[Discussion]HTC One S [S-OFF]

Search This thread

Tecardo

Senior Member
Nov 22, 2011
754
627
Pfofeld
AW: [Discussion]HTC One S [S-OFF]

Will read out one s with JTAG the next days. Shouldn't find something. But why not.
 

PJMAN2952

Member
Jun 22, 2012
40
0
What does the S-Off do? Currently I can't boot up my phone without doing boot.img from my computer. I am on Panaroid and it happens on any rom I flash from CM9 to CM10. I don't know why. So now I can't turn my phone off because then I would have to use my computer to boot up my phone correctly. If not, it just gets stuck at the Panaroid boot animation screen.
 

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
What does the S-Off do? Currently I can't boot up my phone without doing boot.img from my computer. I am on Panaroid and it happens on any rom I flash from CM9 to CM10. I don't know why. So now I can't turn my phone off because then I would have to use my computer to boot up my phone correctly. If not, it just gets stuck at the Panaroid boot animation screen.

There is something wrong with your phone,or you are useing the wrong fastboot command to install the boot image. Once its there,its there. You should not have to install it every time you boot.

Sent from my HTC One X using Tapatalk 2
 
  • Like
Reactions: mugetsu666

Reevine

Senior Member
May 8, 2012
220
112
Uji-shi, Kyoto
What does the S-Off do? Currently I can't boot up my phone without doing boot.img from my computer. I am on Panaroid and it happens on any rom I flash from CM9 to CM10. I don't know why. So now I can't turn my phone off because then I would have to use my computer to boot up my phone correctly. If not, it just gets stuck at the Panaroid boot animation screen.

As far as what S-OFF does: it turns off the security flag in the HBOOT. Which lets you flash anything you want directly from the device without the use of adb and fastboot (generally). So you could flash radios, Eng HBOOTs, and anything else you wanted without issue for the most part.

Now concerning you're issue I am glad you asked! However despite this being just a discussion thread I would still like to keep it related to S-OFF, so please to try and post you're issues in the appropriate thread/forum. If you are having issues definitely make sure you read up on how to use adb and fastboot. If you're still having issues with ROMs it's best to ask for help from the thread for the ROM you're having issues with. If it isn't working make sure you're wiping everything before flashing. There are a lot of beginner threads out there so take a look at those as well.

Hope that answered you're questions
 
Last edited:

Reevine

Senior Member
May 8, 2012
220
112
Uji-shi, Kyoto
Lots to Do!

Just a quick update on what I'm specifically work on currently.

I am doing some more research on security cert storage for Java Cards and how the Java Card VM handles it. There are plenty of ways to do things in java so I'm trying to narrow down the ways that HTC might have handled their setup, that way I can properly replicate their javacard.

I also need to figure out which symmetric key algorithm HTC used to generate their keys. I'm also needing the RID for the HOS so that I can match that up and with a proper RID. MID and CID I'm not worried about since it hasn't been confirmed that HTC actually uses it for the Jcard (RID is the only necessary ID for Jcard applets).

Needless to say there is lot of research to do!!!!

Sorry that I haven't been able to provide a whole lot of physical testable progress on the diag method yet, but I still wanted to give an update to everyone who wanted to know where I am at. If you have any information or know a lot about Java security and Jcards I would greatly appreciate any help that you're willing to offer.

P.S. If anyone knows anything on how the diag file works with the HBOOT that would help a lot. So I can create a properly constructed applet for the jcard.
 

nitrous²

Senior Member
Jun 4, 2010
1,741
1,005
The Grid
AW: [Discussion]HTC One S [S-OFF]

AFAIK, the Javacard has also modified Hardware, i.e. additional security layers. It's not only a conventional microsd. I'm not sure if it's possible to recreate those partitions. Maybe you can emulate them. But I could be wrong.

Gesendet von meinem HTC One X mit Tapatalk 2
 
  • Like
Reactions: mugetsu666

nitrous²

Senior Member
Jun 4, 2010
1,741
1,005
The Grid
AW: [Discussion]HTC One S [S-OFF]

Yes I am aware this :) I have 3 microSD Java Cards

PM me if you want to. I know someone who could possibly give you the correct diag files for money. And by the time you figure out the way the Javacard works, you'd have anything needed to s-off the HOS or any HTC One series device.

Gesendet von meinem HTC One X mit Tapatalk 2
 
  • Like
Reactions: mugetsu666

afkfurby

Member
Dec 8, 2010
30
20
Zurich
www.afkstudios.org
maybe?

hello, I think I saw this link already somewhere in this thread: http://mobiletechvideos.mybigcommerce.com/htc-one-s-s-off-modification-service/
I have three HOS, two with cracked screens, next week the new screens should arrive.

I thought about doing a full dump of each partition of the device before I would send the phone and after the s-off'd it i do a full dump again to check whats exactly was changed.

Afterwards we could maybe just make some hex editing on a partition dump and flash this in QDL mode?

What are you thinks about that?
 
  • Like
Reactions: orenfl and jujusito

antaine

Senior Member
Jan 29, 2011
463
59
Paris
hello, I think I saw this link already somewhere in this thread: http://mobiletechvideos.mybigcommerce.com/htc-one-s-s-off-modification-service/
I have three HOS, two with cracked screens, next week the new screens should arrive.

I thought about doing a full dump of each partition of the device before I would send the phone and after the s-off'd it i do a full dump again to check whats exactly was changed.

Afterwards we could maybe just make some hex editing on a partition dump and flash this in QDL mode?

What are you thinks about that?

Good idea but the price is a bit expensive.
And do you know who are they to do that and how they do that.

Envoyé depuis mon HTC One S avec Tapatalk
 

Top Liked Posts

  • There are no posts matching your filters.
  • 24
    S-off is nearly release ready.

    I need /dev/block/mmcblk0p3 from a qualcomm s3 variant, and a matching update.zip for each model that support is wanted for.
    20
    Some of you guys are PM'ing me to help with S-OFF for the One S.

    Will try to, when I get the One X done.
    Today we had a huge update.
    http://xdaforums.com/showthread.php?t=1604300

    Some of you with a USB Y-Cable should try to flash a .zip through sd-card.
    If that works, and I can modify a DIAG file, also for you S-OFF will come very fast.
    11
    so now we know that s-off is not hardware related. a software is nedded to s-off , att HTC One XL confirmed that it can be s-off with that software, and since the att HTC One XL is almost the same phone as the HTC One S s4, S-off can be achived too.

    i hope we get s-off soon but with patience :)
    Well, it's actually been confirmed that all modern HTC devices can use this exploit as long as they are running the S4, S3 or S4 pro processors. This even includes the dna and butterfly and likely the upcoming HTC One a.k.a. the M7. The exploit has not been released yet but has been shown to work, so sit tight and relax. If these devs are smart, and I know they are, they will not release the exploit until the One has been released so HTC cannot patch it.
    8
    I have Riffbox now at home. Will make JIG for it, so until end of next week i could be ready.
    PS: I had S-OFF and tryed to get to S-Diag mode: But phone freezes and reboots into s-off.
    8
    mmcblk0p23: "misc"
    mmcblk0p22: "recovery"
    mmcblk0p21: "boot"
    mmcblk0p33: "system"
    mmcblk0p30: "local"
    mmcblk0p34: "cache"
    mmcblk0p35: "userdata"
    mmcblk0p26: "devlog"
    mmcblk0p28: "pdata"
    mmcblk0p36: "fat"
    mmcblk0p31: "extra"
    mmcblk0p17: "radio"
    mmcblk0p18: "adsp"
    mmcblk0p16: "dsps"
    mmcblk0p19: "wcnss"
    mmcblk0p20: "radio_config"
    mmcblk0p24: "modem_st1"
    mmcblk0p25: "modem_st2"