FORUMS
Remove All Ads from XDA

the htc one S-OFF via java card support thread

2,812 posts
Thanks Meter: 3,063
 
By scotty1223, Recognized Contributor on 12th September 2013, 02:31 AM
Thread Closed Email Thread
not wanting to wait for a software exploit that may never come,user Sonic2756 has stepped up and purchased an htc service card,or java card,to provide the vzw one community with a "right now!" s off option. make sure yuo thank him in this thread: Purchased a JavaCard for S_OFF


this method uses an official htc java card to turn off the phones security data. the card exists as a legitimate tool for cell phone shops and re-sellers,primarily for the purpose of removing the phones simlock.

since this method of s off is somewhat unusual,this thread is intended to help support folks that are unsure of the differences and similarities.

first and foremost,these are my words,sonic has not helped with these posts,tho i hope he will let me know if theres anything he wants changed. if any info you see here and use melts your phone into a little pile of aluminum goo,its not sonics fault,nor is it mine. use this info at your own risk.

in this first post,i thot a few FAQs needed to be put in one place,as they are being asked over and over again in the thread.

Frequently Asked Questions
Q: what is s off?what does it do for me?
A: in a nutshell,s-off=security off. it removes all security checks and allows access to all partitions of the phone this means you can:
-change hboot
-change splash inage
-change radios
-flash unsigned files
-go backwards in firmware versions
-other things that maybe ill add later

Q: is this legit??
A:yes,it is. as mentioned above,the java card is a legitimate tool used by some large cell phone repair shops and re-sellers.

Q: how does this work?
A:the java card is plugged into a USB On The Go cable,and plugged into the phone. the java card contains htc-signed diagnostic files wich are used to clear security data. when the phone is booted to hboot with the java card plugged in,it finds the diagnostic file and jumps to a mode where the user can clear "s58" data. this removes any simlock,changes the CID to a generic "supercid",and most importantly,turns off the phones radio secure flag. hooray!

this not sonic,nor is this an htc one. it is a one X using the same method,it will give you a good idea what the process looks like:
HTC One X S-OFF

Q: what exactly is a java card?
A: simply,a java card is an sd card with a microprocessor in it. if someone wishes to provide a more detailed definition,id be happy to put it here. a bit more info here

Q: can we clone the java card so everyone can have s off?
A: yes. but its complicated,and the card to begin with is expensive. there have been some technical discussions about this in sonic's original thread. the simple answer is that it is not easy,or practical to clone the java card.

Q: why do i have to pay for this?? shouldnt s off be free?
A: if you have a prollem paying for this service,you are welcome to purchase your own java card and offer the service for free. as has been stated,the java card is expensive- upwards of $1000 depending how may credits are included.

further,even if a software exploit was available,it is good custom to donate to the devs who brought you the tool. remember,no one here owes you custom roms,s-off,etc. support your devs and what they bring you. in this case,sonic has purchased an expensive htc tool,shipping supplies,and has to invest a great deal of time getting your phone s-offed,packed up,and hauled back to the post office. not to mention the website he has set up for the service. there is nothing wrong with making his $$ back,and a bit extra for his time and efforts.

Q: is the card good forever?
A: NO! the java card has a limited number of uses. he has stated he can sell about 250 s off services,and do 10 developer phones for free. after those credist are gone,you are SOL unless a new exploit is found,or there is enuff interest for sonic to buy a second card.

Q: how do i know how many credits are left?
A:Sonic's website shows the number of avaiable spots left, right above the quantity select/add to cart,in the "product description". simply go to the website,then click the htc one picture.






Q: if im allready unlocked,should i still get s off?
A: in my opinion,yes. s off is better. it allows more options to recover soft-bricked devices,and allows access to all partitions. an s on phone is still doing plenty of security checks. it also allows a permantly installed recovery to install the boot image. the downside is that your phone WILL let you brick it if your not careful. know what your flashing and why. double check md5 sums to verify the integrity of your downloads. a corrupt bootloader ot radio can damage your phone,potentially unrecoverably. if you just asked "what is an md5sum?" stop and google it now. there are numerous md5summers avaialable for free on the vast interweb,download one and start using it.

Q: if im allready unlocked and running a custom rom and recovery,do i need to take any precautions?
A: yes. the diag file is designed to work on stock software and firmware. i would strongly recomend to:
-restore a bone stock nandroid,or flash a bone stock rom
-reflash your stock recovery
-reflash your stock boot image if you were running a custom kernel
-select 'factory reset' option from hboot

Q: will this wipe my phone?
A: yes it will. so back up your sd card to the pc,and be prepaired to have to re-set everything up when you get it back.

Q: does my phone need to be active?
A: no it does not.

Q: do you need my sim card?
A: no he does not.

Q: what is the turn around time?
A: again,these are my words. from the thread,5-7 days. please remember sonic has real life activities to attend to,so you may want to wait until the initial wave has subsided. if he has alot of phones to do,it may take him longer.

Q: im a tight ass,can i use cheaper shipping?
A: yes,you can. the initial shipping is picked and paid for by you. be as tight as you want. the return shipping is priority mail with $600 worth of isurance. if you have such faith in the united states post office,and humanity that you do not feel this is needed,then you can chose the cheaper return shipping option sonic has provided.

Q: how do i activate a spare phone while mine is away?
A:it depends on the phone. if you have another 4g vzw phone,you can simply swap over your active sim. if the sim is larger in the spare phone,adapters do exist for extremely cheap on ebay and amazon. alternately,you can call vzw or go to their website to activate an older 3g device.

Q: how do i activate my phone when it comes back?
A: like you normally would. s off by itself does not change anything about the phone or how it oporates. its what you do afterward/modify that can have an impact on "normal" operation. so if you moved your sim into another phone,just move it back. if you mailed your phone directly to sonic with the protective film still on it,then take everything out of the box and activate just like you would if it had just come from vzw.

Q: will i be able to unlock the bootloader if my phone is s off?
A: yes. when the phone comes back,it will have "supercid". this ignores the mid(model id) check that htcdev does on the phone,and will let you get a token and unlock.

Q: are there advantages to unlocking the bootloader?
A: you have a couple extra fastboot commands you can use:
fastboot flash partition imagename.img
and
fastboot boot imagename.img

these commands are useful to install recovery,and boot images into phone memory. with fastboot bootfor example,you can temporarily launch recovery on the phone to flash su if you dont want to permantly install it.

Q: so do i NEED to unlock the bootloader to install recovery?
A: no,you do not. you can install recoveries and all other partitions as zip files. more info on that later.

Q: does superCID give you any benefits?
A: in a word,no. on a gsm device where you have multiple carrier and regional firmwares that will work,supercid is of value. with a device on vzw,you can only use vzw ruus anyway since this is a unique cdma/lte device. further,accepting an OTA with supercid could leave you unrecoverably bricked,plus it may interfer some some verizon functions(i remember inc 4g users having issue,but the details escape me)

IMO,after unlocking your bootloader,if you choose to do so,you should change your CID back to stock VZW__001 (thats 2 underscores- cid is always 8 digits)

Q: is my cid unique to my particulare phone?
A: no,it is not. it is unique to a carrier or region. all verizon phones ever made have a cid of VZW__001

Q: how do i change my cid back to stock?
A: with this fastboot command:
fastboot oem writecid VZW__001

Q: why is my cid always present on the hboot screen?
A: i dont know htc's logic,but this is simply what the phone does while its s off. it will display whatever your cid is,and is not dependent of your bootloader being locked or unlocked.

Q: what about the TAMPERED and unlocked/relocked badges?
A: if your phone was unlocked when you sent it in, youll get it back factory fresh locked. the tampered badge,i am unsure of at this time,and will update as more info is obtained.

if you sent in a brand new phone,it obviously wont be different(with exception of s off)

one of the big advantages of s off,is that the tampered flag is not triggered by adding a custom recovery or kernel,and since s off removes the various write protections that exist,it is posible to reset either flag. more info on the lock status flag here

Q: will an OTA change my s-off or lock status?
A: it is possible. altho,it is highly unlikely since turning the radio secure flags on via an OTA would also do so on legitimate pre-release test phones.

however...

it really is not reccomended that you try and take an OTA while rooted. a custom recovery is unable to install HTC's OTA pacakage,and attempting to do so ca jam you up horribly. taking an OTA with bloat and system files remove will typicaly result in failure,and taking an OTA with supercid could lead to a processor "do not boot" mode,wich is very effectively a hard brick only recoverable via jtag. or a new device.

the best way to update a rooted device is to update the rom with a recovery-flashable zip file,and the firmware extracted from the OTA package. this will update you just like taking the OTA. there is nothing magical about over the air updates. please,just do it manually. leave the OTAs for the stock crowd.

last and not least!

