• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root [how to] get back to stock from moonshine or facepalm s off

scotty85

Extreme Android User
WARNING!!!
DO NOT turn your secureflag on unless on a stock,signed hboot.

s-on with an eng signed or patched hboot will hard brick your device immediately.
(read: permanently bricked,unrecoverable)


in other words,ONLY use the writesecureflag 3 command AFTER running an RUU. never before.

im sure were mostly to excited to want to go back to s on just yet,since we just got s-off :eek: but its a matter of time before this comes up,so here ya go:

prerequisites:
-that you know your stock CID and build number(x.xx.xxx.x for example, xxx=531= tmobile, xxx=401= htc europe)

if you have a relocked bootloader,and want to reset the lock status to read locked,reference this thread: http://androidforums.com/one-s-all-things-root/690911-how-reset-your-lock-status-flag.html

flash "lock_bootloader.zip" in your recovery of choice,then procede to the following steps.

1)donwload and run an RUU for your most current STOCK carrier/reigonal build
2)open a cmd window. plug in phone,charge only mode,usb debugging on.
3)run the following:

adb devices

adb reboot bootloader

fastboot devices

fastboot oem writecid xxxxxxxx (where xxxxxxxx is your stock CID. example: HTC__001 or T-MOB010)

fastboot reboot-bootloader

fastboot getvar cid (verify your stock CID)

fastboot oem writesecureflag 3

fastboot reboot-bootloader

*verify you are locked s-on

fastboot reboot

Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]

c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
List of devices attached
HTxxxxxxxxxx    device


c:\mini-adb_vigor>[COLOR="Red"]adb reboot bootloader[/COLOR]

c:\mini-adb_vigor>[COLOR="red"]fastboot devices[/COLOR]
HTxxxxxxxxxx    fastboot

c:\miniadb_ville>[COLOR="Red"]fastboot oem writecid HTC__001[/COLOR]
...
(bootloader) Start Verify: 0
OKAY [  0.014s]
finished. total time: 0.016s

c:\miniadb_ville>[COLOR="red"]fastboot reboot-bootloader[/COLOR]
rebooting into bootloader...
OKAY [  0.066s]
finished. total time: 0.068s

c:\miniadb_ville>[COLOR="red"]fastboot getvar cid[/COLOR]
cid: HTC__001
finished. total time: 0.004s

c:\mini-adb_vigor>[COLOR="red"]fastboot oem writesecureflag 3[/COLOR]
                              ... OKAY [  0.051s]
finished. total time: 0.051s

c:\mini-adb_vigor>[COLOR="red"]fastboot reboot-bootloader[/COLOR]
     rebooting into bootloader... OKAY [  0.177s]
finished. total time: 0.177s

c:\mini-adb_vigor>[COLOR="red"]fastboot reboot[/COLOR]
                     rebooting...
finished. total time: 0.168s

c:\mini-adb_vigor>

*verified working if you need it for warranty. :)

*current RUUs can be found here:
Directory listing of http://androidfiles.org/ruu/Ville
or here:
Shipped ROMs

*if you need adb/fastboot you can use this:
mini-adb.zip
(extract,move to root of c,change to that directory with cd c:\mini-adb )
 
Ok ...some questions .... :

-IF i do NOT restore secure on bootloader can i install RUU without issues ? [s-off right now]
-IF i do NOT restore original CID will i be able to install RUU without issues ? [supercid right now]
-IF you know... after doing S-OFF procedure, can i change my CID to ...HTC__001 ? or will it impact the S-OFF procedure ?
-IF i run the RUU on device will it restore S-ON ? [i have bootloader v2.15 now, so it's the last one]




Thanx !
 
Ok ...some questions .... :

-IF i do NOT restore secure on bootloader can i install RUU without issues ? [s-off right now]
if you stay s off,you can run any ruu that you wish,old or most current. if you keep superCID you can flash any carrier/regional ruu that you wish. these 2 things(s off and supercid) basically mean the sky is the limit. run any ruu you wish.

if you restore youre stock cid,then youll be limited to your stock carrier ruus.staying s off will let you still install any of those that you wish.

restoring cid and s on limits you to your carrier ruus,and then only those that are your current build or newer.

the moral of this store is you can change cid if you wish. but dont turn s on unless the phone breaks and you want to send it in for warranty repair. s off makes your life easy in many ways.

-IF i do NOT restore original CID will i be able to install RUU without issues ? [supercid right now]
yes. more info above ;)

-IF you know... after doing S-OFF procedure, can i change my CID to ...HTC__001 ? or will it impact the S-OFF procedure ?
sure. changing cid wont affect anything about being s off,just limit what ruus you can run.HTC__001 will allow most of them,its one of the most universal non-supercid cid's ;)

-IF i run the RUU on device will it restore S-ON ? [i have bootloader v2.15 now, so it's the last one]
no. the radio secureflag lives in a partition that is not modified during OTAs or RUUs. you will stay s off until you pruposely change it via the instructions above



Thanx !

your welcome. :) hope that helps.

one last bit: being s off does not in any way accept the normal function of the phone. it wont keep you from being 100% stock unrooted,it wont prevent OTAs,etc. and it always gives you the safety net of being able to reroot easily and offers more options to recovery a soft bricked device.

so please... stay s off :D
 
:)) thanx for the add info that i needed, i WILL stay s-off as this is one of my dreams w/ HTC devices ever since i had the first Nexus phone ...that was s-off :| [thank you HTC !].

And as for warranty... i don't play this game !
I have a friend that works at HTC and he fixes my phones for twice as less money than original parts cost, this is why la latest phones that i have are HTC's :P
 
With this guide Can I flash a RUU older than thath in my device (with HBOOT lower than mine)?

if you are s off,you are able to flash older ruus,with older hboots.

if youre inquiring because you need to go back to stock,and you cannot find a current ruu,then yes,it will work fine.

if youre just wanting to install an older ruu,you dont really need this giude,and id advise against turning s on for reasons other than warranty exchange/repair,as being s on offers you no advantage.

as explained in the other thread,you no longer need the old hboot to install roms without a seperate boot image flash. with s off,recovery can install the boot image,regardless of hboot version.

hope that answers your questions. if not,knowing why you are asking might help us answer you :)
 
Yes. You answer very good.
I'have a new HTC One S with VODAP102

My software versione is:
3.16.161.9

Microsoft Windows [Versione 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. Tutti i diritti riservati.

Code:
C:\HTC\Data>fastboot getvar all
(bootloader) version: 0.5
(bootloader) version-bootloader: 2.15.0000
(bootloader) version-baseband: 1.11.50.05.28
(bootloader) version-cpld: None
(bootloader) version-microp: None
(bootloader) version-main: 3.16.161.9
(bootloader) version-misc: PVT SHIP S-ON
(bootloader) serialno: xxxxxxxxxxxxxxxxxxxxx
(bootloader) imei: xxxxxxxxxxxxxxxxxxxxxx
(bootloader) product: vle
(bootloader) platform: HBOOT-8960
(bootloader) modelid: PJ4010000
(bootloader) cidnum: VODAP102
(bootloader) battery-status: good
(bootloader) battery-voltage: 3769mV
(bootloader) partition-layout: Generic
(bootloader) security: on
(bootloader) build-mode: SHIP
(bootloader) boot-mode: FASTBOOT
(bootloader) commitno-bootloader: dirty-64bedd38
(bootloader) hbootpreupdate: 11
(bootloader) gencheckpt: 0

For my CID there is only this RUU:
[HIGH]RUU_Ville_U_Vodafone_UK_1.53.161.3_Radio_0.15.31501S.19_2_10.13.31501S.06L_release_251482_signed.exe
RUU_Ville_U_Vodafone_UK_1.78.161.2_Radio_0.16.31501S.17_2_10.23.31501S.10L_release_258386_signed.exe
RUU_Ville_U_ICS_40_S_Vodafone_UK_2.38.161.6_Radio_1.08es.50.02.21_10.09c.50.04L_release_280400_signed.exe[/HIGH]

There isn't official Jellybean RUU for Vodafone UK.

I would like to play with unlock bootloader, rooting, and flashing custom rom.
But before this, I wont to be sure that I Can return to my original status.

So I can
1) unlock bootloader
2) flash custom recovery
3) root device
4) supercid
5) s-off
6) flash custom rom as many as I want
7) relock bootloader
8) flash ruu
9) S-OFF
10) OTA update to go to original Vodafone UK Jellybean.

Right?
 
There isn't official Jellybean RUU for Vodafone UK.

I would like to play with unlock bootloader, rooting, and flashing custom rom.
But before this, I wont to be sure that I Can return to my original status.

So I can
1) unlock bootloader
2) flash custom recovery
3) root device
4) supercid
5) s-off
6) flash custom rom as many as I want
7) relock bootloader
8) flash ruu
9) S-OFF
10) OTA update to go to original Vodafone UK Jellybean.

Right?

ahhh,gotcha. :) in theory,yes,your steps are possible. it all relies on step 4,as some have had trouble with superCID,it seems that in some cases mmcblk0p4 is now write protected,making the cid change impossible. this prevents the facepalm method of s off,but in a worse case you could have s off done via jtag,it just will not be free.

even if you cannot supercid and s off,you can get back to more or less stock status,as long as you make a backup of your current,stock,unrooted rom to restore.

you can get your stock recovery back by flashing it just like you did the custom recovery,assuming we can find it in an OTAPkg. another option would be to not ever replace your stock recovery. simply plug in to the PC and fastboot boot your recovery whenever you need to use it. in addition to keeping your stock recovery in place,it also gives you the advantage of not having to flash your boot image seperately,like you would when flashing a rom from a permanently installed recovery. a fastboot booted recovery can install the boot image,just like being s off :)

so,failing #4,your steps could be like this:

1)unlock bootloader
2)boot recovery
3)make stock unrooted backup
4)flash super user,or a custom roms. when you want to go back to stock,then:
5)boot recovery
6)restore stock backup
7)relock bootloader

at that point the only difference is that your bootloader is relocked instead of locked

if your willing to pay for jtag s off if supercid fails,then you can use your same steps:
1) unlock bootloader
2) flash custom recovery
3) root device
4) supercid
5) s-off (send in for jtag service if step 4 fails)
6) flash custom rom as many as I want
7) relock bootloader
8) flash ruu
9) S-OFF
10) OTA update to go to original Vodafone UK Jellybean.
 
gooooooooooood explanation.
Tomorrow I'll try to root my device.

I don't understand one thing.
How Can I make a nandroid backup with stock recovery? Or it is impossible?
 
I don't understand one thing.
How Can I make a nandroid backup with stock recovery? Or it is impossible?
you will use the booted recovery image. when you get to the part in whatever guide youre following that directs you to flash a recovery with this command:

fastboot flash recovery imagename.img

you will not use that command.instead you will boot your recovery into phone memory so that you can use it,without actually installing it permanently. to do that you will use this command instead:

fastboot boot imagename.img

this link is in the rezound forum,but the info applies. youll just need to make sure youre using a one S specific recovery image :) http://androidforums.com/rezound-all-things-root/587430-s-want-flash-roms-read.html

so basically, you will:
1)unlock bootloader
2)boot recovery image
3)make a nandroid backup with the recovery from step 2
4)flash a superuser or flash a rom

just repeat steps 2-4 whenever you want to restore a backup,or flash a new rom. ylou also may want to move your stock,unrooted backup to your PC for safe keeping,you wont want to loose it :eek: ;)
 
Fantastic. Now I understand. In This case if I can't S-off I only have "relocked" and not "locked". Sorry but my English is very poor.

Now I have another question.
I Come from Samsung Phone (S2, Note) and modding is very easy.
In particular, there is a zip flashable directly from stock recovery, which allow to root the phone without further changes.

You can see here (metod 1):
http://forum.xda-developers.com/showthread.php?t=1746794

I Ask if is it possible to create a zip flashable directly from fastboot that can root the HTC One S witouth unlock bootloader and without flash recovery modified.


In this case we can root and unroot the devices without doing anything of irreversible, also in devices not s-off...able.
 
i dont think your english is so bad at all. ive had no prollems understanding your questions :)

unfortunately,htc is not as "mod friendly" as samsung. an htc's stock recovery will only flash files that are signed by htc,and they have in place many security checks in the bootloader and recovery.

as a result,the only way to currently gain root access,is to unlock the bootloader via htcdev's official method. doing this allows you access to the boot,system,and recovery partitions.

if you are able to get superCID and s off,then you are able to remove all visual traces of having unlocked,rooted,superCIDed,or s offed :eek: so you will be 100% out of the box stock.

if you cant get superCID,then you will be left with the relocked watermark,but otherwise restoring your stock backup and performing a factory reset with the stock recovery will make you stock :)
 
ahhh,gotcha. :) in theory,yes,your steps are possible. it all relies on step 4,as some have had trouble with superCID,it seems that in some cases mmcblk0p4 is now write protected,making the cid change impossible. this prevents the facepalm method of s off,but in a worse case you could have s off done via jtag,it just will not be free.
.

Is it true that mmcblk0p4 is write protected in devices with jellybean ( never modified afther jellybean)?
 
Is it true that mmcblk0p4 is write protected in devices with jellybean ( never modified afther jellybean)?

i cant say for sure. lots of folks have been having troubles,most,if not all,on JB. there are a handful of folks that claim to not had issue with JB supercid,but there may be other explantions why it worked for them.

the most logical assumption,is that JB introduced write protection on mmcblk0p4 on most,or all models with the jellybean update. :(
 
i cant say for sure. lots of folks have been having troubles,most,if not all,on JB. there are a handful of folks that claim to not had issue with JB supercid,but there may be other explantions why it worked for them.

the most logical assumption,is that JB introduced write protection on mmcblk0p4 on most,or all models with the jellybean update. :(

It's a big problem. :mad:
 
I return to this illuminant thread.

I would ask IF this is true also for HTC One s:
*if you use fastboot boot to launch your recovery into phone memory,then recovery CAN write to the boot partition,making rom flashing on your s-on device just like rom flashing on an s-off device.

Antother question.

Is there some sure news about write cid protection?
In particular the new jb OTA enables write CID protection?
If I'm S-oFF, return to stock CID and flash the new OTA I'm still S-OFF?
 
I return to this illuminant thread.

I would ask IF this is true also for HTC One s:


Antother question.

Is there some sure news about write cid protection?
In particular the new jb OTA enables write CID protection?
If I'm S-oFF, return to stock CID and flash the new OTA I'm still S-OFF?

yes,booting recovery from fastboot should work the same,allowing s-on devices to write boot from recovery. it should always work for restoring nandroids,but for rom flashing,the rom has to be scripted for recovery to install boot(some roms written for s on devices are not-its up to the dev)

there is not any CID news that ive heard. i fear its going to take a while to crack this one,if it happens :(

this makes it very importnat to stay s off once you attain it. if you run a stock ruu,and restore stock CID,you should be able to flash the OTA,but id use caution. if a firmware file,and flashable rom exists,youre much better off to go that route- its much,much less risky.

it technically is possible for an OTA to turn s on,but not very likely. if you can OTA without some other wierd glitch we dont know about yet bricking the phone,it should remain s off.
 
I tried to do "fastboot boot imagename.img" with device only unlocked (never flash recovery modified)

The first time I've black screen.
The second time I've the TWRP recovery but now in fastboot says "tampered". Is it normal (I never flash recovery only boot recovery)?
 
yup,thats normal. normally it will disapear whn you run an ruu. it may also disapear if you relock,then do a factory data reset i hboot.
 
Still about "fastboot boot"

I tried to boot in custom recovery, and all is okay:

[HIGH]C:\adb>adb reboot bootloader

C:\adb>fastboot boot openrecovery-twrp-2.3.3.0-ville.img
downloading 'boot.img'...
OKAY [ 1.068s]
booting...
OKAY [ 0.003s]
finished. total time: 1.073s

C:\adb>[/HIGH]

I tried with TWRP, CWM and Philz modified CWM.

I tried to boot in stock revocery and It doesn't work.

[HIGH]C:\adb>adb reboot bootloader

C:\adb>fastboot boot ville_recovery_signed.img
creating boot image...
creating boot image - 9711616 bytes
downloading 'boot.img'...
OKAY [ 1.134s]
booting...
FAILED (remote: reproduce boot image with on-flash ramdisk error)
finished. total time: 1.154s

C:\adb>[/HIGH]

Why?
It isn't possbile to boot in stock recovery?
 
I tried to boot in stock revocery and It doesn't work.

[HIGH]C:\adb>adb reboot bootloader

C:\adb>fastboot boot ville_recovery_signed.img
creating boot image...
creating boot image - 9711616 bytes
downloading 'boot.img'...
OKAY [ 1.134s]
booting...
FAILED (remote: reproduce boot image with on-flash ramdisk error)
finished. total time: 1.154s

C:\adb>[/HIGH]

Why?
It isn't possbile to boot in stock recovery?

it should be possible. i have booted recovery on other devices,there is maybe an issue with the stock recovery image youre trying to use.

what are you trying to accomplish by booting the stock recovery?
 
I tried with several recovery extracted from ota and downloaded directly from link by other users

I'm trying to remove "tampered" without any modify.
 
the recoveries from ota will be for newer, and different build. If you still have your stock recovery in place, the only thing that I know that will remove it for sure while s on is to relock and run the exact ruu for your build or newer. You might try re lock and factory reset, but I do not know for sure if that will work.

Booting a different stock recovery will definitely not remove it.
 
Back
Top Bottom