Last Updated: June 9th, 2013

Everyone likely to read this knows that root can unlock a lot of doors for Android modding, and an unlocked bootloader opens even more. But for HTC phones, S-OFF is the ultimate in control, allowing users essentially unlimited access to every piece of code on the device. The Revolutionary dev team has released a new S-OFF method for the HTC One. You may remember these guys from exploits on most of the major HTC phones from 2011 and earlier.


S-OFF refers to a signature check and write access security in locked HTC phones. When it's on, the phone checks for signatures on certain portions of the software - the radio, recovery, certain parts of the system drive, and a few others - and keeps the user from writing to restricted areas. S-OFF grants users access to essentially every part of the phone, without the signature and security check, and opens up parts of NAND memory as well. Now, here's where things get esoteric: modders already had access to pretty much all of this before, thanks to a change in the way HTC is handling signature checks on the One.

If you've already got root and a custom bootloader and you're wondering why you need this, well, you don't - it's just one more vector for modding the phone that grants a few more tools. Specifically, users with S-Off can flash a custom HBOOT with extended commands, perform a SIM unlock, downgrade to older versions of official firmware, and remove the "relocked" text from the HBOOT screen, among other smaller tweaks.

This method is being presented in a preview edition. It is not for the inexperienced. There are no less than eight steps which require knowledge of ADB, bootloaders, and command lines... and may need several tries to achieve success. In other words, if your only experience with deep-level mods is root and maybe a custom recovery or two, you probably shouldn't try it. This is the kind of thing that can all too easily brick your phone. The Revolutionary team will almost certainly create a safer, easier method once they've gotten feedback from preview users.

Still not dissuaded? Then hit the link below to head to XDA, where the full set of tools and instructions await you. It would help these guys out a lot if you left feedback on the XDA thread with your success or failure.


Jeremiah Rice
Jeremiah is a US-based blogger who bought a Nexus One the day it came out and never looked back. In his spare time he watches Star Trek, cooks eggs, and completely fails to write novels.
  • http://www.Nave360.com Sebastian Gorgon

    Wait so if i S-OFF my HTC One it will remove the relocked message? would that kind of give me back my warranty? what about that tampered message that you get with qualcomm HTC devices?

    • HebeGuess

      Nah~ Pretty Useless on this case, don't forget that official unlocked is achieve through HTCDev. They will have their own unlocking records if they really wanna to accused on broken warranty.

    • BYaj

      With this method you can relocking your device and remove the tampered message

  • htowngtr

    Will be interesting to see if the 4.2.2 update would "break" S-OFF method for those that hadn't changed it before getting OTA.

    • BYaj

      Running 4.2.2 with S-OFF.

      • htowngtr

        Dude... the 4.2.2 OTA, not the leaked ROM. The new OTA will change hboot.

  • BoB1673

    tampered removed
    CID 11111111

    ATT HTC ONE running TRICKDROID 7.0 4.2.2

    worked perfectly

    • Ian

      Just wait my AT&T
      new One arrive. Can we do sim unlock by using S-OFF?
      Or we need to get unlock code first, then unlock Bootloader, Root, S-OFF?

      What best way to do?

  • Sean Powell

    Did they ever get S-off for the One X?

  • Cory Wilson

    Htc is still using this S garbage? The writer of this article is misinformed. You can access everything on any other device with an unlocked bootloader. S-on is another stupid unnecessary hurdle, and some things you can't do s-on at all like flashing a kernal through recovery. It's completely unnecessary

    • Garry DeWitt

      >some things you can't do s-on at all like flashing a kernel through recovery.
      The writer of this comment is misinformed. On the one you no longer need S-off to flash radios or kernels and such from recovery. It has very little use for those of us who are already BL unlocked with a custom recovery. It will come in handy if I ever need to hand the phone back to ATT/HTC though, getting rid of the relocked text.

      • Cory Wilson

        My point is htc shouldn't even use the s crap. It's not an android thing, it's an htc thing. Any other device, with an unlocked bootloader you can do anything you want. With a htc device your only half way there with an unlocked bootloader. Sure some devices it isn't a big deal but my vivid I had to remove a sticker that said void and touch a wire to the motherboard to get s off. HTC always talks like they changed then puts the stupid s on crap on everything

        • Cory Wilson

          7 dislikes too I mean really? People need to remove the htc tattoos off their asses and realize why Samsung is #1. Samsung products are mediocre at best compared to the build quality of htc but there easy as hell to hack and have a 1000 roms available. It'll take you all of 10 minutes to crack a Samsung device and have an overwhelming choice of roms. HTC it'll take a day of carefully reading instructions only to have a handful of sense stripped roms with a ton of bugs developers can't overcome because all the restrictions in place. HTC is the reason I own a nexus device. When I had a Captivate, I thought nexus devices were pointless. I learned when I got my vivid and flyer

          • fixxmyhead

            He's right people. When I had my s2 it took like 5 mins to hack. It was like noob proof. 3 files and that was it. Tried a My touch 4g and failed after several days.

          • Garry DeWitt

            And this is also wrong, you need to stop thinking the one is like every other HTC device, they realized they needed to be more dev friendly, and they gave it to them (devs). The one is just about as open as the S4 when it comes to hackability. You can unlock your BL on HTCdev and from there the sky is the limit. Anything related to radios, recovery, kernel, etc etc is yours to command, and that's all devs need.

          • Ivan Myring

            Even quicker to root s4.

        • Garry DeWitt

          And for the most part with an unlocked HTC device (starting with the one) you can do nearly anything you want, the reason they don't give full control is because it would let you do things like remove the relocked text and SIM unlock the phones, which I'm sure the carriers aren't a fan of the latter. They realized that devs wanted more access and ability to flash kernels in recovery and so they let them have that, while keeping the security on things like SIM unlock and hiding the fact that you unlocked your BL to try and get a warranty repair.

          HTC has taken quite a few steps with this phone to appeal to the dev community, and just pretending like they haven't and continuing to bash them is fanboy tier behaviour; THAT is why you got 7 dislikes, and yes, that is one of them. Well, that and the fact that you were just plain wrong with half the stuff you said.

          • Cory Wilson

            I've owned 2 htc devices, plus a Captivate, a nexus 7, nexus 4, and nook color. Only 2 devices required

          • Garry DeWitt

            And my point is they don't need to do away with S-on, because they've pretty much made it a non threat to dev support, period. The only things it's used for are things the carrier wants and to protect their warranty (as unlocking your BL does void the warranty BTW). A PC is not a smartphone, it's not nearly as integrated as one, and the OEM doesn't develop half of the OS that goes on it in house, they stick windows and some bloatware on it and let it roll. They don't want to have to cover for your fuckup if you unlock and screw something up, and they shouldn't have to. Silly wire tricks you and other anecdotes about previous HTC phones aside, S-on in it's current state is benign to development on the HTC one.

          • blunden

            You seem to be missing the fact that the HTC One allows you the same amount of access when officially unlocked via HTCDev as the nexus devices. Nexus devices also stop you from flashing unsigned images to some partitions, including the radio and bootloader.

          • Cory Wilson

            Well then apparently HTCs definition s-off has changed. My vivid you can't flash a custom kernal in recovery without it, very annoying for cyanogenmod nightlies.

  • imneveral0ne

    Worked perfect on my Sprint HTC One.

  • TechGuy22

    im already S OFF for my ONE att