Runnymede S-OFF

Search This thread

Alex-V

Inactive Recognized Developer
Aug 26, 2008
9,516
5,256
That is the best news ever for the sxl...hope the xda news see this...so more people buy and develop this phone...so much respect and thx for this :) ;)

if i have my phone back and i tried i want give you a beer/ coffee if you want.... did you have paypal

with kind regards..Alex
 

shingers5

Inactive Recognized Contributor
Exciting news and for all those Asian guys who have no data on some roms can now flash Europe ruu which includes radio. For the custom Rom scene it really changes nothing but allows radio flashes for better performance. Imma try it soon using stock recovery option.
Actually I am able to revert to stock so will start from scratch. Gonna test touch recovery with this and see if this negates need for flash of Chinese boot.img

Sent from my HTC One X using xda premium
 
Last edited:

Sensation_NZ

Senior Member
May 3, 2012
100
30
Auckland
its a slightly older build than the Asia one
RUU_RUNNYMEDE_ICS_35_S_Voda-Hutch_AU_2.27.862.1_Radio_20.66.30.0831U_3831.15.00.20_M_release_252796_signed
 

shingers5

Inactive Recognized Contributor
flashed successfully now i have your name at top of my phone's bootloader. can i change that? no offense intended. now gonna flash http://hotfile.com/dl/153603012/890...831.15.00.20_M_release_254137_signed.exe.html
gonna try flash official ics ruu to see if flashes successfully now. if successful i can then test if touch recovery works on ics hboot as reported.

question:
is the bootloader actually unlocked or just patched and still locked? reason i ask it writecid failed with command error. technically it should have worked? what happens if i unlock the bootloader will i lose s-off?

---------- Post added at 12:18 PM ---------- Previous post was at 11:31 AM ----------

ics asian ruu flash failed on CID check error 131.............. any ideas why mate?

---------- Post added at 12:30 PM ---------- Previous post was at 12:18 PM ----------

its a slightly older build than the Asia one
RUU_RUNNYMEDE_ICS_35_S_Voda-Hutch_AU_2.27.862.1_Radio_20.66.30.0831U_3831.15.00.20_M_release_252796_signed

can i have this to try as asian ics ruu fails cid check
 
Last edited:

alfchin

Senior Member
Mar 15, 2011
95
25
flashed successfully now i have your name at top of my phone's bootloader. can i change that? no offense intended. now gonna flash http://hotfile.com/dl/153603012/890...831.15.00.20_M_release_254137_signed.exe.html
gonna try flash official ics ruu to see if flashes successfully now. if successful i can then test if touch recovery works on ics hboot as reported.

question:
is the bootloader actually unlocked or just patched and still locked? reason i ask it writecid failed with command error. technically it should have worked? what happens if i unlock the bootloader will i lose s-off?

---------- Post added at 12:18 PM ---------- Previous post was at 11:31 AM ----------

ics asian ruu flash failed on CID check error 131.............. any ideas why mate?

---------- Post added at 12:30 PM ---------- Previous post was at 12:18 PM ----------



can i have this to try as asian ics ruu fails cid check

the same to me,lag at CID check.
maybe you can try to put PI39IMG.zip on your sdcard then go into HBOOT to see if there is something happens(i have a Y cable and a gold card,so i can directly flash PI39IMG.zip)
 

AndroHero

Senior Member
May 28, 2010
6,479
906
Manchester
flashed successfully now i have your name at top of my phone's bootloader. can i change that? no offense intended. now gonna flash http://hotfile.com/dl/153603012/890...831.15.00.20_M_release_254137_signed.exe.html
gonna try flash official ics ruu to see if flashes successfully now. if successful i can then test if touch recovery works on ics hboot as reported.

question:
is the bootloader actually unlocked or just patched and still locked? reason i ask it writecid failed with command error. technically it should have worked? what happens if i unlock the bootloader will i lose s-off?

---------- Post added at 12:18 PM ---------- Previous post was at 11:31 AM ----------

ics asian ruu flash failed on CID check error 131.............. any ideas why mate?

---------- Post added at 12:30 PM ---------- Previous post was at 12:18 PM ----------



can i have this to try as asian ics ruu fails cid check

Write CID is function of engineering s-off. With this hboot we are only ship s-off not eng s-off :)

Sent from my HTC Sensation XL with Beats Audio X315e using Tapatalk 2
 

shingers5

Inactive Recognized Contributor
the same to me,lag at CID check.
maybe you can try to put PI39IMG.zip on your sdcard then go into HBOOT to see if there is something happens(i have a Y cable and a gold card,so i can directly flash PI39IMG.zip)

you mean extract rom.zip from ruu file and rename it PI39IMG and flash via bootloader? could work but i am certain that also check for cid as in effect ruu file does same thing just long way round
 

Alex-V

Inactive Recognized Developer
Aug 26, 2008
9,516
5,256
@the moment i dont understand why you flashed s-off hboot and want to overwrite it with a official ruu..instead of using s-off with custom roms and flash newer radios etc...and maybe we can try to change internal mem size for data and system..such things...we are also able now to change files directly :) :)

with kind regards
 

shingers5

Inactive Recognized Contributor
Write CID is function of engineering s-off. With this hboot we are only ship s-off not eng s-off :)

Sent from my HTC Sensation XL with Beats Audio X315e using Tapatalk 2

actually can super cid using full radio s-off as with sensation. DHD has eng s-off but sensation only has radio s-off via revolutionary exploit. main thing for me is CID check as if that works i could flash asian ics ruu with new hboot to check touch recovery works.
 

AndroHero

Senior Member
May 28, 2010
6,479
906
Manchester
actually can super cid using full radio s-off as with sensation. DHD has eng s-off but sensation only has radio s-off via revolutionary exploit. main thing for me is CID check as if that works i could flash asian ics ruu with new hboot to check touch recovery works.

AFAIK this hboot allows us to flash bootloader. So you could just extract the ICS hboot and flash that. :confused:

Sent from my HTC Sensation XL with Beats Audio X315e using Tapatalk 2
 
  • Like
Reactions: fardjad

shingers5

Inactive Recognized Contributor
@the moment i dont understand why you flashed s-off hboot and want to overwrite it with a official ruu..instead of using s-off with custom roms and flash newer radios etc...and maybe we can try to change internal mem size for data and system..such things...we are also able now to change files directly :) :)

with kind regards

because this s-off bypasses cid check so many without stock ruu can flash ruu files from different regions. also as i posted i wanted to check if asian ics official rom flashed so could check touch recovery is working as suggested by another user

---------- Post added at 01:10 PM ---------- Previous post was at 01:10 PM ----------

AFAIK this hboot allows us to flash bootloader. So you could just extract the ICS hboot and flash that. :confused:

Sent from my HTC Sensation XL with Beats Audio X315e using Tapatalk 2

ahh thats right mate thanks
 

fardjad

Senior Member
Mar 31, 2011
92
305
www.fardjad.com
flashed successfully now i have your name at top of my phone's bootloader. can i change that? no offense intended. now gonna flash http://hotfile.com/dl/153603012/890...831.15.00.20_M_release_254137_signed.exe.html
gonna try flash official ics ruu to see if flashes successfully now. if successful i can then test if touch recovery works on ics hboot as reported.

question:
is the bootloader actually unlocked or just patched and still locked? reason i ask it writecid failed with command error. technically it should have worked? what happens if i unlock the bootloader will i lose s-off?

---------- Post added at 12:18 PM ---------- Previous post was at 11:31 AM ----------

ics asian ruu flash failed on CID check error 131.............. any ideas why mate?

---------- Post added at 12:30 PM ---------- Previous post was at 12:18 PM ----------



can i have this to try as asian ics ruu fails cid check

Well other teams/people write their name on their work :)
If you really want to change the name, I can do this for you individually...
 

shingers5

Inactive Recognized Contributor
right as suggested by andhero i extracted rom.zip from temp folder of ruu file. changed hboot extension of asian ics rom from .nb0 to img anf flashed via fastboot which was successful. my hboot is now 1.28......... touch recovery as previously claimed doesnt work with this hboot as i have tried it. partition errors on booting recovery. also text at top of hboot screen is now 'unlocked' and fardjabd name is gone. understandable as it was hboot 1.25 that was patched!

---------- Post added at 01:52 PM ---------- Previous post was at 01:51 PM ----------

Well other teams/people write their name on their work :)
If you really want to change the name, I can do this for you individually...

no its fine mate not a problem as i said. was asking just in case i needed to is all. its gone now after updating hboot to 1.28
 

alfchin

Senior Member
Mar 15, 2011
95
25
you mean extract rom.zip from ruu file and rename it PI39IMG and flash via bootloader? could work but i am certain that also check for cid as in effect ruu file does same thing just long way round

you can change the CID of ROM.zip by yourself.
Because the S-off hboot won't check the signiture of the ROM.zip
that could be another way to bypass CID check
 
  • Like
Reactions: fardjad

fardjad

Senior Member
Mar 31, 2011
92
305
www.fardjad.com
That is the best news ever for the sxl...hope the xda news see this...so more people buy and develop this phone...so much respect and thx for this :) ;)

if i have my phone back and i tried i want give you a beer/ coffee if you want.... did you have paypal

with kind regards..Alex

You're very welcome, and your willing for donation is much appreciated.
I don't have Paypal, so I can't accept donations.

Hope S-OFF helps developers (And almost all the devs in this forum who don't even want to answer my PMs and simple questions, learn sharing their knowledge is the way to get back more...)

Enjoy :)
 

shingers5

Inactive Recognized Contributor
you can change the CID of ROM.zip by yourself.
Because the S-off hboot won't check the signiture of the ROM.zip
that could be another way to bypass CID check

It's ok mate as what I was checking doesn't work. I successfully flashed new hboot so this s-off has good functionality. Splash screen flash also works well. At least we have a temp solution while other bigger devices have none. Good work mate

Sent from my HTC One X using xda premium
 

Top Liked Posts

  • There are no posts matching your filters.
  • 27
    Runnymede S-OFF

    Since we didn't have S-OFF on Runnymede, I decided to work on it, and here is the result:

    attachment.php


    It's basically a patched bootloader that pretends S-OFF (not to be confused with Radio S-OFF.)

    The following commands have been tested and working correctly:

    erase (system, recovery, boot)
    flash (zip, system, recovery, boot, hboot, radio)
    boot
    It also by passes the CID check (See the next post for a workaround.)
    and here is the flash "zip", "hboot", and "recovery" demo:


    It's still under development; since many people asked me to release it, I decided to release a public beta:

    Download (Windows Only) (link removed, see below)

    Open the attached file and follow the instructions.
    You'll need to install a stock RUU (or if not available, you can flash this stock recovery posted by fshami on an unlocked device) and install HTC Sync Drivers.

    Note that this is not guaranteed to work and I won't take any responsibilities if something bad happened to your device.

    My farewells

    I had lots of fun modifying Runnymede HBOOT and it was a great experience. I want to say thanks to all of the testers for their feedback and also for being nice and patient (maybe I should have released this after my exams, so I'd have enough time to work on it), and I'm sorry for the problems you may have faced because of the incompleteness of my work.

    Recently unlimited.io guys (known for Juopunutbear S-OFF) provided their patched HBOOTs. Apparently these are available for GB and ICS, by-pass CID check and have optional update protection:
    http://unlimited.io/runnymede said:
    It was identified by XDA memeber fardjad that the hboot partition on the runnymede is not protected and can be written to with a rooted phone. One of the members of unlimited had for a short period of time the occasion to use a Sensation XL. Having seen the discovery made by fardjad and due to some limitations in the procedure, this memeber created hboots which provide more complete S-OFF functionality as well as providing overwrite protection. Almost immediately afterwards the European Sensation XL obtained an ICS update. Unfortunately for may users this meant that a new and backward incompatible hboot was introduced. The unlimited member again created modified hboots for his own use. It was not originally intended that these hboots would be released for general use, however we are aware that many users are unhappy with the limitations of unlock but have had to do this in order to make full use of ICS. We have therefore decided to release the GB and ICS versions of these hboots.

    See this post.
    14
    How to install RUUs with different CIDs

    You won't get Radio S-OFF with flashing this HBOOT. Having this said, even if you enable writeCID function in HBOOT you can't change the CID.

    I thought people prefer to install one of the custom ROMs floating around in Development Section and flashing the Radio separately rather than upgrading to ICS using RUUs... well I thought wrong :)
    And for those having problems with CID, here is a workaround:

    First thing you need to do is to extract the rom.zip file from the RUU. I believe Shen posted a video on XDA-TV showing this, here is a quick how-to however:

    1. Open the RUU.
    2. After the Welcome screen has shown up, open %temp% in explorer (ie. Meta/Win-Key + R, type %temp% and press enter)
    3. Sort items by Date modified and open the most recent modified folder having a name like {3F99782F-1E57-40F2-9F33-D48C3DC171C5}
    4. Search for rom.zip and move/copy it to somewhere else.
    5. Close the RUU.

    Now download SigTool (link removed, see the first post) and place it beside the rom.zip file. Open Command-Prompt, navigate to the relevant directory and execute the following:

    Code:
    SigTool rip rom.zip
    the expected output is:

    Code:
    Creating backup...
    Ripping signature...
    Done.
    Extract the signature-ripped rom.zip file.
    Open android-info.txt in a *nix end of line aware text editor (ex. Notepad++). You should see something like the following:

    Code:
    modelid: PI3920000
    cidnum: HTC__001
    cidnum: HTC__E11
    cidnum: HTC__203
    cidnum: HTC__102
    cidnum: HTC__405
    cidnum: HTC__Y13
    cidnum: HTC__A07
    cidnum: HTC__304
    cidnum: HTC__032
    cidnum: HTC__J15
    cidnum: HTC__016
    mainver: 1.05.111.8
    hbootpreupdate:12
    Add your phone CID

    If you don't know your CID you can get it this way:
    While your phone is in bootloader mode and connected in FASTBOOT-USB mode, execute this:

    Code:
    fastboot getvar cid
    it should output something like cid: T-MOB101

    then add a new line (cidnum: <YOURCIDNUM>) below the modelid in android-info.txt so it looks like:

    HTML:
    modelid: PI3920000cidnum: T-MOB101...
    Save changes and close the editor.

    This is very important:
    In extracted contents you should see a file with hboot name prefix, exclude/take it away and repack other files. I assume you'll choose rom-new.zip for the archive name.

    Now you should null sign (that's how I like to call it) the file:

    Code:
    SigTool nullsign rom-new.zip
    and flash the null-signed rom zip file:

    Code:
    fastboot flash zip rom-new.zip
    when finished, flash the 1.28 hboot you moved away before:

    Code:
    fastboot flash hboot hboot_*.nb0
    Reboot your device.

    I know this is not the easiest guide ever but I really don't have enough time to create a one-click tool for this. Needless to say that this is not guaranteed to work and I won't take any responsibilities if you bricked your phone.

    Take care :)
    7
    Yes older 1.25 as my phone is soft brick too. Unlike you I can't flash ruu as no Europe ics ruu file as yet. Hboot 1.28 can't be downgraded as when flash it replaces fard patch. Cid errors on official ruu and my old ruu won't flash as I now have newer hboot. Can we have a patched 1.28 hboot so I can downgrade back to 1.25 and bring phone back lol.

    Sent from my HTC One X using xda premium

    Guys please be careful when playing with HBOOT, Radio, etc.

    Here is the easy way to unbrick:

    1. Flash your unlock token on 1.28 if it's (re)locked.
    2. Boot into a working recovery.
    3. Download this and push it to /tmp (adb push fardjadb_runnymede.nb0 /tmp)
    4. get into adb shell and execute dd if=/tmp/fardjadb_runnymede.nb0 of=/dev/block/mmcblk0p18
    5. reboot bootloader
    6. Download this and flash it to the misc partition (fastboot flash misc supermisc)
    7. fastboot reboot-bootloader
    8. Install a stock RUU
    * As alfchin said, if you want to flash RUUs with different CIDs, extract the zip, open android-info.txt, change CID, repack and flash with fastboot flash zip ...
    6
    What don't you understand? S-Off means security off, the standard way of acheiving S-Off is by switching off the security flag held on the radio partition. This is commonly known as Radio S-Off. There is also another type of S-Off called engeneering S-Off, this is acheived by flashing a special engeering bootloader (hboot) after you already have standard S-Off.

    Now this is neither, This is a special modifed version of the standard HTC hboot by fardjab, this hboot tricks the device into thinking it is S-Off and allows end users to perform security protected actions. But unlike "real" S-Off this is not perm, flashing a stock HTC hboot or RUU will return you back to S-On status.

    Sent from my HTC Sensation XL with Beats Audio X315e using Tapatalk 2
    3
    What the hell are you on about?
    I don't even know who you, or this paul.robo are.
    Sorry, you fail to make any sense.

    mmhh..sorry ieftm...but i have a similiar thinking...maybe you can clear this..

    i had maked a donation thread...and some of us and also i maked a donation...but all response what i got from you guys was you kicked me from chat and say "read through the lines" this is not friendly....so maybe you can clear this situation...i also write emails and got no response...with kind regards...Alex