Getting S-OFF on your HTC One (M7)

HTC devices usually come with Security-ON or S-ON, which prevents you from changing the Cellular ID (CID) or Model ID (MID) of your device, flash OTA updates manually and many other things. To put this more simply, if you are the kind of guy who likes to tinker with their phones, you will need Security-OFF or S-OFF. Going S-OFF won’t change anything from the user-perspective, you will still have the stable device you had before and you will get OTAs like before. Also, don’t confuse this with rooting or unlocking your bootloader, those are separate things. For example, my HTC One is S-OFF with locked bootloader and no root. I get official OTAs without any trouble. S-OFF is required when I convert my AT&T HTC One to Google Play Edition or Developer Edition. Follow the following steps to get your device S-OFF.

  • Unlock your bootloader by collecting the Unlock_code.bin for your particular device from Don’t worry, you can relock your bootloader after you get S-OFF.
  • From Settings > Power, uncheck the “Fast boot”. Then turn off your device. Wait for a few seconds. Turn on the device with the volume down button pressed. This will take you to bootloader mode. Using the volume up/down keys, select FASTBOOT and connect your device to your PC using a USB cable. On the device screen, you should see FASTBOOT USB.
  • Now open a terminal window on your PC (I am assuming you have adb and fastboot installed. If not, search Google for “Minimal ADB and Fastboot” and install it). Type the following command:
fastboot flash unlocktoken Unlock_code.bin
  • On the device screen, you will have to choose YES using the vol up/down keys and Power button. This will unlock your device’s bootloader and wipe your device completely. Your phone will reboot.
  • Download your favorite recovery. I used twrp-recovery- Enter the bootloader mode again as described before. In the terminal windows, write the following code to flash the custom recovery:
fastboot flash recovery twrp-recovery-
  • Now reboot your device. Download your favorite SU binary zip and copy it to your phone. I used Turn off your device and enter bootloader mode again. It should show TAMPERED and UNLOCKED but S-ON now. Select RECOVERY from the bootloader menu. This will reboot the device into TWRP recovery. Navigate to the SU zip file and flash it. Upon completion of the flash, wipe cache. This will root your device. Don’t worry, you can unroot just by flashing a stock RUU (EXE or ZIP), that won’t hurt your S-OFF.
  • Now that you have a rooted device, you can use rumrunner to get S-OFF. Download Extract it. Connect your phone (turned on) to the PC and enable USB Debugging from Settings > Developer Options. On your PC, from the extracted rumrunner folder, run the sojo.exe in administrator mode.
  • For rumrunner to run, you need to be connected to the internet (I don’t know why). Also, the process will be easier if you –
  1. Turn off all screen securities
  2. Connected your device to the PC in adb mode and fastboot mode at least once before running rumrunner (this will ensure if you have proper drivers installed or not).
  • It will take some time for rumrunner to get S-OFF. Your device will reboot many times, don’t worry, this is normal. So, now you have a tampered, unlocked, S-OFF device.
  • [OPTIONAL] Reboot your phone in bootloader mode and write the following command in command prompt:
fastboot oem lock

Now, if you want to go to complete stock,  just flash a RUU (EXE or ZIP) for your device. It will un-root your phone and flash stock recovery (necessary for getting OTA).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s