Q: im convinced! what do i do once i get back my stock,s-off phone?
A: please see post 2

__________________________________________________ ___________________________________________
the above was just off the top of my head,ill add to them later as they come to me,feel free to post if you have further questions,costructuve criticism,or feedback.
The Following 26 Users Say Thank You to scotty1223 For This Useful Post: [ View ] Gift scotty1223 Ad-Free
 
 
12th September 2013, 02:32 AM |#2  
scotty1223's Avatar
OP Recognized Contributor
Thanks Meter: 3,063
 
More
once you have recieved your stock,s off device back,your basic steps are:
1)change CID back to stock verizon
2)install a recovery
3)install a rom or root access

you have 2 options to install recovery:
1)unlock the bootloader and use fastboot commands
2)leave the bootloader locked,and flash a recovery as a zip file in RUU mode

either way works. i personally always keep my bootloader unlocked so i can use fastboot commands,but we dont know for sure if the lock status flag can be reset,so the bootloader screen reads locked again.

its remotely possible that it may be difficult to reset the lock status flag,so if being locked for a possible warranty exchange is important to you,dont unlock just yet. relocked is the best you can do without some trickery.

to "root by recovery" is not a new concept. once there are no write protections,its easy to install a custom recovery,and use that recovery to either insert the superuser files into the stock rom,or replace the rom entirely.

1) change cid back to stock verizon

this is actually very easy. simply put the phone in fastboot,change to fastboot directory,and enter in a cmd window:
fastboot oem writecid VZW__001

yes,those must be capital letters,and there are 2 underscores.


2) install a recovery

via one of these 2 methods:

1)unlock the bootloader
your phone has come back from sonic with "supercid",wich will allow you to unlock the bootloader natuarally via the htcdev website. see this post for a bit more info on that.

unlocking the bootloader is fairly straightforward,just make sure you use a vzw one specific image. download from one of the following threads:
twrp

clockworkmod touch or classic

the image is easily installed via an unlocked bootloader with the following command:
fastboot flash recovery imagename.img

for example,recovery named CW_touch_recovery:
fastboot flash recovery CW_touch_recovery.img

the image must be in your fastboot working directory.

if you need more specific help with unlock/recovery flashing you can use this guide.

2) keep locked bootloader
the bootloader can stay locked for this method. you can in fact use this to install a new image to any partition,as long as the image is packed up in a proper file.

this assumes a working adb/fastboot and drivers installed. if you dont have these things,you can use this guide from above,downloading the files in post 1,and following the set up adb and prepair to root part in step 2.

once you have adb and fastboot working,download one of the following recovery zip files. do NOT unzip or extract.
twrp: http://www.mediafire.com/download/6g....0.1-m7vzw.zip

CW touch: http://www.mediafire.com/download/43....3.6-m7vzw.zip

CW classic: http://www.mediafire.com/download/w5....3.6-m7vzw.zip

your zip file is flashed in the following manner:
Quote:

if youre working with a booted,operational phone,you can flsh the file in the following manner:

-open a cmd window

-change to adb/fastboot directory
cd c:\foldername
(cd c:\mini-adb if youve used any of my guides )

-place the zip file you want to flash into adb/fastboot directory

-enable usb debug,disable fastboot,plug in phone

-check for connectivity
adb devices (should return serial number)

-boot to fastboot
adb reboot bootloader

-check for connectivity again
fastboot devices

-flash the file
fastboot erase cache

fastboto oem rebootRUU (will put you in ruu mode,black screen silver htc letters)

fastboot flash zip zipfilename.zip (will send and flash the file. dont interupt it while the cmd window shows its writinging,and the green status bar is moving on the phone screen)

*sometimes a file will fail with a pre-update error. this is normal,just enter again:
fastboot flash zip zipfilename.zip
and this time it will finish

-when you get "finished" and "OK"
fastboot reboot-bootloader (takes you back to fastboot)

-reboot back to the OS
fastbooot reboot

you can use this if you dont have an operational phone as well. you just need to manually put the phone in fastboot(select from hboot menu) then skip the "adb" commands and start with fastboot devices



3) install a rom or root access

this is a simple matter of using recovery to either flash superuser,or flash a new rom. in either case,MAKE A BACKUP OF YOUR STOCK UNROOTED ROM!

flash superuser just as you would a rom,after a cache/dalvik wipe. theres tons of info out there on using recovery,so im not going in to great detail on that here.

i dont have this device(well,i dont have the vzw version) so dont ask me whats the best rom to flash. browse the development and original development sections and pick a couple out to try.

if you wish to just run rooted stock,i perosnally prefer superSU to other versions of superuser. you can download it from this thread

__________________________________________________ ___________________________________________

optional:
if you sent in your phone with a custom recovery installed,and it still is displaying the tampered banner,see this thread to remove it: http://forum.xda-developers.com/show...9#post46182709

if you want to lock,or unlock your bootloader without messing with htcdev,see this thread for those directions: http://forum.xda-developers.com/show....php?t=2470340

if you want to restore your supermid from PN073**** back to stock verizon,see this thread:
http://forum.xda-developers.com/show....php?t=2490777

__________________________________________________ ___________________________________________
*work in progress. there will likely be some revisions,but i wanted to get something up for the folks whose devices are coming back
The Following 5 Users Say Thank You to scotty1223 For This Useful Post: [ View ] Gift scotty1223 Ad-Free
12th September 2013, 02:33 AM |#3  
scotty1223's Avatar
OP Recognized Contributor
Thanks Meter: 3,063
 
More
mine too!
The Following User Says Thank You to scotty1223 For This Useful Post: [ View ] Gift scotty1223 Ad-Free
12th September 2013, 02:41 AM |#4  
nrfitchett4's Avatar
Senior Member
Flag San Antonio
Thanks Meter: 613
 
More
thanks for this. Guess I need to order a sim adapter so I can mail my phone off.
12th September 2013, 02:49 AM |#5  
scotty1223's Avatar
OP Recognized Contributor
Thanks Meter: 3,063
 
More
Quote:
Originally Posted by nrfitchett4

thanks for this. Guess I need to order a sim adapter so I can mail my phone off.

your welcome. ill get some more added to it,how tos and such in the next day or 2. but for now im tired and 5am comes early,lol.

for what its worth,ive used sim adapters like these:
http://www.amazon.com/Micro-card-ada...m+card+adapter

and these:
http://www.amazon.com/eForCity-Micro...m+card+adapter

and personally found the ones with an open back to be a lil easier to use. i switch my sim around alot(to the point its wearing out and ill prolly need a new one soon )
The Following User Says Thank You to scotty1223 For This Useful Post: [ View ] Gift scotty1223 Ad-Free
12th September 2013, 02:50 AM |#6  
andybones's Avatar
Recognized Developer / Recognized Contributor
Flag Upstate NY
Thanks Meter: 13,585
 
Donate to Me
More
saved
thank you!
12th September 2013, 02:50 AM |#7  
Senior Member
Thanks Meter: 5
 
More
Thanks

Sent from my HTC6500LVW using Tapatalk 4
12th September 2013, 03:59 AM |#8  
nrfitchett4's Avatar
Senior Member
Flag San Antonio
Thanks Meter: 613
 
More
Quote:
Originally Posted by scotty1223

your welcome. ill get some more added to it,how tos and such in the next day or 2. but for now im tired and 5am comes early,lol.

for what its worth,ive used sim adapters like these:
http://www.amazon.com/Micro-card-ada...m+card+adapter

and these:
http://www.amazon.com/eForCity-Micro...m+card+adapter

and personally found the ones with an open back to be a lil easier to use. i switch my sim around alot(to the point its wearing out and ill prolly need a new one soon )

yeah, just found one that has adapters for nano up to mini. Will be here friday. Will have to live with the rezound for a week.
12th September 2013, 04:03 AM |#9  
Member
Thanks Meter: 17
 
More
Thanks so much for making this!

I'm working with Sonic on this (mainly setting up and maintaining the website), but I would like to offer some insight on the JavaCard:

A Javacard is a special type of microsd card (smart card, this is the same thing as those NFC wallets or whatever that use a smart cards) that contains a microprocessor. It also has a signed and encrypted java applet that is set up to run whatever the maker wants it to. In this case HTC set it up to communicate with the phone for diagnostic services. It is also capable of carrier unlocking the phone. Due to digital signatures (when this card is almost burned I'm planning on taking a look at it) the card only has a certain number of phones that can be s offed or unlocked (it works on a credit system - 2 credits s off 1 credit carrier unlock). Everything on the card is locked up like fort knox to my knowledge but we shall see!

We also currently have the diag files needed for several other phones and can S-off them too. Not sure of all of them atm but Sonic posted it in the other thread a few days ago.

Cheers!

Sent from my SGH-M919 using xda app-developers app
The Following 2 Users Say Thank You to isoh For This Useful Post: [ View ] Gift isoh Ad-Free
12th September 2013, 04:20 AM |#10  
RebelShadow's Avatar
Senior Member
Flag Sulphur, LA.
Thanks Meter: 72
 
More
Question, If where s-offed then HTCdev unlock with super sid then change the sid to VZW but somehow get locked again I.e. OTA update, is it possible to unlock again or change the sid back to super sid to unlock?

Sent from my ADR6425LVW using Tapatalk 2 - my one is out getting' s-offed
12th September 2013, 04:23 AM |#11  
one4thewings's Avatar
Senior Member
Thanks Meter: 48
 
More
Quote:
Originally Posted by RebelShadow

Question, If where s-offed then HTCdev unlock with super sid then change the sid to VZW but somehow get locked again I.e. OTA update, is it possible to unlock again or change the sid back to super sid to unlock?

+1 I had the same question.
Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes