This is a step-by-step guide to Facepalm S-Off for your HTC One S.
First and foremost I got the information for all of this from this thread on xda. All credit goes to those folks (see specifics below), they put in a lot of time and hard work to get this to happen.
Credits and terms:
Exploit by beaups, full guide on xda, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
If you found this useful, donating to the folks who made it possible is a very good idea. The links are as follows:
beaups - m7forsoff@gmail.com - Donate
jcase - jcase@cunninglogic.com - Donate
dsb9938 - cubedrom@hotmail.com -Donate
dr_drache - biomatrix@gmail.com - Donate
You can also come by their irc channel for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
DISCLAIMER:
You will need to have a working adb and fastboot environment for this, if you don't please see this post to set that up. This method will work on any operating system that supports adb and fastboot.
Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission. It was used here with permission from beaups.
For this to work, you must be rooted and have SuperCID. If you try this process without superCID, it will not work, and you may have issues! If you do not already have root or SuperCID please see the following posts for instructions: http://androidforums.com/one-s-all-things-root/543328-how-unlock-bootloader-install-recovery-root-your-htc-one-s.html and http://androidforums.com/one-s-all-things-root/690970-guide-supercid.html.
Once you have confirmed you have SuperCID, then it is time to get started with S-Off. Please read through this first so you understand it all before jumping in! Note: In the process/screenshots I used the working directory is C:\sdk-tools, if yours is different you will need to adjust accordingly.
S-Off for your HTC One S:
1.) Download the patcher and unzip it in your working directory:
Dev-Host - soffbin3.zip Mirror Goo.im - soffbin3.zip
2.) Find model id (open a terminal window or command prompt and leave open for further commands):
[HIGH]adb shell getprop ro.aa.modelid[/HIGH]
3.) Download zip that matches your model id and move it in your working directory (do not unzip it!): OneS PJ4010000-OneS.zip Dev-Host - PJ4010000-OneS.zip Mirror Goo.im Downloads - PJ4010000-OneS.zip
4.) Enter the following:
[HIGH]adb reboot bootloader[/HIGH]
(wait for bootloader)
5.) Enter the following:
[HIGH]fastboot oem rebootRUU[/HIGH]
(wait for black HTC Screen)
6.) Enter the following:
[HIGH]fastboot flash zip PJ4010000-OneS.zip[/HIGH]
After a while, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”
7.) Immediately issue the following command:
[HIGH]fastboot oem boot[/HIGH]
You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).
8.) Issue the following 3 commands to update the security partition with S-off flags (one command at a time!):
[HIGH]adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell su -c "/data/local/tmp/soffbin3"[/HIGH]
(wait for a few seconds)
9.) Enter the following:
[HIGH]adb reboot bootloader[/HIGH]
10.) You should now have S-Off!!!
11.) ENJOY!!
Thanks again to everyone who developed this method! All credit goes to those folks (see specifics below), they put in a lot of time and hard work to get this to happen.
Credits and terms:
Exploit by beaups, full guide on xda, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
You can also come by their irc channel for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
First and foremost I got the information for all of this from this thread on xda. All credit goes to those folks (see specifics below), they put in a lot of time and hard work to get this to happen.
Credits and terms:
Exploit by beaups, full guide on xda, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
If you found this useful, donating to the folks who made it possible is a very good idea. The links are as follows:
beaups - m7forsoff@gmail.com - Donate
jcase - jcase@cunninglogic.com - Donate
dsb9938 - cubedrom@hotmail.com -Donate
dr_drache - biomatrix@gmail.com - Donate
You can also come by their irc channel for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm
DISCLAIMER:
Please be careful!
After S-Off, you can now have complete control of your phone. You can change whatever you want since its not doing ANY security checks at all. As such you have a much greater responsibility to know what your flashing and why, and that your files are 100% unmolested and uncorrupt.
Please be aware that a bad bootloader or radio flash can and will brick your phone, possibly beyond recovery.
You do not any longer have the S-On safety net of HTCdev.
S-Off is awesome, I just want everyone to realize the the seriousness that goes along with this. Have fun flashing ROMs and splash screens, but be extremely cautious/careful with the important parts of your device.
Last and not least, please ask any questions BEFORE your phone makes a short little buzz, shuts off, and won't come back on.
I'm not trying to scare anyone into staying S-On, I just want everyone to use caution and have safe, happy flashing.
After S-Off, you can now have complete control of your phone. You can change whatever you want since its not doing ANY security checks at all. As such you have a much greater responsibility to know what your flashing and why, and that your files are 100% unmolested and uncorrupt.
Please be aware that a bad bootloader or radio flash can and will brick your phone, possibly beyond recovery.
You do not any longer have the S-On safety net of HTCdev.
S-Off is awesome, I just want everyone to realize the the seriousness that goes along with this. Have fun flashing ROMs and splash screens, but be extremely cautious/careful with the important parts of your device.
- Make sure you know what your flashing, and why
- Make sure you have an md5 summer and use it.
- If you just asked "What's an md5??" then check out this thread.
- Make sure you are completely comfortable with all procedures for things you do.
Last and not least, please ask any questions BEFORE your phone makes a short little buzz, shuts off, and won't come back on.
I'm not trying to scare anyone into staying S-On, I just want everyone to use caution and have safe, happy flashing.
You will need to have a working adb and fastboot environment for this, if you don't please see this post to set that up. This method will work on any operating system that supports adb and fastboot.
Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission. It was used here with permission from beaups.
For this to work, you must be rooted and have SuperCID. If you try this process without superCID, it will not work, and you may have issues! If you do not already have root or SuperCID please see the following posts for instructions: http://androidforums.com/one-s-all-things-root/543328-how-unlock-bootloader-install-recovery-root-your-htc-one-s.html and http://androidforums.com/one-s-all-things-root/690970-guide-supercid.html.
Once you have confirmed you have SuperCID, then it is time to get started with S-Off. Please read through this first so you understand it all before jumping in! Note: In the process/screenshots I used the working directory is C:\sdk-tools, if yours is different you will need to adjust accordingly.
S-Off for your HTC One S:
1.) Download the patcher and unzip it in your working directory:
Dev-Host - soffbin3.zip Mirror Goo.im - soffbin3.zip
2.) Find model id (open a terminal window or command prompt and leave open for further commands):
[HIGH]adb shell getprop ro.aa.modelid[/HIGH]
3.) Download zip that matches your model id and move it in your working directory (do not unzip it!): OneS PJ4010000-OneS.zip Dev-Host - PJ4010000-OneS.zip Mirror Goo.im Downloads - PJ4010000-OneS.zip
4.) Enter the following:
[HIGH]adb reboot bootloader[/HIGH]
(wait for bootloader)
5.) Enter the following:
[HIGH]fastboot oem rebootRUU[/HIGH]
(wait for black HTC Screen)
6.) Enter the following:
[HIGH]fastboot flash zip PJ4010000-OneS.zip[/HIGH]
After a while, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”
7.) Immediately issue the following command:
[HIGH]fastboot oem boot[/HIGH]
You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).
8.) Issue the following 3 commands to update the security partition with S-off flags (one command at a time!):
[HIGH]adb push soffbin3 /data/local/tmp/
adb shell chmod 744 /data/local/tmp/soffbin3
adb shell su -c "/data/local/tmp/soffbin3"[/HIGH]
(wait for a few seconds)
9.) Enter the following:
[HIGH]adb reboot bootloader[/HIGH]
10.) You should now have S-Off!!!
11.) ENJOY!!
Thanks again to everyone who developed this method! All credit goes to those folks (see specifics below), they put in a lot of time and hard work to get this to happen.
Credits and terms:
Exploit by beaups, full guide on xda, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
You can also come by their irc channel for support or just to say thanks: #FacePalm http://chat.andirc.net:8080/?channels=facepalm