Better Mobile App

Root an Android HTC Thunderbolt (Feb 2012)

/space
Updated! 3:44pm JST​I did some research online how get root on an Android HTC Thunderbolt. Hopefully this thread will fill any knowledge gaps and confirm any data previously acquired prior to going through a whole process. This has been converted from what was a question. It is not meant to replace similar threads but instead further elaborate more on this topic for those who still did not fully understand after reading elsewhere. Revolutionary does not work until after downgrading your phone. In the future this may change. Downgrading to an older ROM will wipe your phone. Save photos, files and important data on your computer before proceeding. I am not aware of there being any programs that will do this for you until you have root access.
Here is what I had found:
- Downgrade to 2.11.605.5.
- Revolutionary
- HTC's Bootloader Unlock
- Clockworkmod (after gaining root)
- Titanium Backup [PRO] (after gaining root)
My phone specs were (2012-02-23):
HBOOT: 1.04.0000
RADIO: 1.48.00.0930w_3
L. Kernel: 2.6.35.10-g89eb00a
Software number: 2.11.605.9
/space
What is root (all lowercase)? Basically root is the highest user in Linux as well as some other Unix-like/based OSs like Macintosh. You could think of it as Administrator if you are a Windows user.
/space
/space

I kept on reading after I had originally created this thread. I skipped the Official HTC method. It does not disable S-On. I downgraded to 2.11.605.5 then used Revolutionary. Afterward I installed the stock ROM 2.11.605.9 with root access. Thank you developers! I hope this helped those who were still confused after reading a bunch of information about gaining root access on your phone.
addictivetips: What Is S-OFF & How To Gain It On HTC Android Phones With unrevoked forever said:
S-OFF – What And Why?
In their devices, HTC have installed a sort of security check whose level is determined by S-OFF/S-ON. Essentially, this security level is a flag stored on the device’s radio that checks signature images for any firmware before it is allowed to be written to system memory. This hinders using any custom ROMs, splash images, recovery etc., and also restricts access to the NAND flash memory. However, when security level is set to S-OFF, the signature check is bypassed, allowing a user to upload custom firmware images, unsigned boot, recovery, splash and HBOOT images, as well as official firmware that has been modified, this enabling maximum customization of your HTC Android device.
Furthermore, S-OFF also reduces restrictions on accessing the NAND flash memory on the device, allowing all partitions (including /system) to be mounted in write mode while the operating system is booted.
Click to expand...
Click to collapse
HTCdev: FAQs said:
Why is my security still on (S-On) after I have unlocked my bootloader?
Your device is shipped with Security on (S-ON) to protect your system software configuration (such as the bootloader, radio, boot, recovery, system and others). After you have unlocked the bootloader, however, you will have lifted the restrictions on boot, recovery and system. This means you can customize boot, recovery and system images on your phone as you desire. You can easily see that you have successfully unlocked the bootloader by looking at the top of the screen when entering the bootloader screen. Security is left on to protect things like the radio, and SIM lock.
Click to expand...
Click to collapse
Stop OTA updates:
RootzWiki: temporalshadows said:
IIRC the update app is com.smithmicro.dm (dm means device management)
I have frozen this app on my phone with no ill effects.
Sent from my ADR6400L using RootzWiki
Click to expand...
Click to collapse
RootzWiki: BuffoGT (OP) said:
This is correct. You can also remove the dmclient.APK to remove it permanently
Click to expand...
Click to collapse
/space
/space

Install then use Titanium Backup PRO prior to installing the latest ROM 2.11.605.9 to prevent future data loss after a wipe. You can use ClockwordMod with Titanium Backup PRO. It is up to you if you want to or not. Here is one link: Android Police: Titanium Backup PRO can now restore applications from ClockworkMod 5 Backup. You can find many more additional resources about this and more online after performing a Google search. Thank you for reading!
/space
/space
/space
/space
/space
I am not an owner, affiliate or sponsor of the products and services listed above. I, nor xda-developers.com, is responsible for any damages caused to you, personal property, devices and or anyone else's after using any of the information provided in this thread. You, or whomever else acted out after reading what was written here, are solely liable for your actions. Always proceed with caution before carrying out any steps provided on this or any other website.
/space
/space

