to expand...
Click to collapse
How do i get any hboot official 0.98.000
and how do i flash it.
thanks
first flash ENG Hboot from this thread ENG HBOOT
then flash any official rom from the bootloader (the rom file should be in zip format with name PG88IMG.zip placed in the root of tour SD card)
Thanks for the guide, maybe it can posting to sticky how to gain back s-on after alphareX
already done and success. Back to original hboot 0.98.0000
Please can you tell me which guide (adb or ENG boot) did you use?
wind99 said:
Thanks for the guide, maybe it can posting to sticky how to gain back s-on after alphareX
already done and success. Back to original hboot 0.98.0000
Click to expand...
Click to collapse
Which version of the file you used?
PG88IMG.zip or Eng S-Off.rar ?
PG88IMG.zip is 2000 vesrion not sure for Eng s-off...
heavyhms said:
Which version of the file you used?
PG88IMG.zip or Eng S-Off.rar ?
Click to expand...
Click to collapse
Just get Hboot from original stock RUU. (Extract the RUU exe files)
Murchelago said:
You can use this method via adb:
1. Put the hboot.img you want to flash in the root of the sdcard.
2. In cmd run the following commands (after each command press enter):
adb devices
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/backup.img
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
reboot bootloader
Click to expand...
Click to collapse
From Terminal Emulator on the phone, I start at the SU? Correct?
InfernalByte said:
From Terminal Emulator on the phone, I start at the SU? Correct?
Click to expand...
Click to collapse
I'll be honest (I'm not 100%) but I'm thinking that he intended the while lot to be typed through a command prompt in windows from your PC using ADB, rather than a terminal on the device itself.
Anyone know if this would work with other HTC phones (Incredible or Incredible 2)?
Murchelago said:
You can use this method via adb:
1. Put the hboot.img you want to flash in the root of the sdcard.
2. In cmd run the following commands (after each command press enter):
adb devices
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/backup.img
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
reboot bootloader
Click to expand...
Click to collapse
I can confirm, that this approach works.
chiekurz said:
I can confirm, that this approach works.
Click to expand...
Click to collapse
can someone please put a link to the hboot.img that's been used and is 98.000, as one of the posts says it was 98.200, so that others can also follow this..
ben_pyett said:
can someone please put a link to the hboot.img that's been used and is 98.000, as one of the posts says it was 98.200, so that others can also follow this..
Click to expand...
Click to collapse
Check my previous post. Added hboot I used. 0.98.0000 as that is supported by Alpharev. Now I am back on S-Off again
so we no need to flash old rom with 0.98.0000 hboot just use image and instruction above?
1. You will need to have a room with root, to be able to follow actions described above.
2. If you have none stock rom and recovery you will have security issue, while booting up.
So you have only option of:
1. Running these actions
2. Then running RUU
Worked for me perfectly. P.s. I do not take any responsibility of issues faced Just explained my expierience.
/Edzz
chiekurz said:
1. You will need to have a room with root, to be able to follow actions described above.
2. If you have none stock rom and recovery you will have security issue, while booting up.
So you have only option of:
1. Running these actions
2. Then running RUU
Worked for me perfectly. P.s. I do not take any responsibility of issues faced Just explained my expierience.
/Edzz
Click to expand...
Click to collapse
If you are returned to stock can write a step-by-step guide?

[Q] 155 unknown Error

Again a problem. I want to downgrade hboot from 2.00.0002 to 0.98.00000
so I used misc_version. In one of the step it said
--> now adb shell closes and restarts, instead of having a $ you have a # which means root
But it dont happened.I ignored and continue other step. I went to fastboot and run RUU. It said Image version is 1.27.405.6
I think it work but after a while it said Error [155] unknown error.
so why? and what should I do?
ayene said:
Again a problem. I want to downgrade hboot from 2.00.0002 to 0.98.00000
so I used misc_version. In one of the step it said
--> now adb shell closes and restarts, instead of having a $ you have a # which means root
But it dont happened.I ignored and continue other step. I went to fastboot and run RUU. It said Image version is 1.27.405.6
I think it work but after a while it said Error [155] unknown error.
so why? and what should I do?
Click to expand...
Click to collapse
I think you simply forgot to relock your phone before flashing the RUU.
Sent from my HTC Desire S
relock using "FASTBOOT OEM UNLOCK"
nageshmv said:
relock using "FASTBOOT OEM UNLOCK"
Click to expand...
Click to collapse
Do you realize you've actually typed the command for "unlocking" instead of locking?
Won't work...
Thank all of u
Solved
how did you solve it? i have the same problem i s-on ed because the gps was broken(i sent it to waranty). now i m stuck. s-on + unloked. hboot 2.00.0002. i just want to install the ruu (for the moment). so... how can i lock it?
-
htc desire s error [155]: unknown error
radusy said:
how did you solve it? i have the same problem i s-on ed because the gps was broken(i sent it to waranty). now i m stuck. s-on + unloked. hboot 2.00.0002. i just want to install the ruu (for the moment). so... how can i lock it?
-
htc desire s error [155]: unknown error
Click to expand...
Click to collapse
Boot into bootloader. Go to fastboot mode and issue the command
Fastboot oem lock
Look at the thread posted right below this one. The answer is there too
Sent from my HTC Desire S
thank you problem solved
if you cant relock idid fastboot oem lock but restart and go to android logo how can i relock it ? after i flash oem lock failed and check hboot still unlock how can you fix it ?
Thank you for the advice
This is what fixed my device, I was running circles in twrp trying to figure out how to restore... all i had to do was relock the bootloader... and run ruu. You saved me a ton of headache.

Please Help Me Not Brick My One S

Basically I deleted everything off my One S (System OS,Backups,My Data) So I need to run a RUU to get my phone back to stock
------------------------------
**** TAMPERED ****
**** UNLOCKED ****
VLE PVT SHIP S-ON RL
Hboot-2.13.0000
Radio-1.11.50.05.28
Open DSP-v31.1.0.45.0815
eMMC-boot
Nov 20 2012 , 15:44:03,-1
------------------------------
There is not compatible RUU for my one s so heres the steps I'm going to do ....
1) SuperCID My Phone Using This Tutorial
http://androidforums.com/one-s-all-things-root/690970-guide-supercid.html
2) Then Proceed With S-OFF using this tutorial
http://m.youtube.com/watch?v=fTp5uwURKdg
3) Relock Bootloader Using Hasoon2000's All in one toolkit and flash stock recovery (I Need Stock Recovery Image For Htc one s S4 Processor) I Will use this tutorial for steps 3/4
http://m.youtube.com/watch?v=SZuAjz4PIjU
4) Run The RUU (will I be unbranded if I SuperCID and S OFF my phone so I can run. A unbranded RUU ?)
I Also Need A RUU Which Is On JellyBean Not ICS
5)Unlock Bootloader and Root
Please can ou Anwser These Questions Please <3
ill I be unbranded if I SuperCID and S OFF my phone so I can run. A unbranded RUU ? I am currently branded to three uk
And can someone link me to stock recovery Image for htc one s S4 Processor
Is There Any JellyBean RUU if So Please Link me to them and tell me if I can use them after I have done SuperCID and s off
And let me know if there any problems in my method I am going to use
Thanks One S Community
Do the steps 1 & 2 just as you mentioned.
Then, once you're s-off, you don't need to relock your bootloader. But you need to flash stock recovery before you flash any RUU. You can download it here, and flash it in fastboot mode ('fastboot flash recovery ville_recovery_signed.img').
Being s-off you can easily change to any CID by typing 'fastboot oem writecid xxxxxxxx'. You'll find CIDs in this thread, also keep in mind that using SCID might brick your phone in case of an OTA coming in. But it's easy to change...
Then choose any RUU which is closest to what you need and run it from your desktop/laptop or click me for latest EU RUU.
As you're already rooted, there is no need for step 5. You'll still be s-off and unlocked afterwards.
You should be good to go then.
rootrider said:
Do the steps 1 & 2 just as you mentioned.
Then, once you're s-off, you don't need to relock your bootloader. But you need to flash stock recovery before you flash any RUU. You can download it here, and flash it in fastboot mode ('fastboot flash recovery ville_recovery_signed.img').
