Runnymede S-OFF

fardjad

Senior Member
Mar 31, 2011
92
305
0
www.fardjad.com
Runnymede S-OFF

Since we didn't have S-OFF on Runnymede, I decided to work on it, and here is the result:



It's basically a patched bootloader that pretends S-OFF (not to be confused with Radio S-OFF.)

The following commands have been tested and working correctly:

erase (system, recovery, boot)
flash (zip, system, recovery, boot, hboot, radio)
boot
It also by passes the CID check (See the next post for a workaround.)
and here is the flash "zip", "hboot", and "recovery" demo:


It's still under development; since many people asked me to release it, I decided to release a public beta:

Download (Windows Only) (link removed, see below)

Open the attached file and follow the instructions.
You'll need to install a stock RUU (or if not available, you can flash this stock recovery posted by fshami on an unlocked device) and install HTC Sync Drivers.

Note that this is not guaranteed to work and I won't take any responsibilities if something bad happened to your device.

My farewells

I had lots of fun modifying Runnymede HBOOT and it was a great experience. I want to say thanks to all of the testers for their feedback and also for being nice and patient (maybe I should have released this after my exams, so I'd have enough time to work on it), and I'm sorry for the problems you may have faced because of the incompleteness of my work.

Recently unlimited.io guys (known for Juopunutbear S-OFF) provided their patched HBOOTs. Apparently these are available for GB and ICS, by-pass CID check and have optional update protection:
http://unlimited.io/runnymede said:
It was identified by XDA memeber fardjad that the hboot partition on the runnymede is not protected and can be written to with a rooted phone. One of the members of unlimited had for a short period of time the occasion to use a Sensation XL. Having seen the discovery made by fardjad and due to some limitations in the procedure, this memeber created hboots which provide more complete S-OFF functionality as well as providing overwrite protection. Almost immediately afterwards the European Sensation XL obtained an ICS update. Unfortunately for may users this meant that a new and backward incompatible hboot was introduced. The unlimited member again created modified hboots for his own use. It was not originally intended that these hboots would be released for general use, however we are aware that many users are unhappy with the limitations of unlock but have had to do this in order to make full use of ICS. We have therefore decided to release the GB and ICS versions of these hboots.
See this post.
 

Attachments

Last edited:

fardjad

Senior Member
Mar 31, 2011
92
305
0
www.fardjad.com
How to install RUUs with different CIDs

You won't get Radio S-OFF with flashing this HBOOT. Having this said, even if you enable writeCID function in HBOOT you can't change the CID.

I thought people prefer to install one of the custom ROMs floating around in Development Section and flashing the Radio separately rather than upgrading to ICS using RUUs... well I thought wrong :)
And for those having problems with CID, here is a workaround:

First thing you need to do is to extract the rom.zip file from the RUU. I believe Shen posted a video on XDA-TV showing this, here is a quick how-to however:

  1. Open the RUU.
  2. After the Welcome screen has shown up, open %temp% in explorer (ie. Meta/Win-Key + R, type %temp% and press enter)
  3. Sort items by Date modified and open the most recent modified folder having a name like {3F99782F-1E57-40F2-9F33-D48C3DC171C5}
  4. Search for rom.zip and move/copy it to somewhere else.
  5. Close the RUU.

Now download SigTool (link removed, see the first post) and place it beside the rom.zip file. Open Command-Prompt, navigate to the relevant directory and execute the following:

Code:
SigTool rip rom.zip
the expected output is:

Code:
Creating backup...
Ripping signature...
Done.
Extract the signature-ripped rom.zip file.
Open android-info.txt in a *nix end of line aware text editor (ex. Notepad++). You should see something like the following:

Code:
modelid: PI3920000
cidnum: HTC__001
cidnum: HTC__E11
cidnum: HTC__203
cidnum: HTC__102
cidnum: HTC__405
cidnum: HTC__Y13
cidnum: HTC__A07
cidnum: HTC__304
cidnum: HTC__032
cidnum: HTC__J15
cidnum: HTC__016
mainver: 1.05.111.8
hbootpreupdate:12
Add your phone CID

If you don't know your CID you can get it this way:
While your phone is in bootloader mode and connected in FASTBOOT-USB mode, execute this:

Code:
fastboot getvar cid
it should output something like cid: T-MOB101

then add a new line (cidnum: <YOURCIDNUM>) below the modelid in android-info.txt so it looks like:

HTML:
modelid: PI3920000cidnum: T-MOB101...
Save changes and close the editor.

This is very important:
In extracted contents you should see a file with hboot name prefix, exclude/take it away and repack other files. I assume you'll choose rom-new.zip for the archive name.

Now you should null sign (that's how I like to call it) the file:

Code:
SigTool nullsign rom-new.zip
and flash the null-signed rom zip file:

Code:
fastboot flash zip rom-new.zip
when finished, flash the 1.28 hboot you moved away before:

Code:
fastboot flash hboot hboot_*.nb0
Reboot your device.

I know this is not the easiest guide ever but I really don't have enough time to create a one-click tool for this. Needless to say that this is not guaranteed to work and I won't take any responsibilities if you bricked your phone.

Take care :)
 
Last edited:

alfchin

Senior Member
Mar 15, 2011
95
25
0
Reserved...
seems not work on my phone.
adb.exe always crash.
ps:my XL is unlocked and with CWM recovery inside.HBOOT ver is 1.28
=========================================
I solved that problem after reinstall my windows.
now it works!!!
thank you for your amazing job!!!

RUU still informs me that ERR131 CID Error...
 
Last edited:

fardjad

Senior Member
Mar 31, 2011
92
305
0
www.fardjad.com
when I using RUU to flash my phone,it still show err131:CID incorrect
any other way to flash?
Actually I've flashed Europe RUU in an Asia Shipped phone without any problem.
You can try extracting the rom.zip file from RUU and flash zip or extract it and flash it's parts separately.
 
Last edited:

fshami

Senior Member
Oct 14, 2010
1,807
987
0
Dubai
Stock recovery

Hi OP,

may be you can include attached zip in your first thread..

its a zip file containing stock recovery & a bat file to flash it instead of running the commsnds manually..

just extract the zip file & connect ur phone as Charge only with USB Debugging enabled

run 'recovery_flasher.bat' from the extracted folder & after the reboot, users can proceed with your file..
 

Attachments