HTC unlock

This is my primary concern.
Quote from toastcfh in the one x forum TWRP thread. ......
no, USB mount does not work in recovery. It appears to be locked out in recovery mode. the workarounds to get it working are one of two things.
(1) fastboot boot awesomeRecovery.img (this works because fastboot then boots recovery on the boot/temporary partition. So the you're not actually in recovery mode
(2) Offmode (this works because again you're again not technically in recovery mode. It uses the recovery ramdisk, kernel, and binaries but its still not technically recovery.
On that note I've seen suggestions that it's possibly a recovery issue with cwm and twrp. Unfortunately it doesn't appear to be the case. If it were then in CWM u wouldn't have usb when u fastboot boot the recovery or in offmode (fair assumption since both these options use the same kernel, ramdisk and binaries as recovery?). Can it be fix? Not that i know of. It looks to me like a total radio or bootloader lockout from using USB in recovery. Which means on a radio or bootloader level USB is disabled in recovery mode.
On that note I think we should raise the point to HTC that this locking down of the device does not suite our needs.Key points of fail would be as follows.
(1) Can NOT flash the boot partition from recovery. I've personally contacted HTC on this numerous times and they seem to just not care. Responding with "It's a security issue" and so forth. I would love to know how this is a security issue of any sort. Every other Android device has this ability except HTC devices since they started the HTC unlock ordeal. It's utter fail IMHO and HTC should listen to our needs .
(2) Can NOT flash recovery or boot partitions from system. This issue is NOT a deal breaker and isn't so bad when it comes down to the nitty gritty. But since the issue above exists, flashing with applications like htc dumlock and such were our only options. These work around apps cant be used to flash now because of the lockpout from system and it wouldn't be such an issue if HTC didnt lock us out in recovery from flashing boot.
(3) Can NOT flash P*IMG.zips in hboot/bootloader anymore. For the unlocked device running a custom firmware this is a must. Specially when radio updates and such are needed from the OEM. We seen a big use of this on the Sensation when HTC updated the device from Gingerbread to Ice Cream Sandwich. The update required new hboots, radios, and partitioning to actually use. So in that instead of having to flash a RUU Which didn't exist the only choice was to flash a custom P*IMG.zip that included all the radios and images need to run the builds. At this point we can't update those image/partitions without flashing an RUU. This makes no since and doesn't seem to do anything but make things more difficult on the unlocker to customize and modify their device.
(4) If all the conditions above HAVE to exist. Then why not give us documentation or utilities to flash fimware.zips from recovery like HTC does? When HTC was the proud Nexus device there was full support and documentation available on how to flash firmware on their devices. This made anyone choosing an HTC device blessed with knowing that their device was not only open and unlocked, but when flashing firmware that it was being flashed correctly to Google and HTC's standards. This code has now been moved out of recovery since right before the move to edify scripting and moved to vendor/htc/ (not arguing this choice as thats where it belongs from a maintaining point of view). But the problem is that vendor/htc is proprietary now. Which means Documentation and support for flashing firmware correctly is not available and left to developers of recoveries for the community to figure out. One would think if HTC was standing behind us that they would step up and give us a PROPER/OPEN/REAL unlock, or if they cant for the lame excuse of security concerns, then give us the documentation and utilities to flash the boot and firmware partitions properly. I mean really... what is there to lose there?
(5) WHAT WAS THE POINT OF HTC UNLOCK? I was to reach out and except us as a community. It was to keep us from having to exploit their firmware and look for holes to gain control of a device we rightfully own. WHAT DID HTC UNLOCK DO? It unlocked the devices at first and with each new revision of the unlock it gets more locked down and harder for us to use it as intended. WHAT DOES THAT LEAD TO? It leads to us hoping someone will take the time out of their life and exploit HTC's firmware so we can have access and control of our devices. I mean, it's bad when u have people poking a device with a paperclip to get a device unlocked to avoid a official unlock.
Bottom line; I'm personally fed up with HTC's unlock. It's absolute crap! It does not serve the purpose it was intended and only makes things harder then they were before. As a devoted HTC customer it has me questioning if my next device will be an HTC. With all the other options that would allow me to spend less time trying to gain proper access to my device and more time actually having fun with it, why choose HTC? Everyone else is shying away for these same issues. Everyone with an HTC unlocked device waits for someone to exploit HTC's firmware and give them a proper unlock. Why not just choose a device without the locked down/unlock instead? IDK but HTC needs to step up and listen to us. Every HTC forum with an HTC Unlock is screaming for these issues to be fixed.
My call to HTC is to fix these issue and/or give us proper documentation on flashing firmware to our devices via custom recoveries. The boot flashing lockout is dumb, pointless, and in NO WAY a security threat AT ALL and is nothing more then a CRAP RESPONSE to something that they sould be working to correct, instead of ignoring. In the end its hurting HTC's relations with developers and is ultimately doing the opposite of what it's original intent.
HTC, PLEASE READ AND LISTEN!!!11ONEone
To everyone else, SPREAD THE WORD!!!ONEone
Click to expand...
Click to collapse
This comes straight from toastcfh himself.
I think that if we all send an email to customer support and follow up something may come of this. Copy what toastchf said into an email send it everyone and then follow up until you get someone who cares. Then tell them about all those people who aren't doing this because they are fed up and switching to Samsung devices.
Sent from my EVO 3D S using XDA