Being s-off you can easily change to any CID by typing 'fastboot oem writecid xxxxxxxx'. You'll find CIDs in this thread, also keep in mind that using SCID might brick your phone in case of an OTA coming in. But it's easy to change...
Then choose any RUU which is closest to what you need and run it from your desktop/laptop or click me for latest EU RUU.
As you're already rooted, there is no need for step 5. You'll still be s-off and unlocked afterwards.
You should be good to go then.
Click to expand...
Click to collapse
What should I change my CID to and will I be unbranded ? And can I use the ruu you provided the latest one .and I don't understand what you mean with the OTA Updates. I'm branded to three UK and for 8. Change T-MOB010 to 11111111 and save the file as mmcblk0p4MOD. Would I just find H3G and change it to 11111111
You don't need stock recovery to run an ruu, all you need is a locked bootloader
Sent from my HTC One S using xda app-developers app
Ok then. Just to make shure, you're on an S4 device?
Three UK means you're just around the corner... United Kingdom.
So everything 'EU' will be good for you and you should choose HTC__001 then (HTC Europe). If this works, you'll be unbranded.
If you're s-off you basically can flash any RUU you want, even the most exotic one (if there is any :laugh. And to get the point 'any' means older ones as well, e.g. ICS based ones. Being on HTC__001 or 11111111 with ICS on the other hand means that your device will find an Over The Air update to JB. If you choose to install it, it will install JB without problems on HTC__001 but a possible lot of trouble being on 11111111. As a result you might brick your phone, according to some posts here on XDA. So you should choose HTC__001 (8 digits).
At this point keep in mind, never ever use the latest TMO US JB RUU, as this may install write protection to mmcblk0p4 on one s phones!!! (Maybe not if you're already s-off, idk at this point...)
And yes, you can use the one RUU I linked to in my previous post. It worked here, why should it not work on other phones?
---------- Post added at 11:06 AM ---------- Previous post was at 11:05 AM ----------
k1llacanon said:
You don't need stock recovery to run an ruu, all you need is a locked bootloader
Sent from my HTC One S using xda app-developers app
Click to expand...
Click to collapse
Crap - it's way easier to flash stock recovery than changing cid and unlocking/relocking bootloader. And it works.
I'm going to run the ruu you provided me with will I have any problems with that and what should I change my CID To? Also I'm going to flash stock recovery and lock bootloader so there no probs
rootrider said:
Ok then. Just to make shure, you're on an S4 device?
Three UK means you're just around the corner... United Kingdom.
So everything 'EU' will be good for you and you should choose HTC__001 then (HTC Europe). If this works, you'll be unbranded.
If you're s-off you basically can flash any RUU you want, even the most exotic one (if there is any :laugh. And to get the point 'any' means older ones as well, e.g. ICS based ones. Being on HTC__001 or 11111111 with ICS on the other hand means that your device will find an Over The Air update to JB. If you choose to install it, it will install JB without problems on HTC__001 but a possible lot of trouble being on 11111111. As a result you might brick your phone, according to some posts here on XDA. So you should choose HTC__001 (8 digits).
At this point keep in mind, never ever use the latest TMO US JB RUU, as this may install write protection to mmcblk0p4 on one s phones!!! (Maybe not if you're already s-off, idk at this point...)
And yes, you can use the one RUU I linked to in my previous post. It worked here, why should it not work on other phones?
---------- Post added at 11:06 AM ---------- Previous post was at 11:05 AM ----------
Crap - it's way easier to flash stock recovery than changing cid and unlocking/relocking bootloader. And it works.
Click to expand...
Click to collapse
Sorry for being a pain it's just I don't want to brick my phone and could you explain this as I don't understand it
view plaincopy to clipboardprint?
adb pull /sdcard/mmcblk0p4
and hit enter.
NOTE THE SIZE OF THE FILE BEFORE THE NEXT STEP!
