[TUTORIAL][S-OFF] Virgin Mobile CDMA S-OFF Without XTC-Clip Confirmed Working!

Search This thread
By:
Advanced…
insink71

insink71

Senior Member
Nov 9, 2010
610
253
Greenville, SC
teamblueridge.org
billclay1988 said:
GotsOJ mentioned that he successfully flashed a first rom, then bricked when he tried to flash a second one. I'd be interested in finding out which rom he tried first that actually worked.
Click to expand...
Click to collapse

I can tell you I tried the Unofficial CM and Jikartu's EX (that one booted with all kind of problems: no cdma apn info so no carrier, wifi no workie and the screen was flickering)... I retreated to stock, hacked some htc bloat out, loaded up the apps I use, and I am content with gb ::shrug:: although I am going to attempt to go through the Unofficial CM7 code and do what I can to assist (and try to make a cdma variant). People will have to be patient though; perfection is a process that requires time (and I'm over 40 now).

My goal long-term would be to get heavyweight support [like koushic w/ CWM incorporating Wildfire S into RomManager or someone from the CyanogenMod team picking up support [[or incorporation of unofficial build(s)]]]. Getting others s-off'd only grows the pool of potential devs and liklihood that heavyweight support might make consideration of supporting the Wildfire S. Seems like there is a way if one is willing to buy a xtc clip to get s-off with the sim card. Perhaps some wait on software unlock methods, but I keep a clip. Then again, I have other HTC devices.

Rob
 
Last edited:
GotsOJ

GotsOJ

Member
Nov 13, 2011
42
25
billclay1988 said:
GotsOJ mentioned that he successfully flashed a first rom, then bricked when he tried to flash a second one. I'd be interested in finding out which rom he tried first that actually worked.
Click to expand...
Click to collapse

Sorry, I wasn't entirely clear about my success in flashing a rom. The jikantura rom worked fine for me until I tried to turn on wifi. The wifi didn't work, so I rebooted. When rebooting didn't fix things, I flashed a different rom, and then my phone bricked. So I guess I was lucky that my phone didn't brick on the first gsm rom that I tried, but it eventually bricked anyways. I've learned my lesson.

If we use a cdma kernel, could we potentially flash a gsm rom onto the cdma phone? Or are there components of the gsm rom (besides the kernel) that could cause a cdma phone to brick?
 
D

djxs

Senior Member
Jan 23, 2008
90
27
GotsOJ said:
If we use a cdma kernel, could we potentially flash a gsm rom onto the cdma phone? Or are there components of the gsm rom (besides the kernel) that could cause a cdma phone to brick?
Click to expand...
Click to collapse

I used to do this on tablets, so I know it's possible. There is also nothing in the ROM that could brick your phone, nor the kernel (only the bootloader). You could use your kernel (boot.img) and just try flashing the ROM (system.img) using "flash_image system /sdcard/system.img".
 
insink71

insink71

Senior Member
Nov 9, 2010
610
253
Greenville, SC
teamblueridge.org
kernel

An interesting thing happened... I decided to risk flashing the Wildspirit kernel [poor decision]. Got the white [quasi-brick] HTC screen with no response [like when I tried unofficial CM], restored image and it came back up with stock kernel. I thought the nandroids didn't effect kernel; so, I am puzzled but thankfull. Is there anyway that Virgin US could have locked the kernel in place [through efs partition data or otherwise]? This would undoubtedly cause the havoc we are experiencing... Then again a kernel not written to A510c specs might also cause same. Suppose it will be kernel development that will answer that question.

Rob
 
insink71

insink71

Senior Member
Nov 9, 2010
610
253
Greenville, SC
teamblueridge.org
answer: xtc clip

logout20 said:
hey guys we need your help plz check this thread...


http://xdaforums.com/showthread.php?t=1348373




We need to try an unpack the PG76DIAG.nbh from the cdma version, since this was the file that gave Virgin users s-off. All we need is to get past "jumping to diag", can anyone provide a dump of that file?
Click to expand...
Click to collapse

Umm... No dump, just thought I'd repeat some sage advice I've read on these forums somewhere. The diagnostics file looks for the xtc clip [connected to sim card]. Cdma's have no sim; so the exploit works. Easy solution[now]: buy or borrow the xtc clip. Hard solution[maybe, one day]: fooling your phone into thinking it has no sim port. Choose wisely, and if you chose the latter, choose again ;p

Rob
 
D

djxs

Senior Member
Jan 23, 2008
90
27
We really need some more developers on this project. There are soo many phones that are being unlocked without the XTC-Clip, I know it's possible.

I believe the created goldcard, with the zlib compressed image, it's acutally changing the CID to 11111111, then the xtc-clip sends the AT@SIMLOCK=7,0 command.

One guy was talking about how he disassembled the radio and found that it needed the "special HTC sim" or xtc-clip to unlock, but he found another way around it by disabling the RAM-MPU and modifing only one byte to radio routine on the SDRAM, acheiving s-off without a sim/xtc-clip.

This was done by using a script to enable flashing a modded eng hboot via fastboot... which enabled full oem commands.
 
Last edited:
BigChillin

BigChillin

Senior Member
Jan 24, 2011
568
158
Wichita
GGRRRRRR..... I get the "Try the other mmcs and make sure you have your htc sync drivers installed" error on step 6. I've uninstalled sync (read it caused problems here http://xdaforums.com/showthread.php?t=970157&page=9) and before that I un installed and reinstalled the drivers. Neither helped. Anyone else have or know of this problem?


Edit:Figured it out. for future reference, if you get that error, turn your usb debugging on. But now the generator is gone?
 
Last edited:
A

azaznbaler

New member
Jul 11, 2007
4
0
Security fail

Hello, I'm a noob try to root the VM WFS. I have followed the OP instructions 1. created the gold card, 2. extracted the 2 PG76DIAG.nbh, PG76DIAG.ZIP files to the gold cards, 3. try to Hboot. When I try to Hboot, i have got the following message "Parsing...[pg76DIAG.nbh] [1] MFG DIAG Security fail! Update Fail! Press <POWER> to reboot." I never got the Clean s58 message. Can someone please tell me what am I doing wrong? :confused:
Heres the phone info:
MARVELC PVT SHIP S-ON RL
HBOOT-1.06.0000
MICROP-0354
RADIO-0.94.00.0824

**Update**
I have successfully S-off the phone. 3 things i have done different. 1. I used a different SD card, 2. I was using a card reader to formate the SD card before, this time, I reform the sd card when it is mounted in the phone. 3. i have created a new gold card ID. After those steps, and follow the OP instruction, my phone is now S-OFF, thanks again OP!
 
Last edited:
L

loveVII

Senior Member
Jun 27, 2010
139
28
Well I'm now successfully S-OFF! Thanks a ton. My next question, can I root following the same instructions for the non-CDMA WFS? Or do we need to do something special?

EDIT: Found the answer to my own question in the Gen Forum. Thanks, Rob.
 
Last edited:
M

mkm1126

Senior Member
Dec 5, 2009
171
14
azaznbaler said:
Hello, I'm a noob try to root the VM WFS. I have followed the OP instructions 1. created the gold card, 2. extracted the 2 PG76DIAG.nbh, PG76DIAG.ZIP files to the gold cards, 3. try to Hboot. When I try to Hboot, i have got the following message "Parsing...[pg76DIAG.nbh] [1] MFG DIAG Security fail! Update Fail! Press <POWER> to reboot." I never got the Clean s58 message. Can someone please tell me what am I doing wrong? :confused:
Heres the phone info:
MARVELC PVT SHIP S-ON RL
HBOOT-1.06.0000
MICROP-0354
RADIO-0.94.00.0824

**Update**
I have successfully S-off the phone. 3 things i have done different. 1. I used a different SD card, 2. I was using a card reader to formate the SD card before, this time, I reform the sd card when it is mounted in the phone. 3. i have created a new gold card ID. After those steps, and follow the OP instruction, my phone is now S-OFF, thanks again OP!
Click to expand...
Click to collapse

Hello there. Can you direct me on how you created your goldcard image? It seems the site has been down. Thanks for your help!
 
BigChillin

BigChillin

Senior Member
Jan 24, 2011
568
158
Wichita
mkm1126 said:
Hello there. Can you direct me on how you created your goldcard image? It seems the site has been down. Thanks for your help!
Click to expand...
Click to collapse

Revskills is literally the only place that has a generator. You pretty much have to wait and refresh the page until it comes up. It was back up last night. Hopefully when they come back on the 10th, they'll make it more reliable.
 
A

azaznbaler

New member
Jul 11, 2007
4
0
mkm1126 said:
Thanks for the info! I will keep trying then.
Click to expand...
Click to collapse

Yea, that's the only place to get the gold card. It didnt work for me for first time i log into their website. It said page requested not find. I just keep trying every hour, then the website finally loaded where it can generate the gold card. Good luck.
 
M

mkm1126

Senior Member
Dec 5, 2009
171
14
azaznbaler said:
Yea, that's the only place to get the gold card. It didnt work for me for first time i log into their website. It said page requested not find. I just keep trying every hour, then the website finally loaded where it can generate the gold card. Good luck.
Click to expand...
Click to collapse

Thanks. I tried again and got it to work last night. Now if I can just find a custom MTD script that will work . . .

Sent from my HTC Desire CDMA using Tapatalk
 
You must log in or register to reply here.

Similar threads

Heritz
[TUTORIAL][ROOT] How to root your HTC Wildfire S?
Replies
180
Views
529K
C
chimp-pl
*se-nsei.
[DEV][THE S-OFF CAMPAIGN] We need electrical engineers & experts in JTAG, OpenOCD!
Replies
4K
Views
460K
csoulr666
csoulr666
theq86
[TUTORIAL][S-ON/S-OFF][BL UNL] PERMANENT ROOT Wildfire S
Replies
179
Views
187K
S
Slycarter
eoghan2t7
[DEV]Possible S-OFF Without XTC-Clip v2
Replies
219
Views
98K
ScardracS
ScardracS
theq86
[TUTORIAL][S-ON] Unlock Bootloader using HTCDEV.com
Replies
285
Views
270K
K
Kryspus

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 25
    S
    sk8tr5955
    Ok so I spent hours reading post after post and thread after thread trying to figure out how I could get S-OFF on my Virgin Mobile Wildfire S without having to use an XTC clip. I was told by another user (thehumble1) that I was able to do it without the use of an XTC Clip and it seems to only work with CDMA versions of the Wildfire S. So after hours of trial and error and frustration I finally was able to get S-OFF without the use of an XTC Clip. I decided to write a tutorial specifically to the Virgin Mobile Wildfire S users so that they don't have to do all the searching that I did.

    *I AM NOT RESPONSIBLE FOR ANY DAMAGE THAT MAY BE DONE TO YOUR PHONE WHILE FOLLOWING THIS TUTORIAL*
    *READ AND FOLLOW THESE DIRECTIONS EXACTLY OR YOU "WILL" RUN INTO PROBLEMS*

    CREATING A GOLD CARD

    Ok first we need to modify an sd card to make something called a gold card. Don't ask me what it is because honestly I have no idea I just know it is a necessary process in getting S-OFF.

    1. Backup all files on your SD card as we will be formatting the card and you will lose all of your data.
    2. Plug your phone into your computer and make sure hard disk mode is chosen. (Make sure USB debugging is turned on also)
    3.Extract SimpleGoldCard_v1.zip to your desktop and start SimpleGoldCard.exe.
    4. Select your SD card's drive letter in the drop down menu under "Step 1 - Format SD Card" and then select Format. If your drive letter is not showing up try pressing the refresh button next to the drop down menu.
    5. Select ok when it says Format Complete then turn your phones USB Connection option to Charge Only instead of Disk Drive.
    6. Next under "Step 3" select the MMC1 radio button and then click on GetCID. (It will produce a long list of jumbled numbers and letters this is your SD card ID)
    7. Then select the link under "Step 4 - Request for IMG file". Copy the long ID from "Step 3" and paste it into the CID space on the web page you just opened and then fill out the captcha form and click Download to download your goldcard.img file (Save to your desktop)(the goldcard.img files are specific to individual SD Cards)
    8. Close the page once you have downloaded your file and then bring back the Simple Gold Card application. Under "Step 5 - Load IMG File And Patch" select Load IMG and locate the goldcard.img file that you just downloaded and select it.
    9. Put your phone back into Disk Drive mode and then click Patch MMC. Once everything is complete you should have a working gold card. (To make sure, remove your SD card and reinsert it and make sure that it still functions normally.

    After your gold card has been made you need to download and unrar the DIAG Files.rar file I have uploaded. Extract the of the folder to the root of the new Gold Card you have just made. There should be two files and it should look like this when you are complete.

    F:/PG76DIAG.nbh
    F:/PG76DIAG.zip

    *F being the letter of your removable drive whatever that may be

    Before we move on to the next step we need to make sure that Fast Boot is turned off. So to do that you need to go to Settings/Power and then make sure Fast Boot is not selected.

    INSTALLING THE DIAG FILES

    1. Once that has been done power off your phone and pull the battery for a good 5 seconds just to make sure it's completely off.
    2. Boot into HBOOT by holding Volume down while pressing the power button (you do not need to hold the power button, only hold the volume down button) The HBOOT screen will boot up and then you can let go of the Volume down button.
    3. The phone will automatically scan the SD card for the files we just put on the root of the SD card and will start the update process.
    4. A screen will appear that says Clean s58. Press the power button once to select clean s58 and the phone will start doing it's thing and should take about a good 20 seconds until it's finished.
    5. Once the process is complete then pull the battery to turn the phone off.
    6. Once the phone is off remove the SD card so that the phone doesn't install the DIAG files when we boot into HBOOT to check if we now have S-OFF.
    7. Boot into HBOOT again by holding Volume down and quickly pressing the power button. The phone should boot into HBOOT and at the top of the screen it should now say S-OFF. Congratulations you now have Security off on your Virgin Mobile Wildfire S! :)

    Now all that is left to do is restart your phone, reformat the SD card to remove the files we don't need anymore and restore your backed up files and your all set. You may now root your phone and do whatever it is that you wanted S-OFF for.

    If you have any questions feel free to ask. Comments are welcome. Any corrections or things that need to be changed as well let me know. This is my very first tutorial ever on XDA Forums so I hope that I was able to help some people out. All feedback is welcome and if this tutorial helped please give me a thanks.
    View
    3
    S
    sk8tr5955
    It wouldn't hurt for anyone to go ahead and try this procedure. And as for just US mobile phones I couldn't tell ya.

    Here is my HBOOT info if anyone cares to know it.

    MARVELC PVT SHIP S-OFF RL
    HBOOT-1.06.0000
    MICROP-0354
    RADIO-0.94.00.0824
    View
    2
    theq86
    theq86
    Tried this tutorial with a Wildfire S A510e

    MARVEL PVT SHIP S-ON RL
    HBOOT-1.03.000
    MICROP-0451
    RADIO-7.46.35.08
    Jun 2 2011,16:17:50
    Click to expand...
    Click to collapse

    Gold Card Creation - no failure
    DIAG Tools - won't get installed because of "security failure"

    Phone still S-ON

    Just in case any European or German phone owner wants to know
    View
    2
    insink71
    insink71
    honorable mention?

    sk8tr5955 said:
    Ok so I spent hours reading post after post and thread after thread trying to figure out how I could get S-OFF on my Virgin Mobile Wildfire S without having to use an XTC clip. I was told by another user (thehumble1) that I was able to do it without the use of an XTC Clip and it seems to only work with CDMA versions of the Wildfire S. So after hours of trial and error and frustration I finally was able to get S-OFF without the use of an XTC Clip. I decided to write a tutorial specifically to the Virgin Mobile Wildfire S users so that they don't have to do all the searching that I did.

    *I AM NOT RESPONSIBLE FOR ANY DAMAGE THAT MAY BE DONE TO YOUR PHONE WHILE FOLLOWING THIS TUTORIAL*
    *READ AND FOLLOW THESE DIRECTIONS EXACTLY OR YOU "WILL" RUN INTO PROBLEMS*

    CREATING A GOLD CARD

    Ok first we need to modify an sd card to make something called a gold card. Don't ask me what it is because honestly I have no idea I just know it is a necessary process in getting S-OFF.

    1. Backup all files on your SD card as we will be formatting the card and you will lose all of your data.
    2. Plug your phone into your computer and make sure hard disk mode is chosen. (Make sure USB debugging is turned on also)
    3.Extract SimpleGoldCard_v1.zip to your desktop and start SimpleGoldCard.exe.
    4. Select your SD card's drive letter in the drop down menu under "Step 1 - Format SD Card" and then select Format. If your drive letter is not showing up try pressing the refresh button next to the drop down menu.
    5. Select ok when it says Format Complete then turn your phones USB Connection option to Charge Only instead of Disk Drive.
    6. Next under "Step 3" select the MMC1 radio button and then click on GetCID. (It will produce a long list of jumbled numbers and letters this is your SD card ID)
    7. Then select the link under "Step 4 - Request for IMG file". Copy the long ID from "Step 3" and paste it into the CID space on the web page you just opened and then fill out the captcha form and click Download to download your goldcard.img file (Save to your desktop)(the goldcard.img files are specific to individual SD Cards)
    8. Close the page once you have downloaded your file and then bring back the Simple Gold Card application. Under "Step 5 - Load IMG File And Patch" select Load IMG and locate the goldcard.img file that you just downloaded and select it.
    9. Put your phone back into Disk Drive mode and then click Patch MMC. Once everything is complete you should have a working gold card. (To make sure, remove your SD card and reinsert it and make sure that it still functions normally.

    After your gold card has been made you need to download and unrar the DIAG Files.rar file I have uploaded. Extract the of the folder to the root of the new Gold Card you have just made. There should be two files and it should look like this when you are complete.

    F:/PG76DIAG.nbh
    F:/PG76DIAG.zip

    *F being the letter of your removable drive whatever that may be

    Before we move on to the next step we need to make sure that Fast Boot is turned off. So to do that you need to go to Settings/Power and then make sure Fast Boot is not selected.

    INSTALLING THE DIAG FILES

    1. Once that has been done power off your phone and pull the battery for a good 5 seconds just to make sure it's completely off.
    2. Boot into HBOOT by holding Volume down while pressing the power button (you do not need to hold the power button, only hold the volume down button) The HBOOT screen will boot up and then you can let go of the Volume down button.
    3. The phone will automatically scan the SD card for the files we just put on the root of the SD card and will start the update process.
    4. A screen will appear that says Clean s58. Press the power button once to select clean s58 and the phone will start doing it's thing and should take about a good 20 seconds until it's finished.
    5. Once the process is complete then pull the battery to turn the phone off.
    6. Once the phone is off remove the SD card so that the phone doesn't install the DIAG files when we boot into HBOOT to check if we now have S-OFF.
    7. Boot into HBOOT again by holding Volume down and quickly pressing the power button. The phone should boot into HBOOT and at the top of the screen it should now say S-OFF. Congratulations you now have Security off on your Virgin Mobile Wildfire S! :)

    Now all that is left to do is restart your phone, reformat the SD card to remove the files we don't need anymore and restore your backed up files and your all set. You may now root your phone and do whatever it is that you wanted S-OFF for.

    If you have any questions feel free to ask. Comments are welcome. Any corrections or things that need to be changed as well let me know. This is my very first tutorial ever on XDA Forums so I hope that I was able to help some people out. All feedback is welcome and if this tutorial helped please give me a thanks.
    Click to expand...
    Click to collapse

    Very clean, well-made guide, and it got moved to the dev thread. I would only like to mention the thread that was searched for hours was most likely http://xdaforums.com/showthread.php?t=1343094 . I believe GotsOJ was the first I saw report sucess then mentioned the process he used. I tested and documented here http://xdaforums.com/showpost.php?p=19302575&postcount=121 . I think these efforts bear mention and also perhaps a thanks; alas, I still only have 4 ::shrug::
    Also, of course I would thank that thread's OP daxiaamu and eoghan2t7 for pioneering work and the chinese development that made it possible. Perhaps a moment of appreciation in the time it takes to click a thanks button is due to these.
    Also I would add a cursory warning to the effect s-off=yes, root=yes... STOP DO NOT attempt to flash a custom rom at this time. It happened to GotsOJ [and I'm sure others] phone locks into qualcom diagnostic mode and is down until you read up [or make a guide for] how to get out of that pickle. But I digress.
    Again thank you for the well put-together tutorial.

    Rob
    View
    1
    S
    sk8tr5955
    arkatis said:
    Well done pal.. That's great news!
    So this is only for Virgin mobile phones?
    Click to expand...
    Click to collapse

    Well I don't want to say that it's ONLY for Virgin Mobile phones persay, but that is what I have and what I used for this tutorial. I'm sure it's mainly because the Virgin Mobile Wildfire S has a different version of HBOOT and is also CDMA so who knows if that plays a part or not.
    View

New posts