FORUMS
Remove All Ads from XDA

[S-OFF] Facepalm s-off Droid Incredible 4G LTE

3,276 posts
Thanks Meter: 7,276
 
By beaups, Senior Recognized Developer on 1st April 2013, 01:42 AM
Post Reply Email Thread
Welcome to Facepalm S-Off for the Droid Incredible 4G LTE.

Credits and terms:

Exploit by beaups. Full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.

Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:

beaups - Donate to beaups
jcase - Donate to jcase
dsb9938 - Donate to dsb9938
dr_drache - Donate to dr_drache

Thanks also to mdmower for commissioning Facepalm for this device, and testing.


You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.

This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.

Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.

For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:

Droid Incredible 4G LTE SuperCID: http://forum.xda-developers.com/show....php?t=2214653


Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):

1.) Download patcher and unzip it in your working directory:

soffbin3.zip

2.) Download the RUU zip below:

http://d-h.st/MOw


3.)
Code:
adb reboot bootloader
(wait for bootloader)

4.)
Code:
fastboot oem rebootRUU
(wait for black HTC Screen)

5.)
Code:
fastboot flash zip 2.17.605.2_rom.zip
After 2-3 minutes, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”

6.) Immediately issue the following command:

Code:
fastboot oem boot


You may see some errors, just wait for the device to boot into Android
(only now, you should be booted into Android with no eMMC write protection of any kind active).

7.) Issue the following commands to update the security partition with S-off flags (one command at a time!):

Code:
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell
su
/data/local/tmp/soffbin3
exit
exit
8.) Wait a few seconds, then:

Code:
adb reboot bootloader
9.) You should see what you are looking for!

If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

Enjoy.
The Following 35 Users Say Thank You to beaups For This Useful Post: [ View ]
 
 
1st April 2013, 04:18 AM |#2  
Senior Member
Flag heredia
Thanks Meter: 649
 
Donate to Me
More
Quote:
Originally Posted by beaups

Welcome to Facepalm S-Off for the Droid Incredible 4G LTE.

Credits and terms:

Exploit by beaups. Full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.

Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:

beaups - Donate to beaups
jcase - Donate to jcase
dsb9938 - Donate to dsb9938
dr_drache - Donate to dr_drache

Thanks also to mdmower for commissioning Facepalm for this device, and testing.


You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.

This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.

Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.

For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:

Droid Incredible 4G LTE SuperCID: http://forum.xda-developers.com/show....php?t=2214653


Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):

1.) Download patcher and unzip it in your working directory:

soffbin3.zip

2.) Download the RUU zip below:

http://d-h.st/MOw


3.)

Code:
adb reboot bootloader
(wait for bootloader)

4.)
Code:
fastboot oem rebootRUU
(wait for black HTC Screen)

5.)
Code:
fastboot flash zip 2.17.605.2_rom.zip
After 2-3 minutes, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”

6.) Immediately issue the following command:

Code:
fastboot oem boot


You may see some errors, just wait for the device to boot into Android
(only now, you should be booted into Android with no eMMC write protection of any kind active).

7.) Issue the following commands to update the security partition with S-off flags (one command at a time!):

Code:
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell
su
/data/local/tmp/soffbin3
exit
exit
8.) Wait a few seconds, then:

Code:
adb reboot bootloader
9.) You should see what you are looking for!

If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

Enjoy.

wondering if this will survive a ota
The Following User Says Thank You to jose51197 For This Useful Post: [ View ] Gift jose51197 Ad-Free
1st April 2013, 05:03 AM |#3  
OP Senior Recognized Developer
Flag Dublin, OH
Thanks Meter: 7,276
 
Donate to Me
More
Re: [S-OFF] Facepalm s-off Droid Incredible 4G LTE
Quote:
Originally Posted by jose51197

wondering if this will survive a ota

Radio S-off always survives OTA...now whether or not the device survives.....

Sent from my HTC6435LVW using Tapatalk 2
The Following User Says Thank You to beaups For This Useful Post: [ View ]
1st April 2013, 05:24 PM |#4  
Senior Member
Flag St. Louis
Thanks Meter: 15
 
More
Has anyone been able to get this to work? I've tried several times usually getting error 99: unknown fail while flashing the zip. I have superCID and an unlocked bootloader, fastboot and adb both working. I even returned the phone back to a stock rom at which point I got the zip to flash correctly (giving me error 92) but still get a write protection error trying to run soffbin3. When I retried after that I'm getting error 99 again at flashing the zip. I've tried from 2 different computers Windows 7 64 bit and Windows XP 32 bit same errors on both. Any ideas what could cause this?
The Following User Says Thank You to mpappas87 For This Useful Post: [ View ] Gift mpappas87 Ad-Free
1st April 2013, 05:35 PM |#5  
OP Senior Recognized Developer
Flag Dublin, OH
Thanks Meter: 7,276
 
Donate to Me
More
Quote:
Originally Posted by mpappas87

Has anyone been able to get this to work? I've tried several times usually getting error 99: unknown fail while flashing the zip. I have superCID and an unlocked bootloader, fastboot and adb both working. I even returned the phone back to a stock rom at which point I got the zip to flash correctly (giving me error 92) but still get a write protection error trying to run soffbin3. When I retried after that I'm getting error 99 again at flashing the zip. I've tried from 2 different computers Windows 7 64 bit and Windows XP 32 bit same errors on both. Any ideas what could cause this?

Of course it's been tested

For error99 do a full forced power down (hold power for 30 sec while unplugged or pull battery if you have one), then boot back up holding vol down to get back to bootloader.

Also, confirm you have superCID via fastboot getvar cid
The Following 2 Users Say Thank You to beaups For This Useful Post: [ View ]
1st April 2013, 07:42 PM |#6  
Senior Member
Thanks Meter: 40
 
More
Quote:
Originally Posted by beaups

Of course it's been tested

For error99 do a full forced power down (hold power for 30 sec while unplugged or pull battery if you have one), then boot back up holding vol down to get back to bootloader.

Also, confirm you have superCID via fastboot getvar cid

what value do you want us to have with super cid.
I unlocked and then reverted back toe the stock cid
1st April 2013, 07:47 PM |#7  
Aldo101t's Avatar
Senior Member
Flag Pittsburgh
Thanks Meter: 2,180
 
More
Quote:
Originally Posted by dcooterfrog

what value do you want us to have with super cid.
I unlocked and then reverted back toe the stock cid

I THINK YOU SHOULD REMAIN ON SUPERCID(11111111)til you get s-off then if need be revert back.
1st April 2013, 08:25 PM |#8  
OP Senior Recognized Developer
Flag Dublin, OH
Thanks Meter: 7,276
 
Donate to Me
More
Re: [S-OFF] Facepalm s-off Droid Incredible 4G LTE
Quote:
Originally Posted by dcooterfrog

what value do you want us to have with super cid.
I unlocked and then reverted back toe the stock cid

Any supercid should do, but 1's and 2's have been tested.

Sent from my HTC6435LVW using Tapatalk 2
The Following User Says Thank You to beaups For This Useful Post: [ View ]
1st April 2013, 10:41 PM |#9  
Senior Member
Flag St. Louis
Thanks Meter: 15
 
More
Of course you've tested it I meant has anyone who is just a user trying to follow your instructions got it to work yet, I wasn't trying to be sarcastic. Anyway your battery pull instructions work for error 99 however I still keep getting the write protection error. My bootloader is unlocked and I have superCID set to 11111111. I'll copy what I see here so you can look at it

Quote:

c:\Android>fastboot oem rebootRUU
...
(bootloader) Start Verify: 3
OKAY [ 0.072s]
finished. total time: 0.072s

c:\Android>fastboot flash zip 2.17.605.2_rom.zip
sending 'zip' (583416 KB)...
OKAY [ 24.313s]
writing 'zip'...
(bootloader) adopting the signature contained in this image...
FAILED (remote: 92 supercid! please flush image again immediately)
finished. total time: 24.422s

c:\Android>fastboot oem boot
< waiting for device >
...
(bootloader) Boot/Recovery signature checking...
(bootloader) Boot/Recovery signature checking...
(bootloader) setup_tag addr=0x80400100 cmdline add=0xC02FA8C4
(bootloader) TAG:Ramdisk OK
(bootloader) TAG:skuid 0x2DB00
(bootloader) TAG:hero panel = 0x4940045
(bootloader) TAG:engineerid = 0x0
(bootloader) TAG: PS ID = 0x0
(bootloader) TAG: Gyro ID = 0x0
(bootloader) Device CID is super CID
(bootloader) CID is super CID
(bootloader) Backup CID is empty
(bootloader) setting->cid::11111111
(bootloader) serial number: HT26SS300293
(bootloader) commandline from head: console=ttyHSL0,115200,n8
(bootloader) command line length =739
(bootloader) active commandline: poweron_status=1 reset_status=0 board_fi
(bootloader) ghter.disable_uart3=0 diag.enabled=0 board_fighter.debug_uar
(bootloader) t=0 userdata_sel=0 androidboot.emmc=true androidboot.pagesiz
(bootloader) e=2048 skuid=0 ddt=20 ats=0 androidboot.lb=1 td.td=1 td.sf=
(bootloader) 1 td.ofs=328 td.prd=1 td.dly=0 td.tmo=300 hlog.ofs=628 un.of
(bootloader) s=694 imc_online_log=0 androidboot.efuse_info=FFSL androidb
(bootloader) oot.baseband=1.53.06.0919 androidboot.cid=11111111 androidbo
(bootloader) ot.devicerev=3 androidboot.batt_poweron=good_battery android
(bootloader) boot.carrier=ALL and
(bootloader) aARM_Partion[0].name=misc
(bootloader) aARM_Partion[1].name=recovery
(bootloader) aARM_Partion[2].name=boot
(bootloader) aARM_Partion[3].name=system
(bootloader) aARM_Partion[4].name=local
(bootloader) aARM_Partion[5].name=cache
(bootloader) aARM_Partion[6].name=userdata
(bootloader) aARM_Partion[7].name=devlog
(bootloader) aARM_Partion[8].name=pdata
(bootloader) aARM_Partion[9].name=fat
(bootloader) aARM_Partion[A].name=extra
(bootloader) aARM_Partion[B].name=radio
(bootloader) aARM_Partion[C].name=adsp
(bootloader) aARM_Partion[D].name=dsps
(bootloader) aARM_Partion[E].name=wcnss
(bootloader) aARM_Partion[F].name=radio_config
(bootloader) aARM_Partion[10].name=modem_st1
(bootloader) aARM_Partion[11].name=modem_st2
(bootloader) partition number=18
(bootloader) Valid partition num=18
(bootloader) TZ_HTC_SVC_SET_DDR_MPU ret = 0
(bootloader) smem 90005000 (phy 90005000): TZ_HTC_SVC_UPDATE_SMEM ret = 0
(bootloader) TZ_HTC_SVC_LOG_OPERATOR ret = 0
(bootloader) TZ_HTC_SVC_ENC ret = 0
(bootloader) TZ_HTC_SVC_DISABLE ret = 474079232 (0x1C41E000)
(bootloader) jump_to_kernel: machine_id(3524), tags_addr(0x80400100), ker
(bootloader) nel_addr(0x80408000)
(bootloader) -------------------hboot boot time:9464 msec
FAILED (status read failed (Too many links))
finished. total time: 6.292s

c:\Android>adb push soffbin3 /data/local/tmp/
1078 KB/s (2209 bytes in 0.002s)

c:\Android>adb shell chmod 744 /data/local/tmp/soffbin3

c:\Android>adb shell
[email protected]:/ # su
su
[email protected]:/ # /data/local/tmp/soffbin3
/data/local/tmp/soffbin3
/data/local/tmp/soffbin3[2]: cannot create │╗▒╫÷: Read-only file system
/data/local/tmp/soffbin3[2]: ┴√╓♣î⌠: not found
/data/local/tmp/soffbin3[4]: syntax error: 'ⁿ' unexpected
/data/local/tmp/soffbin3[2]: ╕╚Ç╫⌂idτº╬R░4↔∩N¥U÷Å┘)╘¿j¥&j+ò╩U¿PñF╩≥ÇTAäBÑJÇJôç
►╝D<B}░wYQéäè╘─ï∙╬▄;╗wªnE╟>{ε╣ττ₧{ε╣?τ╣╣┼yM╙╚*ö: not found
/data/local/tmp/soffbin3[2]: ┘ªnc↕♂mè◄←ßî╟Θ: not found
/data/local/tmp/soffbin3[2]: ô♦∞☻─Q└: not found
/data/local/tmp/soffbin3[2]: ª↕Wê2└δ}▄G╗2öó^≡▲ñ√⌐ç♦/│.₧: not found
1|[email protected]:/ # exit
exit
1|[email protected]:/ # exit
exit

c:\Android>adb reboot bootloader

I hope you can help me figure this out, I'd really like to have s-off and I do appreciate all your hard work putting this together for us.

Edit:

I tried again this time entering the fastboot oem boot and pressing enter while it was flashing the zip so that it ran as soon as it finished flashing the zip and it rebooted back to the black HTC screen. Is that supposed to happen should I just wait, I waited five minute (I timed it) and it never changed from that screen.

Quote:

c:\Android>fastboot oem rebootRUU
...
(bootloader) Start Verify: 3
OKAY [ 0.075s]
finished. total time: 0.075s

c:\Android>fastboot flash zip 2.17.605.2_rom.zip
sending 'zip' (583416 KB)...
OKAY [ 24.340s]
writing 'zip'...
(bootloader) adopting the signature contained in this image...
FAILED (remote: 92 supercid! please flush image again immediately)
finished. total time: 24.449s

c:\Android>fastboot oem boot
...
FAILED (command write failed (Too many links))
finished. total time: 0.001s

2nd April 2013, 01:44 AM |#10  
OP Senior Recognized Developer
Flag Dublin, OH
Thanks Meter: 7,276
 
Donate to Me
More
Well those are some weird errors you are getting indeed, the soffbin3 is pretty simple, should just return a 1.

Perhaps try on a more stock rom?

And your first method was the correct behavior, not the 2nd.

edit: I see your adb push only pushed 2209 bytes, which is the size of the ZIP file, not the decompressed binary.

The instructions clearly state you need to UNZIP it, not just delete the zip extension from your downloaded file. We zip the file before uploading in order to identify download errors.

Once decompressed the binary is 4751 bytes.
The Following 2 Users Say Thank You to beaups For This Useful Post: [ View ]
2nd April 2013, 02:05 AM |#11  
Senior Member
Flag St. Louis
Thanks Meter: 15
 
More
I know you're probably not going to believe me when I tell you this but I did unzip it something must have went wrong with the download/unzipping the first time. I re-downloaded it checked the MD5 and unzipped it and it worked great first try. Thank you so much for your help.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes