Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,741,210 Members 49,213 Now Online
XDA Developers Android and Mobile Development Forum

(Solved)What is S-Off

Tip us?
 
Modding.MyMind
Old
(Last edited by Modding.MyMind; 3rd December 2013 at 01:21 AM.)
#1  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1352
Posts: 1,527
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
Default (Solved)What is S-Off

I am merely posting this here for all those considering to go S-Off but haven't found the courage for it yet or just aren't sure what S-Off actually is. So to ease your minds a little bit I wish to explain S-Off.

For starters, S-Off and root ARE TWO COMPLETELY DIFFERENT THINGS!

HTC has been securing their phones by locking the internal flash memory (NAND or eMMC)(eMMC in our case) to stop it from being written to, unless the file being flashed is signed by a private key only known to HTC. This is controlled by a flag (@ secuflag) and is identified as the device being S-ON. Telling the HBoot the device is Security Off (S-OFF) stops this check for the key, and allows us to write anything to any partition, which is what we are aiming for.

There are actually two levels of S-OFF. The Bootloader (HBoot) and the Radio. Getting S-Off on the HBoot gives us everything we need, but doesn't actually turn off the @ secuflag which is set in the radio - instead, the HBoot ignores it and therefore thinks it is S-Off, but this is not TRUE S-Off. It is possible to flash a HBoot that believes the Radio is set to S-OFF, as the HBoot is responsible for setting that flag.

Once the HBoot on the phone is S-OFF, we can write to all the partitions and basically do whatever we want, but it is possible to go one step further. Flashing a radio that is S-OFF and actually setting the @ secuflag to S-off gives us 100% total access to every part of the phone and it's software, as it becomes network unlocked allowing you to use any SIM and also allows you to flash a ROM from any carrier (known as Super CID). It also makes it practically impossible to permanently loose root no matter what you flash. Once you have radio S-OFF, it makes it much easier to flash new HBoots and ROMs even if you flash something that is locked down tight.

Setting the Radio to S-Off is not necessary, and gaining S-OFF on the HBoot is more than most people will ever need. Radio S-Off is just the last step of the puzzle, but it is worth noting that you can permanently brick your phone if flashing a radio or a HBoot, if either of these go wrong you will end up with a shiny expensive paper weight so there is risk involved. If this helped you in any way then feel free to click on the thanks button. Meanwhile, happy hunting!


Sent from my C525c using XDA Premium 4 mobile app
The Following 10 Users Say Thank You to Modding.MyMind For This Useful Post: [ Click to Expand ]
 
Modding.MyMind
Old
(Last edited by Modding.MyMind; 2nd December 2013 at 11:58 PM.)
#2  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1352
Posts: 1,527
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
To determine if you are S-OFF via HBoot or Radio you can do one of two things.

1: Go into fastboot and type

Code:
Select Code
fastboot oem readsecureflag
If you get secure_flag with the number zero then congrats - you are radio S-Off

If you get secure_flag 3 then I am sorry, you are not radio S-Off. - your modded HBoot is ignoring the radio in regards to @ secureflag.

2: (I don't recommend this lol)
You can flash a stock HBoot and then reboot your bootloader. If you see S-On after already having S-Off then this means you were S-Off via HBoot. However, I would like to note that some HBoots are written out to prevent themselves from being over written so S-Off isn't lost, but this prevention does not always work and is usually patched by HTC relatively quickly.

Sent from my C525c using XDA Premium 4 mobile app
The Following 4 Users Say Thank You to Modding.MyMind For This Useful Post: [ Click to Expand ]
 
Modding.MyMind
Old
#3  
Modding.MyMind's Avatar
Senior Member - OP
Thanks Meter 1352
Posts: 1,527
Join Date: Nov 2013
Location: Richmond, Virginia

 
DONATE TO ME
Another note... If you do not have radio S-Off then the following fastboot command will not work nor will it bring you back to S-On:

fastboot oem writesecureflag 3

Reason for this is because you are already S-On, but its being masked by your modded HBoot. So in this case, flash a stock HBoot and that will substitute for the failing command in fastboot

Sent from my C525c using XDA Premium 4 mobile app
The Following 3 Users Say Thank You to Modding.MyMind For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes