Related
Sorry for the nubie question or wrong rom.
Can i get back S-On after S-Off using AlpharevX beta... If i can, how to do it?
can i flash hboot only? from the original hboot from desire s?
Thanks for your sharing..
wind99 said:
Sorry for the nubie question or wrong rom.
Can i get back S-On after S-Off using AlpharevX beta... If i can, how to do it?
can i flash hboot only? from the original hboot from desire s?
Thanks for your sharing..
Click to expand...
Click to collapse
You currently can't do this, the team that brought you alpharevx ares working on this
EDIT: Although, it would seem from the posts below that people have achieved this already!
Sent from my HTC Desire S using XDA Premium App
you can by flashing ENG Hboot then flash any official rom after it
alpharevx Hboot bypasses flashing the bootloader
wind99 said:
Sorry for the nubie question or wrong rom.
Can i get back S-On after S-Off using AlpharevX beta... If i can, how to do it?
can i flash hboot only? from the original hboot from desire s?
Thanks for your sharing..
Click to expand...
Click to collapse
You can use this method via adb:
1. Put the hboot.img you want to flash in the root of the sdcard.
2. In cmd run the following commands (after each command press enter):
adb devices
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/backup.img
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
reboot bootloader
HA4ever said:
you can by flashing ENG Hboot then flash any official rom after it
alpharevx Hboot bypasses flashing the bootloader
Click to expand...
Click to collapse
How do i get any hboot official 0.98.000
and how do i flash it.
thanks
first flash ENG Hboot from this thread ENG HBOOT
then flash any official rom from the bootloader (the rom file should be in zip format with name PG88IMG.zip placed in the root of tour SD card)
Thanks for the guide, maybe it can posting to sticky how to gain back s-on after alphareX
already done and success. Back to original hboot 0.98.0000
Please can you tell me which guide (adb or ENG boot) did you use?
wind99 said:
Thanks for the guide, maybe it can posting to sticky how to gain back s-on after alphareX
already done and success. Back to original hboot 0.98.0000
Click to expand...
Click to collapse
Which version of the file you used?
PG88IMG.zip or Eng S-Off.rar ?
PG88IMG.zip is 2000 vesrion not sure for Eng s-off...
heavyhms said:
Which version of the file you used?
PG88IMG.zip or Eng S-Off.rar ?
Click to expand...
Click to collapse
Just get Hboot from original stock RUU. (Extract the RUU exe files)
Murchelago said:
You can use this method via adb:
1. Put the hboot.img you want to flash in the root of the sdcard.
2. In cmd run the following commands (after each command press enter):
adb devices
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/backup.img
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
reboot bootloader
Click to expand...
Click to collapse
From Terminal Emulator on the phone, I start at the SU? Correct?
InfernalByte said:
From Terminal Emulator on the phone, I start at the SU? Correct?
Click to expand...
Click to collapse
I'll be honest (I'm not 100%) but I'm thinking that he intended the while lot to be typed through a command prompt in windows from your PC using ADB, rather than a terminal on the device itself.
Anyone know if this would work with other HTC phones (Incredible or Incredible 2)?
Murchelago said:
You can use this method via adb:
1. Put the hboot.img you want to flash in the root of the sdcard.
2. In cmd run the following commands (after each command press enter):
adb devices
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/backup.img
dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p18
reboot bootloader
Click to expand...
Click to collapse
I can confirm, that this approach works.
chiekurz said:
I can confirm, that this approach works.
Click to expand...
Click to collapse
can someone please put a link to the hboot.img that's been used and is 98.000, as one of the posts says it was 98.200, so that others can also follow this..
ben_pyett said:
can someone please put a link to the hboot.img that's been used and is 98.000, as one of the posts says it was 98.200, so that others can also follow this..
Click to expand...
Click to collapse
Check my previous post. Added hboot I used. 0.98.0000 as that is supported by Alpharev. Now I am back on S-Off again
so we no need to flash old rom with 0.98.0000 hboot just use image and instruction above?
1. You will need to have a room with root, to be able to follow actions described above.
2. If you have none stock rom and recovery you will have security issue, while booting up.
So you have only option of:
1. Running these actions
2. Then running RUU
Worked for me perfectly. P.s. I do not take any responsibility of issues faced Just explained my expierience.
/Edzz
chiekurz said:
1. You will need to have a room with root, to be able to follow actions described above.
2. If you have none stock rom and recovery you will have security issue, while booting up.
So you have only option of:
1. Running these actions
2. Then running RUU
Worked for me perfectly. P.s. I do not take any responsibility of issues faced Just explained my expierience.
/Edzz
Click to expand...
Click to collapse
If you are returned to stock can write a step-by-step guide?
Hi guys,
I was having a chat with beaups the other day and he decided to impart part of his knowledge onto me. All of the below info is Thanks to him.
This is the process i used to downgrade my firmware from 3.17.841.9 to 3.17.841.9 on a Telstra One XL.
Apparently the 3.17.841.9 update placed a write protection on the CID partition, so the only way to gain SuperCID, then S-OFF to install an AOKP Rom is to downgrade.
This will only work if you stay within the same HBOOT versions. 3.17.841.9 and 3.17.841.2 are both on HBOOT 2.14. Both root and SU is needed.
To downgrade to 3.17.841.2, you'll need the ".2" zip, found here https://dl.dropboxusercontent.com/u/9060692/evita3178412.zip
First find the partition # for MISC by opening an adb shell then:
- "su" > to move to a root shell and then typing:
- "cat /proc/emmc" > to find the MISC partition. Mine was mmcblk0p23:
- "echo -ne "1.00.000.0" | dd of=/dev/block/mmcblk0p23 bs=1 seek=160" > Make sure you use what ever you MISC partition is if it's different to 23. That command will alter what firmware version you phone thinks it is. The android OS will still state the old version, so we need to check it in fast boot. therefore reboot the phone to fastboot, wait for "fastboot USB" to show then type:
- "fastboot getvar mainver" > This should show 1.00.000.0. Now we need to flash the 3.17.841.2 zip. Therefore:
- "fastboot oem lock" > to relock the bootloader. Ensure you still have your unlock.bin file to re-unlock it later. Next:
- "fastboot oem rebootRUU" > to reboot the RUU in order to send the zip file. Then:
- "fastboot flash zip evita3178412.zip" > This is where my attempt hit a little snag where i got a "FAILED (remote: 90 hboot pre-update! please flush image again immediately)" error. If that happens, just run rebootRUU and try to flash again. On the third time it worked. After it completes:
- "fastboot reboot" > to reset the phone. Now to check if the flash took:
- "fastboot getvar mainver" > it should say 3.17.841.2 after that.
Now you have a firmware that you can write on the CID partition to gain SuperCID.
In my case, the next steps were to unlock, recovery, root and then supercid.
Unlock > use the "fastboot flash unlocktoken [your unlockcode.bin]" command
Recovery > i used the TWRP http://forum.xda-developers.com/showthread.php?t=1677447
Root > boot into TWRP and install the Super SU (or superuser) zip. I used this one http://forum.xda-developers.com/showthread.php?t=1538053
SuperCID > i first tried this method but then beaups showed me a much better way. Run the following command from a root adb shell:
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
Reboot to bootloader and hopefully you'll see 22222222 as your CID
Ooo smart. Editing the file directly rather than pushing and pulling.
Sent from my One X using xda app-developers app
Chances are this won't work for 3.18 at&t right? Lol.... Oh wait.. duh yeah I didn't read it completely. Waist of comment I know. At&t HTC one x only had one update that has hboot 2.14
Sent from my HTC One X using xda app-developers app
Megadoug13 said:
At&t HTC one x only had one update that has hboot 2.14
Click to expand...
Click to collapse
And AT&T phones can't unlock boot loader so can't flash root which is another requirement.
Good write-up Austempest :good:
I did the same, thanks to beaups, who walked me through this the other day as well.
Worked perfect.
beaups also suggested making a full backup prior to flashing the 3.17.841.2 zip., and copy it to your PC just in case.
I found after I had change the CID I had to reload my ROM (Viper from scratch) don't know why, the nandroid did not work very well.
Thanks again, I am now S-off
FSB said:
I found after I had change the CID I had to reload my ROM (Viper from scratch) don't know why, the nandroid did not work very well.
Click to expand...
Click to collapse
I was running a stock Telstra rom, I did the backup but it wasn't needed.
Sent from my HTC One (M7) using the xda-developers app
Austempest said:
SuperCID > i first tried this method but then beaups showed me a much better way. Run the following command from a root adb shell:
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
Reboot to bootloader and hopefully you'll see 22222222 as your CID
Click to expand...
Click to collapse
Thanks a million mate for sharing this one, saved me a lot of time and trouble :good:
Austempest said:
To downgrade to 3.17.841.2, you'll need the ".2" zip, found here **evita3178412.zip**
Click to expand...
Click to collapse
Hey would anyone have the .2 zip? Dropbox is 404ing :S Thanks
konradthecat said:
Hey would anyone have the .2 zip? Dropbox is 404ing :S Thanks
Click to expand...
Click to collapse
I am getting this error when trying to flash the OTA zip file
FAILED (remote: 12 signature verify fail)
Ideas?
Cheers.
EDIT: It appears the OTA zip won't work for this, and the source download is missing. Can someone please up the file from OP.
Thanks.
This post has been up for a little over a month and I doubt many have downloaded that file. I would just use the jet tool or pm op.
Sent from my HTC One X using xda app-developers app
It is just firmware.zip from 3.17.841.2 ota. Extract it from the ota and follow the instructions.
Sent from my HTC One XL using xda app-developers app
twistedddx said:
It is just firmware.zip from 3.17.841.2 ota. Extract it from the ota and follow the instructions.
Sent from my HTC One XL using xda app-developers app
Click to expand...
Click to collapse
Good to know. thanks mate
I'll upload it tomorrow for you guys
Sent from my HTC One (M7) using the xda-developers app
twistedddx said:
It is just firmware.zip from 3.17.841.2 ota. Extract it from the ota and follow the instructions.
Click to expand...
Click to collapse
@twistedddx is correct, but if your lazy, I've uploaded it to my dropbox, feel free to use it.
http://db.tt/NVkkNlV9
I got this file from @beaups
twistedddx said:
It is just firmware.zip from 3.17.841.2 ota. Extract it from the ota and follow the instructions.
Click to expand...
Click to collapse
And just in case people get crazy ideas. I would not go flashing random firmware.zip from any ota etc. firmware.zip typically only contains things to be updated. The first Jelly Bean update for each region had a "full" firmware.zip, just like they had a full system image.
Care should be taken with other firmware.zip packages that may be only partial updates, you could brick your phone if you update some parts without updating other parts. Eg applying firmware.zip from 3.17.841.9 could be risky if applied over a 2.40.841.4 phone.
still cant rewrite the CID, even when installing the downgraded firmware, fastboot get mainver shows the correct (downgraded) firmware, but still cannot write that new CID.. any ideas?
Just use jet tool
Sent from my One X using xda app-developers app
thanks guys. this downgrade has saved me a lot of hair pulling!
Hi everyone,
I need your help because I can't S-OFF my HTC One S (s4) : Latest official ROM 3.16.401 (if I remember well), Bootloader unlocked, SuperCID and Hboot 2.15
I can't S-OFF with Facepalm, cause I have Hboot 2.15 right ?
And I can't either with Moonshine cause only compatible with :
3.14.531.11 (T-MOB)
3.16.666.9 (BM)
3.16.111.10 (TMO_DE)
3.16.661.4 (Telus)
So if I am SupedCID i must be able to flash any firmware above mine right ? Or do I need to match the CID anyway ?
In fact I didn't succeed in, at first with bootloader unlocked it said error in parsing android-info file (tried with 2 RUUs) then I tried with bootloader relocked and then it says "remote 12 : signature verify fail"
So...I am a little bit lost, what should I do ? Any idea ?
Thanks.
A bit off topic but still kinda related.
So i got my phone used, and when i got it, it was already bootloader unlocked and s-off. Now my question is, a lot of people are having trouble getting s-off on 2.15 hBoot, but that's what i have, along with TMOB010 CID.
I want to know how this device got s-off, and the thing is, in bootloader it doesn't even have **tampered** showing on there.
Anyone have any idea? I just want to know so that if i mess up the phone I'd know how to get it back to its previous state.
Sent from my One S using XDA Premium 4 mobile app
Noplait said:
Hi everyone,
I need your help because I can't S-OFF my HTC One S (s4) : Latest official ROM 3.16.401 (if I remember well), Bootloader unlocked, SuperCID and Hboot 2.15
I can't S-OFF with Facepalm, cause I have Hboot 2.15 right ?
And I can't either with Moonshine cause only compatible with :
3.14.531.11 (T-MOB)
3.16.666.9 (BM)
3.16.111.10 (TMO_DE)
3.16.661.4 (Telus)
So if I am SupedCID i must be able to flash any firmware above mine right ? Or do I need to match the CID anyway ?
In fact I didn't succeed in, at first with bootloader unlocked it said error in parsing android-info file (tried with 2 RUUs) then I tried with bootloader relocked and then it says "remote 12 : signature verify fail"
So...I am a little bit lost, what should I do ? Any idea ?
Thanks.
Click to expand...
Click to collapse
If you have SuperCID then yes you can flash RUU above yours. I did, but for me moonshine still didn't work but occasionally Facepalm did.
---------- Post added at 12:25 AM ---------- Previous post was at 12:20 AM ----------
JiroPrinz8 said:
A bit off topic but still kinda related.
So i got my phone used, and when i got it, it was already bootloader unlocked and s-off. Now my question is, a lot of people are having trouble getting s-off on 2.15 hBoot, but that's what i have, along with TMOB010 CID.
I want to know how this device got s-off, and the thing is, in bootloader it doesn't even have **tampered** showing on there.
Anyone have any idea? I just want to know so that if i mess up the phone I'd know how to get it back to its previous state.
Sent from my One S using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Tampered flag can be removed by tool revone.
This time I know just 2 methods how to do S-Off, moonshine and facepalm.
Can't think of one!
------> Noplait
Managed to S-Off mine with the following specs...
Baseband version : 1.12.50.05.05_10.28.50.08L
Software number : 3.16.61.10
Android version: 4.1.1
Hboot: 2.15.0000
Followed the instructions Exactly.
1. Bootloader unlock via HTCDev.
2. Steps 1,2&3 as found here
http://forum.xda-developers.com/showthread.php?t=1583427
3. SuperCID as found here
http://forum.xda-developers.com/showthread.php?p=26516911#post26516911
4. Bootloader unlock via HTCDev
(Out of curiosity did you go back to HTCDev and go through the unlock process again? As this is what I did (as per instructions)?).
5. Facepalm S-Off as found here
http://forum.xda-developers.com/showthread.php?t=2155135
(Note: for instructions 5, I dragged the appropriate zip into the command prompt line from where I had downloaded zip file,
and for instruction 7 dragged the appropriate file from the folder into the first command prompt line only - adb push <locaction of this file only: soffbin3> /data/local/tmp/
Then copied and paste the remaining two commands one at a time, remember to press enter after each of the 3 commands)
Hope that helps.
Step 3 (changig CID) seems to cause trouble to users with base 3.16.401.8, including me.
It looks like mmcblk0p4 is write protected here, so the changing of the CID just does not work.
I also didn't find a working way around yet...
Hello! I need some help here.Probably not the right place,sorry about that!
My problem is that I'm s-on,and it's seems that I can't do the supercid witch is the first step for Facepalm process.
I red a lot about this topic, everything what I have found.
It appears that I got the hboot 2.15 version with Jb ota Update ,because of this the mmcblk0p4 file is write protected... so the cid overwrite is undone.
Tried on ViperOneS 1.2.1 - 2.2.0,on Tricktroid 7-9.1 and on Jb Stock also.The adb ,the termal emulaton on phone ,hex editing works well.
This is my hboot:
*** TEMPERED ***
*** UNLOCKED ***
VLE PVT SHIP S-ON RL
HBOOT-2.15.0000
RADIO-1.11.50.05.28
OpenDSP-v31.1.0.45.0815
eMM-boot
Dec 14 2012,17:10:57:-1
My cid is Tim--401 so not Moonshine s-off compatibile.
Is exist any other method to gain S-off? or the only solution is riff/jtag?
I red the folowing treads about supercid:
http://forum.xda-developers.com/showthread.php?t=2446750&highlight=hboot+2+15+supercid&page=5
http://forum.xda-developers.com/showthread.php?t=2460148
http://forum.xda-developers.com/showthread.php?t=2453595&highlight=hboot+2+15+supercid
http://forum.xda-developers.com/showthread.php?t=1671643&page=48
http://forum.xda-developers.com/showthread.php?p=26516911#post26516911
gforums said:
Step 3 (changig CID) seems to cause trouble to users with base 3.16.401.8, including me.
It looks like mmcblk0p4 is write protected here, so the changing of the CID just does not work.
I also didn't find a working way around yet...
Click to expand...
Click to collapse
You're certain it's .8 and not the .9
I did it on 8 with no problems way back.
Verzonden vanaf mijn HTC One S met behulp van Tapatalk now Free
Here is what worked for me to get supercid 22222222 then facepalm to S-Off. Easy as Pie! But that was for me, hboot 2.15. I take no responsibility! Lol
LibertyMonger said:
Here is what worked for me to get supercid 22222222 then facepalm to S-Off. Easy as Pie! But that was for me, hboot 2.15. I take no responsibility! Lol
Click to expand...
Click to collapse
I had the 3.16.401.9, en after de ruu of 3.16.401.8 it is still write protected.
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
worked for me.
robertus12 said:
I had the 3.16.401.9, en after de ruu of 3.16.401.8 it is still write protected.
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
worked for me.
Click to expand...
Click to collapse
It was very relieving huh? I thought we couldn't do it! Glad it worked! :good:
Hi,
This ia maybe very noop question but i gonna give a shot.
I have also 16.401.9 version with hboot 2.15 i will a root access.
Unlock bootloader already done.
But supercid en s-off is mess.
I read here about special line that you must typ in command AFTER su permission.
Can somebody tell me how you gonna get SU permission? When i typ it down is tell me not found? Pfff
Sorry for my english.
Sent from my HTC One S using xda app-developers app
cashvillle said:
Hi,
This ia maybe very noop question but i gonna give a shot.
I have also 16.401.9 version with hboot 2.15 i will a root access.
Unlock bootloader already done.
But supercid en s-off is mess.
I read here about special line that you must typ in command AFTER su permission.
Can somebody tell me how you gonna get SU permission? When i typ it down is tell me not found? Pfff
Sorry for my english.
Sent from my HTC One S using xda app-developers app
Click to expand...
Click to collapse
1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.
2. Type "su" and hit enter. You now have root privileges.
You have the key!
robertus12 said:
I had the 3.16.401.9, en after de ruu of 3.16.401.8 it is still write protected.
echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20
worked for me.
Click to expand...
Click to collapse
Could you please elaborate on your process for getting your CID to 22222222? Do I need to modify mmcblk0p4 as the other guides have indicated? Could you please write a short guide?
sliponby said:
Could you please elaborate on your process for getting your CID to 22222222? Do I need to modify mmcblk0p4 as the other guides have indicated? Could you please write a short guide?
Click to expand...
Click to collapse
1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.
2. Type "su" and hit enter. You now have root privileges.
3. Type "echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20" and hit enter. To test if it worked restart the phone into fastboot (type "adb reboot bootloader" and hit enter) and once the bootloader screen comes up
type "fastboot oem readcid" and hit enter. It should read "22222222".
4. type "fastboot oem get_identifier_token" and hit enter. Leave that up on your screen and go to HTCdev.com. Follow the instructions from there.
5. Once you have confirmed you have SuperCID, get started with facepalm.
Thanks!
robertus12 said:
1. Fire up your command prompt and go to the directory that you have ADB installed to. Type "adb shell" and hit enter.
2. Type "su" and hit enter. You now have root privileges.
3. Type "echo -ne "22222222" | dd of=/dev/block/mmcblk0p5 bs=1 seek=20" and hit enter. To test if it worked restart the phone into fastboot (type "adb reboot bootloader" and hit enter) and once the bootloader screen comes up
type "fastboot oem readcid" and hit enter. It should read "22222222".
4. type "fastboot oem get_identifier_token" and hit enter. Leave that up on your screen and go to HTCdev.com. Follow the instructions from there.
5. Once you have confirmed you have SuperCID, get started with facepalm.
Click to expand...
Click to collapse
Thanks for the quick reply! Unfortunately it looks like I'm stills screwed. I followed your instructions exactly and I'm still getting my CID as TMOBO-10. If you have any other ideas, I'm listening.
sliponby said:
Thanks for the quick reply! Unfortunately it looks like I'm stills screwed. I followed your instructions exactly and I'm still getting my CID as TMOBO-10. If you have any other ideas, I'm listening.
Click to expand...
Click to collapse
you can ask the guys on irc
http://chat.andirc.net:8080/?channels=facepalm
They Know what to do.
You can't get facepalm s-off, but you could get moonshine s-off
Go to moonshine.io and look for the supported RUU versions and install one that corresponds to your cid. Then you could install moonshine s-off.
Sent from my One S using Tapatalk 4
RyogoNA said:
You can't get facepalm s-off, but you could get moonshine s-off
Go to moonshine.io and look for the supported RUU versions and install one that corresponds to your cid. Then you could install moonshine s-off.
Sent from my One S using Tapatalk 4
Click to expand...
Click to collapse
i have tried... after second test, monshine awaits adb for too short time...about 2-3 secs is missing for phone to reboot completly for monshine could connect with adb... after time counts 60 secs, monshine says i need to fix my adb...
try here
EDIT - I found a workaround and have successfully achieved s-off
ONLY Works For HTC Evita By AT&T On 3.18..... and I threw this together so people can have all there information on 3.18 in a single thread. I take no credit for the work.... Because I'm not the dev that's made the exploits, or files.
How To Root on the ATT 3.18 firmware for HTC One XL and SuperCID.
- Linux Simplified
- Windows Explained*
DOWNLOAD : ( 3.18 root exploit )
http://forum.xda-developers.com/attachment.php?attachmentid=1973170&d=1368918573
Linux Version.
Requirements -
--Adb Environment--
--Knowledge on how to use adb--
--AT&T HTC One XL and linux based computer haha--
As @myusernam3 says
1. just extract zip*
2. run pwn.sh......This automated method*
3. or follow the windows steps on linux ( the adb steps )
Windows Version
Requirements -
--Adb Environment--
--Adb Knowledge--
-- AT&T HTC One XL and windows based computer
1. Open Command Promt and navigate to your Adb folders and make sure the xpwn.tar.gz Is extracted to the main folder of adb...
2. Execute this command
Code:
adb push oneXchopper /data/local/tmp/xpwn
Followed by*
Code:
adb push busybox /data/local/tmp/busybox
Followed By
Code:
adb push ownage /data/local/tmp/phase1.sh
Next*
Code:
adb shell chmod 755 /data/local/tmp/xpwn /data/local/tmp/busybox
Next*
Code:
adb shell ln -s /data/local/tmp/busybox /data/local/tmp/sed
Next
Code:
adb shell "/data/local/tmp/xpwn"
Next
Code:
adb reboot bootloader
Just to clarify, this is a temp root which sets your CID to SuperCID allowing a bootloader unlock via HTCDev. It does NOT install Superuser or anything of that sort.
I'm not responsible for bricks, warranty voiding, etc. and please let me know if this works*
Thanks to Dan Rosenberg for Motochopper, which I modified very slightly for use in this script.
Thanks also to the people who paid the bounty. You guys are awesome and probably just bought me something nice. Not sure what yet
One more thanks to Daft Punk for providing some decent music to listen to while I worked on this. I was up all night to get lucky xD
Click to expand...
Click to collapse
All credits to the OP of this thread http://forum.xda-developers.com/showthread.php?t=2285086
Sent from my HTC One XL using XDA Premium 4 mobile app
How to S-Off After completing above
Original Thread http://forum.xda-developers.com/showthread.php?t=2155071
Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):
1.) Download patcher and unzip it in your working directory:
soffbin3.zip soffbin3.zip Mirror
2.) Download the zip below
OneX.zip = MD5: 99a8eced1010543e12cbd4e4e8f9638f,* Mirror
3.)
Code:
adb reboot bootloader
(wait for bootloader)
4.)
Code:
fastboot oem rebootRUU
(wait for black HTC Screen)
5.)
Code:
fastboot flash zip PJ8312000-OneX.zip
After a while, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”
6.) Immediately issue the following command:
Code:
fastboot oem boot
You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).
7.) Issue the following 3 commands to update the security partition with S-off flags (one command at a time!):
Code:
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell su -c "/data/local/tmp/soffbin3"
(wait for a few seconds)
8.)
Code:
adb reboot bootloader
9.) You should see what you are looking for!
If you need help or just care to say thanks, join us on IRC:* #FacePalm http://chat.andirc.net:8080/?channels=facepalm
Enjoy.
Click to expand...
Click to collapse
Credits To @beaups
TeamWin Recovery Project -http://forum.xda-developers.com/showthread.php?t=1677447
ClockworkMod Recovery -
To flash recovery. ..
1. Boot into bootloader
2. Select fastboot
3. Open Command Prompt and navigate to adb and fastboot folder. Place " recovery.img " in that folder
4. Plug cord into pc and the phone.
5. Once pacific drivers installed for fastboot control execute
Code:
fastboot flash recovery recovery.img
Sent from my HTC One XL using XDA Premium 4 mobile app
Firmware Update After Achieving S-Off If You Want To Use Sense 5 4.2.2
Firmware (Optional)(But Recommend): http://www.androidfilehost.com/?fid=23060877490004040 (Doesn't overwrite kernel and recovery)
Installing the Firmware (Warning: You MUST be S-OFF and Super CID to flash this! Flash at own risk!)
[*]Reboot to bootloader (adb reboot bootloader if "USB Debugging" is enabled in Android)
[*] Run: fastboot oem rebootRUU
[*] Run: fastboot flash zip
[*] If the output ends with "FAILED (remote: 90 hboot pre-update! please flush image again immediately)", run the previous command AGAIN
[*] If it ends with "INFO..... OK", reboot to the bootloader: fastboot reboot-bootloader
[*] Verify everything was successful by running: fastboot getvar all
[*] Reboot into Android: fastboot reboot or into recovery: fastboot reboot-recovery
Credits to @Turge*
You might want to mention that the 2.15 firmware is only really necessary/recommended for users wanting to run Android 4.2.2 Sense 5 ROMs. It isn't required for anything else. You might also want to mention that the work isn't your own, and give credit to all the people that actually did the work on these exploits.
Sent from my Evita
timmaaa said:
You might want to mention that the 2.15 firmware is only really necessary/recommended for users wanting to run Android 4.2.2 Sense 5 ROMs. It isn't required for anything else. You might also want to mention that the work isn't your own, and give credit to all the people that actually did the work on these exploits.
Sent from my Evita
Click to expand...
Click to collapse
First post mentions nothing on this page is my work and that I take no credit and all 3 post have the credits given to the devs
Sent from my HTC One XL using XDA Premium 4 mobile app
My mistake, I guess missed the credits, sorry about that.
Sent from my Evita
timmaaa said:
My mistake, I guess missed the credits, sorry about that.
Sent from my Evita
Click to expand...
Click to collapse
It's fine
Sent from my HTC One XL using XDA Premium 4 mobile app
Deleted
timmaaa said:
You might want to mention that the 2.15 firmware is only really necessary/recommended for users wanting to run Android 4.2.2 Sense 5 ROMs. It isn't required for anything else. You might also want to mention that the work isn't your own, and give credit to all the people that actually did the work on these exploits.
Sent from my Evita
Click to expand...
Click to collapse
What about 2,14 firmware? Is it necessary for Sense 5 JB 4.2.2 ROMs?
MRaaJR said:
What about 2,14 firmware? Is it necessary for Sense 5 JB 4.2.2 ROMs?
Click to expand...
Click to collapse
No. It's the 2.15 firmware that's recommended for the Sense 5 ROMs.
Sent from my Evita
MRaaJR said:
What about 2,14 firmware? Is it necessary for Sense 5 JB 4.2.2 ROMs?
Click to expand...
Click to collapse
Well you can use 2.14 firmware but to fix any issues that come with sense 5 you will need to use Zarboz Kernel... If you update to 2.15 firmware that was made for Sense 5 4.2.2 you won't have any issues... But to upgrade firmware you must be S-Off
Sent from my HTC One XL using XDA Premium 4 mobile app
Where can i get 2.15 firmare....i tried to find on androidruu but did not get it
Sent from my HTC One XL using XDA Premium 4 mobile app
It's in the first post of Turge's stock Sense 5 ROM thread.
Sent from my Evita
haq.adnan said:
Where can i get 2.15 firmare....i tried to find on androidruu but did not get it
Sent from my HTC One XL using XDA Premium 4 mobile app
Click to expand...
Click to collapse
timmaaa said:
It's in the first post of Turge's stock Sense 5 ROM thread.
Sent from my Evita
Click to expand...
Click to collapse
It's also in 4th post.
Sent from my HTC One XL using XDA Premium 4 mobile app
Yeah, searching and reading would have found that.
Sent from my Evita
Need minor help
[*] Run: fastboot flash zip
Click to expand...
Click to collapse
Please update this command some 1 .,.... i get unknown partition when i just type it like that ... if i type the file-name.zip i still get the same error. I have used Fastboot, just wanna know which partition to flash the 2.15 firmware in....
FYI: on 3.18 RUU
My System Details
**UNLOCKED**
EVITA PVT SHIP S-OFF RL
CID-11111111
HBOOT-2.14.000
Radio-0.24p.32.09.06
Hope i am not much of a trouble. Tc Have a nice day.
FIXED: its "fastboot flash zip filename.zip" & u should not change the default filename which also throws error. Pulled from Turge's Stock Rom post. All creditz to him.
What changes from 2.14 to 2.15?
Sent from my HTC One XL using xda app-developers app
johnnyham89 said:
What changes from 2.14 to 2.15?
Click to expand...
Click to collapse
The most significant change is (suspected) to have to do with the radio included in the 2.15 firmware package. The power save function on Sense 5 ROMs cause signal drop and reboot issues for some folks, likely having to do with older radios not playing well with the power save function.
Thanks redpoint! Those are the exact problems that I am experiencing! Time to upgrade!!!!
Sent from my HTC One XL using xda app-developers app
Hi,
I have just unlocked my HTC A9, says it's unlocked in bootloader. S-ON is still on and I think it's stopping me from installing TWRP as my recovery image so I cannot flash the Cyanogenmod .zip file. Does anyone know how I can turn S-ON off or where I should go from here, how that the bootloader is unlocked.
Thanks,
Kieran
Go to htcdev.com on your computer and follow the steps to unlock bootloader. Your phone won't be S-off but with the unlocked bootloader you'll be able to fastboot the twrp recovery.
Your phone does not need s-off in order to flash custom recoveries and ROMS, all that you need is an unlocked bootloader
Bull****, you can't flash recoveries or bootloader with "S-ON"
>FAILED (remote: cannot flash this partition in s-on state)
How do you change it to S-OFF?
Jisifus said:
Bull****, you can't flash recoveries or bootloader with "S-ON"
>FAILED (remote: cannot flash this partition in s-on state)
How do you change it to S-OFF?
Click to expand...
Click to collapse
Well that's strange, I'm s-on with twrp 3.0.0.2 and the latest cyanogenmod nightly running
Sent from my HTC One A9 using XDA-Developers mobile app
MGfusion said:
Well that's strange, I'm s-on with twrp 3.0.0.2 and the latest cyanogenmod nightly running
Sent from my HTC One A9 using XDA-Developers mobile app
Click to expand...
Click to collapse
It turns out I was in the white background bootloader, not the download mode, that's why it didn't work. Sorry for the harsh reply, I was getting really inpatient with my device...
Now I can't flash CM13 because my firmware version is 1.64 and it needs to be 1.27. But there is no RUU for 1.64 so I'm completely out of ideas what to do next, jesus christ...
Stuck in bootloop after installing CM13...
I´ve managed to install CM13 & GAppss successfully via TWRP (it says so) but when I reboot the device to start CM, I am trapped in a bootloop
How do I get CM started? For now, I have re-installed the original ROM just by placing it as 2PQ9IMG.zip on the device to get a working device again, but I really want a CM13...
Any hints appreciated - thanks,
Rob
Jisifus said:
It turns out I was in the white background bootloader, not the download mode, that's why it didn't work. Sorry for the harsh reply, I was getting really inpatient with my device...
