18
Feb
htc-logo

So, you want S-Off on your One X/L, or Droid DNA? Done and done. Thanks to a crafty new "hack" by jcase and beaups, S-Off can easily be yours. As always, however there are a few pre-requisites, as well as some caveats to be aware of.

Firstly, you must have working adb and fastboot. If you don't know what that is, a quick Google search can answer it, and tell you how to get it. Your device must also be rooted and have SuperCID, no exceptions. This is requisite.

Devs work hard on exploits like this, and they risk bricking their own devices (or those of testers) in order to make it happen. To say thanks for this mod – as well as provide donations to future endeavors (no pun intended) – head to this thread on XDA.

That part's simple enough – if those requirements are met, carry on. Before you get started, here's a video of the process:

Disclaimer: Android Police isn't responsible for any harm to your device - proceed at your own risk.

First things first – you'll need to grab this patcher (mirror) and put it in your working directory. Got it? Good.

Now grab the file for your device:

Time for commands:

adb reboot bootloader

Once the bootloader is up, enter the following command:

fastboot oem rebootRUU

Wait for the black HTC screen, then do this:

fastboot flash zip <appropriate zip filename from above>

After a few minutes, you'll see the following error: "FAILED (remote: 92 supercid! Please flush image again immediately)"

As soon as this error pops up, enter this:

fastboot oem boot

This part is critical. You may see some errors, but wait for the device to boot into Android. Issue the following three commands one at a time:

adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell su -c "/data/local/tmp/soffbin3"

Wait for a few seconds, then:

adb reboot bootloader

Ensure you have S-Off, and you're done! If you hit any snags along the way, head to this support thread on XDA.

Good luck!

Cameron Summerson
Cameron is a self-made geek, Android enthusiast, horror movie fanatic, musician, and cyclist. When he's not pounding keys here at AP, you can find him spending time with his wife and kids, plucking away on the 6-string, spinning on the streets, or watching The Texas Chainsaw Massacre on repeat.

  • RaviShah

    I was so excited until I read its only for supercid

    • wewewi

      Indeed.
      Most misleading title in a long time.

      It's a shame.

      • RaviShah

        indeed. I think the only way to get supercid on my htc one x is if I have supercid. soooo. not possible.

      • http://twitter.com/rohanXm Rohan Mathur

        SuperCID is easy to get... there are many threads detailing the process....

        • wewewi

          Easy to get for the (lesser) Snapdragon S4-powered North American verison only;
          The International 32gb Tegra3 version (as well as the One X+) is locked up tight and completely plagued.

  • Arsalan Afzal

    Someone should edit the title asap. I'm pretty sure this is only for the US version of the the One X, or the XL. Nowhere on the thread does it mention support for the Tegra 3 One X

    • HebeGuess

      Agreed. We are unlikely to brick our devices because we are actually protected by half-locked bootloader, this kind of flash was unable to went through the protected partition, though.

  • HebeGuess

    Sigh, still no luck for Intl. One X(endeavoru) because no method to obtained SuperCID yet.

  • seeingwhite

    Worked great on my VZW DNA

  • http://google.com/+derekross Derek Ross

    Just an FYI to those doing this. If you successfully achieve S-Off and once booted up your WiFi or doesn't work, don't panic. Try flashing a kernel. You'll have to do it the old fashioned way in fastboot and then flash the modules in recovery. That resolved my issue and a few others this evening.

  • Guest

    What is S-off?

  • http://www.facebook.com/people/Aleksandr-Ivanov/734916624 Aleksandr Ivanov

    The problem: this is NOT S-OFF!

    If you have SuperCID, you can easily change anything in your device. You can even change CID itself. So this is not a hack in any way. "Authors" are lame.

    P.S. This works for any HTC device - SuperCID makes miracles.

    • dsb9938

      You sir are completely wrong. This is full on true radio s-off. You are clueless.

      • http://www.facebook.com/people/Aleksandr-Ivanov/734916624 Aleksandr Ivanov

        When you have SuperCID you may S-OFF any HTC device. It was so before, it is so now. What's so incredible? It is possible to S-OFF Tegra version when running SuperCID, yet almost no one got such a device.

        Getting SuperCID is easy on Qualcomm devices, that's cool.

        • undercover

          wrong. SuperCID doesn't automatically mean you can get s-off. It means you can flash any RUU from any region. You cannot downgrade.

  • Elias

    For those of you (like me) scratching your heads because you never heard of s-off:

    In a nutshell, S-OFF means that the NAND portion of the device is unlocked and can be written to. The default setting for HTC’s devices is S-ON, which means that neither can you access certain areas of the system nor can you guarantee a permanent root. Furthermore, signature check for firmware images is also ensured by the S-ON flag.

    How Do I Know If My Device Is S-ON Or S-OFF?

    That is easy to verify. Simply boot into HBOOT on your device, and the text on top will show the flag status as either S-OFF or S-ON. A full root generally means S-OFF.

    S-OFF – What And Why?

    In their devices, HTC have installed a sort of security check whose level is determined by S-OFF/S-ON. Essentially, this security level is a flag stored on the device’s radio that checks signature images for any firmware before it is allowed to be written to system memory. This hinders using any custom ROMs, splash images, recovery etc., and also restricts access to the NAND flash memory. However, when security level is set to S-OFF, the signature check is bypassed, allowing a user to upload custom firmware images, unsigned boot, recovery, splash and HBOOT images, as well as official firmware that has been modified, this enabling maximum customization of your HTC Android device.

    Furthermore, S-OFF also reduces restrictions on accessing the NAND flash memory on the device, allowing all partitions (including /system) to be mounted in write mode while the operating system is booted.

    • ltredbeard

      i know what s-off is and i still enjoyed that explanation.

  • mario

    the soffbin3.zip unzip and save in the adb folder?

  • mario

    s off only for Qualcomm CPUs or also for tegra3 CPUs?

  • edna

    hi, when i type the last command i get back : /system/bin/shu: su: not found ....and i still have S-ON. On the cmd i checked my cid and it returned: "1111111" (don't know how many 1 are :p )so that means i have Supercid, right? . what can i do about the "su not found" ? i have TWRP installed

  • desmond1303

    I don't understand how SuperCID can be prerequisite to gain S-OFF since you need S-OFF to gain SuperCID ?

  • Viktor L. Takács

    Hi

    I am getting error "FAILED (remote: 99 unknown fail)" when bootloader is unlocked and "FAILED (remote: 12 signature verify fail)" when locked

    There is no way to flash this zip unfortunately. Please advise what to do. Thanks
    Viktor

    • Usman Asad

      Hi Viktor,
      I have the same problem as you, Im just wondering if you found the solution to this

      • Viktor L. Takács

        Sorry but still no advance :(

        • Rob

          Had the remote: 99 unknown fail problem, went into recovery, wiped the caches, full power down and back up, start from beginning. Worked like a charm.

  • Nicholas Valletta

    THANK YOU SOOOOO MUCH!!!! IT WORKED GREAT FOR MY VZW DROID DNA!!!

  • http://www.panci-electronic.com Fredi Panci

    This procedure does not work on HTC One X for me, I saw somewhere, it is not possible to turn S-OFF on this device.

  • Boris_Da_Bengal_Tiger

    When I try to download the files and then run them, why does it try to install adware onto my computer? I got the dreaded buynsave extension on my bloody chrome browser and that shit isn't getting removed.

Quantcast