why you should NOT turn s-on!

Search This thread
By:
Advanced…
S

scuccia

Senior Member
May 23, 2008
467
103
Thanks for the info Scotty, I removed the s-on command from my post.

I'm just going to use the stock rooted RUU and send it back that way with root removed.

Is there any point in relocking it and keeping it s-off versus having it unlocked and s-off?

Sent from my HTC6525LVW using Tapatalk
 
B

Black Antitoon

Senior Member
May 3, 2008
373
47
33
Zurich (Switzerland)
I have a question for @scotty1223 or anybody willing to answer it. ;)

The reasons why one shouldn't go back to S-ON are clear. However, this kind of soft brick should in theory be fixable by unlocking the phone with HTCDev, right? The problem here is only that this is not allowed on Verizon phones. Is this correct?

Also, is it clear what is exactly preventing the phone from booting? Is it just that "tampered" and "locked" can't live together?

I realize that in any case there seem to be no good reasons for going back to S-ON, I am only curious to understand better what happens behind the scenes.

Thanks!
 
Z

Zwitterion

Senior Member
Dec 15, 2009
534
127
This is why I will not S-ON until an official RUU is made available. Once that exists then we WILL will reliably be able to S-ON after flashing with that RUU.

I can see the use for a faux hboot in the situation where someone is returning a device for warranty where the defect is completely unrelated to firmware alteration -- a defective speaker, for example -- and is genuinely entitled to a replacement.
 
D

dag07968

Member
Feb 8, 2010
7
0
scotty1223 said:
java card would definately fix him up :D also goodpoint on the supercid... @dag07968 are you perchance supercid?

Unfortunately no I'm not. I also read this post AFTER doing what I did lol that will teach me. I just went to Verizon and bought one outright. Asurion is going to re emburse me minus the deductible. For now I'm leaving this completely stock. Maybe I can get a java card or hopefully they will release an official RUU one day and I can bring the other one back to life. Thank you very much for all your information and help on this.
Click to expand...
Click to collapse
 
Last edited:
andybones

andybones

Retired Forum Moderator / Inactive RD
May 18, 2010
15,092
15,480
Google Pixel 5
dag07968 said:
Unfortunately no I'm not. I also read this post AFTER doing what I did lol that will teach me. I just went to Verizon and bought one outright. Asurion is going to re emburse me minus the deductible. For now I'm leaving this completely stock. Maybe I can get a java card or hopefully they will release an official RUU one day and I can bring the other one back to life. Thank you very much for all your information and help on this.
Click to expand...
Click to collapse

you can get a java card..
But for around $800-$1,000

Seems like Verizon is making HTC not release RUU prob because they know we NEED it in a sense lol
 
Last edited:
  • Like
Reactions: pball52998
S

scuccia

Senior Member
May 23, 2008
467
103
So I talked to jcase and he said that you can s-on the VZW M8 and that he has set his back successfully. I think the key is to have a fully stock ROM (/system without root and /data/preload) and use weaksauce to reset the bootloader locked status and tamper flag.

I dumped the system partition from a fully stock M8 (s-on) and flashed that to my s-off M8. I then flashed the firmware zip from the latest OTA which set the hboot, recovery, etc back to stock.

I then installed weaksauce to gain root and reset the bootloader status back to locked.

It's currently 100% stock with s-off (locked) and I'm not getting any red text or tamped warnings on boot.

I believe that using weaksauce instead of a stock ROM with root at the system level is the key difference compared to what others have tried in this thread. Dag used the stock rooted RUU which has root at the system level, gaining root with weaksauce does not modify the system partition at all.

Jcase says that I'm safe to set my phone back to s-on at this point, but I'm just going to send it back the way it is. Just wanted to put it out there that people have successfully set their VZW M8s back to s-on.
 
Last edited:
  • Like
Reactions: scotty1223
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
Black Antitoon said:
I have a question for @scotty1223 or anybody willing to answer it. ;)

The reasons why one shouldn't go back to S-ON are clear. However, this kind of soft brick should in theory be fixable by unlocking the phone with HTCDev, right? The problem here is only that this is not allowed on Verizon phones. Is this correct?

Also, is it clear what is exactly preventing the phone from booting? Is it just that "tampered" and "locked" can't live together?

I realize that in any case there seem to be no good reasons for going back to S-ON, I am only curious to understand better what happens behind the scenes.

Thanks!
Click to expand...
Click to collapse
that is correct. its part of htc's security checks,if it finds something it does not like,the phone is locked into bootloader until its re-unlocked(impossible with vzw) and able to run a custom OS,or restored to stock via an ruu

andybones said:
you can get a java card..
But for around $800-$1,000

Seems like Verizon is making HTC not release RUU prob because they know we NEED it in a sense lol
Click to expand...
Click to collapse
vzw has always been stingy with their ruus,and whomever used to leak them back in the thunderbolt/rezound days either stoped for some reason or got fired for doing so,lol.

unfortunately,the ruus are the property of carriers,not htc.

scuccia said:
So I talked to jcase and he said that you can s-on the VZW M8 and that he has set his back successfully. I think the key is to have a fully stock ROM (/system without root and /data/preload) and use weaksauce to reset the bootloader locked status and tamper flag.

I dumped the system partition from a fully stock M8 (s-on) and flashed that to my s-off M8. I then flashed the firmware zip from the latest OTA which set the hboot, recovery, etc back to stock.

I then installed weaksauce to gain root and reset the bootloader status back to locked.

It's currently 100% stock with s-off (locked) and I'm not getting any red text or tamped warnings on boot.

I believe that using weaksauce instead of a stock ROM with root at the system level is the key difference compared to what others have tried in this thread. Dag used the stock rooted RUU which has root at the system level, gaining root with weaksauce does not modify the system partition at all.

Jcase says that I'm safe to set my phone back to s-on at this point, but I'm just going to send it back the way it is. Just wanted to put it out there that people have successfully set their VZW M8s back to s-on.
Click to expand...
Click to collapse

sure its possible to s on. if everything is fine,youll be ok. if not,youll end up tampered and locked with a security warning

i personally would not risk it,regardless of who has done it successfully,you may not have the same results.

after all,folks should be able to s on after running a decrypted ruu that in theory contains all the same images as an signed one.as ive said, we have no idea why the tampered banner returns after a couple factory resets.

i have based the opinions expressed here on numerous cases ive seen with the same end result as dag,not just his one case. ive been using him as an example(not meaning him any disrespect) just because hes posted here.

scuccia said:
Thanks for the info Scotty, I removed the s-on command from my post.

I'm just going to use the stock rooted RUU and send it back that way with root removed.

Is there any point in relocking it and keeping it s-off versus having it unlocked and s-off?

Sent from my HTC6525LVW using Tapatalk
Click to expand...
Click to collapse
i personally would lock it. s off does not mean youve messed with it. unlocked or relocked are a pretty good indicator,as phones dont comethat way unless they come out as a replacement after being "refurbished"
 
Last edited:
  • Like
Reactions: Black Antitoon and andybones
S

scuccia

Senior Member
May 23, 2008
467
103
scotty1223 said:
i personally would lock it. s off does not mean youve messed with it. unlocked or relocked are a pretty good indicator,as phones dont comethat way unless they come out as a replacement after being "refurbished"
Click to expand...
Click to collapse

That's exactly what I'm doing, completely stock, locked and s-off.

I just went one step further than some others and pulled the partitions from my replacement device since the only RUU we have comes with root. I know that it can be removed but I felt safer this way because I know with 100% certainty that it is totally unmodified.
 
dottat

dottat

Retired Forum Moderator
Jan 10, 2011
7,157
4,524
york, pa
Samsung Galaxy Note 20 Ultra
Samsung Galaxy S23 Ultra
scuccia said:
That's exactly what I'm doing, completely stock, locked and s-off.

I just went one step further than some others and pulled the partitions from my replacement device since the only RUU we have comes with root. I know that it can be removed but I felt safer this way because I know with 100% certainty that it is totally unmodified.
Click to expand...
Click to collapse

You do know that you can simply remove root right? Open the su app and go to settings. Click the full unroot option.

Sent from my SM-T320 using Tapatalk
 
G

GetRipped

Senior Member
Apr 8, 2012
96
35
Charlotte
Just don't risk it guys. There's really no point anyways... Other than satisfying your extremely paranoid side. There's a good chance that no one st HTC will ever check your boatloader, and most Verizon reps won't even know how. And besides.. Even if they see s-off, if your ROM is stock and unrooted no one will make a fuss. You're not getting investigated by Sherlock Holmes here.

Sent from my HTC One_M8 using Tapatalk
 
  • Like
Reactions: berndblb, Tigerstown and scotty1223
S

scuccia

Senior Member
May 23, 2008
467
103
dottat said:
You do know that you can simply remove root right? Open the su app and go to settings. Click the full unroot option.

Sent from my SM-T320 using Tapatalk
Click to expand...
Click to collapse

I know you can do that. but I'm not sure what else was modified so I just dumped the partition myself.

That's just how I am, if I can do it myself and know that its right, then that's what I'll do. Plus we've seen Dag use that an go back to s-on and it didn't work.

Jcase told me how he did it so that's what I did, minus the s-on step.
 
dottat

dottat

Retired Forum Moderator
Jan 10, 2011
7,157
4,524
york, pa
Samsung Galaxy Note 20 Ultra
Samsung Galaxy S23 Ultra
scuccia said:
I know you can do that. but I'm not sure what else was modified so I just dumped the partition myself.

That's just how I am, if I can do it myself and know that its right, then that's what I'll do. Plus we've seen Dag use that an go back to s-on and it didn't work.

Jcase told me how he did it so that's what I did, minus the s-on step.
Click to expand...
Click to collapse

In the case of that ruu nothing else is modified. Just su installed.

Sent from my HTC6600LVW using Tapatalk
 
  • Like
Reactions: scotty1223
S

scuccia

Senior Member
May 23, 2008
467
103
dottat said:
In the case of that ruu nothing else is modified. Just su installed.

Sent from my HTC6600LVW using Tapatalk
Click to expand...
Click to collapse

I had originally planned on going back to s-on so I wanted to start with an entirely stock ROM/firmware and use temp root to lock the bootloader.

You are correct though... I just downloaded your RUU, extracted the system.img file and compared it to my partition dump. The only differences are the files related to root. I also verified that all of the files are removed when you use the 'Full unroot' option in SuperSU.

Thanks for making that RUU by the way, its a great resource to have since VZW/HTC are trying extra hard to prevent an RUU leak.
 
  • Like
Reactions: scotty1223
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
another optiuon worth exploring to restore everything to 100% stock would be to simply dump mmcblk0(not mmcblk0px)

that dumps everything in one big huge file. in theory.restoring it later would fix every last little detail that had been modded. on m7,you may need a 64gb phone to do it. on m8,youll have to dump that to an external sd,as its larger than what the phone storage can hold.

be aware that its a very slow process,and your phone isnt hung,so resist all urges to unplug,lick,or pester it ;)

i personally dumped all partitions individually,then the big dump right after s off,with su installed but everything else untouched.
 
Z

Zwitterion

Senior Member
Dec 15, 2009
534
127
Scotty, could there be an implementation of this in some fashion? Perhaps a more complete RUU than dottat's (excellent) efforts?

Have keys ever been leaked such that custom RUU's could be built and then signed? This would alleviate S-ON issues, as a signed RUU could be regardless of status.


scotty1223 said:
another optiuon worth exploring to restore everything to 100% stock would be to simply dump mmcblk0(not mmcblk0px)

that dumps everything in one big huge file. in theory.restoring it later would fix every last little detail that had been modded. on m7,you may need a 64gb phone to do it. on m8,youll have to dump that to an external sd,as its larger than what the phone storage can hold.

be aware that its a very slow process,and your phone isnt hung,so resist all urges to unplug,lick,or pester it ;)

i personally dumped all partitions individually,then the big dump right after s off,with su installed but everything else untouched.
Click to expand...
Click to collapse
 
scotty1223

scotty1223

Inactive Recognized Contributor
Jan 3, 2011
2,813
3,056
godhamba said:
Scotty, could there be an implementation of this in some fashion? Perhaps a more complete RUU than dottat's (excellent) efforts?

Have keys ever been leaked such that custom RUU's could be built and then signed? This would alleviate S-ON issues, as a signed RUU could be regardless of status.
Click to expand...
Click to collapse

Dottats ruus are as good they get,for being home made. M7 has an official,decrypted ruu which is literally no different and yet this problem still exists.

One could certainly dd mmcblk0,then dd it back in efforts to restore to stock,but with a vzw device there's always that risk as long as they're keeping devices off the unlock list.

No keys have ever been leaked that I am aware of. HTC employees lose their jobs over things like that ;)

Sent from my HTC One_M8 using Tapatalk
 
Z

Zwitterion

Senior Member
Dec 15, 2009
534
127
Holy Crap! Thank god I flashed my M7 with the signed RUU before getting warranty service. I can't imagine a signed RUU resulting in a *tampered*. But I'm glad you posted this thread - it makes me realize that getting safely back to S-ON isn't simply a guaranteed thing, though it's often discussed as if it is.

I would think that HTC employees could lose their jobs for leaking RUUs but that still happens, no? Then again, what the hell do I know.

scotty1223 said:
Dottats ruus are as good they get,for being home made. M7 has an official,decrypted ruu which is literally no different and yet this problem still exists.

One could certainly dd mmcblk0,then dd it back in efforts to restore to stock,but with a vzw device there's always that risk as long as they're keeping devices off the unlock list.

No keys have ever been leaked that I am aware of. HTC employees lose their jobs over things like that ;)

Sent from my HTC One_M8 using Tapatalk
Click to expand...
Click to collapse
 
D

davidmatt34

Senior Member
Oct 16, 2010
69
8
So if I have an M8 with S-on would I be able to do that and restore another M8 with S-off? If so what is the correct syntax for ADB?
 
B

Black Antitoon

Senior Member
May 3, 2008
373
47
33
Zurich (Switzerland)
lucky_strike33 said:
I'm sending my phone to HTC for one time cracked screen phone replacement. Should I just relock the device and leave soff??

My All New One
Click to expand...
Click to collapse
You might want to read this thread: http://xdaforums.com/showthread.php?t=2767547

And, in particular, this post: http://xdaforums.com/showpost.php?p=53105706&postcount=20

Long story short: HTC is showing to be very picky in the US with the Advantage program, and refusing to repair screens for free even if you just unlocked the phone. However, the guy there had the screen repaired for free being 100% stock but S-OFF. Which doesn't mean that you will for sure, but is encouraging. :)
 
You must log in or register to reply here.

Similar threads

M
[GUIDE] How To S-Off; Permanent Root; Custom Recovery
Replies
563
Views
238K
redpoint73
redpoint73
dottat
RUU M8_VZW files (s-off only)
Replies
416
Views
180K
dottat
dottat
dottat
EXE/ZIP RUU M8_VZW 5.0.1 (s-off only)(StageFrightPatched)(newest)
Replies
713
Views
151K
dottat
dottat
blacknet101
Verizon HTC One M8 on T-Mobile
Replies
202
Views
167K
E
EpicPlayer
dottat
EXE/ZIP RUU M8_VZW 4.4.4 (s-off only)
Replies
439
Views
91K
S
siddharthsachdeva

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 14
    scotty1223
    scotty1223
    i got this pm and i thot it was worth everyone to see. while i do not recomend turning any device s on,a verizon device that is not unlockable via htcdev is of much more importance,as the only thing that can rescue it is a new enough,signed RUU.

    it really is not worth the risk,i promise.

    nicholi2789 said:
    scotty1223 said:
    nicholi2789 said:
    Hey there, Sorry to bother you with a PM like a noob, but I just have a quick question for you. I have just received a Certified like new replacement M8 from Verizon because my original one had a manufacturer defect. My original one was S-OFF, rooted, with custom recovery and the latest firmware (1.55.605.2) from Verizon. I'm trying to get it back to as close to stock as possible so Verizon doesn't try and say I modified it and mak me pay for it. I already un-rooted it, flashed stock recovery, and took the latest OTA so my radios match my software version. Then I followed this thread: http://xdaforums.com/showthread.php?t=2708571
    to re-lock the bootloader and set the lock status flag. It says locked again in fastboot.
    The only thing I have left is the S-OFF that displays in fastboot. I'm trying to find a way to reset that, or at least modify it so it shows S-ON. That way if by some weird chance a Verizon employee boots it to fastboot it will show completely stock and S-ON.
    Now i've found this thread: http://xdaforums.com/showthread.php?t=2475216 for resetting the S-OFF flag. I posted in it and asked if it would work on the M8 and nobody could give me an answer. XDA member brymaster5000 told me to ask you and that you could provide an answer.
    So finally, my question is, will this fastboot command "fastboot oem writesecureflag 3" work to set my M8 back to S-ON? I know it works on the M7 but nobody can tell me for sure on the M8.
    Thanks alot for your time.
    Nick
    Click to expand...
    Click to collapse
    I would very strongly recommend that you do not turn s on. Phones came s off ,so leaving out that way is not an issue.

    Turning s on may open a can of worms that you cannot recover from,and then you're paying for a phone for sure.

    As long as your stock rom, recovery and locked you're good to go

    Sent from my HTC One VX using Tapatalk
    Click to expand...
    Click to collapse
    What do you mean phones came s-off? Verizon sent people m8s that already were s-off? It just seems like a super obvious indication that the device was modified. Your not the first person that has said that going back to s-on is a bad idea, so I will listen and not tempt fate. But iam curious, What can happen by doing that command that could cause such problems? And don't stock RUUs return you to s-on? Or do they just reset everything else but s-off?
    Click to expand...
    Click to collapse

    before any phone is released,batches are sent off to testers and these devices are always s off. i have owned several factory s off devices,and there is no way of proving the phone you have did not come this way. further, large phone resellers are able to use factory htc diagnostic files to clear security data(sim lock,s off,cid/mid),wich again is a legitimate reason a phone is s off.finding s off in the bootloader is not by any means a "super obvious" indication of having been messed with.

    turning the phone s on could cause the tampered flag to reset(we dont completely understand all the things that trip it) or you could end up locked into bootloader with a security warning if the boot,system or recovery are not stock enough. either of these things ARE super obvious indicators that you have messed with it,and tried to hide it.

    in the case of the security warning,the only course of action is to:
    1)run a signed ruu(wich must meet many criteria since youre now s on)
    or
    2)re-unlock the bootloader. as you know,using htcdev to unlock is not possible with vzw

    an ruu does not change/update the partition where the secutity flag lives and thus will NOT turn you s on.
    View
    4
    Neo
    Neo
    Let's not provide information on ways to destroy phones so that the carrier is unable to find reason to it's demise just so a refurb can be issued.
    It's dishonest and heavily teeters on legalities.
    Bottom line, if you used firmware to remove locks, you can do the same to put them back on if wishing to return the phone.

    Thank you,

    Neo
    Forum Moderator
    View
    3
    wtoj34
    wtoj34
    Thanks for the write up, this should help some users decide. Wish it was as easy as flashing a pit file in Odin :p. That's one of the main reasons I've yet to root/s-off. HTC devices still confuse me xD

    Sent from my HTC6525LVW using Tapatalk
    View
    3
    L
    l7777
    People need to realize that verizon reps and techs see hundreds of phones, they don't know the details of every device. The security and bootloader status is obvious to us because it's our device and we know everything about it. To a samsung person they won't know WTF your talking about.



    Scotty, Would one be able to save their device if they had S-Off, modified the CID, then used HTCDev to get their unlock token before embarking on an endeavor to re-lock the phone? In theory would they be able to use the unlock token even after the CID was changed back and the security flags turned on?
    View
    3
    scotty1223
    scotty1223
    l7777 said:
    Scotty, Would one be able to save their device if they had S-Off, modified the CID, then used HTCDev to get their unlock token before embarking on an endeavor to re-lock the phone? In theory would they be able to use the unlock token even after the CID was changed back and the security flags turned on?
    Click to expand...
    Click to collapse

    Not really... More later

    Sent from my HTC One VX using Tapatalk
    Click to expand...
    Click to collapse

    the prollem is that the vzw cid/mid are blocked(by vzws request :mad: ) at htcdev. changing the cid and/or mid will let you get an unlock_code.bin that will officially unlock the bootloader,but this token is only good while the phone contains these same parameters. i.e., you cant get yourself a token,then change the cid and mid back to stock and have the "safety net" of a token in case of a catastrophic security warning. cid,mid,esn,etc must all stay same in order for the token to continue working.

    Q:"well,what if i just leave the cid/mid at something different?"
    A:that may work,but it may set the tampered flag if the phone realizes that those partitions no longer match. since the cid and mid live in write protected partitions,its also possible what once s is on and the phone starts checking things in its boot sequence,that the processor may freak out,and go into a "do not boot" mode when signitures do not match what they should. (read "do not boot" as: pretty affective hard brick only recoverable by jtag)

    plus,even if the phone did boot,and did not set the tampered flag, the phone is not stock,and may fail OTAs or have other issues that may affect users the phone is sent back out to,or may give it away that you have modified it.

    the fact is,that these phones are not checked very well,as was said above. the chance of it being noticed that the s off phone is even different than others is slim to none,and it is quite possible that the phone will make it back out into the wild as a refurb without any sort of refurbishing process. if you thot all phones were hooked to a master computer that completely reset things,checked hardware,flashed the newest firmware,and reset things like supercid,simlock and s off,youd be mistaken. ;) due to this fact,it is my strong opinion that patched hboots(displaying incorrect info of locked and s on),or incorrect cid/mids are extremely unethical and should never be sent in to fraud htc or the carriers,espeically since it may affect other users. returning the phone to a stock,locked s-off state is honest,and will not affect a future users esperince. the device will OTA and funtion normally and the unsavy user will never even know they have a device that is special :)

    hope that cleared it up some.

    also,sorry if either of my replies earlier were rude,they were not intended to be,im only able to text to speech short replies while im at work.
    View

New posts