Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
kemoba said:
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
Click to expand...
Click to collapse
1.) No, I hadn't.
2.) You can write data directly into system without booting into recovery and there's no downs, only better
3.) Your Click may go to eternity sleep if something goes wrong. but believe me, I've S-OFFed my Desire, not my previous Click as it's already factoried s-off. Nothing bad happens:beer:
4.) S-offing will NOT touch your recovery.
5.) The risks are very low, but if you mess up service again so it's worth, I recommend. Download from HTCDev site. Revolutionary's unfortunately not into this.
Sent from my HTC Desire using xda app-developers app
kemoba said:
Im thinking of S-OFF-ing my device (Unlocking bootloader). I want to ask did anybody did it on our tattoo, what are the ups and downs, what are the chances of hard bricking my device, will i still be able to flash roms via CWM, and the most important, is it worth it ???
Click to expand...
Click to collapse
If you're thinking about using htcdev boot unlocker, it won't S-Off your phone. It would just let you flash custom recovery and such which we can do already. Therefore in my view, it's not necessary to do it.
If you actually get an S-Off done(paid solution), it still won't be very useful as most of the things that we usually want like downgrading/upgrading we can do with the help of gold card and some other tricks posted in this forum.
I got S-off done as I wanted to be able to change mid but I later found out that I couldn't do it with stock hboot as it provides a curtailed list of fastboot oem commands in comparison to Eng-hboot. I thought S-Off would help me change the model id(mid). If there was a way a to directly alter mid in NVRAM then it would be helpful but for now the money spent on S-Off is a waste.
Wish there was an ENG hboot available for our Tattoo.
Hope this info will be useful.
Related
This has been in progress for a while. If you follow the G2 forums, then you'll know that there have been big problems with G2 phones that have been unlocked via unlock codes, with those unlocked phones then not being able to find a network at all.
It looks like the guys on #G2ROOT have cracked S-OFF for radio. This is *not* the same as the current S-OFF that we have from HBOOT. Apparently it should help to prevent semi-bricking via incorrect flashing of older ROMs.
The article in the Wiki explains all. Documentation about the procedures should be coming soon. We will of course have to make sure it's fine on the DZ too :
http://forum.xda-developers.com/wik...Subsidy_Unlock.2C_SuperCID.2C_and_Radio_S-OFF
nice gives all those "bricked" g2's hope
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
DanWilson said:
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
Click to expand...
Click to collapse
I imagine it'll still be possible to reverse it. From a scan of the IRC logs (though of course I might have missed important stuff), it looks like you just need to write the correct data to the right area of a partition to get the radio S-OFF. So surely you can un-do that by writing the previous data ?
Documentation on this is now up, see http://forum.xda-developers.com/showthread.php?t=855764
Bear in mind that the instructions are for the G2 right now, so if you try this out on a DZ there's a high chance of a permanent brick ! But hopefully someone will sort out a verified method for the DZ soon
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Lennyuk said:
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Click to expand...
Click to collapse
But when an easier way to do it comes along (which is being worked on, I believe), a full S-OFF will be a lot safer, because then it won't be so easy to brick your phone by simply flashing an old RUU.
steviewevie said:
But when an easier way to do it comes along (which is being worked on, I believe), a full S-OFF will be a lot safer, because then it won't be so easy to brick your phone by simply flashing an old RUU.
Click to expand...
Click to collapse
people should not be flashing an old RUU anyway!
anyone who is silly enough to do that gets a brick for a reason.
Always either flash the latest ruu, or restore a nandroid of stock and flash an ota it offers, these are the safest ways.
You will get more bricks from people doing radio s-off than the s-off + ruu method gives.
Lennyuk said:
I would not advise people do this form of S-OFF unless they really need to anyway, its harder to come back from (if you did semi-brick) and holds more risks.
Click to expand...
Click to collapse
You're an ass-talker. You talk through your ass, blow hot air, and have no idea what you're talking about.
1) it is SAFER,
2) it is EASIER to come back from,
3) it is SAFER.
Why is it safer? Because it does NOT require writing the hboot or radio! You can blow p7 out and android will still boot, which means that you have the opportunity to fix it if something goes wrong.
A bad flash of the radio or hboot and you're dead.
For those who might not have seen it yet, there's now a fully documented procedure on how to do this to your DZ (and yes, it's been tested on the DZ too).
As has been said, this is a safer method to get S-OFF (letting you flash custom ROMs) than the previous method of putting on an engineering hboot.
See http://forum.xda-developers.com/showthread.php?t=857390
DanWilson said:
Radio S-OFF is permanent S-OFF?
So no more warranty? Damn.
I'll stick to the stock ROM for a while with root, then HBOOT S-OFF, but never radio S-OFF.
I like warranty. Never know when you'll need it.
Click to expand...
Click to collapse
all i do for warrenty with modded phones is feed 12-20 volts ( from a wall adapter) into the battery contacts and tost the main board and bring it back as dead they send me a new one no questions asked cause the phone is dead...even did this with a htc ppc6800 that i smashed the screen in and thay warrenteyed it no prob....this is on bell in canada....
666
I was following your discussion on bricking because of flashing ruus but for some reason it doesn't apply to me. I had an Asian WWE 1.34.707.5 (shipped with my phone) then I flashed it with Asian WWE 1.34.707.3 RUU and it didn't brick my phone.
Hi all,
today i discovered something strange and i like to get your opinion on that:
I am not able to do s-off things in fastboot even if i have s-off!
Situation:
Phone: Desire Z
HBOOT: stock 0.85.0005
FW: 1.34..
Rooted: did root, supercid and s-off via gfree and verified via gfree_verify - even hboot showes up S-OFF
ROM: GingerVillain 1.5
Recovery: ClockworkMod 3.0.0.5
Problem:
First of all, i myself have no problem, but i started experimenting after a friend semi-bricked his desire z with same setup.
I did a nandroid backup and when i boot into hboot and do a 'fastboot flash recovery recovery.img' (with my nandroid recovery.img) i always get a remote: not allowed.
Now from my point of view this should only happen if I have a S-ON and should be impossible with S-OFF ?! Even using 'fastboot oem rebootRUU' does not change anything.
The thing that concerns me about that is: If something destroys both system and recovery, your pretty much screwed + bricked because hboot is not allowed to write to something other then cache and all of this basic stuff doesn't work:
- flash recovery with CW
- flash a complete zip
- flash an other hboot
- RUU
When I rooted my phone i have read everywhere that eng-hboots are not necessary any longer. But it appears that they are the only thing that helps and you have to install them as long as you have a working ROM.
Any thoughts on that issue / can you reproduce this / are fastboot actions logged anywhere?
You need a ENG. HBoot to use fastboot commands, doesn't matter if your s-off.
yeah, i came to the same conclusion..
is there any chance to flash a eng-hboot from a bricked 0.85.0005? i did some experimentation with a goldcard, but at least remote commands didn't change in behaviour..
I think being full-bricked when something goes wrong and not having an eng-hboot already installed is not an acceptable solution for most people here
DragonTEC said:
yeah, i came to the same conclusion..
is there any chance to flash a eng-hboot from a bricked 0.85.0005?
Click to expand...
Click to collapse
maybe thru a modified PC10IMG.zip
I think being full-bricked when something goes wrong and not having an eng-hboot already installed is not an acceptable solution for most people here
Click to expand...
Click to collapse
My thoughts exactly, its kind of a safety if you can't boot into android.
i'm not sure if a PC10IMG.zip will help at all.. my friend tried flashing both 1.34 and 1.72 RUU ROMs as PC10IMG and this didn't change anything.. in fact, the 1.72 even didn' install the new .00008 hbott, so i thing there is some heavy write protection in the hboot making it more or less useless..
what i can imagine that works is aa gokldcard with sppimg.zip, but i haven't yet found one for the desire z..
i have the feeling that this is a huge problem because with a short research i have found at least 3 threads of people having bricked their phone exactly this way and are now stuck.. some of the experts here might pay attention to this problem and in my opinion you should also consider removing the 'a eng-hboot is not needed, don't use it' advice from the rooting section of the wiki..
