Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,808,000 Members 47,276 Now Online
XDA Developers Android and Mobile Development Forum

S-off is Official!!! With Instructions...

Tip us?
 
madjokeer
Old
#1351  
Senior Member
Thanks Meter 19
Posts: 235
Join Date: Aug 2006
Quote:
Originally Posted by whtciv2k View Post
flashing to the stock RUU seems to work.

TO ALL, if you are having issues, just bite the bullet and flash back to the stock RUU. worked for me the very first time once I did this. Thanks all.
I am on bamf 2.1 with latest firmware, are you suggesting flash back to latest CIS leak by android-police which is link 4(rooted version)

Sent from my ADR6425LVW using Tapatalk 2
Verizon TP2 on EnergyROM - Retired
Verizon Droid X - RubiX Blurry 2.0 -i was missing out, thank you for the free upgrade Verizon :P - RETIRED
HTC Thunderbolt - Bamf 2.4.1 - RETIRED
HTC Rezound - Everything latest/greatest - But now retired
Samsung Galaxy SIII -Verizon - Hyperdrive RLS11 + KT kernel
 
Land Master
Old
(Last edited by Land Master; 25th April 2012 at 08:56 PM.)
#1352  
Land Master's Avatar
Senior Member
Thanks Meter 170
Posts: 512
Join Date: Jun 2010
Location: Highlands Ranch, CO.

 
DONATE TO ME
I must have had just the proper amount of BEER or I'm just a lucky SOB.

I started reading about the procedure (In the original Discussion Thread) Saturday Evening about 6 hours after the exploit was released. I caught up on all the discussion and felt comfortable enough that I had the procedure figured out.

I was on the ICS firmware (HBOOT 2.21) and running CleanRom 4.0
I had AmonRA 3.14

I downloaded the ICS Version of the control program (I guess this would have been v .1), extracted it and inadvertently placed the files ControlBear.exe, jb_boot.img and jb_hboot.zip the "tools" directory instead of the "platform-tools" directory of my adb installation. I'm telling you this because in my experience it does NOT need to be in the same directory as fastboot and adb.

I charged my phone to 100%
I replaced my "working" SD card with a new 2GB blank card
I prepared a single strand of Cat 5 copper wire by stripping both ends.
I booted into CleanRom
I insured that USB Debugging was enabled
I "Right-Clicked" on ControlBear.exe and selected "Run as administrator"
I plugged the phone into my computer when it said "Connect Device"

Now... This is where my setup is a little different then most. I was running Win7 32bit under parallels on my Mac. As such I was prompted to either make the device accessible in the Host (Mac OsX) OR in the Guest (Win7 x32). Obviously I chose the guest and I heard the USB windows "gong". The program continued and I was eventually presented with "do wire trick now" scrolling on the screen. My phone was laying face down the entire time.

Now, I actually screwed up again as my intention was to touch the ground for 1.75 seconds, release, and touch it again. See, even with all my extensive reading I have now made two mistakes. It didn't matter because in my first few attempts absolutely NOTHING happened. "Do wire trick now" continued to scroll on my screen and the absence of any windows "gongs" leads me to believe that nothing was happening on the device.

I tried again but this time I held the wire in the hole as straight as I could figuring that I simply missed the contact pad in my first attempt. This was probably the case.

Now my eyes ain't what they used to be and that little gnd tit is really small. This and the wire I was using was small as well. From what I recall I then attempted to come down directly on top of the copper tit and I remember the wire slipping off. Then I tried to touch it again and the same thing happened BUT I heard the Windows GONG and the text in control bear started to scroll. I flipped over the phone and the Junotobear icon with an arrow pointing down was on the screen. I watched the text in the command box and drank beer. Everything that was listed had SUCCESS next to it or sunny day or whatever, all positive. It got to the end and asked me if I wanted to flash the Hboot and I said yes. It did so and if I recall it said it was successful and to press enter to quit. I did and my phone was left in the white fastoot screen. I opened a command window in my adb installation directory and entered "Fastboot Reboot". My phone rebooted and CleanRom was up and running.

I downloaded quick boot from the market and used it to enter bootloader, Upon doing so to my delight I was S-Off. I replaced my original SD card rebooted to CleanRom and everything was intact. I lost no pictures, text messages, call logs or anything. It was as if I never did the procedure in the first place.

So the moral of the story is even though I was cautious and read for 4 hours before doing the deed, I still made a couple of errors and in the end I guess I simply got lucky.

Please understand that this is not a na na hey hey I got it and you didn't post. I genuinely hope that some of this information is useful to others and truly feel bad for those that haven't been able to "get there".