you should edit your post to put his Quote in actual [ QUOTE=toastcfh;25407373]....(quoted post text goes here)...[/QUOTE ] tags(just remove the "space" between the first and last bracket...like I have done so below.
toastcfh said:
no, USB mount does not work in recovery. It appears to be locked out in recovery mode. the workarounds to get it working are one of two things.
(1) fastboot boot awesomeRecovery.img (this works because fastboot then boots recovery on the boot/temporary partition. So the you're not actually in recovery mode
(2) Offmode (this works because again you're again not technically in recovery mode. It uses the recovery ramdisk, kernel, and binaries but its still not technically recovery.
On that note I've seen suggestions that it's possibly a recovery issue with cwm and twrp. Unfortunately it doesn't appear to be the case. If it were then in CWM u wouldn't have usb when u fastboot boot the recovery or in offmode (fair assumption since both these options use the same kernel, ramdisk and binaries as recovery?). Can it be fix? Not that i know of. It looks to me like a total radio or bootloader lockout from using USB in recovery. Which means on a radio or bootloader level USB is disabled in recovery mode.
On that note I think we should raise the point to HTC that this locking down of the device does not suite our needs.Key points of fail would be as follows.
(1) Can NOT flash the boot partition from recovery. I've personally contacted HTC on this numerous times and they seem to just not care. Responding with "It's a security issue" and so forth. I would love to know how this is a security issue of any sort. Every other Android device has this ability except HTC devices since they started the HTC unlock ordeal. It's utter fail IMHO and HTC should listen to our needs .
(2) Can NOT flash recovery or boot partitions from system. This issue is NOT a deal breaker and isn't so bad when it comes down to the nitty gritty. But since the issue above exists, flashing with applications like htc dumlock and such were our only options. These work around apps cant be used to flash now because of the lockpout from system and it wouldn't be such an issue if HTC didnt lock us out in recovery from flashing boot.
(3) Can NOT flash P*IMG.zips in hboot/bootloader anymore. For the unlocked device running a custom firmware this is a must. Specially when radio updates and such are needed from the OEM. We seen a big use of this on the Sensation when HTC updated the device from Gingerbread to Ice Cream Sandwich. The update required new hboots, radios, and partitioning to actually use. So in that instead of having to flash a RUU Which didn't exist the only choice was to flash a custom P*IMG.zip that included all the radios and images need to run the builds. At this point we can't update those image/partitions without flashing an RUU. This makes no since and doesn't seem to do anything but make things more difficult on the unlocker to customize and modify their device.
(4) If all the conditions above HAVE to exist. Then why not give us documentation or utilities to flash fimware.zips from recovery like HTC does? When HTC was the proud Nexus device there was full support and documentation available on how to flash firmware on their devices. This made anyone choosing an HTC device blessed with knowing that their device was not only open and unlocked, but when flashing firmware that it was being flashed correctly to Google and HTC's standards. This code has now been moved out of recovery since right before the move to edify scripting and moved to vendor/htc/ (not arguing this choice as thats where it belongs from a maintaining point of view). But the problem is that vendor/htc is proprietary now. Which means Documentation and support for flashing firmware correctly is not available and left to developers of recoveries for the community to figure out. One would think if HTC was standing behind us that they would step up and give us a PROPER/OPEN/REAL unlock, or if they cant for the lame excuse of security concerns, then give us the documentation and utilities to flash the boot and firmware partitions properly. I mean really... what is there to lose there?
(5) WHAT WAS THE POINT OF HTC UNLOCK? It was to reach out and accept us as a community. It was to keep us from having to exploit their firmware and look for holes to gain control of a device we rightfully own. WHAT DID HTC UNLOCK DO? It unlocked the devices at first and with each new revision of the unlock it gets more locked down and harder for us to use it as intended. WHAT DOES THAT LEAD TO? It leads to us hoping someone will take the time out of their life and exploit HTC's firmware so we can have access and control of our devices. I mean, it's bad when u have people poking a device with a paperclip to get a device unlocked to avoid a official unlock.
Bottom line; I'm personally fed up with HTC's unlock. It's absolute crap! It does not serve the purpose it was intended and only makes things harder then they were before. As a devoted HTC customer it has me questioning if my next device will be an HTC. With all the other options that would allow me to spend less time trying to gain proper access to my device and more time actually having fun with it, why choose HTC? Everyone else is shying away for these same issues. Everyone with an HTC unlocked device waits for someone to exploit HTC's firmware and give them a proper unlock. Why not just choose a device without the locked down/unlock instead? IDK but HTC needs to step up and listen to us. Every HTC forum with an HTC Unlock is screaming for these issues to be fixed.
My call to HTC is to fix these issue and/or give us proper documentation on flashing firmware to our devices via custom recoveries. The boot flashing lockout is dumb, pointless, and in NO WAY a security threat AT ALL and is nothing more then a CRAP RESPONSE to something that they sould be working to correct, instead of ignoring. In the end its hurting HTC's relations with developers and is ultimately doing the opposite of what it's original intent.
HTC, PLEASE READ AND LISTEN!!!11ONEone
To everyone else, SPREAD THE WORD!!!ONEone
This is the future of HTC unlock and each new device it gets worse. Maybe HTC will listen and address these issues, then again maybe we will just need to find another OEM that supports us and does listen.
Click to expand...
Click to collapse

I read this last night. The man is absolutely correct. I am actually going to write a similar one about Asus with Transformer Prime unlock. Reading his post inspired me. Lol. All his points are extremely valid. It seems that there are manufactures who want to lock people out, makes us wait for them for updates and fight the dev community anyway possible. Then, it seems others are the exact opposite. Other manufacturers would rather the devs here fix it and they don't hear from us. The latter of the two is probably smarter. There are issues with every phone but the ones who are more dev friendly don't catch as much crap for it because at least they are fully open and the devs here can try to fix it.
Sent from my Anthrax infected 3D!
If I've helped you in any way... hit the "Thanks" button.

wait so you "thank" me but dont take the little sec to edit your post and fix it? lol

sgt. slaughter said:
wait so you "thank" me but dont take the little sec to edit your post and fix it? lol
Click to expand...
Click to collapse
Lol s off can be good if you know what your doing . But it can be a curse for those that have no idea . Such as you can screw somethin up .
I think htc isn't bad they just don't want a bunch of folks brickin and frying the CPU on a phone and sending it in sayin it was htc fault .. Tellin em fix it when it was a noobs fault.
Sent from my PG86100 using xda premium

sgt. slaughter said:
wait so you "thank" me but dont take the little sec to edit your post and fix it? lol
Click to expand...
Click to collapse
You're a mod, fix it yourself...

Vdubtx said:
You're a mod, fix it yourself...
Click to expand...
Click to collapse
That's not a mods job. Lol..
Sent from my PG86100 using xda premium

Vdubtx said:
You're a mod, fix it yourself...
Click to expand...
Click to collapse
Not Mod of this forum u dork. lol

sgt. slaughter said:
Not Mod of this forum u dork. lol
Click to expand...
Click to collapse
Lol Where is a donky smiley .
Sent from my PG86100 using xda premium

When do you need to flash radio firmware?

I've been doing a bit of reading on the steps to flash a custom ROM on the EVO LTE. To summarize my findings (and please correct me if I'm wrong about any of the following): I've noted that there is currently no way to achieve S-OFF with newer hboot (1.15 and 1.19), but you can still unlock the bootloader with HTC's official method. The disadvantage being (other than the red disclaimer splash screen at boot time) that you cannot flash a new radio firmware with HTC's official unlock method, where as you can with S-OFF.
So my question is, under what circumstances would you want to flash a new radio firmware?

During OTA's theres usually a new radio released. That is supposed to help with various connections (data, wifi, LTE) depending on whats updated.

morfinx said:
I've been doing a bit of reading on the steps to flash a custom ROM on the EVO LTE. To summarize my findings (and please correct me if I'm wrong about any of the following): I've noted that there is currently no way to achieve S-OFF with newer hboot (1.15 and 1.19), but you can still unlock the bootloader with HTC's official method. The disadvantage being (other than the red disclaimer splash screen at boot time) that you cannot flash a new radio firmware with HTC's official unlock method, where as you can with S-OFF.
So my question is, under what circumstances would you want to flash a new radio firmware?
Click to expand...
Click to collapse
You mainly just want to make sure that you're radio is from the same firmware version as the base of the ROM you're running. So if your ROM is based on the 1.22.651.3 software, you would ideally want the radio from the same OTA. It's generally not required, but you could have compatibility issues when running different versions.
Sent from my EVO LTE

Rxpert said:
During OTA's theres usually a new radio released. That is supposed to help with various connections (data, wifi, LTE) depending on whats updated.
Click to expand...
Click to collapse
premo15 said:
You mainly just want to make sure that you're radio is from the same firmware version as the base of the ROM you're running. So if your ROM is based on the 1.22.651.3 software, you would ideally want the radio from the same OTA. It's generally not required, but you could have compatibility issues when running different versions.
Sent from my EVO LTE
Click to expand...
Click to collapse
So if I'm running a custom ROM, that means I can't get an OTA update right? In that case, if I used HTC's official unlock method and can't flash a new radio separately on my own, how do I get the new radio?

morfinx said:
So if I'm running a custom ROM, that means I can't get an OTA update right?
Click to expand...
Click to collapse
If you're running a custom ROM, you *might* be able to receive/download the OTA, but it will not update properly because the recovery mode, the OTA checks all/most of the files in /system/app and /system/framework to verify they haven't been modified since the previous OTA before applying the new OTA. This check will definitely fail if any of the files have been modified in /system/app and /system/framework, which most custom ROMs make at least some minor modifications to the files in these directories.
morfinx said:
In that case, if I used HTC's official unlock method and can't flash a new radio separately on my own, how do I get the new radio?
Click to expand...
Click to collapse
Essentially, you'll have to get back to some form of stock to allow the stock bootloader to process the radio image contained in the OTA/RUU. There might be a better way to approach this, but off the top of my head, I'd make a nandroid backup of everything, re-lock the bootloader, run the RUU from the latest OTA/software version, which will update the radio, then unlock, flash custom recovery, make a nandroid of the stock ROM/kernel as a known good backup, then reload my previous nandroid to restore the custom ROM/kernel.
As recommended above, it is generally a good idea to keep the software version in sync with the radio version, but personally I rarely update the radio and rarely have an issue .. but that is just my personal experience.
Hope that helps!

joeykrim said:
If you're running a custom ROM, you *might* be able to receive/download the OTA, but it will not update properly because the OTA checks all files in /system/app and /system/framework to verify they haven't been modified since the previous OTA before applying the new OTA. This check will definitely fail if any of the files have been modified in /system/app and /system/framework, which most custom ROMs make at least some minor modifications to the files in these directories.
Essentially, you'll have to get back to some form of stock to allow the stock bootloader to process the radio OTA. There might be a better way to approach this, but off the top of my head, I'd make a nandroid backup of everything, re-lock, run the RUU from the latest OTA/software version, which will update the radio, then unlock, and reload my previous nandroid.
Click to expand...
Click to collapse
Thanks for the explanation. Wow, that sounds like an enormous PITA.
joeykrim said:
As recommended above, it is generally a good idea to keep the software version in sync with the radio version, but personally I rarely update the radio and rarely have an issue .. but that is just my personal experience.
Hope that helps!
Click to expand...
Click to collapse
Maybe it's not as a big of a deal as I'm thinking then to not be able to update the radio (easily). I'm still on an OG EVO with S-OFF, and I haven't updated my radio for probably close to 2 years. All of my connections seem to be fine still.

Quick Root Question

I haven't exactly rooted 100 devices before. Most of the root utilities I've used were things like Z4Root where it's one click and done. I've recently become interested in flashing my Incredible 4G LTE. On top of that, I've already rooted my Nexus 7 using instructions like this here.
http://forums.androidcentral.com/ne...ide-factory-image-restore-your-nexus-7-a.html
I'm curious if this guide, being that it's more of a manual way to do it since it involves running several commands (I ran this from my Linux desktop to root my N7) is anything like what it would be to root the Incredible manually, or any device. I guess the only device that would be different would likely be the bootloader step (grouper?) since HTC likely did their's differently than Google with the Nexus 7, no?
Just trying to get more insight on it, as I certainly don't want to brick anything but I'd like to get them done. :good:

It seems to me that we would first need a modified bootloader or /system to attempt to flash, but I doubt "fastboot erase ..." is allowed without dev unlock on the bootloader, and "fastboot flash ..." most likely needs a signed image.
Does anyone with more expertise on this topic have any input?

JaSauders said:
I haven't exactly rooted 100 devices before. Most of the root utilities I've used were things like Z4Root where it's one click and done. I've recently become interested in flashing my Incredible 4G LTE. On top of that, I've already rooted my Nexus 7 using instructions like this here.
http://forums.androidcentral.com/ne...ide-factory-image-restore-your-nexus-7-a.html
I'm curious if this guide, being that it's more of a manual way to do it since it involves running several commands (I ran this from my Linux desktop to root my N7) is anything like what it would be to root the Incredible manually, or any device. I guess the only device that would be different would likely be the bootloader step (grouper?) since HTC likely did their's differently than Google with the Nexus 7, no?
Just trying to get more insight on it, as I certainly don't want to brick anything but I'd like to get them done. :good:
Click to expand...
Click to collapse
What those tools do is use an exploit to write the su and superuser.apk to /system and/or a modified recovery for flashing ROMS and kernels on unlocked bootloader devices.
google has properly patched those exploits as they should as we don't want a malicious app installing Root and hacking data on just anyone's phone.
Some phones with locked bootloaders have had exploits to install custom recovery and/or hacked/leaked bootloaders in order to allow us to use the phone like it was unlocked. HTC fixed this issue with their latest phones.
Their bootloaders now do not run all of the adb commands until unlocked by HTC dev, which limits us a lot. They also made it so that even if we DID manage to find a software exploit and start flashing stuff, the locked bootloader would know, via a signature check, that something was modified... and refuse to boot (Bricked Phone).
HTC Dev unlock is not true unlock either. We still can't modify the HBOOT w/o triggering it to brick the phone. An unlocked HTC bootloader limits changing the kernel to HBOOT mode only, which means u need a PC and extra steps to finish flashing any ROM.
Some brilliant Dev's managed to use RUU files to update the kernel only, but that also causes issues. If one Dev uses a newer RUU, you can't use the another Dev's older RUU to flash a kernel because the unlocked HTC Bootloader doesn't allow you to "Downgrade" firmware. This leads to headaches with people ignoring the kernel step and screaming because their phone won't boot.
The ultimate Holy grail for is is what is known as "S-OFF"
This allows full access to the HBOOT Recovery and system for all of our awesome devs to work their magic. This was obtained (long after HTCDev unlock) with the Rezound only through a HARDWARE exploit. We needed root exploit (which we had on the GB stock ROM), and to physically short out a pin on the mainboard to ground at precise times while the SOFF program ran on your PC.
We have to wait for the less popular HTCDev unlock (which HTC Did give us on the rezound with a middle finger to verizon), or for some1 to find another Exploit that would bypass the signature check of the HBOOT and give us "S-OFF".
Either will give us Root, custom recoveries, and ROMs.
I am no dev, but this is my understanding of what's happening with these devices. This is my 9th android device, 5th HTC, but I am always learning more. Dev's feel free to correct me, or expand on anything I have written here ^^

Bootloader Locking, Unlocking, S-On, S-Off - Questions and Answers

Source @Koush (Original Article)
Source @HTCDev (Original Article)
Bootloader Locking, Unlocking, S-On, S-Off - Questions and Answers
It seems this is confusion in the community about what S-OFF is and why it's needed on some phones but not others. I endevour to educate and explain why some HTC devices need S-OFF while others do not to Flash Roms and recovery images.
[Q] What does S-ON/S-OFF mean? Is it on all phones?
[A] This is Manufacturer specific to HTC branded devices ONLY. S-On and S-Off means Security On/Security Off. HTC devices are set to S-ON by default for a good reason. There are partitions such as hboot which controls access to all other partitions which if made fully accessible could compromise security and very possibly allow for irreversible changes that could render your device inoperable. For warranty and device support purposes alone it would be to your benefit to keep Security-ON. Another partition that is secured is the radio. It is not advisable to alter or customize the radio and most custom roms will not need to. The radios are fine tuned to the specific carrier(s) they are designed to support and with the specifications as prescribed by law. Moreover altering them may not only also cause irreparable damage to your device but it could very well interfere with the normal communications possibly affecting other devices.
[Q] What does Unlock mean in the bootloader flag?
[A] What is meant by unlocking the bootloader is that certain partitions are unlocked to provide write access without turning device security off for all partitions. Specifically: Kernel, system and recovery partitions are allowed to be modified. There are more partitions (e.g. the radio and hboot) but these are the minimal necessary to overwrite a default stock rom with a custom built Android based rom.
[Q] Then why do Devs ask for S-OFF when flashing a Rom?
[A] Some carriers lock down the ability to Unlocked the partitions. For example US customers of Verizon are unable to use HTCDev to unlock their devices to access the needed partitions for Custom Rom and Recovery writing. In this Case S-OFF fixes this issue but also unlocks ALL partitions for writing. A Verizon phone with S-OFF will have the ability to now write to the Recovery and Boot partitions.
Devs ask for S-OFF for multiple reasons:
1. So that Devices Restricted by HTCDev whom normally can't get write access to the Boot and Recovery Paritions can use there ROM
2. Because forum behavior made S-Off appear to be needed
3. Laziness and/or ignorance (not trying to be rude)
[Q] So do I really need S-OFF to install ROMS or Recovery Images?
[A] Yes, If you have a HTCDev Restricted Device which will not allow you to use a Unlock Token you will need to S-OFF in order to write to your boot/system/Recovery partitions. NO, if you have a devices that can be unlocked using HTCDev Token to Unlock your device.
[Q] So Unlocking my devices has nothing to do with S-ON/S-OFF?
[A] A tricky question. Yes Unlocking a None Carrier restricted device with HTC Dev has Nothing to do with the Security of the Device from the S-OFF/S-ON perspective. If your on a Carrier Restricted HTCDev devices (I.E. Verizon HTC One Max) then in order to Write to the Partitions you need to you will need to be S-OFF as that is the only way to Unlock the bootloader.
[Q] So why do I need to Change my Bootloader Flag to get some things working?
[A] The short answer is that some hardware in the HTC Phones are told to look into the Security Partition to determine if the phone is Locked or Unlocked for Development. As an example on the HTC One Max the Fingerprint Reader will be disabled if the Bootloader Flag is set to "Unlocked" but function if the Flag is Set to "Locked". When your Bootloader is Flagged "Locked" the partitions are not accessible and will prevent Recovery and Boot Partition Modifications.
[Q] What if I want to return my device for warranty work how can I return it to S-ON and Locked Status?
[A] You will need to find your Model Phones RUU and Restore your phone to it original stock state. The RUU is used to restore a device to its Factory State. See the Question below about S-ON.
[Q] I would like to know if its still possible to achieve s-on after you have turned it off specially using the Rumrunner tool as I am Verizon device?
[A] Consumers that use Rumrunner to S-OFF will have the option of turning Device Security ON again. This typically is not a deal breaker for Warranty repairs if you restore the device software (Recovery, Room) back to it's default stock state and flag the bootloader Locked again as some devices are shipped S-OFF. It has been accomplished on the HTC One by running a command in Fastboot mode.
HTC One users achieve S-ON again by running this command with fastboot. I have not yet confirmed it works on the HTC One Max. (Note: If you are trying to return to a out of the box state use your device's RUU after S-ON to restore the Recovery, Kernel and Rom to Stock with a Encrypted/Signed RUU then run the command below) (If you want to test and report back on the HTC One Max please let us know.
fastboot oem writesecureflag 3
Click to expand...
Click to collapse
[Q] What is the difference between an Encrypted RUU vs Decrypted RUU?
[A] A Encrypted RUU is a RUU file that has been signed by HTC (Carrier or Country). Encrypted RUU's can be run on S-ON or S-OFF devices to restore the device. A Decrypted RUU is a RUU that has had the signature stripped(in case of JB or older RUU's) and these can be typically ONLY run on S-OFF Devices. (Be careful to use the RUU for your device as these are hardware specific)
In conclusion:
S-OFF/S-ON is conditional based on your HTC device and carrier restrictions. If you are not able to unlock your partitions with HTCDev due to Carrier restrictions or country restrictions then S-OFF is you alternative.
If you can unlock your phones bootloader then you can flash kernels, roms and recovery images with S-ON. S-OFF is ONLY needed on devices that want full Partition access and/or HTCDev will not allow to unlock.
Do you you have a question? Reply with your question on this thread about S-ON/S-OFF/Bootloader Security. NOTE: This is not a General Question Thread.
P.S.
Please remember that unlocking your bootloader may void all or parts of your warranty and your device may not function as intended by HTC. Unlocking the bootloader is for development purposes only.

DeadPhoenix said:
[Q] So why do I need to Change my Bootloader Flag to get some things working?
[A] The short answer is that some hardware in the HTC Phones are told to look into the Security Partition to determine if the phone is Locked or Unlocked for Development. As an example on the HTC One Max the Fingerprint Reader will be disabled if the Bootloader Flag is set to "Unlocked" but function if the Flag is Set to "Locked". When your Bootloader is Flagged "Locked" the partitions are not accessible and will prevent Recovery and Boot Partition Modifications.
Click to expand...
Click to collapse
Thank you for researching and providing answers.

This is very informative, sure would be nice if us on Verizon could just unlock instead of having to go s-off. I came from the Rezound where we could just unlock, but oh well such is the way it goes.

mods should sticky this thread, as it answers alot of newbie questions..

great write up,not much to add at all
on carrier restricted phones,s off is neccessary to unlock the bootloader,but the device does not need to remain s-off. one could even legitimately unlock via htcdevs website if the cid or mid is changed after achieving s off. after htcdev unlock is achieved,you techincally could turn the radio secure flag back on,but please dont do it. with a lack of signed ruus,doing so could leave you in an unrecoverable jam. i just wanted to clarify that the the functionality of the device itself does not need the secure flag to be off.
while it may not be "needed",it is my personal opinion s-off is better. at least as long as youre a responsible individual who is capable of learning,and exercising good judgment as to what to flash and why,and is able to check the integrity of any downloaded files that could potentially leave the phone unusable(for example,anything that contains a bootloader,as a bad bootloader flash will leave you unrecoverably bricked)
being s off offers many safety advantages:
-you can flash an unsigned ruu to get your device "unbricked"
-you can install older ruus if needed
-you can install a "patched" or engnieering hboot to gain the use of extra fastboot commands
-it lets you dump and modifiy partitions you couldnt with an s on device
not to mention,it lets you eliminate the telltale relocked watermark that lets htc or your carrier know that you have messed with your phone
its also an awsome safety net for those of us who run stock in order to capture OTA packages that provide upgrade firmware and provide rom devs with files to create new custom roms,and update their current versions.
sure staying s on techncally will keep you from accidentally overwriting your bootloader with the "lets golf" .apk, if you find yourself in a bind with a non booting phone and no signed ruu to run,being s on offers no advantage whatsoever.

Scotty, so what you are saying is even if I am S-OFF I can still get the OTA updates from Verizon, like hopefully the Kit Kat update? I was wondering because I was wanting to try the Viper rom as I loved that on my Rezound but didn't want to miss the official Kit Kat.

JBS976 said:
Scotty, so what you are saying is even if I am S-OFF I can still get the OTA updates from Verizon, like hopefully the Kit Kat update? I was wondering because I was wanting to try the Viper rom as I loved that on my Rezound but didn't want to miss the official Kit Kat.
Click to expand...
Click to collapse
The Function of Device Security (S-OFF and S-ON) is to Lock or unlock ALL partitions.
OTA updates are signed by the carrier. So Running Stock Roms will allow the Stock updates from Verizon to work. If your running a Custom Rom then this is dependent on the Rom creator. In most cases OTA updates are not delivered to devices running Custom Roms.

JBS976 said:
Scotty, so what you are saying is even if I am S-OFF I can still get the OTA updates from Verizon, like hopefully the Kit Kat update? I was wondering because I was wanting to try the Viper rom as I loved that on my Rezound but didn't want to miss the official Kit Kat.
Click to expand...
Click to collapse
dont worry about getting the kit kat update; once its actually released, the great dev's here will make it work for our rooted/unlocked phones!

Thank you for your reply DeadPhoenix, I am mostly concerned with getting the official updates from VZW/HTC. I am understanding that if I just use Rumrunner to S-OFF and stay completely stock I will still receive them, now what about putting TWRP on? Will that affect the ability to receive the updates? Thanks again for answering my questions as I'm sure you tire of getting these noob type questions, but I really appreciate the time you all put into this stuff and taking the time to answer.

generally speaking, you can NOT get OTA updates when you have a custom recovery installed..

wase4711 said:
generally speaking, you can NOT get OTA updates when you have a custom recovery installed..
Click to expand...
Click to collapse
Correct. An OTA update relies on the fact that you have a stock Recovery installed as that is the expected delivery method for their scripting.

DeadPhoenix said:
Correct. An OTA update relies on the fact that you have a stock Recovery installed as that is the expected delivery method for their scripting.
Click to expand...
Click to collapse
thanks teacher, I didnt know this was a quiz! :cyclops:

ok.. so I now fully understand what an s-off and s-on mean, however, I would like to know if its still possible to achieve s-on after you have turned it off specially using the rumrunner tool as I am verizon device?
is there a security risk if I kept s-off and have restored back to Verizon's RUU and have locked the bootloader?

afsandiego said:
ok.. so I now fully understand what an s-off and s-on mean, however, I would like to know if its still possible to achieve s-on after you have turned it off specially using the rumrunner tool as I am verizon device?
is there a security risk if I kept s-off and have restored back to Verizon's RUU and have locked the bootloader?
Click to expand...
Click to collapse
Thank you for asking this. These are exactly the questions I know exist out there and would like truly "knowledgeable" people to answer.

afsandiego said:
ok.. so I now fully understand what an s-off and s-on mean, however, I would like to know if its still possible to achieve s-on after you have turned it off specially using the rumrunner tool as I am verizon device?
is there a security risk if I kept s-off and have restored back to Verizon's RUU and have locked the bootloader?
Click to expand...
Click to collapse
From the research I have done with Android/Linux Partition Table Devs and HTCDev directly I derived the following:
The RUU just restores the software to the Factory state. S-OFF is desired however you can use the fastboot command to turn it on in theory. You can S-ON again however this isn't usually a deal breaker for warranty repair as long as you restore the kernel, recovery and Rom to stock. But your mileage may vary with HTC.
Thank you for your question.

Sorry but I believe flashing an encrypted ruu will actually s-on your device. The ruu's we have are decrypted and likely have been provided as they are so that no one fully s-on locks their device again
* fastboot oem writesecureflag 3 will s-on after flashing full stock ruu. Do not attempt if you do not know what you are doing!
As always I am happy to be corrected. Just really want the complete correct information out there, not just as it relates to our device.
---------- Post added at 02:37 PM ---------- Previous post was at 02:27 PM ----------
My apologies if my response seems like an ambush as I posted something earlier. I was just happy others were taking an interest then just did not have a chance to get back to this until a moment ago.

Jiggity Janx said:
Sorry but I believe flashing an encrypted ruu will actually s-on your device. The ruu's we have are decrypted and likely have been provided as they are so that no one fully s-on locks their device again
* fastboot oem writesecureflag 3 will s-on after flashing full stock ruu. Do not attempt if you do not know what you are doing!
As always I am happy to be corrected. Just really want the complete correct information out there, not just as it relates to our device.
---------- Post added at 02:37 PM ---------- Previous post was at 02:27 PM ----------
My apologies if my response seems like an ambush as I posted something earlier. I was just happy others were taking an interest then just did not have a chance to get back to this until a moment ago.
Click to expand...
Click to collapse
I will attempt to get this clarified as it seems we are seeing 2 different answers and I want this to be as accurate as possible.

DeadPhoenix said:
I will attempt to get this clarified as it seems we are seeing 2 different answers and I want this to be as accurate as possible.
Click to expand...
Click to collapse
Agreed. Source: http://forum.xda-developers.com/showthread.php?t=2475216

Jiggity Janx said:
Agreed. Source: http://forum.xda-developers.com/showthread.php?t=2475216
Click to expand...
Click to collapse
From the Feedback I have gotten so far. They explicitly state RUU's do not turn S-OFF to S-ON however in the directions you sourced a command is run outside of the RUU to turn it on.
(Still awaiting several replies to queries.)
This Appears to be the fastboot command to run AFTER the RUU has restored but before a normal boot but is Not part of the RUU process itself.
This is also if CID is modified from what I gathered thus far. (Feel free to correct)
fastboot oem writesecureflag 3
Click to expand...
Click to collapse

DeadPhoenix said:
From the Feedback I have gotten so far. They explicitly state RUU's do not turn S-OFF to S-ON however in the directions you sourced a command is run outside of the RUU to turn it on.
(Still awaiting several replies to queries.)
This Appears to be the fastboot command to run AFTER the RUU has restored but before a normal boot but is Not part of the RUU process itself.
This is also if CID is modified from what I gathered thus far. (Feel free to correct)
Click to expand...
Click to collapse
Did you ask 'them' specifically about flashing stock encrypted htc ruu's? I am digging more but believe the encrypted ones have the writesecure flag already set to 3(s-on). Encrypted ruus would be what htc has given manufacturers to install on phones before shipping them to vendors.
Also you would want your device to be completely stock (no changed cid) before using fastboot to s-on. You would use this command after flashing a decrypted (but still completely stock) ruu.