6. Open the file (mmcblk0p4) with your hex editor.
7. Look for offset 00000210 or 00000214 and you should see "T-MOB010" with your IMEI number after it.
NOTE: "T-MOB010" is the T-Mobile US version, depending on your carrier this will change, but it will still precede your IMEI. See the link at the end of this post for a list of other CID's.
MAKE SURE AT THIS POINT THAT THE FILE IS THE EXACT SIZE IT WAS BEFORE YOU HEX EDITED IT!
9. Now go back to your command prompt and type
view plaincopy to clipboardprint?
adb push mmcblk0p4MOD /sdcard/mmcblk0p4MOD
Shall I note the file size so if it. Example.txt(4642kb). I would note the file size and I would just change my CID to HTC__001 ?
And don't I need to get the fast boot files and softbin3 and stuff but the site doesn't provide me with anything could you link me to them ? I have literally no clue
And in HxD. editor will mine look like this http://dl.xda-developers.com/attach...3a77c716b8/51864687/1/0/8/2/7/9/0/hexedit.jpg
Wouldn't I change my CID To H3G__001 but I want to be unbranded
For s off, you need super cid 11111111
HTC_One_S | S-OFF | ViperOneS_2.2.0 | Black-Blue_Sense_Theme | Bulletproof_1.3
ryanshew said:
For s off, you need super cid 11111111
HTC_One_S | S-OFF | ViperOneS_2.2.0 | Black-Blue_Sense_Theme | Bulletproof_1.3
Click to expand...
Click to collapse
should i do
SUPERCID :111111
CHANGE CID :HTC__001
I want to make sure the possiblity of me bricking my phone is extremely low rootrider said change it to HTC__001
btw im a noob at this stuff so i kin off need it simple
Zaman-The-Man said:
should i do
SUPERCID :111111
CHANGE CID :HTC__001
I want to make sure the possiblity of me bricking my phone is extremely low rootrider said change it to HTC__001
btw im a noob at this stuff so i kin off need it simple
Click to expand...
Click to collapse
Hi,
In the order listed, these are the following steps you must do: (this guide assumes you have the HTC drivers installed and a working folder with adb and fastboot files. if you need them, ask)
1. SuperCID. (using the previous link you mentioned, or this link)
2. S-OFF (using the previous link you mentioned, or this link)
3. Get a stock recovery. I have provided one from the Jelly Bean RUU, download it here. MD5 Sum: ed56807cb765ada1d49e7e6e246aea63
Place it in your working folder (the place where adb and fastboot etc. files are).
4. Flash the stock recovery using the command:
Code:
fastboot flash recovery recovery.img
5. Change your cid to HTC__001, using the command:
Code:
fastboot oem writecid HTC__001
You have to be in FASTBOOT USB mode in the bootloader for the command to work.
5. Run a Jelly Bean 3.16 RUU from here:
http://androidfiles.org/ruu/securek...28_10.27.50.08L_release_301814_signed_2_4.exe
6. Done!
Hope it helps
usaff22 said:
Hi,
In the order listed, these are the following steps you must do: (this guide assumes you have the HTC drivers installed and a working folder with adb and fastboot files. if you need them, ask)
1. SuperCID. (using the previous link you mentioned, or this link)
2. S-OFF (using the previous link you mentioned, or
3. Get a stock recovery. I have provided one from the Jelly Bean RUU, download it here. MD5 Sum: ed56807cb765ada1d49e7e6e246aea63
Place it in your working folder (the place where adb and fastboot etc. files are).
4. Flash the stock recovery using the command:
Code:
fastboot flash recovery recovery.img
5. Change your cid to HTC__001, using the command:
Code:
fastboot oem writecid HTC__001
You have to be in FASTBOOT USB mode in the bootloader for the command to work.
5. Run a Jelly Bean 3.16 RUU from here:
http://androidfiles.org/ruu/securek...28_10.27.50.08L_release_301814_signed_2_4.exe
6. Done!
Hope it helps
Click to expand...
Click to collapse
First of all THANKS SO MUCH
and should i be in fastboot mode when doing supercid ? and what should i do for the md5 file ?
THANKS
Zaman-The-Man said:
First of all THANKS SO MUCH
and should i be in fastboot mode when doing supercid ? and what should i do for the md5 file ?
