Hi,
im currently stuck on the step of changing the CID on a smartphone of a friend. the Current CID is T-MOB101 with an unlocked bootloader ( HBOOT 2.15) S-On and an old CM running)
Id like to update to HBOOT 2.16 but im failing at step one, chaning the CID to the SCID.
Ive tried many times to flash mmcblk0p4 with the modified data (yes, ive done that) but it doesnt stick. No matter what i do i always get
fastboot oem readcid
...
(bootloader) cid: T-MOB101
Ive even verified the uploaded file, its fine.
https://i.imgur.com/nGBDEul.png
Take a look at moonshine or rumrunner.
If I remember correctly, facepalm isn't usable, anymore, with the t-mobile version of the One S if the latest official firmware got installed.
Sent from my HTC One M9 using XDA Labs
Well, both dont seem to work with the CM installed.
I guess i have to roll back to an official FW and try again
Also ive just noticed, im unable to mount /sdcard, in both recovery and rom.
Kinda strange
Facepalm and moonshine definitely don't work with CM. They're both meant to be used with a sense rom.
Rumrunner, on the other hand, should be usable with CM11.
The storage issue should be solvable by flashing a RUU.
Sent from my HTC One M9 using XDA Labs
Well, RR seems to not like my device. All i get is this
==================== rumrunner S-OFF 0.5.0 ==============================
rumrunner S-OFF comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running rumrunner S-OFF lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
Do you understand the implications of this warning?
(Yes/No)
Yes
Dear User: We will expect that YOU:
(1) Know how to use ADB and FASTBOOT binaries
---- [Yes, use these tools to test USB connection BEFORE running rumrunner] ----
(2) Realize that rumrunner S-OFF cannot support every CUSTOM rom in this world
(3) Understand that irc support IS NOT A GENERAL HELPDESK
(4) Are able to identify and download the CORRECT package for YOUR device
(5) Know how to enable USB-debugging on YOUR device (Yes, do that now)
(6) Understand that you may NOT repack or redistribute rumrunner S-OFF
Ok?
(Yes/No)
Yes
!! Do NOT for any reason taunt, unplug, drop, eat or pet your device !!
Please wait....
..........
Checking for updates......
Test 1: Rebooting into bootloader
Waiting for fastboot (7/120)
Waiting
Test 2: Booting device
Waiting for ADB (23/120)
must ferment longer...
must sanitize, skunky rum is nasty
hold please..............................................
[------------------------------------------------------------]
Rebooting into bootloader (again)
Waiting for fastboot (7/120)
FATAL: Download updated package at www.rumrunner.us
Press ENTER to exit
The RRU ive found for my device ( TMO_DE ) doenst like it either, propably because its severy behind the actual FW on the device (2.38.111.10 is the latest RUU ive found, but the current version on the phone is detected as 3.16.111.11)
With S-ON you can only use RUUs that have the same or a higher firmware version than your phone. Downgrading is only possible with S-OFF.
The latest RUU for T-Mobile Germany that I could find euqals version 3.16.111.7. I know that the One M9 accepts older RUUs as long as only the digits behind the last dot mismatch. I'm not sure whether the same applies to the One S, though, since I set my One S S-OFF before I used RUUs for the first time.
Alternatively, you could contact Llabtoofer's RUU service. Be aware that it's not for free.
Rumrunner (like all methods for older devices like the One S) isn't perfect. It might happen that you need to try them up to twenty times before they actually work as intended. Double check whether you followed the prerequisites & instructions on the official website. The HTC Sync Manager still being installed and the usage of an USB 3.0 port instead of an 2.0 port are only two of the possibles reasons why Rumrunner might fail.
Thanks for the RUU
and for trying an USB 2.0 port: My devices dont have them anymore :/
Anyways, im very grateful for your help
Related
Is there any way to downgrade boot loaders? I am on hboot 1.45.0013 s-on and was wondering if there is anyway to downgrade. Is it even possible to use someone elses old backup from the 1.44 Hboot, to help downgrade? thanks
you can now get S-OFF on that hboot using Juopunutbear: http://forum.xda-developers.com/showthread.php?t=1576672. look it over first tho, it has taken some people many tries, and there have been some bricks from not doing it precisely right. here is another thread on it to check out: http://forum.xda-developers.com/showthread.php?t=1617488.
this is the only way right now to switch hboots or downgrade from 1.45.0013.
fricken awesome dude. thanks
hmmm looks real risky. do i have to have root first? does the bootloader have to be unlocked with the HTC dev before this can happen?
no problem man. and nah, I don't think you would need to be unlocked, but you could ask in their thread to be sure.
pre-requisites
MRguyandhis2 said:
hmmm looks real risky. do i have to have root first? does the bootloader have to be unlocked with the HTC dev before this can happen?
Click to expand...
Click to collapse
From the JuoPunutbear site :
In order to use JuopunutBear you must meet the following pre-requisites:
Be unlocked using the HTCdev bootloader unlock
Be on the stock ROM and be rooted (have superuser and/or an unsecured boot image installed)
Some custom ROMs may work, however we cannot verify them all. If you are not using a stock ROM and have problems then this is most likely the reason.
Have a spare microSD card or to have backed up all contents of your SDcard, the card may be wiped, while we try to restore the card to it’s original state is is possible that this will not succeed
Have fastboot and adb drivers installed and working (windows)
Have usb debugging enabled
Remove and potentially interfering phone software which such as HTC sync, Andro sync, PDAnet etc, iTunes has also been noted to cause issues.
Have a legth of insulated wire of sufficient length to join the contact points for your device. See images and videos for device specific information.
Hello everyone.
I am new to this part of the forum for i just received a somewhat non working AT&T HTC ONE XL from a friend.
I presume he did not read much into his issue at the time and messed up this phone one way or the other.
Basically the phone works, just not as a phone.
So i will take my time to explain the whole situation with as much detail as possible.
I am personally familiar with rooting, setting up recovery and installing custom roms on android phones (just not on this model yet).
The phone details in its current state are:
- android version 4.0.4
- htc sense version 4.0
- software number cleanrom 4.5 beta2
- htc extension version htcextension_403_1_ga_20
- kernel 3.0.8-01564-gdc95f45
- baseband 0.16.32.09.01_3_10.79.32.08L
As soon as i received the phone, i contacted at&t to ask for an unlocking code, they gladly oblige.
I insert the new SIM card (non AT&T) and the phone asks me to insert the code. After correctly inserting it, the phone accepts the code and proceeds to reboot. After the reboot i get the phone locked screen again and asks me for the code one more time.
At this point i start searching online for the official firmware from htc for this specific model and find the 4.2.2 version and proceed to install it according to their requirements and steps (in manual mode from a desktop pc since the rom installed doesn't have the update feature).
The process gets locked at a point and cannot proceed further.
Phone boots normally again and i decide to do a factory reset. This i when i notice a teamwin custom recovery was installed which is what is blocking the official rom installation.
So at this point i am open for ideas.
I'm positive the issue is not very hard to solve but i also know that i am missing the original recovery. I can only guess no official updates were installed so the phone was running the original 4.0.4 version.
Meanwhile i will be scouting this forum on how this phone exactly works for i understood that there were two forms of recoveries for it (one full and one partial).
I still don't know the recovery version, if it's good, how to access it (different combinations of volume and power pressing didn't work for me).
Finally your opinion on how to make the phone unlocking code work, as in would i need to go back to official, or would a custom different rom work as a solution.
Wish you guys a good day and awaiting your feedback.
Cheers.
Need more info. Boot into bootloader by holding down both the volume down rocker and the power button. After the power button is held for a few seconds, you should see the capacitive buttons flash a few times, and the phone will reboot. Let go of the power button, but DO NOT let go of the volume down rocker until the while hboot screen comes up. When you see the hboot screen, tell us what it says.
In particular, we need to know if it says s-off or s-on, if it says CID 11111111, and hboot version. Also, if it says LOCKED, UNLOCKED, or RELOCKED.
Official RUU will not run if the bootloader is UNLOCKED (needs to be RELOCKED or LOCKED). But be aware, if the phone is superCID and s-on, running a Jellybean RUU or OTA will brick the phone. Which is one of the reasons we need the bootloader info.
RUU does not need to have stock recovery to run, only OTA does. My guess is your bootloader is unlocked, or its the wrong RUU. Any error message when the RUU fails (if so, what does it say)?
Hi, thank you for your quick reply.
I'm going to write down all that is written in the recovery for i still don't understand what locked or unlocked means, s-on or s-off.
anyway, here goes:
tampered
unlocked
evita pvt ship s-on rl
hboot-1.09.0000
radio-0.16.32.09.01_3
opendsp-v25.1.0.32.0405
emmc-boot
i can't find anything related to cid and i'm still not used to this recovery just yet. wouldn't want to press anything just yet.
i hope i gave enough info and i guess it doesn't look too good just yet.
thank you again for your help.
you should remind me to reduce the use of "just yet".
i'm doing some more reading about superCID and S-on or S-off.
I understand there's a utility from this thread that could determine the supercid status.
http://forum.xda-developers.com/showthread.php?t=1672284
again i'd like to point out i have no clue what has been done to this phone so i am trying to handle it with as much care as possible in order not to brick it.
in case superCID is 1111111 and naturally i don't have the original CID, where would that leave me?
As i am understanding slowly how this phone works, if the previous user managed to install a custom rom and a custom recovery on it, would only make sense to assume the superCID has been modified? (i'll be running the tool shortly unless someone jumps and says NOOOOOOOOO don't do it!!!)
I also noticed the teamwin recovery installed is 2.1.8.1
next is understanding what s-on and s-off are all about.
i have a feeling my chances of reverting to stock firmware are slimming. this is quite a complicated phone, nice challenge.
i'm going to point out again what my main problem is: i can't unlock the sim using the code provided by at&t since as soon as the phone reboots it asks me again. so i don't mind whichever route to take, whether custom or stock, as long as i can unlock the sim the simple way.
cheers.
srasiroslayer said:
At this point i start searching online for the official firmware from htc for this specific model and find the 4.2.2 version and proceed to install it according to their requirements and steps (in manual mode from a desktop pc since the rom installed doesn't have the update feature).
The process gets locked at a point and cannot proceed further.
Phone boots normally again and i decide to do a factory reset. This i when i notice a teamwin custom recovery was installed which is what is blocking the official rom installation.
Click to expand...
Click to collapse
This is not correct (the text I've bold faced above). OTA requires stock recovery, but RUU does not.
What stopped the RUU from working, is that you bootloader is unlocked (as indicated by the "unlocked" text in hboot). But in your case, you are lucky, since if you were trying to run the 3.18 Jellybean RUU, if it had gotten past the bootloader lock check, it would have bricked the phone (known bug) if you have SuperCID (which is pretty likely).
To reiterate: DO NOT try to relock the bootloader and run the 3.18 RUU, as with S-on and SuperCID, this will brick your phone.
If you have a working adb/fastboot environment, you can easily check CID with the command: fastboot getvar all
---------- Post added at 10:26 AM ---------- Previous post was at 10:23 AM ----------
srasiroslayer said:
i have a feeling my chances of reverting to stock firmware are slimming.
Click to expand...
Click to collapse
That is far form the truth. Getting back to stock is not that hard.
But if you only want to SIM unlock, I'm not sure that going stock will necessarily help you. You are on CleanROM now, which is pretty close to stock, and I don't think there have been many issues getting SIM unlock on CleanROM.
redpoint73 said:
This is not correct (the text I've bold faced above). OTA requires stock recovery, but RUU does not.
What stopped the RUU from working, is that you bootloader is unlocked (as indicated by the "unlocked" text in hboot). But in your case, you are lucky, since if you were trying to run the 3.18 Jellybean RUU, if it had gotten past the bootloader lock check, it would have bricked the phone (known bug) if you have SuperCID (which is pretty likely).
To reiterate: DO NOT try to relock the bootloader and run the 3.18 RUU, as with S-on and SuperCID, this will brick your phone.
If you have a working adb/fastboot environment, you can easily check CID with the command: fastboot getvar all
---------- Post added at 10:26 AM ---------- Previous post was at 10:23 AM ----------
That is far form the truth. Getting back to stock is not that hard.
But if you only want to SIM unlock, I'm not sure that going stock will necessarily help you. You are on CleanROM now, which is pretty close to stock, and I don't think there have been many issues getting SIM unlock on CleanROM.
Click to expand...
Click to collapse
Wunderbar,
Thank you again for clarifying things up.
I've been taking this time to read more about this phone on this thread:
- http://forum.xda-developers.com/showthread.php?t=1671237
So i am starting to understand how it works.
i have to admit that i should consider myself lucky for if the phone had a locked bootloader, it would've been bricked.
i've been reading a bit about superCID and i don't have a working linux environment (other than virutal) running right now.
but i'll figure out how to check if it's superCID or not (more likely yes).
now that i've figured out one way or the other that the simlock has nothing to do with the firmwares or recovery........... what could cause it?
again i just want it to work and then i'll take the time to play with the custom roms.