So what exactly is your problem.
You destroyed recovery and system?
If yes, and you used gfree to get Super-CID just install an PC10IMG that has a version higher or equal to the main version in you misc partition. And then do the whole downgrading, rooting, flashing recovery again.
If you are not Super-CID you might need a goldcard in addition if the CID of the phone is not supported by the PC10IMG that you whant to install.
have fun Guhl
It is almost impossible to brick this phone. The only possible way might be a failed copy of the eng-hboot and this is why the warning is and stays in the wiki.
Sent from my HTC Vision using XDA App
I thought so, too, but when flashing a newer original RUU using the PC10IMG.zip, the flash process runs okay, but after the restart nothing (still hangs in HTC screen, no new hboot) changes so apparently no changes are made..
So from my point of view the phone is more or less bricked.. i guess maybe some custome PC10IMG with an eng-hboot might change this, but i only found one for the G2 and wasn't able to find one for the DZ.. Thats why I thing that removing the 'UNNECESSARY' advice is justified (of course i don't want the warning advice that this can brick the phone to be removed)..
A little question about AlpharevX that I had on my mind for some time.
What I would love is the right answer and not thousand of people guessing it, so ideally, please refrain from answering if you are not sure.
XTC Clip gives us factory S-OFF, through the likely emulation of the official HTC SIM card with the relevant RSA keys. If you use the XTC clip, your phone becomes a 'dev' phone, totally unlocked as it was meant by HTC.
Now what about AlpharevX?
There are a lot of people talking about it making their phone S-OFF.
Now the question.
Is the AlpharevX S-OFF the same as the XTC Clip S-OFF, ie achieved by clearing the s58 security flag, OR is it just patching the HBOOT to make it think that S is OFF (like Alpharev 1.8 did), OR is it achieving this feat in some other way?
On the Alpharev 1.8 page, it says:
Since we are unable to access the Radio NVRAM itself (where secuflag is stored),
Click to expand...
Click to collapse
So this got me wondering.
It is a reversed engineerd bootloader that thinks that the secuflag is off. So nothing is changed in the radio, they just put a new hboot on your phone.
Alltough it is a reversed engineerd one, it does do everything that the standard htc hboot does. It does even more: there is the posibility to use fastboot, which is not possible with the factory bootloader. So making your phone s-off by the xtc clip will not allow you to use fastboot, flashing the one from alpharevx does.
Erwin
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Thanks Erwin.
So the phone is still S-ON, but does not care about it anymore. Sweet.
I was asking this because I was thinking that if I were a developer, I would have put some code in all sort of horrible places to check for this sort of bypass, a bit like in the first PS, where games stopped working if they detected a modchip.
But then if I were an HTC developper, I would have had total faith in HBOOT 1.000.1 being unbreakable, so I may not have bothered
In any case, how did they manage to get a custom HBOOT ? Does anyone know?
Is it signed ?
You're welcome! ;-)
It is of course not signed ;-) I've asked them, but they wouldn't say it, propably for the same reason as why unrEVOked keep there method secret untill htc has come up with an update that fixes the exploit. So I understand why they won't tell us and also, you do not ask for your grandmother's secret family recepy, do you ;-)
All we know is that they use a combination psneuter and gingerbreak to get a temproot, and than somehow manage to get pass the nand protection to replace the factory hboot by there hboot. Or at least, that is my interpretation of what I've read here on this forum somewhere
Erwin
metv said:
finally a clean and clear explanation thread, thanks erwinP.
i think i'm not the only one that wonder a simple thing: is s-off reversible?
almost everybody knows that flashing custom firmware invalidate the warranty, so, in case of problems (not necessarily due to the new firmware) is it possibile to revert the phone to its original state (original fw, original hboot, s-off) and send it back to htc?
