Easy S-OFF and rooting procedure without HTCDev unlock

Search This thread

shiropetto

Senior Member
Mar 1, 2011
155
19
kuala lumpur
Well I tried all the steps but the damn phone is still S-ON.
Here is my configuration:
Rooted
Android version: 4.3
Htc sense: 5.5
Software number: 2.21.708.1
Htc sdk api level: 5.65
kernel version: 3.4.10-g158f9a4 root@abm010#1

Please find below my cmd window which just hanged out and a print screen of my bootloader... Hope this helps! Thanks a lot!

View attachment 2602156

View attachment 2602157


Hi, u may try flash again the "firewater". i have same screen when flashing firewater. then, i redo again with proper typos & steps. finally it was done!!!
 

elf_made

Member
Jan 17, 2014
46
13
Bucharest
i had that problem and it was because the screen of the cellphone was turned off, it needs to be on aaaall the time. but now you have kit kat man, sorry for that, you just need to wait!! :)

Well I didn't put kitkat yet I was waiting for you :p.....so I'll give it a try...I'll let you know...Thanks!

---------- Post added at 09:07 PM ---------- Previous post was at 08:54 PM ----------

Well I didn't put kitkat yet I was waiting for you :p.....so I'll give it a try...I'll let you know...Thanks!

It worked man! Thaaaanks a lot! I'm sending a beer to Peru right away!!
 
  • Like
Reactions: kemoli

GAVANA

Member
Mar 11, 2011
42
5
santiago
help

hello
I returned to the base ROM, and my HBOOT is 1.57, this method will work now?
regards
 

Attachments

  • Screenshot_2014-03-15-12-17-52.png
    Screenshot_2014-03-15-12-17-52.png
    233.9 KB · Views: 90
  • Screenshot_2014-03-15-12-17-57.png
    Screenshot_2014-03-15-12-17-57.png
    251.9 KB · Views: 82

shiropetto

Senior Member
Mar 1, 2011
155
19
kuala lumpur
Hi edorner,

i have a problem on my sdcard. my butterfly s can't mount or detecting the sdcard after i have tried a TWRP backup, not sure it was been encrypted or i have done something wrong during backup. And, i can't c any backup files in sdcard or internal storage. no selection in "settings>storage>sdcard". whats the actual causes that might effecting the folders disappeared? thx in advanced!
 

TheCount91

Member
Feb 26, 2011
6
0
Hey guys, I just upgraded to 4.4.2 and I'm really hating it so far. Unable to move files around my own SD card, phone turns unresponsive or hangs every couple of minutes.. not fun.

Tried getting S-off and root so I can flash to a custom rom, but after issuing this command: "/data/local/tmp/temproot"

I get this:
[*] Attempting to aquire root. This will take 5-10 minutes, be patient
error in setsockopt().
Failed to get prepare_kernel_cred address.
Failed to get commit_creds address.
Failed to get ptmx_fops address.
Failed to setup variables.

If it helps, there is no actual /data/local folder on the SD card even though I issued the push commands. Or am I mistaken and push doesn't copy the files to the phone?
 

koniiiik

Senior Member
Jun 12, 2008
269
134
Göteborg
koniiiik.org
Hey guys, I just upgraded to 4.4.2 and I'm really hating it so far. Unable to move files around my own SD card, phone turns unresponsive or hangs every couple of minutes.. not fun.

Tried getting S-off and root so I can flash to a custom rom, but after issuing this command: "/data/local/tmp/temproot"

I get this:
[*] Attempting to aquire root. This will take 5-10 minutes, be patient
error in setsockopt().
Failed to get prepare_kernel_cred address.
Failed to get commit_creds address.
Failed to get ptmx_fops address.
Failed to setup variables.

If it helps, there is no actual /data/local folder on the SD card even though I issued the push commands. Or am I mistaken and push doesn't copy the files to the phone?

In order to flash a custom recovery and custom ROMs, you don't need S-OFF, just unlocking the bootloader via HTCdev is sufficient, however, that will wipe all your user data.

Looks like the temproot you're trying to use tries multiple exploits, but all of the vulnerabilities they are using have been already fixed. That most likely means you won't get the temproot to work, although it's possible that running it multiple times might yield success.

As for the last paragraph, /data/local is not on your SD, it's inside the internal filesystem and without root access, you can't even list the files within. It's there (otherwise you wouldn't be able to actually run the temproot command), but you won't be able to find it with any filesystem browser (unless you manage to root your device).
 

majo_LP

Member
May 16, 2012
14
1
hello guys, sorry for stupid questions, i am newbie here, but:
1. will it works for another HTC phone? for example HTC Sensation? i have hboot 1.27
2. how can i change from windows command prompt to linux terminal? cause i saw some command which i can use only in linux neither in windows

thanks :)
 

zintung2911

Senior Member
Jan 7, 2014
95
13
loi.jpg

OPTIONAL] Locking bootloader and clearing "tampered" flag Not OK , help

error step: echo-ne '\ x00 \ x00 \ x00 \ x00' | dd of = / dev/block/mmcblk0p3 bs = 1 seek = 33 796

>>>>>> Cannot open for write : Permission denied

NOT S-0FF hu hu hu hu hu hu hu hu hu hu
 
Last edited:

koniiiik

Senior Member
Jun 12, 2008
269
134
Göteborg
koniiiik.org
View attachment 2774327

OPTIONAL] Locking bootloader and clearing "tampered" flag Not OK , help

error step: echo-ne '\ x00 \ x00 \ x00 \ x00' | dd of = / dev/block/mmcblk0p3 bs = 1 seek = 33 796

>>>>>> Cannot open for write : Permission denied

NOT S-0FF hu hu hu hu hu hu hu hu hu hu

You can see that the su call failed. The character at the end of the prompt didn't change from '$' to '#'. Also, immediately after the su command, the prompt displays '1|shell@dlxpul', where the '1' at the beginning means the su command exited with an error status.

You may have failed to confirm the su command on-screen; so far every su binary I tried displayed a dialog asking for confirmation even for shells started via adb shell.
 
  • Like
Reactions: zintung2911

zintung2911

Senior Member
Jan 7, 2014
95
13
You can see that the su call failed. The character at the end of the prompt didn't change from '$' to '#'. Also, immediately after the su command, the prompt displays '1|shell@dlxpul', where the '1' at the beginning means the su command exited with an error status.

You may have failed to confirm the su command on-screen; so far every su binary I tried displayed a dialog asking for confirmation even for shells started via adb shell.

So now I have to do. I root successfully. But not S Off. .. Please help me ....:good::good:
 

zintung2911

Senior Member
Jan 7, 2014
95
13
You can see that the su call failed. The character at the end of the prompt didn't change from '$' to '#'. Also, immediately after the su command, the prompt displays '1|shell@dlxpul', where the '1' at the beginning means the su command exited with an error status.

You may have failed to confirm the su command on-screen; so far every su binary I tried displayed a dialog asking for confirmation even for shells started via adb shell.

So now I have to do. I root successfully. But not S Off. .. Please help me ....:good::good:

buom.jpg
 

Top Liked Posts

  • There are no posts matching your filters.
  • 7
    Here is an easy way to achieve S-off and root without the need to go through the HTCDev unlock procedure and flashing custom recoveries:

    1. Make a backup of all your data, just in case... (E.g. with Helium, which is free and works without root)
    2. Make sure that
    • HTC drivers installed and working (You can download them here: http://xdaforums.com/showthread.php?t=2217396)
    • HTC sync is removed (not closed – REMOVED)
    • All other phone software are removed or disabled (Samsung Kies, PDANet, etc.)
    • There is a working internet connection ON YOUR DEVICE - wifi, 3g, 4g, etc. are all supported.
    • USB debugging is enabled on your device
    • Ensure that lock screen security is disabled on your device: no passcode lock, no pattern lock, no face lock
    3. Install ADB on your PC (e.g. download and extract fastboot_adb.zip to c:\ADB)
    4. Download firewater
    5. Download temproot
    6. Download su binary for SuperSu (e.g. the one in su.zip, or extract it from the SuperSu zip installer)
    7. Place firewater and temproot in the ADB folder (e.g. c:\ADB)
    8. Copy the SU binary to the root of your memory card and install the card in your device
    9. Connect your device directly to an USB 2.0 port on your PC
    10. Open a command prompt, and navigate to your ADB folder (e.g c:\ADB)
    11. Important: Reboot your device:
    Code:
    adb reboot
    12. When the device rebooted, issue the following commands:
    Code:
    adb wait-for-device push firewater /data/local/tmp
    adb push temproot /data/local/tmp
    adb shell
    chmod 755 /data/local/tmp/temproot
    chmod 755 /data/local/tmp/firewater
    At this point, you have the temproot and firewater binaries on your device with execute permissions

    13. Now start temproot to gain temporary root access via the shell:
    Code:
    /data/local/tmp/temproot
    This will take long (5-10min) -> go and grab a coffee :)
    14. Once root access is achieved (temproot will inform you about this, and you will see '#' at the end of the prompt instead of '$') you can start firewater:
    Code:
    /data/local/tmp/firewater
    For my device, this step took about 2 minutes.
    Now you have S-OFF and an unlocked bootloader. Yay! :D

    15. Remount the /system partition in order to be able to write it:
    Code:
    mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system
    16. Copy su to the /system partition and set its permissions
    Code:
    cat /storage/ext_sd/su > /system/xbin/su
    chmod 04755 /system/xbin/su
    17. Grab your device, enter the Play Store and install SuperSu. At this point you are fully rooted.
    18. If SuperSu requests to update the su binary, let it (choose the normal approach, NOT the TWRP/CWM method).
    19. Shut down your device, then turn it on in bootloader mode by pressing and holding "power" and "volume down" buttons simultaneously
    You should see (the UNLOCKED, TAMPERED, and Ship S-OFF texts)
    20. To exit bootloader mode, select the "Fastboot" menu item with the vol up/dn buttons, then enter using the power button. Then choose the "Reboot" menu item the same way.


    [OPTIONAL] Locking bootloader and clearing "tampered" flag

    21. Start command prompt on your PC. Enter your ADB folder. And issue the following commands:

    Code:
    adb devices
    adb shell
    su
    (I would very strongly recomend you copy/paste the following line)
    Code:
    echo -ne '\x00\x00\x00\x00' | dd of=/dev/block/mmcblk0p3 bs=1 seek=33796
    Code:
    exit
    exit
    adb reboot bootloader
    22. Verify you are now locked. Then select Fastboot -> Reboot
    23. Issue the following commands:
    Code:
    adb devices
    adb shell
    su
    (I would very strongly recomend you copy/paste the following line)
    Code:
    echo -ne '\x00' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988
    Code:
    exit
    exit
    adb reboot bootloader
    24. Verify that the tampered flag is cleared
    25. That's it. Reboot your device and have fun :)


    FAQ:

    Q: I have been waiting for ages to gain temporary root but nothing is happening!! What should I do?
    A: Please be patient. It is a long process (usually 5-10 min)

    Q: If I S-OFF/unlock/root my phone using this method, what happens to my apps in /data/preload? Will they get wiped?
    A: No, they won't. They will be untouched.

    Q: Why are you using that long and complicated command for remounting /system? Wouldn't it be easier to just issue "adb remount"?
    A: Sure it would, but unfortunately it would not work, since our stock ROMs use secure ADB and this particular command is only available if the ADB daemon on your device is run in "insecure" mode. More information about the technical background here and here.

    Q: Why are you suggesting we use SuperSu as a root management app? What's wrong with Superuser / XXX / YYY ?
    A: I have no preference whatsoever. It is only an example. Feel free to use other apps (with corresponding su binary), if you so desire.

    Q: Is the su binary inside su.zip safe? Where is it from?
    A: Yes, it is safe. It was extracted from the zip installer package of SuperSu v1.93 and was not altered in any way.

    Q: My phone rebooted itself when I issued the mount command. What now?
    A: Run temproot again, then continue the process starting with reissuing the mount command.

    Q: Don't you think XYZ is wrong / missing in your guide?
    A: Please reply to the thread or drop me a PM and I will correct it ASAP.


    Fine print

    I created this guide with the best of intentions, to help people like me, who are more or less new to android but are willing to learn and want to make the most of their devices. I tested the whole procedure on my own Butterfly S 901s 1.23.708.3 without any issues.
    However you must keep in mind that during this process you will be modifying vital parts of the system, and doing so always entails some risk. Therefore I cannot and will not take any responsibility if you accidentally brick your device attempting the above procedure.

    The tools and most methods used throughout this guide are not my creations. I simply collected and organized information already available but scattered across several topics.
    Kudos
    • to beaups and fuses for bringing us firewater,
    • to hikezoe and fi01, whose work the temproot is based on,
    • to daorderdillon for figuring out the way to lock the bootloader and clear tampered flag on an S-OFFed Butterfly S.
    • to ebautista, who was the first to confirm that firewater does indeed work with the Butterfly S
    • and of course to koniiiik who encouraged me to start experimenting with the /system remounting :)
    1
    i have one question and one comment:

    1. if i was root and only did firewater, do i need to do since number 15?
    2. i did this with my usb 3.0, i know is not recommended, but the device was not recognized in adb. and other thing: be really aware of the screen, if it shuts down the commands will not be working.

    cheers

    If you are already rooted, then steps 13 and 15-18 are unnecessary.
    Thank you for the info about the screen, I haven't noticed that before.
    As for the connection issue: Well, it may be caused by a lot of things... You could try using an usb 2.0 connection instead, or reinstalling the HTC drivers. And make sure USB debugging is turned on in the developer options.
    1
    Ah, I see! I did misunderstand you before. I am glad the s-off method worked for you eventually :)
    1
    Am I the only one having the above issue/configuration for which the s-off could not be done? Thanks!

    i had that problem and it was because the screen of the cellphone was turned off, it needs to be on aaaall the time. but now you have kit kat man, sorry for that, you just need to wait!! :)
    1
    i had that problem and it was because the screen of the cellphone was turned off, it needs to be on aaaall the time. but now you have kit kat man, sorry for that, you just need to wait!! :)

    Well I didn't put kitkat yet I was waiting for you :p.....so I'll give it a try...I'll let you know...Thanks!

    ---------- Post added at 09:07 PM ---------- Previous post was at 08:54 PM ----------

    Well I didn't put kitkat yet I was waiting for you :p.....so I'll give it a try...I'll let you know...Thanks!

    It worked man! Thaaaanks a lot! I'm sending a beer to Peru right away!!