I have the correct unlocking code from AT&T since it wouldn't have accepted it to reboot the phone if it was wrong.
so what could be messing it up?
Cheers
srasiroslayer said:
Wunderbar,
i've been reading a bit about superCID and i don't have a working linux environment (other than virutal) running right now.
but i'll figure out how to check if it's superCID or not (more likely yes).
Click to expand...
Click to collapse
You don't need a Linux environment to get fastboot/adb working. And you will need them if you want to get s-off or change the CID (which would be the solutions to your problem of running the RUU).
To get fastboot/adb going, I'd suggest you start here: http://forum.xda-developers.com/showthread.php?t=1754018
There are some apps what will read the phone's state including CID. Others here have mentioned the name of one (or more) such app, but I can't recall, and I don't use it. I'm used to using fastboot.
srasiroslayer said:
now that i've figured out one way or the other that the simlock has nothing to do with the firmwares or recovery........... what could cause it?
again i just want it to work and then i'll take the time to play with the custom roms.
I have the correct unlocking code from AT&T since it wouldn't have accepted it to reboot the phone if it was wrong.
so what could be messing it up?
Click to expand...
Click to collapse
Not sure. Going back to stock might help. Its all I can think of. But don't be disappointed if it still doesn't work.
Alright,
So i figured out my CIDnum is 1111111111 using fastboot.
I understand there's a tool that can revert that.
I should also switch to s-off next.
Then at the end lock the bootloader using the adb commands.
Am i on the right track?
At this point i'll try running the RUU and cross my fingers.
My question is, shouldn't i have the original CID number?
and another off topic point, i have no clue what s-on or s-off are.
i'll get into that reading mode again in a bit.
Thank you again, i feel i'm on the right track now and confident.
Cheers
P.S.: do you need me to post the "fastboot getvar all" results? or only thing missing to be sure of was the CID?
Hang on, you're s-on and SuperCID, don't run the RUU or you'll brick your phone. You need to do some reading and research all this before you try these things.
Sent from my Evita
Guys I am Vivek Rajput, from India. I have AT&T HTC oneX. Anything related to internet is not working except whatsapp. Every app is showing network error msg. Showing some data here which i got after reading here. Assume me complete novice about software/cellphones.
***LOCKED***
EVITA PVT SHIP S-ON RL
HBOOT-1.14.0002
RADIO-0.19as.320911_2
OpenDSP-v29.1.0.45.0622
eMMC-boot
Jun 11 2012,14:36:28
Click to expand...
Click to collapse
Have you checked your APNs?
Sent from my Evita
srasiroslayer said:
Alright,
So i figured out my CIDnum is 1111111111 using fastboot.
I understand there's a tool that can revert that.
I should also switch to s-off next.
Then at the end lock the bootloader using the adb commands.
Am i on the right track?
At this point i'll try running the RUU and cross my fingers.
Click to expand...
Click to collapse
If you are going to s-off, you DO NOT want to change the CID. SuperCID (11111111) is needed to s-off.
As mentioned, make sure you s-off before RUU, or you will brick.
Once you are s-off, it shouldn't matter whether you lock the bootloader or not. S-off means all security checks are bypassed, including the check for bootloader lock.
srasiroslayer said:
and another off topic point, i have no clue what s-on or s-off are.
Click to expand...
Click to collapse
s-off, as mentioned above means all security checks are off. There are good and bad points to this.
The good, is that you will be safe of the SuperCID + RUU brick condition. Custom ROMs will also be easier to flash, if you are interested in doing that (do not need to flash boot.img separately).
The bad of s-off, is that because all security checks are off, there are no safety checks to prevent you from flashing the wrong things. You have to be very careful you don't flash something that is not intended for the device, as it may brick the phone.
Are you are okay with that, then proceed with s-off. If not, the alternate solution is to change the CID back to the proper AT&T CID (cws__001). This will also prevent the SuperCID + RUU brick condition. But may make the phone harder to s-off in the future, if you later choose that route.
It looks like then that the s-off route is the one to take, since i will definitely in the future be interested in flashing custom roms.
And it looks relatively easy as per:
http://forum.xda-developers.com/showthread.php?t=2155071
After doing some reading, it also looks safe to achieve s-off on custom roms such as my case.
I'm still reading if s-off will work on my bootloader version or if there are any specific versions to run it at. (so far no mention so good)
I'm guessing i will run s-off today and if everything works out as it should will post my results here.
Only then will i proceed to run the RUU which i downloaded from htc for the at&t model specifically (no chance i could go wrong with that).
Thank you for all the help, i honestly don't think i would've found my way around easily without guidance.
Cheers
Yes, the s-off method is easy, and it should work on any hboot version.
Good luck.
Could just having S-off fix my sim locked issue?
In any case new questions arise in my head such as since my model number is PJ8310000 and that with s-off i will be installing PJ8312000-OneX.zip, will that affect running the RUU later on?
srasiroslayer said:
Could just having S-off fix my sim locked issue?
Click to expand...
Click to collapse
I doubt it. SIM lock and s-off are not related, to my knowledge.
srasiroslayer said:
In any case new questions arise in my head such as since my model number is PJ8310000 and that with s-off i will be installing PJ8312000-OneX.zip, will that affect running the RUU later on?
Click to expand...
Click to collapse
Once you are s-off, all security and safety checks are off by definition. As long as you are running an RUU meant for EVITA, you will be safe, and it should run properly.
Looks like i got the 99 error thing.
at first i had the error 92 and all was working good but after the final reboot didn't get s-off
the second try i'm getting error 99.
I'm going to read more into it.
I'm still s-on so.......
So here are the current updates.
As i mentioned in the previous post, running it the first time resulted in error 92 which is normal, followed instructions and didn't get s-off.
second time i had error 99. still no s-off.
I turn off the device and power it back on, run the script all over again with a real good attention and precision (i usually don't f*ck things up).
This time i get the error 92 again and still no success at the end. (did this over 4 times now and no s-off).
would i be logical for me to assume that once the rom is booted it's messed up somewhere? hence the last part of the script not working and also hence sim unlock not working?
what's a good custom rom that would i could install using recovery and not brick my phone?
maybe just installing one would solve all my issues.
Cheers
What ROM are you attempting s-off on?
PS. Asking for a suggested/best/favourite ROM isn't allowed here.
Sent from my Evita
timmaaa said:
What ROM are you attempting s-off on?
PS. Asking for a suggested/best/favourite ROM isn't allowed here.
Sent from my Evita
Click to expand...
Click to collapse
Hi,
I'm trying it on CleanROM 4.5 beta2.
And by best rom in my case was asking one that would be compatible with my situation, as in hboot 1.0.9, teamwin 2.1.8.1 recovery, supercid, unlocked, s-on.
Cheers.
Hey Folks,
This is my first post in the Sensation forums, i've been reading topics for a few days, but I didn't find any solution to my problem and i'm starting to get annoyed by it.
I've obtained a HTC Sensation a few days ago, and as with my previous devices (Galaxy Gio, Optimus Black) I wanted to flash a custom rom on it. I happened to unlock the bootloader of my friends Sensation few weeks earlier, so i thought this was going to be a piece of cake.
Well it wasn't, I couldn't unlock the bootloader using HTCdev method because the phone is vodafone branded. I tried numerous things, i wasn't able to perform the juopeanutbro (?) trick, tried flashing a custom hboot through fastboot (JB_hboot.zip) in linux (gave me an error 42 "Remote: Custom id check failed" or something like that). And after a few days of trying and trying i'm getting tired of it.
So my question is, is there any option i missed to achieve S-OFF or unlock bootloader? I'd love to flash a custom rom on it because I don't like the 4.0.3 Firmware which the phone is running now.
Phone Details:
Android version: 4.0.3 (vodafone)
HBOOT:1.27.0000
Radio: 11.29A.3504.18_M
CID:VODAPE17
Did you select the Vodafone model there in list of HTC dev...
Sent from my HTC Sensation XE with Beats Audio Z715e using XDA Premium 4 mobile app
Ihttp://forum.xda-developers.com/showthread.php?t=1668276
If htc Dev method doesn't work for your phone, use the non htc Dev method. Follow everything on the screen, do not run out of battery power (that will probably brick your phone)
Yes I did select the vodafone model, and I end up with the "failed" error when flashing unlock_code.bin. I don't understand why the HTCdev method doesn't work in the first place. And the method described by stillsober requires the almost impossible wire-trick.. Well i'm afraid there is no other method..
Redjack77 said:
Yes I did select the vodafone model, and I end up with the "failed" error when flashing unlock_code.bin. I don't understand why the HTCdev method doesn't work in the first place. And the method described by stillsober requires the almost impossible wire-trick.. Well i'm afraid there is no other method..
Click to expand...
Click to collapse
has your motherboard been replaced?
what error did you have?
It's not that impossible, I did it in like 10 tries, there are YouTube videos timed exactly so you know when to connect and disconnect the wire. plus you can try as many time as it takes so you really can't go wrong... You know both method require the insulated wire right? It's just one requires the more accurate timing
Well I've somehow managed to achieve S-OFF!!!!!! This is my fastboot screen:
h t t p://i43.tinypic.com/2wgubtj.jpg
I read in a guide somewhere on the forum that when having S-OFF flashing a custom recovery would be possible, and writing supercid too, well the first thing failed (again...) but I did manage to write supercid. This is my command prompt screen:
h t t p://i39.tinypic.com/2uqzkna.jpg
So what do I have to do now??
Redjack77 said:
Well I've somehow managed to achieve S-OFF!!!!!! This is my fastboot screen:
h t t p://i43.tinypic.com/2wgubtj.jpg
I read in a guide somewhere on the forum that when having S-OFF flashing a custom recovery would be possible, and writing supercid too, well the first thing failed (again...) but I did manage to write supercid. This is my command prompt screen:
h t t p://i39.tinypic.com/2uqzkna.jpg
So what do I have to do now??
Click to expand...
Click to collapse
what does it say in the top?
juopunutbear or locked?
also i can't view the pics
can you post here in a post?
Well on the picture it says ***Locked*** and you can just paste the link in your browser without the h t t p://, because i can't include links in my posts as I have lest than 10 posts submitted.
But I actually have solved all my problems, because I knew juopeanutbear had unlocked bootloaders available on his website and in fastboot you are possible to flash these with the command "fastboot oem rebootRUU" wich put the device in RUU update mode, and then flash the unlocked HBOOT from juopeanutbear's website with the command "fastboot flash zip jb_hboot.zip.
Note (to people who might find this useful in the future): The devices sticked on showing a green loading bar in RUU update mode after entering the second command, on the command prompt it showed done, but the device didn't reboot or what. Just wait a while (to be sure) and enter command "fastboot reboot-bootloader"
Now my fastboot screen shows **Juopeanutbear** instead of ***locked*** and I've already managed to flash clockworkmod SUCCESFULLY!!!!!!!
Now I will replace CWM by 4ext and i'm good to go I guess, how I managed to get S-off will remain a secret for me, I assume I did do the wire-trick correctly after all, but didn't notice (you know,, spending a few nights behind your PC doesn't give you a clear state of mind
Redjack77 said:
Well on the picture it says ***Locked*** and you can just paste the link in your browser without the h t t p://,
Click to expand...
Click to collapse
you are right
i included also the h t t p : //
so you managed it yourself
crongats
now it is time for a custom rom
note: probably after achieving S-OFF you chose no for installing the jb hboot
Running Team Venom's Viper sense 5 rom and just like I expected I LOVE IT!!
I am merely posting this here for all those considering to go S-Off but haven't found the courage for it yet or just aren't sure what S-Off actually is. So to ease your minds a little bit I wish to explain S-Off.
For starters, S-Off and root ARE TWO COMPLETELY DIFFERENT THINGS!
HTC has been securing their phones by locking the internal flash memory (NAND or eMMC)(eMMC in our case) to stop it from being written to, unless the file being flashed is signed by a private key only known to HTC. This is controlled by a flag (@ secuflag) and is identified as the device being S-ON. Telling the HBoot the device is Security Off (S-OFF) stops this check for the key, and allows us to write anything to any partition, which is what we are aiming for.
There are actually two levels of S-OFF. The Bootloader (HBoot) and the Radio. Getting S-Off on the HBoot gives us everything we need, but doesn't actually turn off the @ secuflag which is set in the radio - instead, the HBoot ignores it and therefore thinks it is S-Off, but this is not TRUE S-Off. It is possible to flash a HBoot that believes the Radio is set to S-OFF, as the HBoot is responsible for setting that flag.
Once the HBoot on the phone is S-OFF, we can write to all the partitions and basically do whatever we want, but it is possible to go one step further. Flashing a radio that is S-OFF and actually setting the @ secuflag to S-off gives us 100% total access to every part of the phone and it's software, as it becomes network unlocked allowing you to use any SIM and also allows you to flash a ROM from any carrier (known as Super CID). It also makes it practically impossible to permanently loose root no matter what you flash. Once you have radio S-OFF, it makes it much easier to flash new HBoots and ROMs even if you flash something that is locked down tight.
Setting the Radio to S-Off is not necessary, and gaining S-OFF on the HBoot is more than most people will ever need. Radio S-Off is just the last step of the puzzle, but it is worth noting that you can permanently brick your phone if flashing a radio or a HBoot, if either of these go wrong you will end up with a shiny expensive paper weight so there is risk involved. If this helped you in any way then feel free to click on the thanks button. Meanwhile, happy hunting!
Sent from my C525c using XDA Premium 4 mobile app
To determine if you are S-OFF via HBoot or Radio you can do one of two things.
1: Go into fastboot and type
Code:
fastboot oem readsecureflag
If you get secure_flag with the number zero then congrats - you are radio S-Off
If you get secure_flag 3 then I am sorry, you are not radio S-Off. - your modded HBoot is ignoring the radio in regards to @ secureflag.
2: (I don't recommend this lol)
You can flash a stock HBoot and then reboot your bootloader. If you see S-On after already having S-Off then this means you were S-Off via HBoot. However, I would like to note that some HBoots are written out to prevent themselves from being over written so S-Off isn't lost, but this prevention does not always work and is usually patched by HTC relatively quickly.
Sent from my C525c using XDA Premium 4 mobile app
Another note... If you do not have radio S-Off then the following fastboot command will not work nor will it bring you back to S-On:
fastboot oem writesecureflag 3
Reason for this is because you are already S-On, but its being masked by your modded HBoot. So in this case, flash a stock HBoot and that will substitute for the failing command in fastboot
Sent from my C525c using XDA Premium 4 mobile app
Hello everyone!
Here's the short version:
I want to s-off my htc one xl using rumrunner. However, every time I run the sudo ./sujo (linux) script, I always get the same error:
Code:
ERROR: run rumrunner again and READ (no adb connection to device. Debugging on? Drivers?)
I have checked my fastboot and adb connections and they all work fine. I have also enabled root permissions for adb and applications, usb debugging and the 'adb over network' options in the 'developer options' menu of CM12.
Here is a more detailed step-by-step of what I do:
First, I check the adb connection with "adb devices": (I've also tried other commands, just to make sure everything's OK)
Code:
:~/Android/rumrunner_HTC_0.5.0$ adb devices
List of devices attached
HT248W301724 device
Second, I run the "soju" program in the rumrunner download file:
Code:
:~/Android/rumrunner_HTC_0.5.0$ sudo ./soju
==================== rumrunner S-OFF 0.5.0 ==============================
rumrunner S-OFF comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running rumrunner S-OFF lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
Do you understand the implications of this warning?
(Yes/No)
Yes
Dear User: We will expect that YOU:
(1) Know how to use ADB and FASTBOOT binaries
---- [Yes, use these tools to test USB connection BEFORE running rumrunner] ----
(2) Realize that rumrunner S-OFF cannot support every CUSTOM rom in this world
(3) Understand that irc support IS NOT A GENERAL HELPDESK
(4) Are able to identify and download the CORRECT package for YOUR device
(5) Know how to enable USB-debugging on YOUR device (Yes, do that now)
(6) Understand that you may NOT repack or redistribute rumrunner S-OFF
Ok?
(Yes/No)
Yes
!! Do NOT for any reason taunt, unplug, drop, eat or pet your device !!
Please wait....
ERROR: run rumrunner again and READ (no adb connection to device. Debugging on? Drivers?)
Here's some info on my device, if it helps:
CM version:
12.1-20151007-SNAPSHOT-YOG4PAO332-evita
Android Version
5.1.1
Baseband version:
0.23a.32.09.29_10.128.32.34aL
Kernel version:
3.4.105-ga346a29
[email protected] #1
Build number
cm_evita-usrdebug 5.1.1 LMY48B 37126a8090
test-keys
Also, here is my HBOOT info (shouldn't help, but I'll throw it on anyway just in case someone finds something!):
*** TAMPERED ***
*** UNLOCKED ***
EVITA PVT SHIP S-ON RL
HBOOT - 2.14.0000
RADIO-0.23A.32.09.29
OpenDSP - v31.1.0.45.0815
eMMC-boot
Nov 26 2012, 18:37:14:-1
I tried running the rumrunner script before flashing CM (i.e. while I was still using the stock HTC rom) and it worked all the way up to the "your phone is not rooted" part, at which time I flashed TWRP recovery onto my phone and flashed straight into CM (figuring it wouldn't make much of a difference).
I don't really want to get into the whole RUU mess. Anyone know what's going on here? How do I fix this adb issue? Help?
EDIT:
I fixed the adb problem I encountered above by using the following command:
Code:
adb kill-server
and then running
Code:
sudo ./soju
however, on CM12, I could only get to this point in the rumrunner program:
Code:
==================== rumrunner S-OFF 0.5.0 ==============================
rumrunner S-OFF comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running rumrunner S-OFF lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
Do you understand the implications of this warning?
(Yes/No)
Yes
Dear User: We will expect that YOU:
(1) Know how to use ADB and FASTBOOT binaries
---- [Yes, use these tools to test USB connection BEFORE running rumrunner] ----
(2) Realize that rumrunner S-OFF cannot support every CUSTOM rom in this world
(3) Understand that irc support IS NOT A GENERAL HELPDESK
(4) Are able to identify and download the CORRECT package for YOUR device
(5) Know how to enable USB-debugging on YOUR device (Yes, do that now)
(6) Understand that you may NOT repack or redistribute rumrunner S-OFF
Ok?
(Yes/No)
Yes
!! Do NOT for any reason taunt, unplug, drop, eat or pet your device !!
Please wait....
Checking for updates......
Test 1: Rebooting into bootloader
Waiting for fastboot (8/120)
Waiting
Test 2: Booting device
Waiting for ADB (67/120)
must ferment longer...
must sanitize, skunky rum is nasty
hold please..............................................
[************************************************************]
Rebooting into bootloader (again)
Waiting for fastboot (8/120)
Waiting for ADB (18/120)
must ferment longer...
chilling..................
it's a little stinky here, hmm....
bottles are packed, here we go, shhhhhh....
hmm, cap is on tighter than I expected........
hell, that damn cap is on REALLY tight.......
pouring (1)...
WTF: What are you doing?
I wasn't sure what the problem was, so I downloaded and ran the "sunshine" (formerly "firewater") apk on my phone (I didn't pay for it, I just downloaded it to see what it was about). Then, in the initialisation process it produced an error saying that my current rom is not "similar enough to the stock rom" to run the program successfully. Then, I looked for a "more simiar rom" -- in the end I flashed Kickdroid 5.0.
After flashing Kickdroid, I selected the required options (usb debug, supersu -- which I flashed manually, etc.). Then I checked to see if adb was running (it was), and then ran the kill-server command listed above. After that, I ran rumrunner with no issues!
Code:
adb kill-server
Code:
==================== rumrunner S-OFF 0.5.0 ==============================
rumrunner S-OFF comes with NO WARRANTY (express or implied)
and NO GUARANTEE OF FITNESS for any particular task.
We have made every effort we can to make this a safe process for users
however the authors disclaim any liability for damage to your phone
or other materials or devices used during this process.
The entire risk of running rumrunner S-OFF lies with you, the user.
By using this software you acknowledge and accept that the authors
are not liable for any loss, material or otherwise howsoever caused.
Do you understand the implications of this warning?
(Yes/No)
Yes
Dear User: We will expect that YOU:
(1) Know how to use ADB and FASTBOOT binaries
---- [Yes, use these tools to test USB connection BEFORE running rumrunner] ----
(2) Realize that rumrunner S-OFF cannot support every CUSTOM rom in this world
(3) Understand that irc support IS NOT A GENERAL HELPDESK
(4) Are able to identify and download the CORRECT package for YOUR device
(5) Know how to enable USB-debugging on YOUR device (Yes, do that now)
(6) Understand that you may NOT repack or redistribute rumrunner S-OFF
Ok?
(Yes/No)
Yes
!! Do NOT for any reason taunt, unplug, drop, eat or pet your device !!
Please wait....
Checking for updates......
Test 1: Rebooting into bootloader
Waiting for fastboot (8/120)
Waiting
Test 2: Booting device
Waiting for ADB (19/120)
must ferment longer...
must sanitize, skunky rum is nasty
hold please..............................................
[************************************************************]
Rebooting into bootloader (again)
Waiting for fastboot (8/120)
Waiting for ADB (20/120)
must ferment longer...
chilling..................
smells lovely in here....
bottles are packed, here we go, shhhhhh....
pouring (1)...................
pouring (2)..............
pouring (3)........
Waiting for ADB (17/120)
must ferment longer...
what's that in the bottle still? rum foul, sloppy, real sloppy...
wait for it.........
yep, done. Hope you enjoyed the rum!
Don't forget to send us all your money - [email protected]
I am now s-off (yay me!)