Bypassing HTC Dev Unlock would be one less step for new phones to get ready for customization. And it would eliminate warranty worries about HTC's ominous warnings when unlocking the bootloader.
The Sensation now has a method to achieve S-off via temp root:
http://forum.xda-developers.com/showthread.php?p=26280760
Unfortunately, I don't have the ability at this time to ask the JuopunutBear team in IRC myself about the possibility of porting this method to the Rezound.
What input does the Rezound community have on the technical aspect of this? I know there are temp root methods such as this buried in the Development section:
http://forum.xda-developers.com/showthread.php?p=19924490
I think if you use the current HTC roots (ie for one x, evo 4g LTE) then flash their boot image (assuming it disables emmc write lock) then reboot to that then run their tool it will work.
con247 said:
I think if you use the current HTC roots (ie for one x, evo 4g LTE) then flash their boot image (assuming it disables emmc write lock) then reboot to that then run their tool it will work.
Click to expand...
Click to collapse
Good deal, will look into those methods. Had my phone S-on and on 1.02.605.6 this past weekend for a bit, got curious.
Really wish I wasn't out of town when I got an itch to test something out. lol.
I could be wrong an it could brick lol. But it is worth maybe trying or looking into.
I haven't looked into this in a while, but now that the OTA is available, I researched this a bit more last night.
Traced the method used by the Senastion back through the One X files. These are derivatives of the SparkyRoot method used first on the Transformer Prime:
http://forum.xda-developers.com/showthread.php?t=1439429
This method and the NachoRoot method use an exploit that may have been patched if I'm interpreting this data correctly. I tried a modded script for the Rezound on the 3.14.605.10 stock RUU, but no dice. The ICS OTA is still Android 4.0.3 which may mean the vulnerability is still there given the timeline of that patch.
Now the title may as well read "New Temp/Perm Root Method?" as that is what is required to bypass HTCDev Unlock altogether. But if and when such a method arises, that will get its own thread. It would be a useful tool for not only S-off, but a new round of bloatware removers.
Still looking around at other devices and vulnerabilities that could be used on the Rezound. Any input is welcome, I'm no coder but curious enough to find a way.
Related
Ok, so over on the Shift forums, they stumbled upon a way to downgrade your device to allow nand unlocking. *All credit goes to ScaryGhoul, and Otaking71*
Basically by using a temproot method (which the 3D has), and using a misc.img partition from another phone (The Tbolt for this instance), they were able to trick the Hboot security check into allowing older RUU's to be run against the device.
According to Scary, and Otaking the dev work behind this should work for other devices, as long as you are able to identify which BLK houses the hidden partition that Hboot uses to check everything it flashes. As they outlined it is usually "misc", or hboot -1, in the case of the Evo shift, their Hboot partition is mmcblk0p18, so since the hidden partition is hboot -1, it would be mmcblk0p17.
Following their theory, If someone is willing to try this we would need to know which partition the Evo 3D uses for Hboot, we would also need to know if the 3D uses emmc or mtd blocks. If it is emmc the same commands with the proper mmc blocks will work, if it is mtd, we would need to reference the original EVO 4G root method to figure out how to force the hboot to bypass the security checks.
Here is the full post laying out the ground work necessary, including reference to the original Evo 4G root method. http://forum.xda-developers.com/showthread.php?t=1255474
If this works, then it will allow us to run the original RUU for the Evo 3D, essentially downgrading the device from Hboot 1.5 to Hboot 1.30, which then allows the device to be rooted with Revolutionary instead of being forced to use HTC's Unlock method.
Is there anyone out there willing to help dig into this, to see if we can roll back the Hboot of the Evo 3D to allow revolutionary to root it?
---------- Post added at 05:46 PM ---------- Previous post was at 05:29 PM ----------
The direction I am going with this is, If we can force the Hboot to allow downgrades, then that should mean that we should technically be able to force the hboot to downgrade itself, theoretically taking the hboot from 1.50 to 1.30 or 1.40 depending on whichever one you can get your hands on. Also here is some more info added to the whole wrack your brain process this is becoming. Also please ignore my odd way of thinking, I'm trying to think whether or not this is possible, while at the same time gathering data and trying to formulate a process to make it work. I could be entirely wrong about the whole thing, but you never know until you have it looked into and reviewed.
So first step to digging, It looks like the Evo 3D does indeed have emmc partitions http://forum.xda-developers.com/showthread.php?t=1197315
Which makes using their method easier to accomplish.
otaking71 said:
I accidentally figured this out.
