[S-Off] Facepalm S-Off for HTC Devices One S, One XL, Droid DNA

Search This thread

beaups

Senior Recognized Developer
Nov 28, 2007
3,276
7,257
Dublin, OH
http://www.youtube.com/watch?v=zNswkPGYtLc

note: updated 2/20 @ 9:20 EST, better ICS compatibility.

Welcome to Facepalm S-Off for the HTC One S (S4 only).

Credits and terms:

Exploit by beaups. Full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.

Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:

beaups - [email protected] - http://forum.xda-developers.com/donatetome.php?u=711482
jcase - [email protected] - http://forum.xda-developers.com/donatetome.php?u=2376614
dsb9938 - [email protected] - http://forum.xda-developers.com/donatetome.php?u=2963256
dr_drache - [email protected] - https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6LRSY8MT8P3A6

You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.

This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.

Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.

For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:

HTC One S superCID: http://forum.xda-developers.com/showthread.php?t=1671643

Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):

Special note for One S users - flashing the OTA firmware (which you are initiating, but not actually doing here) likes to BRICK superCID phones for some reason. Follow these instructions EXACTLY. After the error 92 in step 5, whatever you do, do NOT run the fastboot flash command again. Make sure you procede on to step 6.

Let's get started:

1.) Download patcher and unzip it in your working directory:
soffbin3.zip http://d-h.st/WrZ Mirror http://goo.im/devs/dsb9938/soff/soffbin3.zip

2.) Download zip that matches your model id and move it in your working directory (do not unzip it!):

OneS PJ4010000-OneS.zip http://d-h.st/sE6 Mirror http://goo.im/devs/dsb9938/soff/PJ4010000-OneS.zip

3.)
Code:
adb reboot bootloader
(wait for bootloader)

4.)
Code:
fastboot oem rebootRUU
(wait for black HTC Screen)

5.)
Code:
fastboot flash zip <appropriate zip filename from above>
After a while, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”



6.) Immediately issue the following command:

Code:
fastboot oem boot

You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).

7.) Issue the following 3 commands to update the security partition with S-off flags (one command at a time!):

Code:
adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell su -c "/data/local/tmp/soffbin3"

(wait for a few seconds)

8.)
Code:
adb reboot bootloader

9.) You should see what you are looking for!

If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

Enjoy.
 
Last edited:

manikcs

Senior Member
Jul 17, 2009
90
28
Odp: [S-Off] Facepalm S-Off for HTC Devices One S, One XL, Droid DNA

w00t. Sensation work!
Its possible to edit Scid to any "official" and relock BL after s-off?
 
Last edited:

uvt_novice

Senior Member
Feb 27, 2011
1,066
265
Toronto
Samsung Galaxy S21+
Beaups just advised me that some custom roms could have issues, failing S-Off which I had as well. He said better re-clock bootloader, revert to stock rom, unlock bootloader, root, super CID, then s-off
 

Jewcifer

Senior Member
Jun 12, 2010
99
27
Guy S3 device work or not? Please report.:victory:

Definitely do NOT attempt this on an S3 yet. I don't want to speak on behalf of the creators, but seeing as there's a difference between the S4 and the XL, there's got to be a difference between the S4 and the S3.

Beaups just advised me that some custom roms could have issues, failing S-Off which I had as well. He said better re-clock bootloader, revert to stock rom, unlock bootloader, root, super CID, then s-off

This was my original plan, actually x) I'm on a CM10.1 base. I'm thinking it should work fine with a sense-based ROM though, I'll try that first.
 

troby86

Senior Member
Sep 27, 2008
1,132
922
Lumberton, TX
Amazing job guys.

Confirmed S-OFF on HTC One S (S4) T-Mobile US HBOOT 1.14.0004.

Man...S-OFF....and 2.1.0 Viper??? It's like I'm holding a brick of gold in my hand, lol.

Sent from my One S using xda app-developers app
 
Last edited:

Top Liked Posts

  • There are no posts matching your filters.
  • 391
    http://www.youtube.com/watch?v=zNswkPGYtLc

    note: updated 2/20 @ 9:20 EST, better ICS compatibility.

    Welcome to Facepalm S-Off for the HTC One S (S4 only).

    Credits and terms:

    Exploit by beaups. Full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.

    Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:

    beaups - [email protected] - http://forum.xda-developers.com/donatetome.php?u=711482
    jcase - [email protected] - http://forum.xda-developers.com/donatetome.php?u=2376614
    dsb9938 - [email protected] - http://forum.xda-developers.com/donatetome.php?u=2963256
    dr_drache - [email protected] - https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=6LRSY8MT8P3A6

    You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

    While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.

    This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.

    Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.

    For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:

    HTC One S superCID: http://forum.xda-developers.com/showthread.php?t=1671643

    Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):

    Special note for One S users - flashing the OTA firmware (which you are initiating, but not actually doing here) likes to BRICK superCID phones for some reason. Follow these instructions EXACTLY. After the error 92 in step 5, whatever you do, do NOT run the fastboot flash command again. Make sure you procede on to step 6.

    Let's get started:

    1.) Download patcher and unzip it in your working directory:
    soffbin3.zip http://d-h.st/WrZ Mirror http://goo.im/devs/dsb9938/soff/soffbin3.zip

    2.) Download zip that matches your model id and move it in your working directory (do not unzip it!):

    OneS PJ4010000-OneS.zip http://d-h.st/sE6 Mirror http://goo.im/devs/dsb9938/soff/PJ4010000-OneS.zip

    3.)
    Code:
    adb reboot bootloader
    (wait for bootloader)

    4.)
    Code:
    fastboot oem rebootRUU
    (wait for black HTC Screen)

    5.)
    Code:
    fastboot flash zip <appropriate zip filename from above>
    After a while, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”



    6.) Immediately issue the following command:

    Code:
    fastboot oem boot

    You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).

    7.) Issue the following 3 commands to update the security partition with S-off flags (one command at a time!):

    Code:
    adb push soffbin3 /data/local/tmp/
    adb shell chmod 744 /data/local/tmp/soffbin3
    adb shell su -c "/data/local/tmp/soffbin3"

    (wait for a few seconds)

    8.)
    Code:
    adb reboot bootloader

    9.) You should see what you are looking for!

    If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.net:8080/?channels=facepalm

    Enjoy.
    10
    bahahahaha it worked :D

    *** PAMPERED ***
    S THE F**K OFF!!

    IMG_20130220_145410_zpse96c79e5.jpg
    7
    S-Off isn't just free reign over the boot.img. If you had read anything about it before making your post you'd know this.

    Also, I don't know about you, but I'd be pretty let down if I got an iPad for my birthday. Apple sucks, that's why I'm here on XDA working with Androids.

    I would rather get an ipad for my birthday than an android tablet. Why? You could sell it and buy 2 android tablets :p
    7
    to modify your hboot!

    How did you edit the hboot? (Which program did you use)

    i used hxd hex editor and then did this to extract it and push it back:D

    typed in these commands

    Code:
    adb shell
    su
    dd if=dev/block/mmcblk0p12 of=/sdcard/hboot.img
    exit
    exit

    that will turn your hboot into an img file onto your internal storage

    and then i moved into onto my computer and opened it up in hxd hex editor and searched for the strings then changed them around, making sure that it OVERWRITES the letters originally (don't hit delete EVER just start typing, the file size needs to be EXACTLY 1mb or 1,048,576 bytes) and also i wouldn't recommend going over the allotted space of letters.. then when i finished put the hboot img back onto my internal storage typed in these commands to get the modded hboot in place

    Code:
    adb shell
    su
    dd if=/sdcard/hboot.img of=/dev/block/mmcblk0p12
    exit
    exit
    adb reboot bootloader

    this is a very dangerous process soooo if it borks then i cant be held liable for the new brick

    if you search around in the hboot file you can change the tampered / unlocked / htc disclaimer and possibly others i already got my disclaimer to go away by turning it into nothing but spaces :D
    6
    YES

    I love you man!

    Goodbye bootloader restrictions, hello OTA's! <3

    Edit: I made a Tutorial Video! If there's anything wrong that you guys want me to remove or anything, let me know. Once again, good work!