[HOW TO] Idiot proof your s-off device

Search This thread
By:
Advanced…
cschmitt

cschmitt

Senior Member
Feb 24, 2012
1,716
1,914
It occurred to me that there have been a number of 'I went s-on and relocked my bootloader, etc.' posts that have ended badly-- no RUU to flash, unable to return to stock or a working rom.

Now I'm not saying these folks are idiots, more likely just unfortunate mistakes. I myself am prone to the occasional derp.

That got me thinking about how to protect an s-off device from an accidental 'fastboot oem writesecureflag 3' that would leave me crying.

Basically, 4 things:

1. Find an RUU and tuck it away. For me, with an AT&T One, its 1.29.1540.16 from htc1guru. Why this RUU? Well it has a very old hboot 1.44.0000 (pre June, 2013) that is easy to s-off with revone, and can be unlocked via HTC Dev. Also, they are very easy to come by on sites like HTC Dev, htc1guru, etc.

2. Change CID to match what the RUU expects:
Code: 
fastboot oem writecid BS_US001
The CID doesn't really matter for anything else, unless you plan on taking an OTA directly.

3. Make sure MID matches what the RUU expects as well: PN0712000 (which matches my AT&T device already.) If not then change it to match with the eng hboot (I won't go into that here, but if you've changed it once already then you're familiar with the process.)

4. Lastly, and most important: flash the hboot and change the firmware main version so that it matches what the 'rescue RUU' is expecting. For me, that's hboot 1.44.000 and 1.29.1540.16 so I created the attached 'firmware_reset_1.29.1540.16.zip' that can be flashed via:
Code: 
fastboot oem rebootRUU
fastboot flash zip firmware_reset_1.29.1540.16.zip
and it does nothing more than flash hboot 1.44.0000 and the android-info.txt resets the mainver to 1.29.1540.16 in the process.

This last step is important because with s-on you cannot RUU a downgrade hboot or mainver, so having hboot 1.44.0000 and mainver 1.29.1540.16 will allow the 'rescue RUU' to do it's thing.


So now we're all set. If things go south at some point and I need to get back to a known good, I can flash the RUU exe (even if s-on and locked), then unlock via HTC Dev, flash a custom recovery, root, and go.
 

Attachments

  • firmware_reset_1.29.1540.16.zip
    486 KB · Views: 35
Last edited:
  • Like
Reactions: WTFunk
N

n1234d

Senior Member
Aug 18, 2013
1,375
483
Mumbai
Google Pixel 6a
cschmitt said:
It occurred to me that there have been a number of 'I went s-on and relocked my bootloader, etc.' posts that have ended badly-- no RUU to flash, unable to return to stock or a working rom.

Now I'm not saying these folks are idiots, more likely just unfortunate mistakes. I myself am prone to the occasional derp.

That got me thinking about how to protect an s-off device from an accidental 'fastboot oem writesecureflag 3' that would leave me crying.

Basically, 4 things:

1. Find an RUU and tuck it away. For me, with an AT&T One, its 1.29.1540.16 from htc1guru. Why this RUU? Well it has a very old hboot 1.44.0000 (pre June, 2013) that is easy to s-off with revone, and can be unlocked via HTC Dev. Also, they are very easy to come by on sites like HTC Dev, htc1guru, etc.

2. Change CID to match what the RUU expects:
Code: 
fastboot oem writecid BS_US001
The CID doesn't really matter for anything else, unless you plan on taking an OTA directly.

3. Make sure MID matches what the RUU expects as well: PN0712000 (which matches my AT&T device already.) If not then change it to match with the eng hboot (I won't go into that here, but if you've changed it once already then you're familiar with the process.)

4. Lastly, and most important: flash the hboot and change the firmware main version so that it matches what the 'rescue RUU' is expecting. For me, that's hboot 1.44.000 and 1.29.1540.16 so I created the attached 'firmware_reset_1.29.1540.16.zip' that can be flashed via:
Code: 
fastboot oem rebootRUU
fastboot flash zip firmware_reset_1.29.1540.16.zip
and it does nothing more than flash hboot 1.44.0000 and the android-info.txt resets the mainver to 1.29.1540.16 in the process.

This last step is important because with s-on you cannot RUU a downgrade hboot or mainver, so having hboot 1.44.0000 and mainver 1.29.1540.16 will allow the 'rescue RUU' to do it's thing.


So now we're all set. If things go south at some point and I need to get back to a known good, I can flash the RUU exe (even if s-on and locked), then unlock via HTC Dev, flash a custom recovery, root, and go.
Click to expand...
Click to collapse

This is nice, but then people say "I want to go back to stock for warranty" and mess up the order of steps, and mess up their phones as a result..
Secondly, that is a very old bootloader, and it won't work with us people who have windows 8.1. Then you'll have to go around explaining to everyone how to recover from a partial flash of their RUU.
Also, changing MID isn't dangerous any longer. There's a method if doing it without flashing the eng bootloader.
Thirdly, if you're gonna modify the mainver inside android-info, it's gonna get unsigned, even an hboot outside of an RUU will be unsigned, so it isn't gonna work with s-on..

Also, the CID does matter for other stuff except OTAs/RUUs, it provides localised languages in system and keyboard, as well as the lyrics content changes (although here it's beneficial to have a US CID)
Just think these points over..
I'd say the best way to idiot proof it would be never to go s-on, so although they can mess stuff bad with s-off, at least it's recoverable. For Canadian users, while going back to stock, flash the oldest ruu you find, and then first set your bootloader status to "locked", flash the RUU, and only then go back s-on, take OTAs After you go s-on, I've heard that the command doesn't work well with phones having bootloader 1.55 and onwards.

(Edit) misunderstood your point about flashing the bootloader/changing the mainver,
but even if you do it while s-off, that'd still be, well, not ideal..

Sent from my iPod touch using Tapatalk
 
Last edited:
cschmitt

cschmitt

Senior Member
Feb 24, 2012
1,716
1,914
I'm certain it's not a solution that's perfect for everyone, really a starting point to be tailored to your specific device, region, and available ruu.

The whole going back to stock is something I'd rarely do, but wanted to have a plan if needed.

Absolutely agree that staying s-off is the best bet.

Do appreciate your comments.
 
Last edited:
You must log in or register to reply here.

Similar threads

H
  • Locked
[Guide] Firewater S-Off
Replies
2K
Views
614K
LenAsh
LenAsh
scotty1223
[how to] lock/unlock your bootloader without htcdev(s-off required)
Replies
394
Views
272K
A
alray
electronical
[GUIDE] Rumrunner S-Off for HTC One M7 International
Replies
1K
Views
713K
mitchst2
mitchst2
crushalot
[GUIDE] How to Return to 100% Stock
Replies
2K
Views
577K
K
killutekero
K
[GUIDE] China Unicom 802W Dual Sim.. how to root and install Google Apps
Replies
2K
Views
552K
Shikaiya
Shikaiya

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 1
    cschmitt
    cschmitt
    It occurred to me that there have been a number of 'I went s-on and relocked my bootloader, etc.' posts that have ended badly-- no RUU to flash, unable to return to stock or a working rom.

    Now I'm not saying these folks are idiots, more likely just unfortunate mistakes. I myself am prone to the occasional derp.

    That got me thinking about how to protect an s-off device from an accidental 'fastboot oem writesecureflag 3' that would leave me crying.

    Basically, 4 things:

    1. Find an RUU and tuck it away. For me, with an AT&T One, its 1.29.1540.16 from htc1guru. Why this RUU? Well it has a very old hboot 1.44.0000 (pre June, 2013) that is easy to s-off with revone, and can be unlocked via HTC Dev. Also, they are very easy to come by on sites like HTC Dev, htc1guru, etc.

    2. Change CID to match what the RUU expects:
    Code: 
    fastboot oem writecid BS_US001
    The CID doesn't really matter for anything else, unless you plan on taking an OTA directly.

    3. Make sure MID matches what the RUU expects as well: PN0712000 (which matches my AT&T device already.) If not then change it to match with the eng hboot (I won't go into that here, but if you've changed it once already then you're familiar with the process.)

    4. Lastly, and most important: flash the hboot and change the firmware main version so that it matches what the 'rescue RUU' is expecting. For me, that's hboot 1.44.000 and 1.29.1540.16 so I created the attached 'firmware_reset_1.29.1540.16.zip' that can be flashed via:
    Code: 
    fastboot oem rebootRUU
fastboot flash zip firmware_reset_1.29.1540.16.zip
    and it does nothing more than flash hboot 1.44.0000 and the android-info.txt resets the mainver to 1.29.1540.16 in the process.

    This last step is important because with s-on you cannot RUU a downgrade hboot or mainver, so having hboot 1.44.0000 and mainver 1.29.1540.16 will allow the 'rescue RUU' to do it's thing.


    So now we're all set. If things go south at some point and I need to get back to a known good, I can flash the RUU exe (even if s-on and locked), then unlock via HTC Dev, flash a custom recovery, root, and go.
    View

New posts