You'll need temp root on the phone. Use any temp rooting method.
Push the extracted misc.img file to the sdcard.
Once you have root, dd the misc.img to the partition just above hboot.
In the case of the shift and the thunderbolt this is /dev/block/mmcblk0p17
Once this is done..you can proceed to use any ruu (the full executable) or any properly signed AND named zip from hboot.
This has only been tested on the shift...but the theory is sound. If you are doing this on anything other than a shift/tb....please check the size of the partition just above hboot.
Click to expand...
Click to collapse
We should also be able to use the misc.img file from the Tbolt that they used, as long as the size doesnt conflict with the 3D, the version is lower than that of the 3D, so it is still staying true to their groundwork.
So now knowing all of this, we just need someone willing to perform this to try and see if the HBoot can be downgraded accordingly since sofar everything is appearing to line up nicely.
The other question I would then propose is, If this is possible, could it work for 3D's that were unlocked using HTC's method. ie. Unlock with HTC's method, flash a rooted ROM, perform the hboot security bypass using the misc.img file. Then run an RUU that is from the 1.30 or 1.40 HBoot to return the device back to stock, after re-root using revolutionary.
One final thing, The only reason I am bringing this straight to the community without diving into it myself, is that I presently don't have a 3D to work with, but at the same time was tasked by several people that Have 3D's that took the OTA to HBoot 1.50, to see if there was a way to revert the process. That and I have no idea which mmcblk is the hboot partition for the 3D.
Sorry but this was one of the first things that was tried and multiple people have confirmed it's a no go. A little searching should be able to pull up some of the older threads that have more info about it in them.
Sent from my PG86100 using xda premium
xHausx said:
Sorry but this was one of the first things that was tried and multiple people have confirmed it's a no go. A little searching should be able to pull up some of the older threads that have more info about it in them.
Sent from my PG86100 using xda premium
Click to expand...
Click to collapse
Thanks, yeah I searched but didn't will admit didn't look as hard as I should have.
Sent from my PC36100 using Tapatalk
xHausx said:
Sorry but this was one of the first things that was tried and multiple people have confirmed it's a no go. A little searching should be able to pull up some of the older threads that have more info about it in them.
Sent from my PG86100 using xda premium
Click to expand...
Click to collapse
I just looked into what you posted xHausx, and I can only find threads where people tried to just flash a new Hboot ontop of the 1.50 HBoot, however this is known not to work because HTC does not fully unlock the HBoot, What I am proposing is forcing the HBoot to act like it is 100% unlocked to allow downgrading by using the misc.img file from the TBolt, like they did with the Evo Shift, I searched and searched, and cannot find anyone even attempting to modify the security of the HBoot -1 partition by using an unlocked bootloader from another device. So I am bringing this theory back up for testing, and for someone to show me where this method was tried and failed. Since as mentioned, I can only locate attempts to flash a bootloader ontop of a still locked bootloader.
If this is viable then it should also be useful for GSM E3D right?
Actually there is no temp root for updated Evo 3D's with 1.50 HBOOT and 2.3.4...HTC patched the exploit that was used to gain temp root. The only way this will work is if you already used HTC's unlocking method and use a rooted ROM. I am still on 1.40 and can't help(I probably wouldn't be much use anyway), but I would get into contact with Treve from the Synergy Rom. He has done all kinds of stuff with download mode and messing with the partitions before full root was available. He may not know of this hidden partition and may be able to help you out.
housry23 said:
Actually there is no temp root for updated Evo 3D's with 1.50 HBOOT and 2.3.4...HTC patched the exploit that was used to gain temp root. The only way this will work is if you already used HTC's unlocking method and use a rooted ROM. I am still on 1.40 and can't help(I probably wouldn't be much use anyway), but I would get into contact with Treve from the Synergy Rom. He has done all kinds of stuff with download mode and messing with the partitions before full root was available. He may not know of this hidden partition and may be able to help you out.
Click to expand...
Click to collapse
As suggested I contacted TrevE regarding this, and he didn't outright say that it wasn't possible, but without a temproot for the latest version, it basically came down to this. Obtain root via HTC's unlock, then attempt the patch, and then attempt the downgrade.
Any luck with this Khilbron?
Evo3Duzer said:
Any luck with this Khilbron?
Click to expand...
Click to collapse
its been 3 months...... not trolling but god damn way to rise a dead thread
nate420 said:
its been 3 months...... not trolling but god damn way to rise a dead thread
Click to expand...
Click to collapse
I am relatively new to this forum. Is there a time limit on threads? Is there a point where a user is no longer permitted to post a question in a thread?
Maybe an Admin can let me know if I have done something wrong?
I guess I could have IMd him.
Thanks for your useful input nate420
Evo3Duzer said:
I am relatively new to this forum. Is there a time limit on threads? Is there a point where a user is no longer permitted to post a question in a thread?
Maybe an Admin can let me know if I have done something wrong?
I guess I could have IMd him.
Thanks for your useful input nate420
Click to expand...
Click to collapse
Nope dude there is no problem with asking questions and raising "dead" threads. It shows that you are searching. If you had not searched then you would have been flamed for not searching. Unfortunately, on this forum, you are damned if you do and damned if you don't. Some people get their panties in a bunch for no reason at all.
animal7296 said:
Nope dude there is no problem with asking questions and raising "dead" threads. It shows that you are searching. If you had not searched then you would have been flamed for not searching. Unfortunately, on this forum, you are damned if you do and damned if you don't. Some people get their panties in a bunch for no reason at all.
Click to expand...
Click to collapse
chill dude i said i wasnt trolling
but if you see that their hasnt been an update in 3 months... by OP or ANYONE is there a point to ask for a update on the status?
sorry if my logic seems back asswards
but yes good job for searching before cheating a new thread ill give you both a thanks since im gonna be out of this forum soon
Searching this out is kind of depressing. no S Off on 1.5 and no downgrading off 1.5.... man atleast i have Flash GUI
Noob question -- how do you unroot in case you need to return the phone to Verizon?
Thank you!
This is a very good question as it isn't posted up yet. There is an RUU file you can run which was acquired last night. I'll see if I can get that posted by someone. It comes from MikMik forums so we may need to ask permission first. Something to keep in mind though, our bootloader will show *tampered* no matter what you do until we can get S-Off. So really, they would be able to tell if you messed with it anyways. I've never had any problems returning these phones. But I'm sure if you brick one to the point of it not being able to be recovered even by HTC (which i think is impossible without physical damage) they could come after you for a little payment
Relock your bootloader and flash the Stock RUU I posted up in the development section.
Forgive me for starting a new thread; I've utilized the search here and some Google-fu, but still have questions for the community.
I recently upgraded to an HTC Rezound from a Thunderbolt, and have accepted the stock OTA ICS update last weekend.
This has not stopped me from Rooting the device, however. Using an All-In-One Toolkit downloaded here, I was able to Unlock the Bootloader, Install custom Recovery (ClockWorkMod Touch), and have SU flashed. All signs point to root, but I would like to know a few things.
- Is there currently any method of acquiring S-OFF, other than the juopunutBear "Wire Trick"? It sounds incredibly risky, and I feel a bit hesitant to try it connecting pins on the back of my phone with insulated wire... I would like to have S-OFF, in case I want to roll back using a PH98IMG.zip
After rooting, I noticed that the text ****TAMPERED**** appears above the UNLOCKED line when I power on into HBOOT. Is this normal? Or have I messed things up? The best answer I have gleaned so far is from another device's forum, and that this simply indicates that I have root.
Would love to hear some feedback. This is my 5th Smartphone starting with the G1, and I have rooted every single one within days. Only the Rezound seems to be the trickiest for me.
Let me know your thoughts, thanks.
The hboot says tampered after you install a custom recovery so that's normal. I was the same way about s-off it seemed to risky and complicated but in all honesty it is very simple. It's our only way to get s-off and the main thing is getting the timing right for the wire trick. I got it on my second try. I would say just read up on it and gain as much info until you feel comfortable to do it.
Sent From My HTC Rezound
big_mike_2k6 said:
The hboot says tampered after you install a custom recovery so that's normal. I was the same way about s-off it seemed to risky and complicated but in all honesty it is very simple. It's our only way to get s-off and the main thing is getting the timing right for the wire trick. I got it on my second try. I would say just read up on it and gain as much info until you feel comfortable to do it.
Sent From My HTC Rezound
Click to expand...
Click to collapse
Thanks, that confirms a number of suspicions. & As I understand it, I need to be S-OFF in order to flash a custom ROM, correct?
And this is due to the fact that I not only have to flash the ROM in recovery, but also flash a Kernel through HBOOT?
I want to start flashing custom ROMs, but in the meantime, I'm fairly happy with rooted ICS. Got Google Now working, removed 'App Associations' menu, and removed the VZW crapware, so root is working out rather well
deadsoulboy said:
Thanks, that confirms a number of suspicions. & As I understand it, I need to be S-OFF in order to flash a custom ROM, correct?
And this is due to the fact that I not only have to flash the ROM in recovery, but also flash a Kernel through HBOOT?
I want to start flashing custom ROMs, but in the meantime, I'm fairly happy with rooted ICS. Got Google Now working, removed 'App Associations' menu, and removed the VZW crapware, so root is working out rather well
Click to expand...
Click to collapse
You don't need to be s-off to flash a Rom but you do need to flash the kernel separate in hboot when you're s-on. When you're s-off you don't have to. I myself usually stay fairly close to stock with a few tweaks here and there and of course Verizons crap long gone.
Sent From My HTC Rezound
One more thing... Given my software version, etc, if I S-OFF now, would I bork my device?
Also, it looks like at the unlimited.io site, there is only a Windows version of juopunutbear for Gingerbread, and early ICS versions. My phone's software is on version is 3.14.605.12; does this mean I should abandon attempting to S-OFF ?
deadsoulboy said:
One more thing... Given my software version, etc, if I S-OFF now, would I bork my device?
Also, it looks like at the unlimited.io site, there is only a Windows version of juopunutbear for Gingerbread, and early ICS versions. My phone's software is on version is 3.14.605.12; does this mean I should abandon attempting to S-OFF ?
Click to expand...
Click to collapse
No you'll be fine doing it on your current version. You can use the file from the unlimited.io site for the 3.14.605.05 ics leak it works with the official ics update.
Sent From My HTC Rezound
i know clockwork will bork your device im not sure if the touch version does the same thing.
I recommend installing Amon Ra recovery or TWRP.
If i helped thanks me
Just started reading up on EVO 4G LTE, i see how to root, but also S-Off. Do i need to do both? Do i need to do one before the other?
Any suggestions? I've had the original EVO and HTC Thunderbolt, i just rooted and i think it did root and S-off all at once.
What's S-OFF needed for? Sorry thought i knew what i was doing, used to flash a ROM every week on original EVO but now i'm a bit confused.
thanks in advance.
pdub110 said:
Just started reading up on EVO 4G LTE, i see how to root, but also S-Off. Do i need to do both? Do i need to do one before the other?
Any suggestions? I've had the original EVO and HTC Thunderbolt, i just rooted and i think it did root and S-off all at once.
What's S-OFF needed for? Sorry thought i knew what i was doing, used to flash a ROM every week on original EVO but now i'm a bit confused.
thanks in advance.
Click to expand...
Click to collapse
You don't need to S-OFF to flash roms but... it makes other tasks easier such as flashing the firmware bits (radio,PRI,ect)
Oh and the other advantage with being S-OFF you don't need to flash kernels separatly if there is not a kernel installer added to the rom script.
The term "Rooting" is usually used to describe the process of unlocking the bootloader and installing binaries that give you root access to the android operating system. Unlocking the bootloader gives you the ability to modify some partitions in the phone's internal memory (which is required to flash custom roms). Pretty much every custom ROM has the superuser binaries already included, so all you really need to do is unlock the bootloader and flash a custom ROM to be rooted.
S-off allows you to modify ALL partitions on the internal memory, so it's preferable to simply unlocking...but it's a more involved process and there's some risk associated with it.
Check out the OP of this thread, it has lots of good info for new users of this phone (and android phones on general):
http://forum.xda-developers.com/showthread.php?t=1869377
Sent from my EVO LTE
pdub110 said:
Just started reading up on EVO 4G LTE, i see how to root, but also S-Off. Do i need to do both? Do i need to do one before the other?
Any suggestions? I've had the original EVO and HTC Thunderbolt, i just rooted and i think it did root and S-off all at once.
What's S-OFF needed for? Sorry thought i knew what i was doing, used to flash a ROM every week on original EVO but now i'm a bit confused.
thanks in advance.
Click to expand...
Click to collapse
I quote from this thread:
xmoo said:
HTC have installed a sort of security check whose level is determined by S-OFF/S-ON. Essentially, this security level is a flag stored on the device’s radio that checks signature images for any firmware before it is allowed to be written to system memory. This hinders using any custom ROMs, splash images, recovery etc., and also restricts access to the NAND flash memory. However, when security level is set to S-OFF, the signature check is bypassed, allowing a user to upload custom firmware images, unsigned boot, recovery, splash and HBOOT images, as well as official firmware that has been modified, this enabling maximum customization of your HTC Android device.
Furthermore, S-OFF also reduces restrictions on accessing the NAND flash memory on the device, allowing all partitions (including /system) to be mounted in write mode while the operating system is booted.
Click to expand...
Click to collapse
In short, there's not really an argument against going through the process. It'll make your life easier. If you do want both S-OFF and root, go through the S-OFF process completely first before you install a custom recovery and superuser.
I'm assuming you have a newer device, so you probably have HBOOT 1.15 or 1.19, in which case you should go here for S-OFF. You'll need a Windows machine for that. Give the instructions a good once over before going through the process; follow them to the letter and you won't have any problems.
If your firmware version is 1.22.651.3 or higher, use this method to root. Again, give the instructions a once over before going through the process.
I have an HTC One on T-Mobile still running Android 4.1.2 (Sense 5.0). I haven't updated because I intend to root the device (tbh, intended to 3 months ago) and when I asked about it back then I was advised to S-OFF first, then run OTA update, then root.
I'm just checking back to make sure that that is still the correct course of action, and that my understanding is more or less correct ... I believe that because I have hboot 1.44 I can *not* use rumrunner for S-OFF, and should use revone or moonshine instead (and I have no idea how to choose which one to use).
So my plan, unless anyone corrects my noobish misconceptions, is to:
1. decide between revone and moonshine
2. S-OFF
3. root
I have also read something about not updating my hboot from 1.44, but honestly I don't know when that would normally happen or what I have to do (if anything) to prevent/avoid it, or what relationship updating hboot has to the rooting process.
I hope you'll forgive my ignorance, and warn me if I'm headed in the wrong direction. Obviously I have some learning to do, and I plan to seek at least a remedial education in these concepts before embarking ... I guess that's what I'm doing now.
thanks for any assistance you can provide...
lhuge said:
I have an HTC One on T-Mobile still running Android 4.1.2 (Sense 5.0). I haven't updated because I intend to root the device (tbh, intended to 3 months ago) and when I asked about it back then I was advised to S-OFF first, then run OTA update, then root.
I'm just checking back to make sure that that is still the correct course of action, and that my understanding is more or less correct ... I believe that because I have hboot 1.44 I can *not* use rumrunner for S-OFF, and should use revone or moonshine instead (and I have no idea how to choose which one to use).
So my plan, unless anyone corrects my noobish misconceptions, is to:
1. decide between revone and moonshine
2. S-OFF
3. root
I have also read something about not updating my hboot from 1.44, but honestly I don't know when that would normally happen or what I have to do (if anything) to prevent/avoid it, or what relationship updating hboot has to the rooting process.
I hope you'll forgive my ignorance, and warn me if I'm headed in the wrong direction. Obviously I have some learning to do, and I plan to seek at least a remedial education in these concepts before embarking ... I guess that's what I'm doing now.
thanks for any assistance you can provide...
Click to expand...
Click to collapse
You can achieve S-Off and unlock (without HTCDev) using the HTC One toolkit (which utilizes revone) from squabbi here:
http://forum.xda-developers.com/showthread.php?t=2364445
From there you should have no problems updating or flashing to whatever you want. At that point - even a full conversion to Gev Edition, GPe, etc is most definitely do-able.:good:
PhoenixPath said:
You can achieve S-Off and unlock (without HTCDev) using the HTC One toolkit (which utilizes revone) from squabbi here:
http://forum.xda-developers.com/showthread.php?t=2364445
From there you should have no problems updating or flashing to whatever you want. At that point - even a full conversion to Gev Edition, GPe, etc is most definitely do-able.:good:
Click to expand...
Click to collapse
Wow, I just downloaded & opened that toolkit, thanks! I wish I had it three days ago (though probably learned more by not having it), but I'll still get good use out of it now.
I've seen a few statements implying that it's better to unlock "without HTCDev", but haven't seen an explanation ... have I lost something specific by going through HTCDev to get my unlock token? (Or is it just a general desire to not have big brother know that we're mucking around with our device?)
I'm now unlocked, rooted, S-OFF, and updated to 4.3, deciding what to tinker with next...
lhuge said:
Wow, I just downloaded & opened that toolkit, thanks! I wish I had it three days ago (though probably learned more by not having it), but I'll still get good use out of it now.
I've seen a few statements implying that it's better to unlock "without HTCDev", but haven't seen an explanation ... have I lost something specific by going through HTCDev to get my unlock token? (Or is it just a general desire to not have big brother know that we're mucking around with our device?)
I'm now unlocked, rooted, S-OFF, and updated to 4.3, deciding what to tinker with next...
Click to expand...
Click to collapse
Unlocking through HTCDev puts a flag on your device (in their database) making it harder to get repairs or warranty service (exchanges).
Have fun tinkering!