[Guide] Quick And Dirty Evo 3D/V Root & S-OFF (Sprint and Virgin Mobile Only)

Search This thread

mpgrimm2

Senior Member
Nov 5, 2011
1,759
1,181
Greenville, SC
I would stay away from the 2.89 based Sprint kernel (meanrom folder). It has different header addresses that may not be compatible with 3rd party kernel installers you might plan to try later (causing a bootloop, but u can work around it). Better off with the VM ICS Leak kernel that is default with Meanrom.

Sent from my "Up all night, Sleep all day" EVO3D!
 

LostRib

Senior Member
Jun 28, 2011
189
6
Is there any security risk in using the JuopunutBear hboot over the original, or the use of the 4ext recovery manager?
 

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
Security questions about rooting and S-OFF

Is there any security risk in using the JuopunutBear hboot over the original, or the use of the 4ext recovery manager?
That depends on what you mean by security.

As far as the integrity of your phone, neither method is going to damage it but the wire trick might corrupt the SD card contents. That can easily be fixed by formatting and restoring the SD card. 4EXT recovery is just a tool to take advantage of being rooted and S-OFF, and I don't think it inherently represents a security risk.

If you're asking if being rooted and S-OFF has security risks associated with it, to some extent it does, and some software doesn't run on rooted devices. The "S" in S-ON stands for "Security", in this case to protect the NAND memory of the phone, and once you turn that off you need to be a lot more careful about how and what you flash as I indicated in the warning on the OP of this thread.

Some companies and government agencies don't allow rooted phones to be used on their networks so you might want to check that if you work for one of those organizations. Rooting (and jailbreaking for iPhones) has generally been associated with hacking, even though that's not why the majority of us root and gain S-OFF for our phones.

Does that answer your question?

ramjet73
 
Last edited:

LostRib

Senior Member
Jun 28, 2011
189
6
That depends on what you mean by security.

As far as the integrity of your phone, neither method is going to damage it but the wire trick might corrupt the SD card contents. That can easily be fixed by formatting and restoring the SD card. 4EXT recovery is just a tool to take advantage of being rooted and S-OFF, and I don't think it inherently represents a security risk.

If you're asking if being rooted and S-OFF has security risks associated with it, to some extent it does, and some software doesn't run on rooted devices. the "S' in S-ON stands for security, in this case to protect the NAND memory of the phone, and once you turn that off you need to be a lot more careful about how and what you flash as I indicated in the warning on the OP of this thread.

Some companies and government agencies don't allow rooted phones to be used on their networks so you might want to check that if you work for one of those organizations. Rooting (and jailbreaking for iPhones) has generally been associated with hacking, even though that's not why the majority of us root and gain S-OFF for our phones.

Does that answer your question?

ramjet73
I more meant does using the JuopunutBear bootloader and 4ext open your phone to the possibility to be exploited. I'm sure that the programs are trustworthy, I'm just paranoid of giving "unknown" programs open access to my phone. In other words, is there risk of malevolent code that could be installed, and thus garner passwords, personal info, etc. In addition, what is gained by getting S-OFF, over just the HTC unlock method? What is the benefit?
 

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
I more meant does using the JuopunutBear bootloader and 4ext open your phone to the possibility to be exploited. I'm sure that the programs are trustworthy, I'm just paranoid of giving "unknown" programs open access to my phone. In other words, is there risk of malevolent code that could be installed, and thus garner passwords, personal info, etc. In addition, what is gained by getting S-OFF, over just the HTC unlock method? What is the benefit?
Not specifically, but generically rooting and gaining S-OFF for your phone by definition makes it easier for you to modify, and in turn potentially for malware to makes changes that couldn't be made if you stay stock. You definitely have to be a lot more careful about what you install and how you install it once you are rooted and S-OFF.

I'm not going to try to convince you to do the procedure as that is a decision only you can make. Reading this article may help and I'm sure you can find more references and opinions on the risks and benefits of rooting by searching the Internet.

ramjet73
 

LostRib

Senior Member
Jun 28, 2011
189
6
Not specifically, but generically rooting and gaining S-OFF for your phone by definition makes it easier for you to modify, and in turn potentially for malware to makes changes that couldn't be made if you stay stock. You definitely have to be a lot more careful about what you install and how you install it once you are rooted and S-OFF.

I'm not going to try to convince you to do the procedure as that is a decision only you can make. Reading this article may help and I'm sure you can find more references and opinions on the risks and benefits of rooting by searching the Internet.

ramjet73
I just get paranoid, but the files in this guide should be clean? It's the programs/ROMS down the line i need to worry about?
 

sullivan7221

Senior Member
Oct 11, 2009
647
1,073
Grand Rapids, MI
Ok guys, I need help. There are too many guides, tutorials and suggested methods that I can't chose the right one.
I have a EVO 3d from sprint.
The bootloader reads....
-Revolutionary-
SHOOTER XC SHIP S-OFF RL
HBOOT 1.40.1100
RADIO-1.09.00.0706
eMMC-bootJun 8 2011,17:20:22

It is hardware 002 and is currently running CleanRom Ics BE, 4.0.3, sense 3.6, kernel version is 3.0.16-g4211684 htc-kernel@u18000-build144 #1
Build # is 2.89.651.2 CL409645 release-keys
PRI Version 1.43_003
PRL Version 21090

Sheeesh! Lot of info there. So what I'm getting at is I'm having issues with all ics Roms. Either I get bootloops or WiFi is intermittent. From what I've gathered I need a Ics hboot, ie, 1.58 in order to run ICS kernels the right way?? The guides I've read to upgrade the hboot to 1.58 look to be for the HTC dev unlocked folks which I am not.
What do I need to do to be current??
Is my radio current?
Is my software current?
Do I need to upgrade hboot?
Do I need to relock, ruu, then unlock again?

Can anyone help? Thanks in advance!!

Sent from my EVO using xda premium
 

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
I just get paranoid, but the files in this guide should be clean? It's the programs/ROMS down the line i need to worry about?
Yes, the QADERSO.zip file is the only download required for this guide and it was scanned multiple times for malware, and I haven't had any reports of problems with the files contained in that .zip.

As far as future program and ROM/kernel files go, there are apps from some pretty well known names in malware detection available for Android including Avast and Kaspersky and I would suggest you look into installing one of those, even if you stay stock.

ramjet73
 
  • Like
Reactions: LostRib

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
Information for users already S-OFF

Ok guys, I need help. There are too many guides, tutorials and suggested methods that I can't chose the right one.
I have a EVO 3d from sprint.
The bootloader reads....
-Revolutionary-
SHOOTER XC SHIP S-OFF RL
HBOOT 1.40.1100
RADIO-1.09.00.0706
eMMC-bootJun 8 2011,17:20:22

This guide is for S-ON users, but I'll try to help anyway.

You are already S-OFF so you should be OK running the ICS ROM's except for a few that require the 1.58 bootloader. In your situation, I would recommend running the RUU.exe contained in the QADERSO.zip download for this guide from Windows to make sure everything is in sync with the official Sprint ICS build, then flashing the JBear Sprint ICS bootloader from post #7 of mpgrimm2's hboot thread linked a few posts above and on the OP of this thread after Step3. If you want to run GB or AOSP ROM's later you will need to downgrade your hboot to a lower version as documented in the hboot thread.

Then install 4EXT recovery by putting the phone into fastboot USB mode and using the "fasboot flash recovery recovery.img" as documented in Step2 of this guide. After that you can either continue with Step2 of this guide and root the stock ICS ROM, or use 4EXT recovery to flash a custom rooted ROM of your choice.

You won't need to do Step3 of this guide since you are S-OFF already.

ramjet73
 
Last edited:

sullivan7221

Senior Member
Oct 11, 2009
647
1,073
Grand Rapids, MI
This guide is for S-ON users, but I'll try to help anyway.

You are already S-OFF so you should be OK running the ICS ROM's except for a few that require the 1.58 bootloader. In your situation, I would recommend running the RUU.exe contained in the QADERSO.zip download for this guide from Windows to make sure everything is in sync with the official Sprint ICS build, then flashing the JBear Sprint ICS bootloader from post #7 of mpgrimm2's hboot thread linked a few posts above and on the OP of this thread after Step3. If you want to run GB or AOSP ROM's later you will need to downgrade your hboot to a lower version as documented in the hboot thread.

Then install 4EXT recovery by putting the phone into fasboot USB mode and using the "fasboot flash recovery recovery.img" as documented in Step2 of this guide. After that you can either continue with Step2 of this guide and root the stock ICS ROM, or use 4EXT recovery to flash a custom rooted ROM of your choice.

You won't need to do Step3 of this guide since you are S-OFF already.

ramjet73

So forgive me for pestering you again kind sirs, but.... Won't flashing one of jbeats hboots remove s-off??
And I guess most importantly... Do I download the hboot from http://unlimited.io/downloads/hboots/ ?? And do I get the hboot from shooter/ or shooter u/? Annnnd.... I want the ics/jb_hboot.zip correct?

Sent from my EVO using xda premium
 
Last edited:

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
So forgive me for pestering you again kind sirs, but.... Won't flashing one of jbeats hboots remove s-off??
No. That's an urban myth. :)

The only way to remove S-OFF and set radio security back to S-ON is to use the "fastboot oem writesecureflag 3" command and you don't want to do that unless you have a stock signed bootloader installed, such as the 1.58 bootloader installed with the RUU, or you will brick the phone.

ramjet73
 
  • Like
Reactions: sullivan7221

sullivan7221

Senior Member
Oct 11, 2009
647
1,073
Grand Rapids, MI
No. That's an urban myth. :)

The only way to remove S-OFF and set radio security back to S-ON is to use the "fastboot oem writesecureflag 3" command and you don't want to do that unless you have a stock signed bootloader installed, such as the 1.58 bootloader installed with the RUU, or you will brick the phone.

ramjet73

Ah, ok. I see. So I revised my post above yours with a few more questions.... Mind answering those as well? Sorry. Thanks for the quick response though!

Sent from my EVO using xda premium
 

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
Ah, ok. I see. So I revised my post above yours with a few more questions.... Mind answering those as well? Sorry. Thanks for the quick response though!

Regarding the hboots, I recommended getting them from post #7 of mpgrimm2's thread on bootloader differences in my original response to your first post. That thread explains the difference between the various bootloaders and gives you downloads for all of them in one place. The unlimited.io site has only the JBear hboots with no explanation of the differences.

I also recommended starting with the JBear Sprint ICS (1.58.5858) version, but you may need to downgrade if you decide to run GB or AOSP ROM's.

ramjet73
 
  • Like
Reactions: sullivan7221

sullivan7221

Senior Member
Oct 11, 2009
647
1,073
Grand Rapids, MI
Regarding the hboots, I recommended getting them from post #7 of mpgrimm2's thread on bootloader differences in my original response to your first post. That thread explains the difference between the various bootloaders and gives you downloads for all of them in one place. The unlimited.io site has only the JBear hboots with no explanation of the differences.

I also recommended starting with the JBear Sprint ICS (1.58.5858) version, but you may need to downgrade if you decide to run GB or AOSP ROM's.

ramjet73

Thanks again!

Sent from my EVO using xda premium
 

LostRib

Senior Member
Jun 28, 2011
189
6
Yes, the QADERSO.zip file is the only download required for this guide and it was scanned multiple times for malware, and I haven't had any reports of problems with the files contained in that .zip.

As far as future program and ROM/kernel files go, there are apps from some pretty well known names in malware detection available for Android including Avast and Kaspersky and I would suggest you look into installing one of those, even if you stay stock.

ramjet73

Yeah, I rooted today using the guide although I kept the stock bootloader instead of the modified Jbear one. Is it okay that the bootloader says Locked but I have S-OFF?
I actually also downloaded the Avast security app today since I heard it was pretty good with a firewall and anti-theft.

Thanks for the help.
 

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
Yeah, I rooted today using the guide although I kept the stock bootloader instead of the modified Jbear one. Is it okay that the bootloader says Locked but I have S-OFF?
I actually also downloaded the Avast security app today since I heard it was pretty good with a firewall and anti-theft.

Thanks for the help.

Congratulations!

Yes, the "***LOCKED***" status is good because that's the way it comes from the factory and if you HTC unlock and then lock it will show "***RELOCKED***" as a flag to HTC/Sprint that the phone was unlocked at some point. However, the locked stock 1.58 bootloader that you have now will not let you do fastboot commands like "flash" and "erase" but you might not need those if you can do everything from the phone. Now that you are S-OFF the bootloader can be changed by flashing a PG86IMG.zip file in the current bootloader, so it's easy to switch later if you need the fastboot commands or want to run GB or AOSP ROM's.

I use Avast on my phone as well and it's pretty comprehensive. It automatically scans new apps as they are installed.

ramjet73
 

ramjet73

Senior Member
Jan 12, 2006
9,149
9,621
Honolulu, Hawaii
How to change bootloader (hboot) when S-OFF

Since there have been a lot of questions about bootloaders in this thread and elsewhere in the Evo 3D forums, this post is to make it easier to find and flash the bootloader (hboot) you need. Here are the steps required:

1. Go to mpgrimm2's thread on bootloader differences and read through post #1 to better understand the difference between bootloaders and decide which one you need.

2. Download the bootloader you want to use from post #7. The bootloader zip files attached to that post have both the "SPCS_001" (Sprint) and "SPCS_002" (Virgin Mobile) CID's in the android-info.txt file so they will work with the Evo 3D and the Evo V.

3. Flash the bootloader using one of the two options in post #2. Either placing the PG86IMG.zip in the root of the SD card or using the fastboot method will work regardless of which bootloader is currently installed and whether it is locked or not. Here's a modified fastboot method from the unlimited.io website that clears cache and reboots after flashing:
To flash an HBOOT from fastboot while S-OFF:

1. Put your phone in "fastboot usb" mode

2. Type the following cmds into cmd prompt (windows) or terminal (linux):

fastboot devices <-- to verify connectivity to PC: it should return your serial number
fastboot erase cache
fastboot oem rebootRUU
fastboot flash zip new_hboot.zip
fastboot reboot

The hboot filename can be anything you want, and doesn't necessarily have to be "PG86IMG.zip" using this method.

If you need to flash another ROM before the reboot or do something else in recovery, you can issue the "fastboot boot recovery.img" command instead of "fastboot reboot" to go directly to your custom recovery since there is no "fastboot reboot-recovery" command.

4. Important when flashing a PG86IMG.zip file: If you flash the new bootloader from the current bootloader you must have a way to delete the PG86IMG.zip from the root of the SD card. This can be done in one the following ways:

- Ensure that the ROM currently flashed is bootable with the new bootloader so you can use a file manager in Android to delete the PG86IMG.zip file.

- Remove the SD card from the phone and use an SD card reader on another device to delete the PG86IMG.zip.

- Use the trick in this post (credit to plaidcounty) to get into recovery, then flash a bootable ROM and use the first option above, or use a file manager from recovery to delete the PG86IMG.zip file. If the recovery you use (including the current version of 4EXT) does not have a file manager built in, you can use Aroma File Manager from any recovery by flashing it the way you would any other .zip installation file. Make sure it is somewhere on you SD card and you have it configured and know how to use it before you need it to delete the PG86IMG.zip file.

If you enter the bootloader again without deleting the PG86IMG.zip file, it will only allow you to either flash that file again or do a normal boot into Android, so unless a bootable ROM is already flashed you will not be able to boot Android or start recovery from the bootloader with the SD card installed and end up in a loop.

When the PG86IMG.zip file is used, once a new bootloader is flashed and that file is deleted you need to go into recovery and format cache+dalvik. Until this is done in 4EXT, it will force safe mode and not allow most recovery functions.


I hope this helps those of you that need to change bootloaders after you have completed this guide and are S-OFF with the JuopunutBear Sprint ICS (1.58.5858) or Virgin Mobile ICS (1.57.5757) bootloader.

ramjet73
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 97
    This Quick And Dirty Evo 3D/V Root & S-OFF (QADERSO) guide is for current Sprint and Virgin Mobile (VM) S-ON users, rooted or not, who want to get to a rooted S-OFF configuration of the Sprint or VM ICS stock ROM. There are many other ROM and bootloader options that can be pursued from there.

    I know that there are similar guides available already, but this one is going to be simple with no choices. If you want another recovery or aren't on Sprint or VM go check out one of the other ones, because this is the "Model T" of guides and will get you exactly the following configuration, which I believe is the best base for the Sprint Evo 3D or Virgin Mobile Evo V at this time:

    1. Rooted Sprint ICS build 2.89.651.2 or VM ICS build 1.13.652.2
    2. 4EXT Recovery with Updater or Control App
    3. JuopunutBear S-OFF with JBear Sprint ICS (1.58.5858) bootloader or JBear VM ICS (1.57.5757) bootloader

    If you want to modify this configuration and know how, feel free, but I'm only documenting how to get from your current configuration, whatever that is, to the one above. I am providing tips and references if you get stuck, but please don't ask about other configurations, recoveries, etc., in this thread.

    Should you decide to modify the procedure, please explain that in any post made in this thread for assistance. That's your choice, but it would help me and any one else trying to provide support in this and other threads to have that information.

    There are tips and references for each step at the end of this post in case you get stuck, but if you read all the instructions and follow this procedure carefully, hopefully you won't need them.

    Prerequisites:

    1. Sprint Evo 3D or Virgin Mobile Evo V phone that is S-ON, on any ROM, rooted or not.
    2. Windows PC or notebook to run the utilities and access the websites.
    3. MicroUSB to USB cable to connect the phone to the computer.
    4. Shielded wire for the JuopunutBear wire trick.
    5. Something to drink while the RUU.exe runs for about 10 minutes.

    Before you start, download the QADERSO-V2-S.zip (mirror) file (for Sprint users) or QADERSO-V2-VM.zip (mirror) file (for Virgin Mobile users) and unzip it to somewhere on a Windows PC. It includes all the software you need to complete this procedure.

    If you would like a Microsoft Word version of this guide and detailed instructions for the JuopunutBear wire trick, you can download it from here. Thanks to mpgrimm2 for putting that together.

    Flashing the RUU.exe in Step1 will reset all the partitions on your phone except those on the SD card so I'd also recommend backing up anything you want to keep to the SD card before starting. If you don't have root yet, MyBackup is a good alternative to Titanium Backup and other utilities that require root.

    ***Step1: Install ICS RUU

    If you are using this guide with a new/replacement unrooted phone you can go to Step2 since flashing the RUU returns the phone to the same stock configuration. VM users should apply the OTA update from the "System updates" options in system settings before starting Step2 if it hasn't already been done since that requires a stock configuration.
    VM users: If the November VM OTA update (1.14.652.0) was installed and the phone is rooted with a custom recovery and ROM, please see this post for instructions on how to prepare the phone to run the RUU.exe. If both the November and March OTA (2.95.652.5) were installed there is no way to flash the RUU so proceed to Step2, or if already rooted flash a stock rooted ROM from this post then go directly to Step3.

    Sprint users: If the March OTA ((2.95.651.5) is installed and the phone is unrooted proceed directly to Step2. If the March OTA is installed and it's rooted see this post for instructions on how to prepare for flashing the RUU.
    Start by installing the Sprint 2.89.651.2 RUU.exe or Virgin Mobile 1.13.652.2 RUU.exe from Windows. It doesn't take much longer than flashing a stock ROM and includes all the firmware so the phone will be totally in sync with the official ICS build. Flashing the RUU can also resolve problems with the HTC unlock process if the OTA was used to update to the official Sprint ICS version or a custom recovery and ROM have already been flashed.

    If you are already HTC unlocked, relock the bootloader using the "fastboot oem lock" command. You should know how to run fastboot commands from a PC if you have already unlocked.

    If you have never HTC unlocked or have relocked successfully, connect the phone to the PC via a USB cable in "fastboot USB" mode then run the RUU.exe from the /QADERSO/RUU directory in Windows. The program has a GUI interface and is pretty much self-explanatory, but there is a readme.doc in the same directory that covers the process and possible errors.
    VM users: Now would be a good time to download and install the OTA updates since they will flash updated firmware and patches to the stock software, and cannot be installed once a custom recovery is flashed in Step2. Just go to Settings/System updates/HTC Software, press check now, then download each of the two OTA updates (November and March) and follow the instructions to install them. The software patches will be overridden once a custom ROM is flashed, but the firmware updates will remain and should improve radio reception.

    Sprint users: Installing the March OTA at this point will avoid having to flash the firmware only zip file for that update after getting S-OFF. To do that go to Settings/System updates/HTC Software, press check now, then download the update and follow the instructions to install it.


    ***End of Step1

    ***Step2: HTC Unlock, flash 4EXT recovery and superuser

    Navigate to the /QADERSO/Root directory and open a command prompt by clicking on the "cmd" file in that directory. If you have HTC Sync installed go to the Windows control panel and uninstall just the sync program but leave the drivers installed. This is required by the JuopunutBear utility in Step3. If you don't have the HTC Sync program or drivers installed and are not using Windows 8, double click the HTCDriver3.0.0.007.exe file in the /QADERSO/Root directory to install only the HTC USB drivers. If you are using Windows 8 and don't have the HTC USB drivers already installed a compatible .exe setup can be downloaded here.

    If you have never done the HTC unlock procedure, go to htcdev.com and signup then follow the instructions to get your bootloader unlocked. The programs you need to do the HTC unlock procedure are already in the /QADERSO/Root directory, so you can skip step 5 on the htcdev website.

    If you have already HTC unlocked, you know the routine and need to do it again after flashing the RUU. You can use the same unlock_code.bin from your previous unlock.

    Put the phone in "fastboot USB" mode by removing/replacing the battery, holding Power+VolumeDown buttons until the bootloader starts up, highlighting the "fastboot" entry by using the VolumeUp/VolumeDown buttons to navigate, selecting it with the Power button, then connecting it to your computer. The "fastboot" status should change to "fastboot USB".

    When the phone is in "fastboot USB" mode, enter the following commands from the prompt:

    "fastboot devices" (should show the serial number of your phone, beginning with "HT")
    "fastboot flash recovery recovery.img"
    "fastboot boot recovery.img"

    After the phone reboots into 4EXT recovery, select the "toggle usb storage" menu item from 4EXT recovery and copy the SuperSU-v0.96.zip file from the /QADERSO/Root directory on the PC to the root of the SD card on the phone. Eject the SD card from the PC and go back to the main menu of 4EXT.

    Flash SuperSU-v0.97.zip from 4EXT recovery using the "Install from sdcard" menu item and selecting it from the root of the SD card. Go back to the main 4EXT menu and select "reboot now" from 4EXT and perform the initial setup of the stock ICS ROM after the boot completes.

    Your phone now has the 4EXT custom recovery and a rooted stock ICS ROM with SuperSU.

    Once the procedure is complete and you've booted into your rooted, stock configuration, you need to install either 4EXT Recovery Updater from the 4EXT website, or better yet purchase and install 4EXT Recovery Control from the Play Store. Then use the update function in the app you chose to get the current version of 4EXT.

    You should start the SuperSU app to make sure it is working properly and updated to the current version. BusyBox also needs to be installed from the Play Store for 4EXT and other root apps and I recommend the installer by Stericson.

    ***End of Step2


    ***Step3: Perform JuopunutBear (wire trick) to get S-OFF status
    Important Note:
    The unlimited.io team has withdrawn support for all Windows versions of the JBear utility (controlbear.exe). Do not go to their IRC channel for support while following this guide as they will not be willing to help anyone using Windows instead of Linux for the wire trick. If you are unable to get S-OFF using this guide you will need to flash the RUU again and go to the the unlimited.io website to download a Linux version and follow their procedures.

    Since the JuopunutBear wire trick now requires Ubuntu Linux to use the supported procedure Evo 3D users might also want to consider unknownforce's Ultimate Recovery Tool 3.0 which has recently been updated and streamlined. Unfortunately it won't work for Evo V 4G users since there is no Virgin Mobile GB RUU that can be used as part of that S-OFF process.
    The wire trick is not difficult, but it can be a little confusing. It would be worth spending a little time reviewing the tips and references for Step3 at this point so the process goes smoothly.

    Connect the phone to your PC with your stock rooted ROM booted and the USB debug option on in the developer settings.

    Navigate to the /QADERSO/JBear directory, right click on controlbear.exe and "run as administrator", and then follow the prompts on the PC and the phone screen. Make sure to have an insulated wire ready for the wire trick, and select the JBear version of the bootloader when that prompt comes up. Yes, it's really that easy to get S-OFF.

    If you flash a stock bootloader later it will show ***LOCKED*** as the status, but that's usually not a problem if the phone is S-OFF. It's actually good since that means there is no indication that the phone was ever unlocked, unlike the ***RELOCKED*** status after doing the HTC unlock/relock. By selecting the JBear version of the bootloader, the same fastboot commands will be available from a PC as with an unlocked bootloader.

    You may have to activate your phone again after performing the wire trick. That is normal and should be done automatically from the phone on your first boot if it is required.

    ***End of Step3

    WARNING: When you are S-OFF, PG86IMG.zip files can be flashed from the bootloader without being signed, which means you can flash any bootloader or firmware you want. But be careful and always make sure the stuff you are flashing is designed for your phone, or you may have serious problems if you force something to flash that was designed for another carrier or phone.

    If you need to change the bootloader (hboot) version to run GB or AOSP ROM's you can find them in post #7 of mpgrimm2's thread on bootloader differences. There are instructions in this post for how to flash another bootloader with this configuration in place if you used this guide.

    The following informational posts have been added to this thread:

    1. Troubleshooting RUU.exe problems
    2. Security questions about rooting and S-OFF
    3. S-ON versus S-OFF
    4. Information for users already S-OFF
    5. How to change bootloader (hboot) when S-OFF
    6. Temp root for current GB users
    7. Recovery Comparison: TWRP2 versus 4EXT
    8. Returning to stock configuration
    9. Information on the Aroma installer
    10. Updating 4EXT Recovery
    11. QADERSO Version 2 with Virgin Mobile added
    12. OTA Updates for Virgin Mobile users
    13. OTA Update for Sprint users
    14. Information for Linux users
    15. JuopunutBear update

    Please post any suggestions for making this process simpler and easier in this thread, but I intend to keep this guide as barebones as possible.

    Tips and References for Step1: Flashing the RUU.exe

    Tips

    1. Make sure to put the phone into "fastboot USB" mode in the bootloader by removing/replacing the battery and using VolumeDown+Power to boot into the bootloader. The RUU is also supposed to work if you connect the phone to the PC while booted into Android, but I've found fastboot USB to be more reliable.

    2. If you get a 17x error it has something to do with the USB connectivity. Make sure your phone is properly connected to the PC and in "fastboot USB" mode and try again.

    3. If the RUU.exe stops in the middle of flashing the update, it's OK to cancel the Windows utility and restart it. This has happended to me a few times when I've had custom bootloaders installed.

    References

    1. HTC Readme.doc for flashing an RUU.exe is in the /QADERSO/RUU directory.

    2. Download for HTC driver installer compatible with Windows 8.

    3. The mpgrimm2 guide for flashing RUU's.

    Tips and References for Step2: HTC Unlock, Flashing 4EXT Recovery and Superuser

    Tips

    1. On current Windows systems you can open a command prompt in a specific directory by using Windows Explorer to navigate to that directory and pressing Shift+MouseRightClick on blank area, then selecting "Open a command prompt here".

    2. Make sure the phone is in "fastboot USB" mode and the bootloader has been HTC unlocked after flashing the RUU.exe or the fastboot commands will fail.

    3. If you need to manually boot into recovery it can be done from the bootloader.

    References

    1. The HTC unlock overview diagram is in the /QADERSO/Root directory

    2. The mpgrimm2 guide for flashing recovery and superuser.

    3. The HTC Developer website.

    4. The 4EXT Recovery website and HTCEvoHacks installation instructions for 4EXT Recovery Updater with video.

    5. Instructions for installing 4EXT apps.

    6. The SuperSU XDA thread.

    Tips and References for Step3: JuopunutBear (wire trick) S-OFF Method

    Tips

    1. Watch this zedomax video and this timing video before attempting the wire trick and it will be a lot easier.

    2. Make sure to backup your SD card to a PC before using it for the wire trick.

    3. Remove the back cover to prepare for the wire trick but make sure to watch the phone's screen for superuser requests that need to be approved.

    4. Do not touch the uninsulated part of the wire with your fingers while performing the wire trick.

    5. Only short taps are required for the wire trick.

    6. If unsuccessful with the wire trick try a smaller capacity SD card.

    7. If the SD card used for the wire trick gets corrupted it can be reformatted and restored from the backup on the PC.

    References

    1. JuopunutBear overview, basic instructions and prerequisites.

    2. JuopunutBear instructions and downloads for the Evo 3D.

    3. Troubleshooting and Support pages on the unlimited.io website.

    4. JuopunutBear thread on XDA.
    29
    How to change bootloader (hboot) when S-OFF

    Since there have been a lot of questions about bootloaders in this thread and elsewhere in the Evo 3D forums, this post is to make it easier to find and flash the bootloader (hboot) you need. Here are the steps required:

    1. Go to mpgrimm2's thread on bootloader differences and read through post #1 to better understand the difference between bootloaders and decide which one you need.

    2. Download the bootloader you want to use from post #7. The bootloader zip files attached to that post have both the "SPCS_001" (Sprint) and "SPCS_002" (Virgin Mobile) CID's in the android-info.txt file so they will work with the Evo 3D and the Evo V.

    3. Flash the bootloader using one of the two options in post #2. Either placing the PG86IMG.zip in the root of the SD card or using the fastboot method will work regardless of which bootloader is currently installed and whether it is locked or not. Here's a modified fastboot method from the unlimited.io website that clears cache and reboots after flashing:
    To flash an HBOOT from fastboot while S-OFF:

    1. Put your phone in "fastboot usb" mode

    2. Type the following cmds into cmd prompt (windows) or terminal (linux):

    fastboot devices <-- to verify connectivity to PC: it should return your serial number
    fastboot erase cache
    fastboot oem rebootRUU
    fastboot flash zip new_hboot.zip
    fastboot reboot

    The hboot filename can be anything you want, and doesn't necessarily have to be "PG86IMG.zip" using this method.

    If you need to flash another ROM before the reboot or do something else in recovery, you can issue the "fastboot boot recovery.img" command instead of "fastboot reboot" to go directly to your custom recovery since there is no "fastboot reboot-recovery" command.

    4. Important when flashing a PG86IMG.zip file: If you flash the new bootloader from the current bootloader you must have a way to delete the PG86IMG.zip from the root of the SD card. This can be done in one the following ways:

    - Ensure that the ROM currently flashed is bootable with the new bootloader so you can use a file manager in Android to delete the PG86IMG.zip file.

    - Remove the SD card from the phone and use an SD card reader on another device to delete the PG86IMG.zip.

    - Use the trick in this post (credit to plaidcounty) to get into recovery, then flash a bootable ROM and use the first option above, or use a file manager from recovery to delete the PG86IMG.zip file. If the recovery you use (including the current version of 4EXT) does not have a file manager built in, you can use Aroma File Manager from any recovery by flashing it the way you would any other .zip installation file. Make sure it is somewhere on you SD card and you have it configured and know how to use it before you need it to delete the PG86IMG.zip file.

    If you enter the bootloader again without deleting the PG86IMG.zip file, it will only allow you to either flash that file again or do a normal boot into Android, so unless a bootable ROM is already flashed you will not be able to boot Android or start recovery from the bootloader with the SD card installed and end up in a loop.

    When the PG86IMG.zip file is used, once a new bootloader is flashed and that file is deleted you need to go into recovery and format cache+dalvik. Until this is done in 4EXT, it will force safe mode and not allow most recovery functions.


    I hope this helps those of you that need to change bootloaders after you have completed this guide and are S-OFF with the JuopunutBear Sprint ICS (1.58.5858) or Virgin Mobile ICS (1.57.5757) bootloader.

    ramjet73
    6
    S-ON versus S-OFF

    What is the real benefit of S-Off? I am 1.5 S-On and know which ROM's I can flash and which ones not to.
    There are actually two types of S-OFF, one is generally known as an unlocked bootloader (hboot S-OFF) which is required to be rooted with S-ON, and the other is radio S-OFF which allows access to more partitions in the phone's NAND memory. If you are interested in more detail on the differences this post by unknownforce has some good explanations.

    If you are currently S-ON with an unlocked bootloader and rooted the boot partition cannot be updated directly from recovery so the kernel (boot.img) must be flashed in one of three ways:

    1. Starting your custom recovery using fastboot commands on a PC to flash the ROM or kernel
    2. Using a recovery tool like 4EXT SmartFlash to flash the boot partition outside recovery
    3. Flashing the kernel (boot.img) in Android from an app like Flash Image GUI

    Method 2 requires that a bootable kernel is already installed and method 3 runs in a booted Android system so they are not always available.

    With radio S-OFF, more partitions can be updated from recovery and the bootloader, so kernels are always flashed at the same time as the rest of the ROM. Custom bootloaders, firmware and splash screens can be installed from the bootloader, which is not possible when S-ON.

    Being radio S-OFF also bypasses the normal main version (mainver) checks, so signed and unsigned updates can be flashed as PG86IMG.zip files from the bootloader even if they are at a lower release level than what is already installed. With S-ON, files flashed from the bootloader must be signed by HTC and there are checks that will not let you downgrade to lower versions of RUU images.

    The real advantage of having a radio S-OFF phone is that it gives you the flexibility to run whatever ROM, firmware, bootloader, splash screen and other components you need without jumping through the hoops that S-ON requires, like flashing an entire RUU to update firmware. And if you should need to flash an RUU to reset your phone to stock, you can do it with S-OFF without having to relock the bootloader and flag to HTC/Sprint that the phone has been modified.

    Given all that, you still need to evaluate whether or not it's worth it for you. The "S" in S-ON stands for "security" and you are definitely less exposed with a phone that is S-ON, but even rooting represents some level of risk. See this post for a discussion of security considerations.

    Hope that helps. Good luck with whatever you decide.

    ramjet73
    5
    Why is not this thread stickied?

    Mods!

    Don't try. d3rpalicious.
    3
    Thanks for the tutorial, I'll let you know if I run into any issues. This will be the first time I root my Evo3D.