• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Trying to return to stock

Cyber Droid

Cyber Droid

Newbie
Hi, I'm new to this site so bare with me if I posted these questions in the wrong thread... I have the HTC one S Version S4, and I have successfully unlocked the bootloader and rooted using the guide on this site " How to Unlock the Bootloader, install recovery, and Root your HTC One S". I have been trying to SuperCid for awhile now with no luck, I go through all the steps successfully, including the editing of mmcblk0p4 using HxD editor but when I reboot and check (fastboot oem readcid) I dont get the 11111111, I get my cid: GLOBA001. I'm trying to SuperCid so I can S-Off my phone! My question is should I have Supercidded before I Unlocked and Rooted my phone and will returning to stock allow me to do so??? Pre-unlock and pre-rooted, I was running
" OTA_Ville_U_JB_45_S_Globalive_WWE_3.16.1500.7_1.11.50.05.28_10.27.50.08L_release_3049068z393w1fez9cc9lt.zip"
After unlock and rooted, I'm now running custom ROM " ViperOneS 2.1.0", recovery TWRP 2.4.2.0, and stock everything else! After the OTA update my HBoot switched to 2.15.0000! The most compatible RUU that I have found in the link you provided is "RUU_Ville_U_JB_45_S_HTC_Europe_3.16.401.8_Radio_1.11.50.05.28_10.27.50.08L_release_301814_signed_2_4.exe"
I only think its compatible because its the closest to the OTA Update I was running before...Which leads me to my second question. Will that RUU work with my phone even though it's for Europe??? This is what I get when I type this command ( fastboot getvar all)

C:\New App Developer\android-sdk\platform-tools>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 2.15.0000
(bootloader) version-baseband: 1.11.50.05.28
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main:
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) serialno: ************
(bootloader) imei: ***************
(bootloader) product: vle
(bootloader) platform: HBOOT-8960
(bootloader) modelid: PJ4011000
(bootloader) cidnum: GLOBA001
(bootloader) battery-status: good
(bootloader) battery-voltage: 3871mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-64bedd38
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0
all: Done!

My provider is Wind Mobile and I'm in Toronto, ON, Canada!!
Sorry for the long post!!! Thanks in advance, I appreciate any help you can provide!!!
 
Were you following this guide for SuperCID? http://androidforums.com/one-s-all-things-root/690970-guide-supercid.html. I'd keep trying and make sure to ask questions if you run into a part of it that is confusing. It seems to me like at least one of the steps is not working correctly or you would have supercid. It's just hard to troubleshoot if we are not given any more detail about what's happening. Is it possible for you to either copy/paste or provide screenshots of what happens after each of the commands when you are doing the supercid process? You want to be editing the numbers "GLOBA001" in the hex editor to "11111111".


You do need to be unlocked/rooted to do that (and to achieve s-off), so if that is your goal then you don't want to run an RUU.
 
I will provide exactly whats happening on my CMD window by either copy/paste or screenshot tomorrow. I will also take a screenshot of the edited mmcblk0p4 file! I do change the GLOBA001 to 11111111 and save it as mmcblk0p4MOD before pushing it back to sdcard. Both mmc files are the same size ( 1k)... I will provide visual reference here tomorrow, thanks again!
 
Here's what I've been doing!!!

C:\New App Developer\android-sdk\platform-tools>adb shell
~ # ←[6n dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4
dd if=/dev/block/mmcblk0p4 of=/sdcard/mmcblk0p4
2+0 records in
2+0 records out
1024 bytes (1.0KB) copied, 0.009430 seconds, 106.0KB/s
~ # ←[6nexit
exit

C:\New App Developer\android-sdk\platform-tools>adb pull /sdcard/mmcblk0p4
142 KB/s (1024 bytes in 0.007s)

C:\New App Developer\android-sdk\platform-tools>adb push mmcblk0p4MOD /sdcard/mmcblk0p4MOD
47 KB/s (1024 bytes in 0.021s)

C:\New App Developer\android-sdk\platform-tools>adb shell
~ # ←[6n dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4
dd if=/sdcard/mmcblk0p4MOD of=/dev/block/mmcblk0p4
2+0 records in
2+0 records out
1024 bytes (1.0KB) copied, 0.006165 seconds, 162.2KB/s
~ # ←[6nexit
exit

C:\New App Developer\android-sdk\platform-tools>adb reboot bootloader

C:\New App Developer\android-sdk\platform-tools>fastboot oem readcid
...
(bootloader) cid: GLOBA001
OKAY [ 0.014s]
finished. total time: 0.018s

C:\New App Developer\android-sdk\platform-tools>


I have attached 2 screenshots. One is the mmcblk0p4 file before the MOD and the other one is after the MOD. I have substituted my EMI number with asterisks (*). I hope this gives you more insight in whats going on!! Thanks!!
 

Attachments

  • mmc file.PNG
    mmc file.PNG
    57.8 KB · Views: 139
  • mmc MODDED file.PNG
    mmc MODDED file.PNG
    60.6 KB · Views: 179
Here's a screenshot of the actual CMD window on my PC! I didnt think I had to do "su" since adb shell already has "su" privileges. If you see under the command line there is a "#" which I assumed meant I have "su"..
 

Attachments

  • Command window.PNG
    Command window.PNG
    69.7 KB · Views: 131
I don't think your ROM would be an issue, but you may want to try flashing CM10 (what I was on when doing this) and trying it then. I doubt it will change anything, but worth a try.

I noticed on the xda thread that others are having the same issue, so there may be something going on here beyond my knowledge.
 
This screenshot is with me typing in "su" as instructed. Do you think I should be doing this with a Re-Locked bootloader and then go through HTC-Dev process to get a new Unlock token?
 

Attachments

  • CMD window2.PNG
    CMD window2.PNG
    75.8 KB · Views: 122
so if im understanding correctly,you dump mmcblk0p4,change it,flash it back,cid doesnt change. then you pull mmcblk0p4 again,and find it unchaged from original(11111111 is gone)

i hate to ask an obvious question,but are you sure your changes are being saved? you might open the image you pushed back(the one in your platform-tools folder) and make sure its actually superCID'ed. if its NOT,then maybe run HxD as administrator,if you havent been.

failing that,im afraid that if your phone has OTAed,youre now on a set of firmware where htc has wisened up and write protected 0p4 while s on. :(

there may not be a way to superCID JB OTA'ed devices yet... let me dig around and see if i can find anything out. :)
 
may be a grasp at straws,but you might also try the commands with the phone in recovery. it may have more access than system.

ive a feeling that folks that have succeded on 2.15 were either s off allready,or not running the full fimrware,possibly leaving 0p4 unprotcted like it was in older versions.

ive got to get to work,but ill search some more later this evening :)
 
Ok, what I do is, dump mmcblk0p4, then I right click on HxD editor and run as ADMIN, then I navigate from within HxD to the mmcblk0p4 file. I open the file and change GLOBA001 to 11111111. Then I save as mmcblk0p4MOD. I go to my (platform-tools folder) and I see the original mmcblk0p4 file and the mmcblk0p4MOD file. Then just to be sure, I right click on the mmcblk0p4MOD file, open with HxD editor and the file has the change (11111111), both files are the same size(1K). Then I follow the instructions as you can see in the screenshot in the above posts but nothing changes. Should I be saving it as mmcblk0p4 and NOT as mmcblk0p4MOD??? I have tried it in recovery aswell. I have tried it with USB storage mounted and without, but still no luck... I think you might be right about HTC having wised up,lol!!! Had I known I would have never OTA'ed!! Im gonna try changing ROM's ( Dark-Jelly-S-Edition-Build-12.1.zip CM10) and see if that does anything!! Hopefully if it does I will let you guys know here!! Thanks for your help!
 
Ok, I changed my ROM to (Dark-Jelly-S-Edition-Build-12.1.zip CM10).. Its running great, I enabled developer options, turned on usb debugging and gave it another try!! Check out the screenshot to see what happened and let me know if I messed anything up!! Thanks again!!
 

Attachments

  • DarkJellySCid.PNG
    DarkJellySCid.PNG
    81.3 KB · Views: 118
Dang write protection, lol!! I had a reply from an XDA member yesterday that said to try this,Quote: "After you flash the hex-edited file you need to re-lock and then get a new token and unlock again....after that you got supercid unlocked which you need for s-off "... In your opinion do you think this can work and by new token does he mean the HTC-Dev process to unlock the bootloader which will give me a new Unlock_code.bin file??
 
Cyber Droid said:
Dang write protection, lol!! I had a reply from an XDA member yesterday that said to try this,Quote: "After you flash the hex-edited file you need to re-lock and then get a new token and unlock again....after that you got supercid unlocked which you need for s-off "... In your opinion do you think this can work and by new token does he mean the HTC-Dev process to unlock the bootloader which will give me a new Unlock_code.bin file??
Click to expand...

i saw that as well,and it dint make a whole lot of sense to me. when you flash your hex edited file,its not changing anything becasue of the write protection. it wont matter if you relock or not.

the gist of what he was trying to say,i believe,is that once you change your CID your original unlock_code no longer works,youll need to get a new token,and then a new unlock code. this part is true... however i dont know why youd need to relock and re unlock to s off,the second unlock is not any different than the lock you have after supercid.

you could try relocking,getting a new token and unlock_code,and re-unlocking and then try to superCID again if hopes of the new unlock on JB will release the WP on mmcblk0p4,but i doubt that provide any different results. :(

you might also try,sor S&Gs if it will let you change the CID to HTC__001. if so,maybe mmcblk0p4 is only blocking 11111111. if you can successfully change the cid to something other than 11111111 and have it stick,try changing it to 22222222 for the s off process :)
 
Thats a good idea, I have never tried to change the Cid to anything other than 11111111. So you're saying I should try to change it to HTC__001 and if that works change it to 22222222 ??? If 22222222 sticks, will I be SiperCidded and will I be able to S-Off?? I have never tried to change the Cid to anything else cause I was afraid to brick my phone, I dont know if thats even possible though... I will definitely try this,Thanks!
 
Cyber Droid said:
Thats a good idea, I have never tried to change the Cid to anything other than 11111111. So you're saying I should try to change it to HTC__001 and if that works change it to 22222222 ??? If 22222222 sticks, will I be SiperCidded and will I be able to S-Off?? I have never tried to change the Cid to anything else cause I was afraid to brick my phone, I dont know if thats even possible though... I will definitely try this,Thanks!
Click to expand...

correct,try HTC__001,then 22222222. that should work for s off,they are using that for the DNA since htcdev blocked 11111111 from working. changing the CID itself will not brick your phone,to my knowledge you can change it to literally anythin,even MY___CID or 12345678 :eek: why you need to be so careful with the hex editor,is becasue acidentally adding or subtracting bytes changes all the offset and makes that partition unfunctional.i.e., bricking the device.as long as youre careful to only change the CID characters and nothing else,you should be fine,paying attention to the exact file size as you have been.

i poked around for awhile again this morning,and couldnt really find anything,so i left a response on the xda thread. defaintely let us know what happens if the relock/unlock thing works,or changing the CID to something else. :)
 
No luck... I tried changing it to HTC__001 and I get the same results!! I dont think relocking and getting a new Unlock code is the answer because like you pointed out I will still be running the same system!! It has to be a HTC JB OTA thing! I have ran out of options,:mad::( lol!! Thanks for your help,I really appreciate it!!
 

Attachments

  • HTC__001 attempt.PNG
    HTC__001 attempt.PNG
    74.8 KB · Views: 121
Ok I tried the relock/unlock as described!! I went through the whole SuperCid process as I've done in the past. I flashed the HxD edited file and I locked the bootloader, then I deleted the old Unlock_code.bin file . The bootloader restarted and it now said **Tampered** and **Re-Locked** which is normal, but underneath **Re-Locked** there was a new thing **Security Warning** which was never there before. HBoot still said S-On.. I fully shutdown the phone and then restarted it into fastboot, now the **Security Warning** was gone.. I proceeded with the HTC-Dev method of unlocking the bootloader to get a new Unlock_code.bin file.. The rest is explained by the screenshot.. The screenshot only shows part of the Token but it was fully there I just messed up on taking a full screenshot of the CMD window!!! No luck :(, unless I did something wrong but my phone's still working properly!!
 

Attachments

  • Re-lock and Unlocked.PNG
    Re-lock and Unlocked.PNG
    29.2 KB · Views: 198
did you try after unlocking withthe new token? not that i think it will be any different,but ya never know.

starting to look like the only options are:
1)wait and hope for new CID change process
2)downgrade via linux/brick method(:eek:)
3)jtag s off(cost $40)

im not advocating option 2,but if your desire for s off for free is strong,it is an option.
 
I haven't tried with the new token but I will today. Option 2 makes me a little nervous, I will leave that as a last result.. I wiil do more research on the jtag method while I cross my fingers and hope for a new CID process,lol!! I've heard of a wire method but I dont know if thats an option for the One S.
 
JTAG is a safe, viable option. I had it done to mine, prior to the release of face palm.

I'm on my phone at the moment, but there is a link here in the forum.
 
You must log in or register to reply here.
Back
Top Bottom