• 5,605,921
  • 47,454

Bye Bye S-ON: HBOOT 1.5 With S-ON on EVO 3D Succesfully Downgraded

Bye Bye S-ON: HBOOT 1.5 With S-ON on EVO 3D Succesfully Downgraded

Earlier this week, the Sensation became immortal thanks to the work of XDA member dexter93. Basically, he found a way to make the device recognizable via an emmc tool while in bricked state, which allowed flashing any image to the device. Well, guess what? Thanks to the efforts of XDA Forum Member Unknownforce and several others, a similar method was ported over to the EVO 3D where they had been frantically trying to find a way to bypass the infamous HBOOT 1.5 S-ON security.

A little background on this or those of you new to the EVO 3D scene. Way back when, sometime last year the EVO 3D was deemed as one of the toughest nuts to crack in terms of being able to turn the device security from S-ON to S-OFF, which essentially allows you to flash unsigned code and radios onto your device. Our friends at Revolutionary released a method to easily turn off this security. However, HTC quickly released a patch and updated HBOOT to a newer version (1.5), plugging the exploit used by Revolutionary. At the same time, HTC released their official unlocker, which would basically unlock your phone, allowing you to write to the device, but leaving S-ON and upgrading to HBOOT 1.5 in the process, effectively locking the “freed” 3D and preventing it from flashing radios or even boot.img from recovery (work around was found by first flashing the boot.img via fastboot, but this was tedious and cumbersome).

Ok, so now that we have some background on this, lets see what we need to get this device freed from its shackles. First of all, you will need a Linux box (installed as dualboot or native, your choice really), you will also need a few tools available in the thread, a few images like the 2.08 or the 2.17 updates from HTC, the 1.13 update, which has a lower HBOOT revision, some coffee, patience, and wipes as you will likely get sweaty hands from this. Once you have all the required files, go ahead and brick your device…. uhmm, what? I know what you are thinking, this guy must be losing his mind, right? As it turns out, the computer will not recognize the phone as being in emmc mode unless it is bricked, so there is 100% risk of bricking your device by following this method, because… well, it is a requirement.

These are exciting news indeed as the method seems to be valid across devices. Now, keep in mind that this guide (the one on this article) is ONLY for the CDMA version of the EVO 3D. The GSM version has its HBOOT located elsewhere in memory and it will not work as it is. The tool does not have the paths hardcoded on it, but right now it is not ready to be used on other devices just yet. So sit tight.

Needless to say, please tread carefully as this WILL brick your device. Leave some feedback in the thread if you are successful.

Hey… Guess what…


You can find the entire guide here and you can go here if you are interested in reading about how the hack came to be.

Want something published in the Portal? Contact any News Writer.

[Big thanks to Crackanug for the tip!]

Want something on the XDA Portal? Send us a tip!

XDA TV: Most Recent Video

Buy/Sell on Swappa