Now I can't flash CM13 because my firmware version is 1.64 and it needs to be 1.27. But there is no RUU for 1.64 so I'm completely out of ideas what to do next, jesus christ...
Click to expand...
Click to collapse
Haha, no problem... to downgrade I think you have to be s-off, however I'm not really sure on that one
Jisifus said:
It turns out I was in the white background bootloader, not the download mode, that's why it didn't work. Sorry for the harsh reply, I was getting really inpatient with my device...
Now I can't flash CM13 because my firmware version is 1.64 and it needs to be 1.27. But there is no RUU for 1.64 so I'm completely out of ideas what to do next, jesus christ...
Click to expand...
Click to collapse
Sent from my HTC One A9 using XDA-Developers mobile app
Same issue
RobOtter said:
Stuck in bootloop after installing CM13...
I´ve managed to install CM13 & GAppss successfully via TWRP (it says so) but when I reboot the device to start CM, I am trapped in a bootloop
How do I get CM started? For now, I have re-installed the original ROM just by placing it as 2PQ9IMG.zip on the device to get a working device again, but I really want a CM13...
Any hints appreciated - thanks,
Rob
Click to expand...
Click to collapse
I'm in the same situation. You solved?
You have to downgrade to 1.27.xxx.x.
To downgrade you have to say your phone your on 1.10.xxx.x.
enter these commands.
adb shell
echo -ne "1.10.xxx.x\x00\x00" | dd of=/dev/block/mmcblk0p28 bs=1 seek=2208
exit
adb reboot bootloader
then you can flash the signed 1.27 RUU.
after you downgraded you can flash the CM via twrp
worked for me on the .401. edition.
Thank you, but...
Thank you, I've try to downgrade but the operation fail, the message is 7 RU_CID_FAIL cid in android-info mismatched
dav375 said:
You have to downgrade to 1.27.xxx.x.
To downgrade you have to say your phone your on 1.10.xxx.x.
enter these commands.
adb shell
echo -ne "1.10.xxx.x\x00\x00" | dd of=/dev/block/mmcblk0p28 bs=1 seek=2208
exit
adb reboot bootloader
then you can flash the signed 1.27 RUU.
after you downgraded you can flash the CM via twrp
worked for me on the .401. edition.
Click to expand...
Click to collapse
frank531 said:
Thank you, I've try to downgrade but the operation fail, the message is 7 RU_CID_FAIL cid in android-info mismatched
Click to expand...
Click to collapse
seems like you used the wrong ruu for your phone. whats your cid?
I don't know....
Where can I find it? :angel:
dav375 said:
seems like you used the wrong ruu for your phone. whats your cid?
Click to expand...
Click to collapse
frank531 said:
I don't know....
Where can I find it? :angel:
Click to expand...
Click to collapse
fastboot getvar all
in download mode
Ok is the VODAP001 , now I download the right one.
Thank you so much. I hope it works...:good:
dav375 said:
fastboot getvar all
in download mode
Click to expand...
Click to collapse
Not sure if this applies to this thread, but I'm having a similar issue to the first one given. I unlocked the bootloader on my ATT A9, but when I flashed the recoery in download mode and reboot to recovery, it sends me to the stock recovery. Can anyone help?
I've try, but doesn't work...
Afther the adb shell and echo -ne........
this message:
o -ne "1.10.161.7\x00\x00" | dd of=/dev/block/mmcblk0p28 bs=1 seek=2208 <
dd: /dev/block/mmcblk0p28: Permission denied
1|[email protected]_hiaeuhl:/ $
next I've try to flash from the download mode and now the error message says: 19 RU_MAIN_VER_FAIL os-version in android-info missing or i
Maybe the problem is the recovery? Now I have the TWRP not the stock...
I search for a trend for go back to the stock but I haven't found it...
dav375 said:
fastboot getvar all
in download mode
Click to expand...
Click to collapse
frank531 said:
Ok is the VODAP001 , now I download the right one.
Thank you so much. I hope it works...:good:
Click to expand...
Click to collapse
Has it been solved. I seem to have the same issue??
I confirm that downgrading to 1.27 let's you Flash latest CM13.
Does anyone know, what firmware really does? Does it affect security in any way?
dav375 said:
You have to downgrade to 1.27.xxx.x.
To downgrade you have to say your phone your on 1.10.xxx.x.
enter these commands.
adb shell
echo -ne "1.10.xxx.x\x00\x00" | dd of=/dev/block/mmcblk0p28 bs=1 seek=2208
exit
adb reboot bootloader
then you can flash the signed 1.27 RUU.
after you downgraded you can flash the CM via twrp
worked for me on the .401. edition.
Click to expand...
Click to collapse
Is Working! Thanks! But You Forget To Must type "su" but is ok,thank you so much! i save my 25$ to S-off,Thank!