Good luck!!!
The Following 3 Users Say Thank You to Land Master For This Useful Post: [ Click to Expand ]
 
whtciv2k
Old
#1353  
whtciv2k's Avatar
Senior Member
Thanks Meter 14
Posts: 129
Join Date: Dec 2007
Quote:
Originally Posted by SightSeeker View Post
How do I do this again? I'm on ICS clean rom with the leaked ICS radio and hboot. I have the rezound_ics_androidpolice_3.11.605.22 .zip file but it's not flashing. Do I have to lock the boot loader again first?
Hrm, you might have to do the mainver trick first...

---------- Post added at 04:25 PM ---------- Previous post was at 04:22 PM ----------

this was what was happening to me for 3 days. i downgraded RUU, factory reset and tried again. worked on the first try and got the wire trick on the first try.
 
jidcman
Old
#1354  
Member
Thanks Meter 13
Posts: 57
Join Date: Dec 2011
Hi everybody,
can someone please guide me on the right direction a far as the order/correctness (not the directions) of the steps to obtain S-Off on my device?
Facts:
HBOOT-2.10.0000
eMMC-boot
Oct 5 2011, 21:18:48
CLEANROM 3.7





I will follow all instructions to the teeth.
I'm just not sure if I should relock and update the HBOOT before doing the S-Off procedure.
Also I'm not sure if I need the ICS or GB download since I'm running ICS but is not the leaked version.

Sorry for the noob questions. I'm pretty sure my questions have probably been answered before and for that, I apologize,
But I get overwhelmed with all the posts.

Thanks in advance,

Jidcman

Sent from my ADR6425LVW using Tapatalk
 
redbean25
Old
#1355  
redbean25's Avatar
Senior Member
Thanks Meter 92
Posts: 356
Join Date: Jan 2012
Location: Seattle
use GB version.

follow instructions in the OP, or on the JuopunutBear website
The Following User Says Thank You to redbean25 For This Useful Post: [ Click to Expand ]
 
Demiurge7
Old
#1356  
Demiurge7's Avatar
Senior Member
Thanks Meter 290
Posts: 266
Join Date: Nov 2011
Location: Bellevue, WA
Quote:
Originally Posted by morrichad View Post
Just let you all know I had everyone of these error messages that I've seen except one or two of them. Especially this message: "QHSUSB_DLOAD" and just disconneted the cable and pulled the battery, then rebooted into Hboot. Open controlbear.exe and begun again.

There really needs to be an all in one tutorial on this citing different events and how to try to handle them each, if possible. GrayMonkey44 has done an exceptional job of trying to pull everything into one place and with additional tips to go with this S-off development. But I feel in some areas the guide lacks additional needed information?

I want to personal Thank You to team of JuopunutBear, Con for his posts on how to get back into your device in case of semi screw-ups; ie; being stuck @ JuopunutBear screen left being stuck scratching your head trying to figure what to do next, hgoldner for mini How-To helped me get started and to the end of the process and the metronome was very helpful! Their were others as well and will post a personal thank you once I gather all the names.

Trust me I screwed up a lot and was always able to figure my way back out of all my predicaments. Though it was scary & hair raising @ certain times.

I will try to post helpful tips and pull some quotes from other posters to help from both threads together to help out. Yes I wish I would read the other S-Off FAQ thread especially cause there is statements and ideas in there to help too. Noticed was having some the issues in the thread of S-off FAQ that would helped me sooner with some of my problems. If anyone reads that thread start in around page 100 and go from there and there will some additional enlightening information to help.

Some tips I can post now is if using a paper clip wrapped in tape on both ends where bent. Take paper clip and bend the 2 ends and this way Pin1 make that one end long to go in to the hole. On the other end shorten that up that end to touch ground. If the wire trick doesn't work from Pin1 to Ground, reverse the directions and go from Ground to Pin1. I also left on piece of the clip in Pin1.

Using a metronome provided by hgoldner on pg. 95 of this thread listen to beats in between the time pauses one wil be low the next will be high. When doing the wire trick to the beat pop one end in one contact(Pin1), there will a lite clicking sound and right before the next beat pop the other contact(ground) and release and should start the rest of the exploit.

I also got errors of local/data/JuopunutBear: not found and no beer for bear also. Try deleting the files you inserted into your adb/sdk files you inserted and other copies of stuff that shouldn't be in there. Unzip the JuopunutBear zip again and reinstall those files. Go to adb the folder that houses the adb/fastboot files and right click on the root folder for adb.exe file and can open a command window from there as well.

Make sure if needed between any errors if your not sure is to format sdcard via computer in Fat32 format.

****Also remember to have a copy of your recovery.img & boot.img handy.****

****Most important and I can't this stress enough is to make sure you make a copy your of internal & external cards. ****

---------- Post added at 01:09 PM ---------- Previous post was at 01:06 PM ----------



May I ask what mode your are starting in. Are in android(your Rom)mode or Hboot.

