This is my guide on how to achieve S-OFF on an unrooted, NAND-locked device running the latest (4.67) OTA HBOOT version (2.18).
The method involves using HTCDev.com to unlock the Bootloader of the device (which this guide will not cover, as there are procedures on the HTCDev site for that).
This guide will cover what to do after your Bootloader is "unlocked" by that process, in order to roll back your HBOOT to a non-watermarked version that can be rooted with unrevoked.
The rooting process with unrevoked will also not be covered in this thread, as it is well-documented.
Files you'll need
- RA-Recovery - USED IN STEP 3 (there are 3 different versions you can use - I recommend this one):
- Superuser 3.1.3 - USED IN STEP 4
- flash_image binary - USED IN STEP 9
- Misc/MTD Partition IMG file from Engineering build - USED IN STEP 9
- PC36IMG.zip | Mirror (FileFactory) | Mirror (4shared) - USED IN STEP 10 - 3.70 Froyo ROM with 2.10 HBOOT - md5: 7056D42812AA5DF03FCC8DDDC2B64E85
- You MUST be on a stock/Sense ROM running Gingerbread for this guide to work. If you've installed AOSP, a Jellybean or KitKat ROM, you will get segmentation fault errors when trying to run the commands!!
- If all you want to do is root and be able to install custom ROMs, then you do NOT NEED THIS GUIDE! HTC's unlocker will allow you to do that by installing a custom recovery.This guide is NOT for beginners. If you don't know WHY you want to be S-OFF, then you probably don't need to be. This is for advanced users, or those who are still under warranty and need to send their phone for repairs after using the HTCDev unlock process.
- This guide assumes that you've completed the unlocking process from HTCDev.com, which means you've also downloaded fastboot/adb to a local folder on your computer. That will be the same folder from which you will be running the commands listed in this thread.
- The Superuser file is a flashable zip, which means it must NOT be extracted after downloading! After download is complete, copy to /sdcard as-is, so that it can be flashed in recovery.
- In order to flash recovery in fastboot, the recovery.img file from the zip file needs to be in the same folder as the fastboot.exe.
- The flash_image binary and the mtd-eng.img can be placed on the root of the /sdcard prior to starting the S-OFF process.
- The PC36IMG.zip should NOT be placed on the SD card until the step (10) where it is used. If you have it on the card, it will cause delays in loading fastboot on the device.
- If the bootloader doesn't recognize the PC36IMG.zip, and you used Windows Explorer to rename the PC36IMG file, make sure you didn't add an extra ".zip" to the end of the file name. Most people hide file extensions, so that can happen without you even realizing it (especially if you see that it's already recognized as a "ZIP" file). If you still have issues after checking that, the only other reason it wouldn't work is a corrupt or faulty SD card. If you can try a different card, see if the PC36IMG file works on it.
- If you'd prefer to root/NAND unlock using Revolutionary, you can substitute the Froyo ROM file (in Step 10) with a Gingerbread ROM file (any version up to 4.54). The latest version unlockable with Revolutionary can be found here.
P.S. I chose to post this here instead of some other sites because I think this is the best, most collaborative community for us available right now. So if you see someone asking how to do this, please direct them here! .