Click to expand...
Click to collapse
Sorry I didn't see your question.
Once they have a way to replace the stock hboot by there one, there hboot can be easely replaced in the same way by the stock one, to get an s-off device again. They have already said somewhere that they will provide a way to revert the proces, just in case you have to bring your phone back in waranty. There are real genuises, aren't they ;-)
Erwin
Thanks for the clear explanation chaps.
I got my sisters Wildfire here and it's stuck in a bootloop.
It is NOT rooted, has no S-Off and so on.
It has the stock rom.
It didn't run fluently, so I just rebooted it. But since then it doesn't boot.
Tried taking out battery, putting it back in, no success.
Tried taking out SD-Card. no success.
Then I booted into Bootloader (Vol + Power down).
Buzz PVT Ship S-ON
HBOOT-1.01.0001
MICROP-0622
TOUCH PANEL-ATMELCO 3_16ac
RADIO-3.35.20.10
All I get to choose is Fastboot, Recovery, Clear storage and Sim-lock.
Recovery turns out to be nothing, I can't get to it. Might be, because there is no CWM on it.
I was lucky to be able to root and s-off my DHD, so I don't have any idea, how to fix this problem with the Wildfire.
Any suggestions how to solve this little problem?
Thanks in advance
Which method u adopted for rooting....try revolutionary method and u will be s-on....bt ur mobile doesn't on....try to intall ruu which can be downloaded from shipped-roms.com,download wwe version file....run it,it will install stock rom again,then enable debugging mode,goto revolutionary.io fill the form and copy generated alphanumeric code carefully and download the file run it and u will get s-on....
Sent from my HTC Wildfire using XDA App
Thanks, but actually I neither want root nor s-off on it...I just want to get this smartphone to boot again...I'll try to get the RUU on it, like you suggested
Sent from my Desire HD using Tapatalk
Would "RUU_Buzz_Froyo_HTC_WWE_2.22.405.1_Radio_13.55.55.24H_3.35.20.10_release_160191_s
igned.exe" be the right one?
And if, what to do next with it?
Thanks in advance
- Extract the Rom.zip from the RUU you listed. Procedure here:
http://lukasz.szmit.eu/2010/04/extracting-rom-files-from-htc-android.html
- Rename this zip to PC49IMG.zip
- Place this on the root of the sd card
- Reboot in HBoot mode, the phone will detect the file and will attempt to install. Select Yes and let it proceed.
Thanks, I'll do that when I'm done in University :-D
Just so I have more opportunities in case this happens again.
Could you give me a link to a instruction how to root and s-off?
This would help
And, just in case, which do you think is the best Custom Rom for the Wildfire?
You can use Revolutionary to get S-OFF and Clockworkmod Recovery. Guide here:
http://joel5121.blogspot.com/2011/06/wildfire-22-root-tutorial.html
The only thing that has changed is AlphaRev's Website. The new address is revolutionary.io. Everything else remains the same. Although, you will need a booting device to get it to work.
Lastly, ROM choice depends on whether one would like to keep HTC Sense or not. If not, then I would go with Cyanogenmod / Oxygen (Two ROMs I am pretty sure are available for the DHD as well). And, if you would like to keep HTC Sense, then the current favorites are DK Custom ROM and RemPuzzleROM.
Complete Listing available in the Index Thread linked in my Sig.
Good Luck
I only want to flash a ROM on the Wildfire. My dhd runs on arhd and I won't change that well, unless there's a newer version of arhd
Anyways, what is the best sense ROM
for the Wildfire? Should run smooth but stable and fast. And of course it should've good battery life
Sent from my refrigerator using Tapatalk
I'm stuck myself. Wildfire is working again, but neither can I root nor can I make S-OFF.
On AlphaRevX it "sends in Caroline" and "Caroline" comes out with an error report
However, USB-Debugging was turned on, SD Card active, connected to pc, but "only charge"...
That far for S-Off...
Then I'm trying unrevoked. Works so far, until the Wildifre is in the bootloader. Unrevoked tells me, it's waiting for bootloader. When I choose Fastboot on the device, unrevoked works on and tells me "Waiting for HBOOT to be ready..."
Nothing happens after that. If I choose Bootloader on the device, unrevoked tells me, that it has lost connection to the phone.
Then I tried Gingerbreak. Gingerbreak works, reboots the phone, I check for SU and can't find it. So I guess it's not rooted then :-/
Any suggestions?
Your only (free) option is Revolutionary on Wildfire's with official 2.2.1 and HBoot 1.01.x. Any other method (Unrevoked, Gingerbreak, SuperOneClick etc) will not work and will result in failure. Errors on Revolutionary can usually be treated EXCEPT when it says "Not writing bad block at mtd 0x00000", in which case, there are bad blocks on the NAND memory, and there is no fix yet.
The paid option is to find a store with an XTC Clip hardware box, which can S-OFF the Wildfire as well. They will charge you a 1-time fee for using it.
3xeno said:
Your only (free) option is Revolutionary on Wildfire's with official 2.2.1 and HBoot 1.01.x. Any other method (Unrevoked, Gingerbreak, SuperOneClick etc) will not work and will result in failure. Errors on Revolutionary can usually be treated EXCEPT when it says "Not writing bad block at mtd 0x00000", in which case, there are bad blocks on the NAND memory, and there is no fix yet.
The paid option is to find a store with an XTC Clip hardware box, which can S-OFF the Wildfire as well. They will charge you a 1-time fee for using it.
Click to expand...
Click to collapse
So since this is exactly the fault that is displayed, there is nothing I can do...
But this other tool for s-off ain't working either. If I'd have at least s-off...in this tutorials I first make s-off and afterwards there is a zip archive which will give me SU. Can I install cwm without Root? I'd really like to flash cyanogen...
Sent from my refrigerator using Tapatalk
No, unfortunately, as I stated in my previous post, you cannot.
The best option will be revolutionary but solve ur first problem and then move on to this...we r always here....
Sent from my HTC Wildfire using XDA App
UPDATE: The HTC Developers official unlock does not seem to allow the flashing of most, possibly all custom ROMs. The best advice is to re-lock the bootloader using the official tool, and then use the Advanced Ace Hack Kit to root and S-OFF your phone.
I've seen quite a few threads in Q&A recently where people have used the official bootloader unlock at the HTCDev website, then tried to flash a custom ROM and got stuck. The most common problem seems to be that they get stuck in the bootloader, or they flash a ROM but it hangs at the splash screen.
The best advice so far seems to be to flash a stock ROM, re-lock the bootloader, and then use the Advanced Ace Hack Kit to get S-OFF and root in the "usual" way. However one poor guy couldn't even get that far and ended up sending his phone off to HTC, although I think he tried running the AAHK without re-locking his bootloader first.
I'm not an expert on what the official unlock does and how it differs from our usual S-OFF methods. The HTC website indicates that their unlock lifts security on the boot, recovery and system images, but not on radio or sim-locks. To me that sounds enough to flash a custom ROM, but I'm not an expert and clearly a lot of people are having trouble.
I think it might be helpful to have a warning here on the DHD forums - if you want to unlock your phone, use the AAHK or any of the similar tools here. Don't use the HTCDev unlock method - at least until we better understand what's causing people these problems.
If anyone understands the technical differences between the HTC tool and the Radio S-OFF methods, or what's causing people to have these problems, please explain here so we can all understand it better! I'm slightly worried when trying to help people with advice, because if I get it wrong I might make things worse for them. And I don't really want to use the HTCDev tool myself to experiment.
If the HTC unlock itself is fine, but people are doing something wrong after using it, then perhaps once we know what that is, it can be put in a sticky? Or if the best advice is to avoid the HTC unlock method altogether, perhaps that should be stickied instead? (Or is there already a warning up that I've missed?)
It would be good if we as a community could come up with some clear advice, and maybe save people a lot of stress and hassle.
Yes, as a clueless person I would really welcome any expert guidance on this, I want to install other ROMs and if I can do it via 'official' methods all the better.
I experienced this exact same problem. I was expecting that unlocking meant getting root access but obviously this was not not the case so then I used the Ace Hack Kit which got stuck at flashing the ROM for downgrade. It showed the message in a quick flash (I had to record the screen it to see it) stating that the zip file content was not correct. Luckily the guys at the IRC help channel pointed me directly to the cause... the bootloader was unlocked and re-locking it would solve it.
Unfortunately the 'fastboot oem lock' method did not work right away. I re-installed HTC-sync (removed it before according Ace guide) and this got it working again so that I could re-lock. After this the whole Ace procedure worked fine and I now have root.
My advise would be to at least include a line on re-locking before start in the EFFEN manual and ensure that HTC-sync is installed for the relock (and remove it afterwards of course)
Thanks pamarama, that's exactly the kind of info I was hoping for regarding HTC Sync.
Do you know if AAHK also requires a working ROM on the phone before you start?
Some people don't have a working ROM, so I've been recommending that as well as re-locking the bootloader, they flash an RUU so there's a bootable ROM on the phone before they try AAHK.
Hi preacher65,
I honestly don't know if a working rom is required. I guess that the AAHK experts would be able to answer this question. I had a working rom at least but I can imagine that in order to do the downgrade the only thing that needs to be intact is the data that triggers AAHK to do the downgrade. If that flash succeeds you should have a working rom again.
From reading other threads, what I think the issue is that one simply can't install a rom. After flashing a rom one has to install a new boot image to actually get it to boot
The problem with HTC Dev unlock is that it doesn't allow boot.img to be flashed in any mode other than fastboot.
You can flash a custom rom, but then have to extract the boot.img from the zip and flash it via fastboot. Thats why everyone gets stuck on splash screen.
-Nipqer
pamarama said:
Hi preacher65,
I honestly don't know if a working rom is required. I guess that the AAHK experts would be able to answer this question. I had a working rom at least but I can imagine that in order to do the downgrade the only thing that needs to be intact is the data that triggers AAHK to do the downgrade. If that flash succeeds you should have a working rom again.
Click to expand...
Click to collapse
Thanks - I think you might need a working, rooted ROM to get SHIP S-OFF. At least you did in the days before the AAHK. Not sure if that works any differently. I'll check the manual to see if explains how it works.
marsdta said:
From reading other threads, what I think the issue is that one simply can't install a rom. After flashing a rom one has to install a new boot image to actually get it to boot
Click to expand...
Click to collapse
Thanks, I think you're right. The HTC unlock says it unlocks the boot image, but it does seem as if people aren't able to flash a boot image as part of the ROM. Possibly due to most ROMs having custom kernels, perhaps?
I believe that all the developer opened firmwares still have restrictions in place, someone correct me if I'm wrong but that is generally what happens when a hardware manufacturer releases an unlocked bootloader. Your best bet is to use the Advanced Ace Hack kit then use Android Terminal Emulator to flash your bootloader with the ENG S-OFF version. Then you have complete control and freedom in your device.
I would type up all the specifics but there are many guides on the subjects above.
MP2E said:
I believe that all the developer opened firmwares still have restrictions in place
Click to expand...
Click to collapse
Thanks, I'm sure you're right. What I'm really trying to find out is what those specific restrictions are - or failing that, just come up with a solid, workable solution for those people who have already tried the HTC unlock and are now stuck.
So far the solution seems to be to re-lock the bootloader and then use the AAHK. But some people I've tried to help in Q&A have been unable to flash a PD98IMG.zip or RUU, even after re-locking, to get a stock ROM back on their phone so they could run the Hack Kit.
FWIW my own phone was rooted over a year ago, using Visionary and running sfjuocekr's scripts inside Android Terminal Emulator to fhash hboot and CWM manually from the command line. Which is why I'm not very familiar with what the AAHK needs to run, but I assume it needs a working ROM to get Radio S-OFF.