Welcome to Facepalm S-Off for modern HTC phones.
Credits and terms:
Exploit by beaups, full guide, testing, and concept by jcase and beaups. Thanks to dsb9938 and dr_drache for support and testing. Thanks also to all of the regulars at teamandirc.
Both beaups and jcase will collect the applicable active bounties. Further donations are greatly appreciated and can be sent to:
beaups - firstname.lastname@example.org - http://forum.xda-dev...me.php?u=711482
jcase - email@example.com - http://forum.xda-dev.....php?u=2376614
dsb9938 - firstname.lastname@example.org - http://forum.xda-dev.....php?u=2963256
Dr_Drache - email@example.com - https://www.paypal.c....=6LRSY8MT8P3A6
You can also come by irc for support or just to say thanks: #FacePalm http://chat.andirc.n...annels=facepalm
While this process shouldn’t be too risky, bricks can happen. None of us will be accountable. If you are worried, don’t do it.
This is a pretty simple method, however, you will need to have a working adb and fastboot environment. This method will work on any operating system that supports adb and fastboot. You should understand how to use a terminal window in your O/S. If you don’t understand adb and fastboot, you probably don’t need S-off.
Lastly, the work herein should not be stolen, repackaged, one clicked, bat’d, etc. soffbin3 is not GPL and may not be reused, integrated into other work, reposted, or redistributed without our permission.
For this to work, you must be rooted and have superCID (unlock/custom recovery is optional), see the threads below for help and information regarding obtaining superCID, unlock, root, etc. Note these threads are provided for convenience only. Please look for support for them in each respective thread if you need it, do NOT clutter this thread with support requests regarding obtaining superCID and/or root! If you try this process without superCID, it will not work, and you may have issues!:
HTC DNA: http://forum.xda-dev....php?p=36976137
Note: This is for DNA users who have successfully achieved superCID. If you have accepted the OTA without getting superCID FIRST, you’ll need to wait a little while longer, we have something in the works for you.....
HTC One XL: http://forum.xda-dev...d.php?t=1952038 (2.2)
HTC OneS: http://forum.xda-dev...hlight=supercid
Once you have confirmed you have SuperCID, get started (read it through first so you understand it all):
1.) Download patcher and unzip it in your working directory:
soffbin3.zip http://d-h.st/74S = MD5: 5a3b9e42597d36d57a598083a4c4c244, Mirror http://goo.im/devs/d...ff/soffbin3.zip
2.) Find model id (open a terminal window or command prompt and leave open for further commands):
adb shell getprop ro.aa.modelid
3.) Download zip that matches your model id and move it in your working directory (do not unzip it!):
OneX.zip http://d-h.st/H6u = MD5: 99a8eced1010543e12cbd4e4e8f9638f, Mirror http://goo.im/devs/d...312000-OneX.zip
PL8320000-DNA.zip http://d-h.st/nOo = MD5: 8fa1cf193559d34279d2b1c1aa8c29, Mirror http://goo.im/devs/d...8320000-DNA.zip
OneS PJ4010000-OneS.zip http://d-h.st/sE6 Mirror http://goo.im/devs/d...010000-OneS.zip
adb reboot bootloader(wait for bootloader)
fastboot oem rebootRUU(wait for black HTC Screen)
fastboot flash zip <appropriate zip filename from above>After a while, You should see the following error “FAILED (remote: 92 supercid! please flush image again immediately)”
7.) Immediately issue the following command:
fastboot oem boot
You may see some errors, just wait for the device to boot into Android (only now, you should be booted into Android with no eMMC write protection of any kind active).
8.) Issue the following 3 commands to update the security partition with S-off flags (one command at a time!):
adb push soffbin3 /data/local/tmp/ adb shell chmod 744 /data/local/tmp/soffbin3 adb shell su -c "/data/local/tmp/soffbin3"
(wait for a few seconds)
adb reboot bootloader
10.) You should see what you are looking for!
If you need help or just care to say thanks, join us on IRC: #FacePalm http://chat.andirc.n...annels=facepalm