THANKS
Click to expand...
Click to collapse
Hi,
I forgot to link the instructions for S-OFF, my apologies. I have corrected that now.
You should not be in fastboot mode when doing supercid, I didn't realize this. You should be booted into Android. I understand the catch-22 you are having here, so you may want to flash a custom ROM like CM10 for the time being, and then do SuperCID with USB Debugging enabled in Settings.
The md5 file is used to check for corrupt downloads, you download the file and use a tool to check the file's MD5 sum on the PC. Then you match it to the one I gave you and see if it matches. The purpose of this is so that you don't accidentally flash a corrupt file.
Also, the CID you need to find is not T-MOB010, but H3G__001 (two underscores there, to make it 8 digits). Change that to 11111111 (8 digits, again)
usaff22 said:
Hi,
I forgot to link the instructions for S-OFF, my apologies. I have corrected that now.
You should not be in fastboot mode when doing supercid, I didn't realize this. You should be booted into Android. I understand the catch-22 you are having here, so you may want to flash a custom ROM like CM10 for the time being, and then do SuperCID with USB Debugging enabled in Settings.
The md5 file is used to check for corrupt downloads, you download the file and use a tool to check the file's MD5 sum on the PC. Then you match it to the one I gave you and see if it matches. The purpose of this is so that you don't accidentally flash a corrupt file.
Also, the CID you need to find is not T-MOB010, but H3G__001 (two underscores there, to make it 8 digits). Change that to 11111111 (8 digits, again)
Click to expand...
Click to collapse
do i need to relock bootloader wen running the ruu or just the flash stock recovery ?
Zaman-The-Man said:
do i need to relock bootloader wen running the ruu or just the flash stock recovery ?
Click to expand...
Click to collapse
you shouldn't need to
usaff22 said:
you shouldn't need to
Click to expand...
Click to collapse
cant i s off using hasoon2000 toolkit ? wouldnt that be easier ?
thanks
Zaman-The-Man said:
cant i s off using hasoon2000 toolkit ? wouldnt that be easier ?
thanks
Click to expand...
Click to collapse
No, you can't. The developer(s) of the S-OFF exploit don't want their work getting repackaged
Sent from my HTC One S using Tapatalk 2
usaff22 said:
No, you can't. The developer(s) of the S-OFF exploit don't want their work getting repackaged
Sent from my HTC One S using Tapatalk 2
Click to expand...
Click to collapse
Alright so
1) Do SuperCID : 11111111
2) S - OFF
3 Do ' fastboot oem writecid HTC__001 '
4) Flash Stock Recovery
5) Run RUU
looks like I'm sorted
But can I ask what shall If my device doesn't match this PJ4010000.zip ?
You can forget step 4. It's not needed with S-off.
Verstuurd van mijn HTC One S met Tapatalk
Zaman-The-Man said:
Basically I deleted everything off my One S (System OS,Backups,My Data) So I need to run a RUU to get my phone back to stock
------------------------------
**** TAMPERED ****
**** UNLOCKED ****
VLE PVT SHIP S-ON RL
Hboot-2.13.0000
Radio-1.11.50.05.28
Open DSP-v31.1.0.45.0815
eMMC-boot
Nov 20 2012 , 15:44:03,-1
------------------------------
Click to expand...
Click to collapse
Hi, I basically did the same thing as the OP. Deleted my backups by accident by choosing Factory Reset instead of Recovery. I think I am in an even worse position as I thought I had the right RUU as one point and needed to relock the bootloader. My bootloader screen looks like this at the moment.
------------------------------
*** TAMPERED ***
*** RELOCKED ***
*** Security Warning ***
VLE PVT SHIP S-ON RL
Hboot-2.13.0000
Radio-1.11.50.05.28
Open DSP-v31.1.0.45.0815
eMMC-boot
Nov 20 2012 , 15:44:03,-1
------------------------------
Can anyone tell me if this is a lost cause? Thanks.
This is the RUU I used -
OTA_Ville_U_JB_45_S_HTC_Europe_3.16.401.8_1.11.50.05.28_10.27.50.08L_release_301852xf01hejl416oev96.zip.
Does anyone know if this is definitely the wrong one?
To all: Guys, no need to use S-Off for RUU. I DON'T KNOW WHO THE F*** CREATED THE PROCESS OF S-OFFING FOR RUUs AS WHEN I RESTORE STOCK LAST YEAR, IT WAS A SIMPLE BOOTLOADER RELOCK, AND RUU WE GO. IF WE S-OFFED, WE S-ON USING ONE-TOUCH STUFF.
To folaxstar: Well, you got as far as him. However, you got the COMPLETELY WRONG RUU. Technically, IT'S NOT AN RUU AT ALL. It is a Android 4.1 Sense 4.5/+ update for European unlocked HTC One S.
Do a "fastboot getvar cid" without the quotes (of course). You should get a CID that looks like the following: T-MOB010(T-Mobile US, as an example, it might not match what you got). Someone could determine the correct RUU.

(urgent)[q]htc one s s-on hboot 2.16 magi0rom need help for s-off

Hi My htc one s has hboot version 2.16 and s-on. I need to go back to a stable rom right now i have magiorom beta 2 flashed(because i think its the only rom compatible with hboot 2.16 that doesn't require s-off).I already have supercid my cid is 11111111.I tried doing face palm s-off but when i try to flash the ruu it gives me FAILED (remote: 99 unknown fail). I tried it in "rebootRUU" and got the same error. I tried doing super cid again but when i type the command dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4 it says "dd if=/dev/block/mmcblk0p4 of=mmcvlk0p4
mmcvlk0p4: cannot open for write: Read-only file system". So im stuck i dont know what to do! Please help me !
If you already got supercid you don't need to do it again. You're lucky that you got supercid already since you can't get it on 2.16
Read about moonshine s-off maybe this could help you.
Sent from my One S using Tapatalk 4
RyogoNA said:
If you already got supercid you don't need to do it again. You're lucky that you got supercid already since you can't get it on 2.16
Read about moonshine s-off maybe this could help you.
Sent from my One S using Tapatalk 4
Click to expand...
Click to collapse
But isint moon shine s-off a completely different hboot ?
Yes, it is.
Sent from my One S using Tapatalk 4
RyogoNA said:
Yes, it is.
Sent from my One S using Tapatalk 4
Click to expand...
Click to collapse
But the reason im going to s-off is because i want to downgrade my hboot to 2.15
You can downgrade to 2.15 but i think you have to be S-OFF
You can't downgrade from 2.16 if you don't have S-OFF, you even may brick your phone trying to do that.
Sent from my One S using Tapatalk 4
RyogoNA said:
You can't downgrade from 2.16 if you don't have S-OFF, you even may brick your phone trying to do that.
Sent from my One S using Tapatalk 4[/QUOTEI know that but the whole point of me s-offing is so i can put hboot 2.15 on my htc one s
L
Click to expand...
Click to collapse
any one know how to fix ?
I had the same issue, (sort-of) I seemed to have hboot 2.16 after using Moonshine (which is the way to go) and I later flashed the HTC One S RUU and that put me back to hboot 2.15. The only problem is I am trying to update back to 2.16 and I am stuck there. But if you do use Moonshine, run it on Ubuntu. Go to Ubuntu and download the system on a cd. Shut down your computer, boot it up and click F12 and the cd will load. Then when Ubuntu starts up click, "Try Ubuntu" -- Don't install it! That will screw up your system you already have set up. Set up adb drivers, then run moonshine. That will get you S-OFF and then lock your bootloader fastboot flash <unlocktoken Unlock_code.bin> and run this RUU below. Then you can unlock the bootloader, then flash a recovery, and go ahead and flash Roms, Kernels, etc. I hope this helps! :good:
http://forum.xda-developers.com/showthread.php?t=2279588 (Stock RUU) Run as administrator and follow the instructions)
cyberusman said:
Hi My htc one s has hboot version 2.16 and s-on. I need to go back to a stable rom right now i have magiorom beta 2 flashed(because i think its the only rom compatible with hboot 2.16 that doesn't require s-off).I already have supercid my cid is 11111111.I tried doing face palm s-off but when i try to flash the ruu it gives me FAILED (remote: 99 unknown fail). I tried it in "rebootRUU" and got the same error. I tried doing super cid again but when i type the command dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4 it says "dd if=/dev/block/mmcblk0p4 of=mmcvlk0p4
mmcvlk0p4: cannot open for write: Read-only file system". So im stuck i dont know what to do! Please help me !
Click to expand...
Click to collapse
finally there is hope for you.
To get S-off even if you are 2.16 follow this thread:
http://forum.xda-developers.com/showthread.php?t=2558334
tivofool said:
finally there is hope for you.
To get S-off even if you are 2.16 follow this thread:
http://forum.xda-developers.com/showthread.php?t=2558334
Click to expand...
Click to collapse
I have a question... when i flashed maximusrom10 firmware it upgraded my model id. So what software vs should i download
Edit: I mean before i flashed maximusrom10 my model id was PJ4010000, but now after flashing the firmwasre for maximus rom its PJ4011000. So when doing s-off which model id should i use?
cyberusman said:
Hi My htc one s has hboot version 2.16 and s-on. I need to go back to a stable rom right now i have magiorom beta 2 flashed(because i think its the only rom compatible with hboot 2.16 that doesn't require s-off).I already have supercid my cid is 11111111.I tried doing face palm s-off but when i try to flash the ruu it gives me FAILED (remote: 99 unknown fail). I tried it in "rebootRUU" and got the same error. I tried doing super cid again but when i type the command dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4 it says "dd if=/dev/block/mmcblk0p4 of=mmcvlk0p4
mmcvlk0p4: cannot open for write: Read-only file system". So im stuck i dont know what to do! Please help me !
Click to expand...
Click to collapse
If it works in windows moonshine I did this tutorial but in spanish to help all who have problems to make the soff
http://www.taringa.net/posts/celulares/17401702/Como-hacer-soff-en-HTC-one-s-3-14-531-17RD.html

Big help...

First of all ,I want to thank you for your work in the community.It's great.
I have an HTC one SV 4G LTE.It was working very well but one day just stocked and I tried by myself to restore it but to no avail.I have tried all i can to unlock the bootloader but nothing.
These are the characteristics
***Locked***
K2_UL PVT SHIP S-OFF RL
CID-11111111
H BOOT-1.01.0000
Radio- 0.12.40.00.14_2
Open DSP-V7.2.0221.11.23
eMMC-boot
Dec 7 2012,03:10:20:23127
I have tried HTCDev method,adb one but nothing.I don't know what to do......
Please help me.
Thanks
NB:Sorry bot i forgot to say that it's like my OS is wiped because before me somebody tried to do a flash but did not succeed.Sorry once more
Try to flash a RUU (this will wipe all data):
Download this file: https://www.androidfilehost.com/?fid=24369303960683578
Rename the zip file to PL80IMG.zip (make sure it is not named PL80IMG.zip.zip) and copy it in the external sdcard.
Then boot into the bootloader and let the phone recognize the PL80IMG.zip. Confirm to update with vol+ and let it run until its finished.
Thanks a lot.But sorry i forgot to tell you that it's like my OS has been wiped.Somebody else tried to flash it without succeeding.Beside that i've just tried what you told me but it's saying no or wrong image.
What can i do?
You have tried to unlock with htcdev webside and fastboot (not adb) without success?
And RUU is also not working?
Hello, first of all sorry for the delay of my answer.Yes i've tried those methods but my bootloader still mark lock.About adb, i have this systematic answerevice not found.
As i mentionned before it seems like my os have been wiped without backup.
Please help me.........
By the way what are you thinking about viper rom for htc one sv?
You can have a look at this thread: http://forum.xda-developers.com/showthread.php?t=2541843
There is a bootloader unlock for S-off devices without htcdev explained.
But without working adb/fastboot/ruu i don't have hope for your device!
OK.Thanks for everything.Let me go and check and i will give you a feedback
The part of interest of this thread is this one (in an adb shell):
- To unlock:
Code:
echo -ne "HTCU" | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
Click to expand...
Click to collapse

Categories

Resources