I am starting in Rom mode (running scotts cleanrom senseless dev edition). I am reinstalling fastboot and ADB, completely uninstalled anything HTC, starting from scratch - but it seems as though if it got as far as it did, then the drivers and adb should have been working properly - I tested adb beforehand, pushing, pulling, and running various commands... I made sure everything was working and in line. So its a little confusing. Will try re-installing adb and fastboot, maybe will go back to the RUU as well, just to be sure. Will take any idea's though, thanks!

---------- Post added at 03:44 PM ---------- Previous post was at 03:42 PM ----------

Quote:
Originally Posted by Blacktruck View Post
I am having this same problem as well. Reinstalled SDK and drivers, but still cant get past this process. I'm able to get back into fastboot and flash recovery, so its not like my pc cant detect my phone.
FWIW, I'm on GB, using CleanRom 4.3 using old firmware patch.

What appears to be happening is when ControlBear reboots the bootloader and sends the phone into the black screen with green arrows, it breaks connection between the phone and pc and cannot find the device.
Thats exactly what I was thinking... I was able to flash the backup recovery and the ICS kernel from my rom immediately after, in fastboot. So your right, its not as though my computer is not seeing the phone - rather, control bear doesnt seem to be able to see it... I havent seen many with this issue (one I found in the sensation thread for juopnutbear).
 
techferret
Old
#1357  
techferret's Avatar
Member
Thanks Meter 15
Posts: 73
Join Date: Oct 2007
Location: Ontario, CA
Quote:
Originally Posted by Demiurge7 View Post
I am starting in Rom mode (running scotts cleanrom senseless dev edition). I am reinstalling fastboot and ADB, completely uninstalled anything HTC, starting from scratch - but it seems as though if it got as far as it did, then the drivers and adb should have been working properly - I tested adb beforehand, pushing, pulling, and running various commands... I made sure everything was working and in line. So its a little confusing. Will try re-installing adb and fastboot, maybe will go back to the RUU as well, just to be sure. Will take any idea's though, thanks!

---------- Post added at 03:44 PM ---------- Previous post was at 03:42 PM ----------



Thats exactly what I was thinking... I was able to flash the backup recovery and the ICS kernel from my rom immediately after, in fastboot. So your right, its not as though my computer is not seeing the phone - rather, control bear doesnt seem to be able to see it... I havent seen many with this issue (one I found in the sensation thread for juopnutbear).
Just a suggestion to everyone who has a failed S-Off...try running ControlBear again after the failed command (you would be stuck on ControlBear's recovery). Believe it or not, after many failed attempts I did just this and my S-Off was granted! Just a suggestion since it worked for me...I was utilizing the AndroidPolice leak of ICS.

Phones:
P: TMO Samsung Galaxy S5 Rooted | Stock 4.4.2
W: Apple iPhone 5c | iOS 7.0.2
Tablets:
P: Apple iPad 4th Gen 32GB | iOS 7.0.2
K: Nexus 7 (2012) Wi-Fi | KitKat 4.4
W: Apple iPad 2 | iOS 7.0.2
 
SightSeeker
Old
#1358  
SightSeeker's Avatar
Senior Member
Thanks Meter 35
Posts: 179
Join Date: Apr 2012
Well after 2 days of trying over and over I finally got it. I was on clean rom 4.3 and once I went back to the stock leaked ICS I got it on the first try. I didn't even do the wire trick right. I was trying with the paper clip and I wasn't getting good contacts. I was just tapping away like 10 times and it finally made contact and it worked. Please anyone having trouble go back to stock if you are on a modified leaked ICS and try again. It wasn't even doing the correct sequence of screens on the rom I was on during the reboots.


Can anyone point me to a way to get the stock GB back on and radios? I don't want to mess things up now that I have S-off I just want to get my battery life back and wait for the OTA. Thanks
 
Hotweelz66
Old
#1359  
Member
Thanks Meter 7
Posts: 67
Join Date: Aug 2009
Location: Salem/Metro
Finally achieved S-off! 4 days later. lol. If anyone is having a problem with the program recognizing your root you need to make sure your adb is set up right. Also read up some on adb here http://forum.xda-developers.com/show....php?t=1241935 it helped me alot. After getting adb set up with proper path I was able to run the program. Got the timing right second time around. This was also with great help from the team on the #juopunutbear IRC channel. If you need help that's the place. Just be respectfull these people put in alot of time helping out.
 
mentallo
Old
#1360  
mentallo's Avatar
Senior Member
Thanks Meter 49
Posts: 229
Join Date: Feb 2012
Location: New York
Just did the S-Off and it worked fine but now I am stuck in hboot and no recovery seems to be installed. How come it doesnt just boot back into my rom? Should I just install the recovery manually now? and the what?

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes