this method uses an official htc java card to turn off the phones security data. the card exists as a legitimate tool for cell phone shops and re-sellers,primarily for the purpose of removing the phones simlock.
since this method of s off is somewhat unusual,this thread is intended to help support folks that are unsure of the differences and similarities.
first and foremost,these are my words,sonic has not helped with these posts,tho i hope he will let me know if theres anything he wants changed. if any info you see here and use melts your phone into a little pile of aluminum goo,its not sonics fault,nor is it mine. use this info at your own risk.
in this first post,i thot a few FAQs needed to be put in one place,as they are being asked over and over again in the thread.
Frequently Asked Questions
Q: what is s off?what does it do for me?
A: in a nutshell,s-off=security off. it removes all security checks and allows access to all partitions of the phone this means you can:
-change splash inage
-flash unsigned files
-go backwards in firmware versions
-other things that maybe ill add later
Q: is this legit??
A:yes,it is. as mentioned above,the java card is a legitimate tool used by some large cell phone repair shops and re-sellers.
Q: how does this work?
A:the java card is plugged into a USB On The Go cable,and plugged into the phone. the java card contains htc-signed diagnostic files wich are used to clear security data. when the phone is booted to hboot with the java card plugged in,it finds the diagnostic file and jumps to a mode where the user can clear "s58" data. this removes any simlock,changes the CID to a generic "supercid",and most importantly,turns off the phones radio secure flag. hooray!
this not sonic,nor is this an htc one. it is a one X using the same method,it will give you a good idea what the process looks like:
HTC One X S-OFF
Q: what exactly is a java card?
A: simply,a java card is an sd card with a microprocessor in it. if someone wishes to provide a more detailed definition,id be happy to put it here. a bit more info here
Q: can we clone the java card so everyone can have s off?
A: yes. but its complicated,and the card to begin with is expensive. there have been some technical discussions about this in sonic's original thread. the simple answer is that it is not easy,or practical to clone the java card.
Q: why do i have to pay for this?? shouldnt s off be free?
A: if you have a prollem paying for this service,you are welcome to purchase your own java card and offer the service for free. as has been stated,the java card is expensive- upwards of $1000 depending how may credits are included.
further,even if a software exploit was available,it is good custom to donate to the devs who brought you the tool. remember,no one here owes you custom roms,s-off,etc. support your devs and what they bring you. in this case,sonic has purchased an expensive htc tool,shipping supplies,and has to invest a great deal of time getting your phone s-offed,packed up,and hauled back to the post office. not to mention the website he has set up for the service. there is nothing wrong with making his $$ back,and a bit extra for his time and efforts.
Q: is the card good forever?
A: NO! the java card has a limited number of uses. he has stated he can sell about 250 s off services,and do 10 developer phones for free. after those credist are gone,you are SOL unless a new exploit is found,or there is enuff interest for sonic to buy a second card.
Q: how do i know how many credits are left?
A:Sonic's website shows the number of avaiable spots left, right above the quantity select/add to cart,in the "product description". simply go to the website,then click the htc one picture.
Q: if im allready unlocked,should i still get s off?
A: in my opinion,yes. s off is better. it allows more options to recover soft-bricked devices,and allows access to all partitions. an s on phone is still doing plenty of security checks. it also allows a permantly installed recovery to install the boot image. the downside is that your phone WILL let you brick it if your not careful. know what your flashing and why. double check md5 sums to verify the integrity of your downloads. a corrupt bootloader ot radio can damage your phone,potentially unrecoverably. if you just asked "what is an md5sum?" stop and google it now. there are numerous md5summers avaialable for free on the vast interweb,download one and start using it.
Q: if im allready unlocked and running a custom rom and recovery,do i need to take any precautions?
A: yes. the diag file is designed to work on stock software and firmware. i would strongly recomend to:
-restore a bone stock nandroid,or flash a bone stock rom
-reflash your stock recovery
-reflash your stock boot image if you were running a custom kernel
-select 'factory reset' option from hboot
Q: will this wipe my phone?
A: yes it will. so back up your sd card to the pc,and be prepaired to have to re-set everything up when you get it back.
Q: does my phone need to be active?
A: no it does not.
Q: do you need my sim card?
A: no he does not.
Q: what is the turn around time?
A: again,these are my words. from the thread,5-7 days. please remember sonic has real life activities to attend to,so you may want to wait until the initial wave has subsided. if he has alot of phones to do,it may take him longer.
Q: im a tight ass,can i use cheaper shipping?
A: yes,you can. the initial shipping is picked and paid for by you. be as tight as you want. the return shipping is priority mail with $600 worth of isurance. if you have such faith in the united states post office,and humanity that you do not feel this is needed,then you can chose the cheaper return shipping option sonic has provided.
Q: how do i activate a spare phone while mine is away?
A:it depends on the phone. if you have another 4g vzw phone,you can simply swap over your active sim. if the sim is larger in the spare phone,adapters do exist for extremely cheap on ebay and amazon. alternately,you can call vzw or go to their website to activate an older 3g device.
Q: how do i activate my phone when it comes back?
A: like you normally would. s off by itself does not change anything about the phone or how it oporates. its what you do afterward/modify that can have an impact on "normal" operation. so if you moved your sim into another phone,just move it back. if you mailed your phone directly to sonic with the protective film still on it,then take everything out of the box and activate just like you would if it had just come from vzw.
Q: will i be able to unlock the bootloader if my phone is s off?
A: yes. when the phone comes back,it will have "supercid". this ignores the mid(model id) check that htcdev does on the phone,and will let you get a token and unlock.
Q: are there advantages to unlocking the bootloader?
A: you have a couple extra fastboot commands you can use:
fastboot flash partition imagename.img
fastboot boot imagename.img
these commands are useful to install recovery,and boot images into phone memory. with fastboot bootfor example,you can temporarily launch recovery on the phone to flash su if you dont want to permantly install it.
Q: so do i NEED to unlock the bootloader to install recovery?
A: no,you do not. you can install recoveries and all other partitions as zip files. more info on that later.
Q: does superCID give you any benefits?
A: in a word,no. on a gsm device where you have multiple carrier and regional firmwares that will work,supercid is of value. with a device on vzw,you can only use vzw ruus anyway since this is a unique cdma/lte device. further,accepting an OTA with supercid could leave you unrecoverably bricked,plus it may interfer some some verizon functions(i remember inc 4g users having issue,but the details escape me)
IMO,after unlocking your bootloader,if you choose to do so,you should change your CID back to stock VZW__001 (thats 2 underscores- cid is always 8 digits)
Q: is my cid unique to my particulare phone?
A: no,it is not. it is unique to a carrier or region. all verizon phones ever made have a cid of VZW__001
Q: how do i change my cid back to stock?
A: with this fastboot command:
fastboot oem writecid VZW__001
Q: why is my cid always present on the hboot screen?
A: i dont know htc's logic,but this is simply what the phone does while its s off. it will display whatever your cid is,and is not dependent of your bootloader being locked or unlocked.
Q: what about the TAMPERED and unlocked/relocked badges?
A: if your phone was unlocked when you sent it in, youll get it back factory fresh locked. the tampered badge,i am unsure of at this time,and will update as more info is obtained.
if you sent in a brand new phone,it obviously wont be different(with exception of s off)
one of the big advantages of s off,is that the tampered flag is not triggered by adding a custom recovery or kernel,and since s off removes the various write protections that exist,it is posible to reset either flag. more info on the lock status flag here
Q: will an OTA change my s-off or lock status?
A: it is possible. altho,it is highly unlikely since turning the radio secure flags on via an OTA would also do so on legitimate pre-release test phones.
it really is not reccomended that you try and take an OTA while rooted. a custom recovery is unable to install HTC's OTA pacakage,and attempting to do so ca jam you up horribly. taking an OTA with bloat and system files remove will typicaly result in failure,and taking an OTA with supercid could lead to a processor "do not boot" mode,wich is very effectively a hard brick only recoverable via jtag. or a new device.
the best way to update a rooted device is to update the rom with a recovery-flashable zip file,and the firmware extracted from the OTA package. this will update you just like taking the OTA. there is nothing magical about over the air updates. please,just do it manually. leave the OTAs for the stock crowd.
last and not least!
Q: im convinced! what do i do once i get back my stock,s-off phone?
A: please see post 2
the above was just off the top of my head,ill add to them later as they come to me,feel free to post if you have further questions,costructuve criticism,or feedback.