[S-Off] Facepalm S-Off for HTC One XL
- Thread starter beaups
- Start date
-
- Tags
- development
I've installed the 2.20 from: http://www.androidfilehost.com/?fid=23060877490004040
My information are:
***UNLOCKED***
EVITA PVT SHIP S-ON RL
HBOOT-1.14.0002
RADIO-0.19as.32.09.11_2
OpenDSP-v29.1.0.45.0622
eMMC-boot
Jun 11 2012,14:36:28
...
My information are:
***UNLOCKED***
EVITA PVT SHIP S-ON RL
HBOOT-1.14.0002
RADIO-0.19as.32.09.11_2
OpenDSP-v29.1.0.45.0622
eMMC-boot
Jun 11 2012,14:36:28
...
I can't seem to load that page, is the ROM rooted? Maybe you should try attempting this on another ROM.
Sent from my Evita
Sent from my Evita
Yes this was the issue, even with some errors but I finally was able to be S-Off... not yes sure to have a good firmware for JellyBean but I'll give it a try... Thanks.
how to display the CID after the fact.
I am pretty sure I have the super CID set but can't remember exactly.
I was trying to view it in the bootloader but it does say
***** TAMPERED ****
***** UNLOCKED *****
at the top, I am guessing I do want to see that right?
I am pretty sure I have the super CID set but can't remember exactly.
I was trying to view it in the bootloader but it does say
***** TAMPERED ****
***** UNLOCKED *****
at the top, I am guessing I do want to see that right?
You need to enter the following fastboot command to find out:
If it comes back as 11111111 you have SuperCID.
Sent from my Evita
Code:
fastboot oem readcidIf it comes back as 11111111 you have SuperCID.
Sent from my Evita
is the device should be on bootloader with fastboot mode first or just type
Code:
fastboot oem readcidYour phone needs to be in bootloader/fastboot mode for fastboot commands to work.
And yes you enter that from the command prompt. Make sure you open the command prompt from within your fastboot folder on your pc (shift+ right click anywhere inside the folder, then select open command prompt here).
Sent from my Evita
Is that mean wait for the phone to boot up into android OS before entering those 3 command? (one command at a time) ......but i got error device not found everytime i enter each command .....any idea? and then closed cmd prompt window.....trying to start from the beginning keep saying error device not found ( USB Debugging is Checked )
Last edited:
I have gotten this far but I can't get into the fastboot mode,
I tried the adb devices command and it lists my phone but the fastboot reboot-bootloader just sits there and says, "waiting for devices" forever
That's because fastboot only works while you're in fastboot mode. You need to use adb commands while you're bored into the system:
adb reboot bootloader
Sent from my Evita
I have gone through the steps in the OP but I still have S-ON.
One major thing I noticed is that after the flash zip step, the error message comes up pretty fast and I can't send the oem boot command fast enough before the phone automatically reboots. I continue on with the rest of the steps but still have S-ON
I have checked the soffbin3 file and it has the 744 permissions that CHMOD gave it too.
What else should I be looking at?
The phone shouldn't automatically reboot after flashing the zip. What error are you getting? Do you have SuperCID? Can you post the text from the command prompt here please?
Sent from my Evita
Heey,
I installed an aosp rom, and everything was going alrgiht until the last step , the last command;
C:\Android>adb shell su -c "/data/local/tmp/soffbin3.zip"
/data/local/tmp/soffbin3.zip[2]: ┴¹Í♣î¶: not found
/data/local/tmp/soffbin3.zip[4]: syntax error: '³' unexpected
/data/local/tmp/soffbin3.zip[2]: ©╚ÇÎ⌂idþº╬R░4↔´NØU÷Å┘)È¿jØ&j+ò╩U¿PñF╩‗ÇTAäBÑJÇ J
ôç
►╝D<B}░wYQéäèÈ─ï¨╬▄;╗wªnEÃ>{¯╣þþ×{¯╣?þ╣╣┼yMË╚ *ö: not found
/data/local/tmp/soffbin3.zip[2]: ┘ªnc↕♂mè◄←ßîÃÚ: not found
/data/local/tmp/soffbin3.zip[2]: can't create │╗▒Î÷: Read-only file system
/data/local/tmp/soffbin3.zip[2]: ô♦ý☻─Q└: not found
/data/local/tmp/soffbin3.zip[2]: ª↕Wê2└Ù}▄G╗2öó^*▲ñ¹®ç♦/│.×: not found
C:\Android>
i dont know whats the problem, may you help me?
