You've unlocked your bootloader and rooted your HTC One running KitKat, but there's still one lingering aspect of security you've yet to rid yourself of—S-On—the extra security measure HTC implemented into Sense.
S-Off stands for Security Off and allows you to update your One's firmware, change your CID (carrier ID), install RUUs (ROM updates), and install those custom ROMs that have extra features that require S-Off privileges.
To achieve S-Off, you are first going to need to install a Sense-based ROM with an unsecured kernel. For this guide, I will be using ARHD, which seems to give the least amount of errors when using Firewater.
In addition, make sure that you set up ADB on your computer and DO NOT have HTC Sync Manager on your computer. You do need to download Sync to install the HTC drivers, but you should delete the program afterward (see Step 4 below for more info). Your device must also be rooted with an unlocked bootloader and custom recovery and have USB debugging enabled.
After all of that, make sure to turn off any lock screen security you may have set by going to Settings -> Security and setting Screen security to None.
You'll also need to disable Fastboot from Settings -> Battery Manager and un-check Fastboot.
For the safest, most consistent process, use a USB 2.0 port (3.0 can cause issues), the stock Sense launcher, and as always, back up your data because this will wipe everything but your internal storage. Making a nandroid backup in recovery will be critical if you do not plan on keeping the ROM that we install in the next step.
This step is to ensure that you are using a Sense-based ROM with an unsecured kernel. If you know that you already meet these conditions, go ahead and scroll down to the next step.
Start by downloading the latest ARHD directly onto your device, then reboot your phone into recovery mode. If you aren't sure how to do this, hold the Power and Volume Down buttons together until you get to the bootloader, then use Volume Down to select "Recovery" and the Power key to confirm.
Now select Wipe then Advanced Wipe, and ensure that you have Dalvik Cache, Cache, Data, and System selected, then Swipe to Wipe.
Now go back to the main menu, select Install, navigate to your "Download" folder and select the ARHD .zip file you previously downloaded, then Swipe to Confirm Flash.
After swiping, go through the AROMA Installer prompts and install any of the tweaks you like, but only if you are planning on keeping the ARHD ROM after finishing, otherwise this will be unnecessary. After the install finishes, select the Reboot option.
After rebooting (which may take a few minutes, so don't worry), you will need to go through the set up process for the ROM, as if it were a new device. If you plan on restoring a nandroid backup, you can skip the sign-in sections.
Make sure you re-enable USB Debugging and disable Fastboot, then continue on to the next step.
Plug your HTC One to your computer and open up cmd/terminal window on your computer, then download Firewater and place it on your Desktop.
Again, make sure you have ADB setup to run on your computer with the proper drivers from HTC. If you aren't sure whether you have the proper drivers installed, download and install HTC Sync Manager, but make sure to uninstall the program afterward—we only want the drivers from it, which remain after removal of Sync.
In cmd/terminal, reboot your phone using ADB:
- adb reboot
Once rebooted, you can push Firewater to your device using the following command:
- adb push Desktop/firewater /data/local/tmp
Change "Desktop/firewater" to the location of Firewater if you did not place it on your Desktop.
Now change the permissions of Firewater to allow it to run on your device:
- adb shell
- chmod 755 /data/local/tmp/firewater
Keep an eye on your device, as it may prompt you to grant superuser permission to ADB. If it does, allow it.
Now run Firewater with the following command, then do not touch your device:
Now just agree to the terms and conditions you are prompted with and allow the exploit to do its thing.
That's it folks, you are now in the possession of a HTC One with S-Off.
Now you can now flash custom firmware, hboots, and re-lock your bootloader whenever you like. Also, it comes in handy when returning your One to factory settings. Hope this helped, and if you have any questions, be sure to leave me a comment.