[s-off] rumrunner s-off
- Thread starter beaups
- Start date
You could try to roll back, but I don't know if the method will brick your device
This is how we did it on Sprint. Be warned, DD your device wrong, and it's done. Read the post clear, search for what it would take for your device to match this.
https://xdaforums.com/showthread.php?t=2618524
Don't right, you can trick your phone into thinking it's on an older version. Then flash the RUU of that older version that has hboot 1.54 or less, then root and install an old custom rom.
Again, find the dev/block partition info for your device.
You cannot downgrade an hboot.
Sunshine is your only option to s-off
Sent from my HTC U11 using XDA Labs
Yes you can. I posted the link where we did it for Sprint. You trick your device into thinking it is on an older version, then flash the older RUU which put you back to older hboot, then used Benny3 custom rom to get s-off, then upgrade again.
Something like that. Read the thread I posted.
Nope you cannot.
You're simply changing the *version-main*, I've **heard** of this method
By the way, the person you replied to already has a blank *version-main* so no need to trick it at all.
Sounds about right, maybe you should try reading the thread or something like that.
Oh you really want a *technical* explanation? Fine, steps involved in ruu flashing (in no particular order) on an M7 (hboot vs aboot+hosd):
- version-main check -> yeah, that one is easy to fake
- MID check -> nope cannot be faked
- CID check -> nope cannot be faked
- hboot version check -> and nope cannot be faked
yes, you can flash an ruu with a patched hboot 1.55 with an unpatched hboot 1.55, but you cannot downgrade an hboot 1.57 to 1.55 (or lower) but if you could, then just downgrade to ruu which includes an hboot 1.44 (not the US T-Mobile one cause they patched it as some point, so the *lower* one) and just use revone or moonshine :cyclops:
And I didn't even mention anything about signatures and decryption keys, oops
Anyway, I wouldn't know much about these things, so go ahead, knock yourself out :good::good:
Just because you moved on, does not mean you can't share.
I enjoy to be proven wrong, so I'll look forward to your next post on how to downgrade hboot 1.57 to 1.55
On an S-ON device
Sent from my HTC 10 using XDA Labs
Honestly, I would have to get my hands on a device. It has been years. And if I could find a stock Sprint m7, I would love to give it another go. I missed the m8, have the m9, could have cared less about the m10 after losing stereo speakers, and when the u11 came about, I waited and waited for the note 8 to drop. No more HTC internet app, no more HTC backup, no more stereo speakers, no more headphone jack (I have small ear sockets, being able to get a pair of skull candies and putting the smallest ear pieces on is a must) I can't be forced like Apple did with their earbuds for an elephant, and special connections. I was at Sprint yesterday picking up a second ipad pro, and someone came in for a repair. His girls phone was messed up, and the tech asked if she had squeezed the phone, like the new u11 ocean feature. I could see myself in for the same reason when that was announced. They lost touch with the user needs and that is why google bailed them out.Just because you moved on, does not mean you can't share.
I enjoy to be proven wrong, so I'll look forward to your next post on how to downgrade hboot 1.57 to 1.55
On an S-ON device
A m7 again is for me, must have beats audio earbuds.
I get one again, I will do what I linked to
I know it works, but did it roll back hboot, or did it trick device? I swear it rolled back, but honestly.... did it? I may be wrong.
But the "dd/whatever/dev block something" I linked to, did get me s-off when I was on hboot too high for normal s-off method.
I know different devices have different partitions, and so a "shot in the dark" would have to be made on anything not Sprint (wls).
I only posted as a reference, and further research for other devices would have to be done.
I fought with different roms, locked and unlocked bootloader, sunshine, moonshine. Of course, I already had s-off, but I put it back to s-on, did stock OTA, just to test the method posted. And it worked.
Did it several times, taking updated custom rom, didn't fully update device like OTA, I would lock and take OTA on purpose, and s-off device again after update to ensure device got everything it could get updated.
Last I knew, it was something the other network devices couldn't do. And after moving on, I don't know if they enter did.
The m7, and m9 were the best devices made (imho) I just need to get my hands on the m7 again.
Hell, I still have my htc touch pro one. Had almost every htc device that Sprint sold.
Sent from my Samsung SM-N950U using XDA Labs
Last edited:
S-off for Hboot 1.54(my phone can't start on android)
version: 0.5
version-bootloader: 1.54.0000
version-baseband: 4A.17.3250.14
version-cpld: None
version-microp: None
version-main: 2.24.401.8
version-misc: PVT SHIP S-ON
meid: 00000000000000
product: m7_ul
platform: HBOOT-8064
modelid: PN0710000
cidnum: HTC__203
battery-status: good
battery-voltage: 4277mV
partition-layout: Generic
security: on
build-mode: SHIP
boot-mode: FASTBOOT
commitno-bootloader: dirty-d959c75800
hbootpreupdate: 11
version: 0.5
version-bootloader: 1.54.0000
version-baseband: 4A.17.3250.14
version-cpld: None
version-microp: None
version-main: 2.24.401.8
version-misc: PVT SHIP S-ON
meid: 00000000000000
product: m7_ul
platform: HBOOT-8064
modelid: PN0710000
cidnum: HTC__203
battery-status: good
battery-voltage: 4277mV
partition-layout: Generic
security: on
build-mode: SHIP
boot-mode: FASTBOOT
commitno-bootloader: dirty-d959c75800
hbootpreupdate: 11
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
343rumrunner s-off is now available for select htc one's, including those that have been previously unexploitable.
brought to you by beaups and fuses
www.rumrunner.us
note:
you MUST be htc dev unlocked or rooted
you MUST have working drivers (windows)
you MUST meet all of the prerequisites
support is available at #rumrunners on freenode and andirc
do NOT clutter support channels with unsupported configurations53Rumrunner custom hboot. Enjoy.
No portion of it may be redistributed, repacked, rehosted, or oneclicked!
S-OFF device is required!!
Features:
- Full set of fastboot flash commands
- Full set of fastboot erase commands
- Full set of fastboot oem commands (eng-hboot command set)
- Removes red banner
- Removes tampered text
Download here
How to flash:
1) Put your phone in fastboot mode
2) Type the following commands into terminal
If you like our work, please donate at rumrunner.usCode:fastboot erase cache fastboot oem rebootRUU fastboot flash zip rumrunner_2.24_401.8_hboot.zip fastboot reboot-bootloader8To remove 'Tampered' banner after S-OFF'ing, put this is in terminal emulator
Code:su echo -ne '\x00' | dd of=/dev/block/mmcblk0p7 bs=1 seek=4265988
Just copy and paste it into terminal to ensure no errors
Credits @scotty1223
Maybe @beaups can put this in the OP to prevent repeat questions?