I installed an aosp rom, and everything was going alrgiht until the last step , the last command;
C:\Android>adb shell su -c "/data/local/tmp/soffbin3.zip"
/data/local/tmp/soffbin3.zip[2]: ┴¹Í♣î¶: not found
/data/local/tmp/soffbin3.zip[4]: syntax error: '³' unexpected
/data/local/tmp/soffbin3.zip[2]: ©╚ÇÎ⌂idþº╬R░4↔´NØU÷Å┘)È¿jØ&j+ò╩U¿PñF╩‗ÇTAäBÑJÇ J
ôç
►╝D<B}░wYQéäèÈ─ï¨╬▄;╗wªnEÃ>{¯╣þþ×{¯╣?þ╣╣┼yMË╚ *ö: not found
/data/local/tmp/soffbin3.zip[2]: ┘ªnc↕♂mè◄←ßîÃÚ: not found
/data/local/tmp/soffbin3.zip[2]: can't create │╗▒Î÷: Read-only file system
/data/local/tmp/soffbin3.zip[2]: ô♦ý☻─Q└: not found
/data/local/tmp/soffbin3.zip[2]: ª↕Wê2└Ù}▄G╗2öó^*▲ñ¹®ç♦/│.×: not found
C:\Android>
i dont know whats the problem, may you help me?
You've already asked this in your other thread, and it's against the rules to duplicate posts. I've already answered your question in the other thread.
Sent from my Evita
Sorry i didn't pay attention i followed all instructions, but i have another problem this time:
when i try to type the last commands it says: error: more than device and emulator
ow can i solve it?
THANK YOU
i have tried this 300 hundred times, all different kinds of ways and the only thing that worked was what you said David,, thanks so much
it works everyone, TRY IT if you have problems with error 99 or 92 (something like that)
Code......
1) fastboot oem writecid 11111111
2) fastboot oem rebootRUU
3) fastboot oem boot
4)
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell su -c "/data/local/tmp/soffbin3"
5) adb reboot bootloader
rebooted and S-OFF is now there!!!!!
i think beaups need to adjust his instructions for some people, not sure why but just is..
The funny thing about all of this is I ran the command "fastboot oem readcid" and it came back with 1111111111 (all ones) so it was good but until I ran 1) fastboot oem writecid 11111111 -- that command which dont why i had to but like said, UNTIL I RAN IT. i could never be S-OFF
thanks for all the help on this, but i think we got it totally resolved, I only tried 307 times.. LOL
i have tried this 300 hundred times, all different kinds of ways and the only thing that worked was what you said David,, thanks so much
it works everyone, TRY IT if you have problems with error 99 or 92 (something like that)
Code......
1) fastboot oem writecid 11111111
2) fastboot oem rebootRUU
3) fastboot oem boot
4)
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell su -c "/data/local/tmp/soffbin3"
5) adb reboot bootloader
rebooted and S-OFF is now there!!!!!
i think beaups need to adjust his instructions for some people, not sure why but just is..
The funny thing about all of this is I ran the command "fastboot oem readcid" and it came back with 1111111111 (all ones) so it was good but until I ran 1) fastboot oem writecid 11111111 -- that command which dont why i had to but like said, UNTIL I RAN IT. i could never be S-OFF
thanks for all the help on this, but i think we got it totally resolved, I only tried 307 times.. LOL
writecid fail
I'm having same kind of issue. tried facepalm method at least 20x with no luck. Everything appears to execute correctly, but always boots s-on.
Writing cid as below failed with this error.
fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.038s
using stock kernal from Vxl 4.2
hboot 1.4
any ideas?
entire process below.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.038s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.038s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.039s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem rebootRUU
...
(bootloader) Start Verify: 3
OKAY [ 0.065s]
finished. total time: 0.066s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem boot
...
(bootloader) Boot/Recovery signature checking...
(bootloader) Boot/Recovery signature checking...
(bootloader) setup_tag addr=0x80400100 cmdline add=0xC02F9E3C
(bootloader) TAG:Ramdisk OK
(bootloader) TAG:skuid 0x2FD0C
(bootloader) TAG:hero panel = 0x4940047
(bootloader) TAG:engineerid = 0x5
(bootloader) TAG: PS ID = 0x0
(bootloader) TAG: Gyro ID = 0x2
(bootloader) Device CID is super CID
(bootloader) CID is super CID
(bootloader) Backup CID is empty
(bootloader) setting->cid::11111111
(bootloader) serial number: HT28MW300546
(bootloader) command line length =691
(bootloader) active commandline: poweron_status=32 reset_status=0 board_e
(bootloader) lite.disable_uart3=0 diag.enabled=0 board_elite.debug_uart=0
(bootloader) userdata_sel=0 androidboot.emmc=true androidboot.pagesize=2
(bootloader) 048 skuid=0 ddt=20 ats=0 androidboot.lb=1 td.td=1 td.sf=1 t
(bootloader) d.ofs=328 td.prd=1 td.dly=0 td.tmo=300 imc_online_log=0 and
(bootloader) roidboot.efuse_info=NFSL androidboot.baseband=0.19as.32.09.1
(bootloader) 1_2 androidboot.cid=11111111 androidboot.devicerev=3 android
(bootloader) boot.batt_poweron=good_battery androidboot.carrier=ALL andro
(bootloader) idboot.mid=PJ8310000
(bootloader) aARM_Partion[0].name=misc
(bootloader) aARM_Partion[1].name=recovery
(bootloader) aARM_Partion[2].name=boot
(bootloader) aARM_Partion[3].name=system
(bootloader) aARM_Partion[4].name=local
(bootloader) aARM_Partion[5].name=cache
(bootloader) aARM_Partion[6].name=userdata
(bootloader) aARM_Partion[7].name=devlog
(bootloader) aARM_Partion[8].name=pdata
(bootloader) aARM_Partion[9].name=fat
(bootloader) aARM_Partion[A].name=extra
(bootloader) aARM_Partion.name=radio
(bootloader) aARM_Partion[C].name=adsp
(bootloader) aARM_Partion[D].name=dsps
(bootloader) aARM_Partion[E].name=wcnss
(bootloader) aARM_Partion[F].name=radio_config
(bootloader) aARM_Partion[10].name=modem_st1
(bootloader) aARM_Partion[11].name=modem_st2
(bootloader) partition number=18
(bootloader) Valid partition num=18
(bootloader) TZ_HTC_SVC_SET_DDR_MPU ret = 0
(bootloader) smem 90005000 (phy 90005000): TZ_HTC_SVC_UPDATE_SMEM ret = 0
(bootloader) TZ_HTC_SVC_LOG_OPERATOR ret = 0
(bootloader) TZ_HTC_SVC_ENC ret = 0
(bootloader) TZ_HTC_SVC_DISABLE ret = 474079232 (0x1C41E000)
(bootloader) jump_to_kernel: machine_id(3766), tags_addr(0x80400100), ker
(bootloader) nel_addr(0x80408000)
(bootloader) -------------------hboot boot time:15535 msec
FAILED (status read failed (Too many links))
finished. total time: 6.231s
C:\Program Files (x86)\Minimal ADB and Fastboot>adb push soffbin3 /data/local/tm
p/
adb server is out of date. killing...
* daemon started successfully *
43 KB/s (4751 bytes in 0.106s)
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell chmod 744 /data/local/
tmp/soffbin3
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell su -c "/data/local/tmp
/soffbin3"
C:\Program Files (x86)\Minimal ADB and Fastboot>adb reboot bootloader
C:\Program Files (x86)\Minimal ADB and Fastboot>
I'm having same kind of issue. tried facepalm method at least 20x with no luck. Everything appears to execute correctly, but always boots s-on.
Writing cid as below failed with this error.
fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.038s
using stock kernal from Vxl 4.2
hboot 1.4
any ideas?
entire process below.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.038s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.038s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem writecid 11111111
...
(bootloader) Start Verify: 3
(bootloader) Start Verify: 3
(bootloader) TZ_HTC_SVC_DISABLE ret = 534642040 (0x1FDDFD78)
FAILED (status read failed (Too many links))
finished. total time: 1.039s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem rebootRUU
...
(bootloader) Start Verify: 3
OKAY [ 0.065s]
finished. total time: 0.066s
C:\Program Files (x86)\Minimal ADB and Fastboot>fastboot oem boot
...
(bootloader) Boot/Recovery signature checking...
(bootloader) Boot/Recovery signature checking...
(bootloader) setup_tag addr=0x80400100 cmdline add=0xC02F9E3C
(bootloader) TAG:Ramdisk OK
(bootloader) TAG:skuid 0x2FD0C
(bootloader) TAG:hero panel = 0x4940047
(bootloader) TAG:engineerid = 0x5
(bootloader) TAG: PS ID = 0x0
(bootloader) TAG: Gyro ID = 0x2
(bootloader) Device CID is super CID
(bootloader) CID is super CID
(bootloader) Backup CID is empty
(bootloader) setting->cid::11111111
(bootloader) serial number: HT28MW300546
(bootloader) command line length =691
(bootloader) active commandline: poweron_status=32 reset_status=0 board_e
(bootloader) lite.disable_uart3=0 diag.enabled=0 board_elite.debug_uart=0
(bootloader) userdata_sel=0 androidboot.emmc=true androidboot.pagesize=2
(bootloader) 048 skuid=0 ddt=20 ats=0 androidboot.lb=1 td.td=1 td.sf=1 t
(bootloader) d.ofs=328 td.prd=1 td.dly=0 td.tmo=300 imc_online_log=0 and
(bootloader) roidboot.efuse_info=NFSL androidboot.baseband=0.19as.32.09.1
(bootloader) 1_2 androidboot.cid=11111111 androidboot.devicerev=3 android
(bootloader) boot.batt_poweron=good_battery androidboot.carrier=ALL andro
(bootloader) idboot.mid=PJ8310000
(bootloader) aARM_Partion[0].name=misc
(bootloader) aARM_Partion[1].name=recovery
(bootloader) aARM_Partion[2].name=boot
(bootloader) aARM_Partion[3].name=system
(bootloader) aARM_Partion[4].name=local
(bootloader) aARM_Partion[5].name=cache
(bootloader) aARM_Partion[6].name=userdata
(bootloader) aARM_Partion[7].name=devlog
(bootloader) aARM_Partion[8].name=pdata
(bootloader) aARM_Partion[9].name=fat
(bootloader) aARM_Partion[A].name=extra
(bootloader) aARM_Partion.name=radio
(bootloader) aARM_Partion[C].name=adsp
(bootloader) aARM_Partion[D].name=dsps
(bootloader) aARM_Partion[E].name=wcnss
(bootloader) aARM_Partion[F].name=radio_config
(bootloader) aARM_Partion[10].name=modem_st1
(bootloader) aARM_Partion[11].name=modem_st2
(bootloader) partition number=18
(bootloader) Valid partition num=18
(bootloader) TZ_HTC_SVC_SET_DDR_MPU ret = 0
(bootloader) smem 90005000 (phy 90005000): TZ_HTC_SVC_UPDATE_SMEM ret = 0
(bootloader) TZ_HTC_SVC_LOG_OPERATOR ret = 0
(bootloader) TZ_HTC_SVC_ENC ret = 0
(bootloader) TZ_HTC_SVC_DISABLE ret = 474079232 (0x1C41E000)
(bootloader) jump_to_kernel: machine_id(3766), tags_addr(0x80400100), ker
(bootloader) nel_addr(0x80408000)
(bootloader) -------------------hboot boot time:15535 msec
FAILED (status read failed (Too many links))
finished. total time: 6.231s
C:\Program Files (x86)\Minimal ADB and Fastboot>adb push soffbin3 /data/local/tm
p/
adb server is out of date. killing...
* daemon started successfully *
43 KB/s (4751 bytes in 0.106s)
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell chmod 744 /data/local/
tmp/soffbin3
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell su -c "/data/local/tmp
/soffbin3"
C:\Program Files (x86)\Minimal ADB and Fastboot>adb reboot bootloader
C:\Program Files (x86)\Minimal ADB and Fastboot>
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
440http://www.youtube.com/watch?v=zNswkPGYtLc
note: updated 2/20 @ 9:20 EST, better ICS compatibility.
Welcome to Facepalm S-Off for the HTC One XL.
Credits and terms:
Exploit by beaups. Full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:
beaups - Donate to beaups
jcase - Donate to jcase
dsb9938 - Donate to dsb9938
dr_drache - Donate to dr_drache
You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.
This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.
Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.
For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:
HTC One XL: http://xdaforums.com/showthread.php?t=1952038 (2.2)
Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):
1.) Download patcher and unzip it in your working directory:
soffbin3.zip soffbin3.zip Mirror
2.) Download the zip below
OneX.zip = MD5: 99a8eced1010543e12cbd4e4e8f9638f, Mirror
3.)(wait for bootloader)Code:adb reboot bootloader
4.)(wait for black HTC Screen)Code:fastboot oem rebootRUU
5.)After a while, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”Code:fastboot flash zip PJ8312000-OneX.zip
6.) Immediately issue the following command:
Code:fastboot oem boot
You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).
7.) Issue the following 3 commands to update the security partition with S-off flags (one command at a time!):
Code:adb push soffbin3 /data/local/tmp/ adb shell chmod 744 /data/local/tmp/soffbin3 adb shell su -c "/data/local/tmp/soffbin3"
(wait for a few seconds)
8.)Code:adb reboot bootloader
9.) You should see what you are looking for!
If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
Enjoy.15Fix for error 99, that doesn't involve flashing roms hoping it solves the problem:
fastboot oem writecid 11111111
power down completely, go to fastboot
continue from the fastboot oem rebootRUU command
thans attn1 and jcase for the help9Ok folks thanks to c5satelite and other helpful folks at S OFF PARTY AND IRC we figured out how to fix this whole "error 99" shenanigans.
Step 1. Download the latest stockish ROM (I used Viper 3.2.3)
Step 2. Boot into bootloader and fastboot flash the kernel.. then reboot back into recovery
Step 3. Wipe /system and factory reset in TWRP
Step 4. Install rom in TWRP
Step 5. For *Viper Only* Don't wipe in Aroma, and uncheck reboot at the end.
Step 6. Reboot into bootloader from recovery (Don't boot into the ROM)
Step 7. Follow the instructions in the OP to a T ... read reread.. go get some coffee.. and try again.. hopefully you see Error 92 and not 99
This worked for me with ViperROM on hboot 2.14
Thank you to all the folks involved you guys are rockstars from Mars! :highfive:
