Better Mobile App

change relocked to locked

i happened across this thread inthe gsm evo 3d forum: http://forum.xda-developers.com/showthread.php?t=1970252 and found it to work on the rezound.
this does NOT mean you can unlock your bootloader without going thru htcdev. all this means,is that if you accidentally unlocked your bootloader after s-off,you can get rid of the relocked watermark and get back to 100% locked prior to s-on for warranty purposes,without having to s-on and re-s off.
ive always been unlocked. for S&Gs,i dumped mmcblk0p3 and found the described "HTCU" at 0x8404. changed it to 0x00000000 and voila! back to locked
afterward,relfashed my origianl mmcblk0p3,wich brought me back to unlocked with no getting or flashing tokens.
again,this is ONLY to get back your original ***locked*** status.
in a few days ill try and make a "noob friendly" guide to using the hex editor,unless someone else wants to,or wants to make or modify(with proper credit) the script to flash in recovery. dont mess with this unless youre sure what youre doing,as messing up mmcblk0p3 may leave you in a "do not boot" mode that you may or may not be able to recover from.
enjoy
Code:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Scott>[COLOR="Red"]cd c:\mini-adb_vigor[/COLOR]
c:\mini-adb_vigor>[COLOR="red"]adb devices[/COLOR]
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
HTxxxxxxxxxx device
c:\mini-adb_vigor>[COLOR="Red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3[/COLOR]
dd if=/dev/block/mmcblk0p3 of=/sdcard2/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 9.519 secs (3481858 bytes/sec)
[email protected]:/ # [COLOR="red"]exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb pull /sdcard2/mmcblk0p3[/COLOR]
2292 KB/s (33143808 bytes in 14.116s)
[COLOR="Blue"]*modify mmcblk0p3 with a hex editor[/COLOR]
c:\mini-adb_vigor>[COLOR="Red"]adb push mmcblk0p3mod /sdcard2/mmcblk0p3mod[/COLOR]
2478 KB/s (33143808 bytes in 13.059s)
c:\mini-adb_vigor>[COLOR="red"]adb shell[/COLOR]
[email protected]:/ $ [COLOR="red"]su[/COLOR]
su
[email protected]:/ # [COLOR="red"]dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3[/COLOR]
dd if=/sdcard2/mmcblk0p3mod of=/dev/block/mmcblk0p3
64734+0 records in
64734+0 records out
33143808 bytes transferred in 18.937 secs (1750214 bytes/sec)
[email protected]:/ #[COLOR="red"] exit[/COLOR]
exit
[email protected]:/ $ [COLOR="red"]exit[/COLOR]
exit
c:\mini-adb_vigor>[COLOR="red"]adb reboot bootloader[/COLOR]
c:\mini-adb_vigor>
before:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
after:
downloads added. wipe cache/dalvik and flash in recovery. i recomend to run query first,to make sure its working. tested on my personal rezound.
query:http://www.mediafire.com/download.php?jg8v4ady8nyc8bu
query_bootloader.zip f335f78f9f46469c823da0c671026de5
unlock:http://www.mediafire.com/download.php?il51rl2j1m8417b
unlock_bootloader.zip f335f78f9f46469c823da0c671026de5
lock:http://www.mediafire.com/download.php?05ow9uhw540p6jy
lock_bootloader.zip f335f78f9f46469c823da0c671026de5

apophis9283 has some custom hex edited hboots that will change what your phone says made and available for use:
http://forum.xda-developers.com/showthread.php?t=1853871

feralicious said:
apophis9283 has some custom hex edited hboots that will change what your phone says made and available for use:
http://forum.xda-developers.com/showthread.php?t=1853871
Click to expand...
Click to collapse
Hex edited hboots are NOT factory signed,and are by no means an acceptable way to "return to stock". These hboots can cause issue for future users,and their use to trick vzw into thinking the phone is stock is,IMO fraud.
The above info resets the lock status flag,enabling users to restore the device to 100% as it came from factory.
Sent from my HTC Flyer P510e using xda app-developers app

scotty1223 said:
Hex edited hboots are NOT factory signed,and are by no means an acceptable way to "return to stock". These hboots can cause issue for future users,and their use to trick vzw into thinking the phone is stock is,IMO fraud.
The above info resets the lock status flag,enabling users to restore the device to 100% as it came from factory.
Sent from my HTC Flyer P510e using xda app-developers app
Click to expand...
Click to collapse
So this can be flashed s-on? Or you could use this to s-on? When I say flashed I mean can it replace the hboot in an ruu and be flashed?
Sent from my ADR6425LVW using xda app-developers app

jon7701 said:
So this can be flashed s-on? Or you could use this to s-on? When I say flashed I mean can it replace the hboot in an ruu and be flashed?
Sent from my ADR6425LVW using xda app-developers app
Click to expand...
Click to collapse
You are misunderstanding what this is. It's not a replacement hboot.
The "lock status flag" lives in memory block 0p3,along with the radio secure flag. It tells the hboot weather it is locked,unlocked,or relocked,just like the radio secure flag tells the hboot wether it is s on or s off. Hboot itself is in a different location.
The original 3d dev made a zip that could be flashed from recovery,hopefully someone could modify it to work with the rezound(maybe its directly compatible,since the mmcblk location is the same,I don't know)
You definately need to be s off to modify this partition,otherwise it is write protected,wich is why it took so long for us to get radio s off.
I believe the radio secure flag lives at 0x8400 in mmcblk0p3,so technically,you could change to s on with a hex edit if all your ducks were in a row,but this is not something id recommend.
if you were unlocked,s-off and your speaker quit working,necesitating return to legitimate factory stock,locked,s on,the process would be this:
-change lock flag status flag(hex edit or potential recovery flash)
-verify s off and ***locked***
-run most current ruu
-turn s-on with fastboot comment fastboot oem write secureflag 3
hopw that clears it up some
Sent from my HTC Flyer P510e using xda app-developers app

Oh OK so its basically just modifying the status of your existing boot loader back to locked?
Sent from my ADR6425LVW using xda app-developers app

BTT. recovery flashable zips added to OP. tested on my rezound

That's pretty frickin sweet

I think my issue is answered in this thread.. but I am confused.
I got an ICS rezound on ebay; no idea on the history..
I htcdev unlocked, and updated to get the 2.22 radios and now have hboot 2.27 and it says **RELOCKED** at the top.
when flashing the ruu it wiped the recovery and I am looking to get AmonRa back on there and move on to s-off'ing the device now that the radio's are 'current'..
how do I get my **RELOCKED** to **UNLOCKED** so that I can flash recovery?
fastboot flash recovery Ra3.15PH98IMG.img
sending 'recovery' (7078 KB)...
OKAY [ 1.421s]
writing 'recovery'...
(bootloader) signature checking...
FAILED (remote: signature verify fail)
finished. total time: 3.107s
so.. to flash the 'stock RUU' and get the radios I had to 'fastboot oem lock' to get the RUU to stick..
Do I need to re htcdev unlock again?
Or is there a fastboot command that I am missing?
(I hope this makes sense..)
Thanks for taking the time to read this..

If you're currently s on,you will have to re-unlock the "old fasioned" way. The zips only work when you're s off.
Sent from my HTC One X using Tapatalk 2

[Q] Locked Bootloader Casual no Work

I messed up but I fixed it, mostly. I picked up a note two from Verizon hardware version I605.06 but coming from the Nexus I quickly tired of touchwiz and longed for the halcyon days of CyanogenMod. I ended up using heimdall to root and install Recovery but forgot that the bootloader was still locked, so soft bricked it. Tried restoring to stock using Odin but could not use Official VRALJB4.1.1 since it would fail at sbin. After figuring out that this had something to do with the bootloader I used the the alternate restore file and my phone worked again. So I started over using Casual and was able to get root again but apparently my bootloader is no longer stock and so it tells me to get off the internets. I was able to flash root66 but can’t for the life of me figure out how to unlock the bootloader.
Android Version: 4.1.1
Baseband Version: I605VRALJB
Kernel Version: 3.0.31-414933
[email protected]#1
SMP PREEMPT Sun Oct 28 13:34:23 KST2012
Build Number: JRO03C.I605VRALJB
Hardware Version: I605.06
Edit: I also have stock recovery already installed.

Really?
Is this question too hard or too stupid?

Additional Info
The first time I run casual after reboot it tells me I don't have root and need to get root. The second time I run casual it gives me this.
mkdir failed for /data/local/tmp, File exists
Pushing dependencies
Pushing su binary...
7484 KB/s (91980 bytes in 0.012s)Pushing SuperSU app...
7429 KB/s (996704 bytes in 0.131s)Pushing Exynos-Abuse exploit
6984 KB/s (64373 bytes in 0.009s)Pushing root script
352 KB/s (361 bytes in 0.001s)Pushing Busybox
7068 KB/s (1867568 bytes in 0.258s)Pushing viewmem
2645 KB/s (5417 bytes in 0.002s)Pushing raw exploit code
54 KB/s (56 bytes in 0.001s)Setting Permissions....
Executing Root Exploit.
[*] s_show->seq_printf format string found at: 0xC086C348
[*] sys_setresuid found at 0xC00967C4
[*] patching sys_setresuid at 0xC0096808
remounting system rw....
moving su into position
moving Superuser.apk into position
Your device should be rooted. If you have upgraded past VRALJB firmware the exploit may not function properly.
CASUAL requires a reboot because we look at the memory logs after the device boots to verify proper bootloader version.
rebooting...
[x]Ready for exploit
[x]Found rooted device
[INFO] Reading 512 bytes at 0x40000200...
HellNo
IMPROPER BOOTLOADER VERSION DETECTED. FOLLOW DIRECTIONS NOOB! GUYS LIKE YOU ARE THE REASON DEVELOPERS HAVE SO MUCH PROBLEMS!!!!!! DO YOU REALIZE WHAT IT TAKES TO MAKE SOMETHING LIKE THIS COME TOGETHER?? AND HERE YOU ARE JUST TRYING TO SCREW THINGS UP.... DAMNIT! GET OFF THE INTERNET!

Here's your answer. Use the correct unlock method. That's the old version which doesn't work anymore m you need the one labeled jail break
Sent from my SGH-T889 using xda app-developers app

You were right.
kintwofan said:
Here's your answer. Use the correct unlock method. That's the old version which doesn't work anymore m you need the one labeled jail break
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
As promised, first born son will be air shipped later today, will post back with tracking information.

bazbazbaz said:
As promised, first born son will be air shipped later today, will post back with tracking information.
Click to expand...
Click to collapse
Cool, I will post when received!
Sent from my SGH-T889 using xda app-developers app

kintwofan said:
Cool, I will post when received!
Sent from my SGH-T889 using xda app-developers app
Click to expand...
Click to collapse
Ive tried all the methods with no luck, the casual alsways fails at the end after downloading the pit file, i tried 4 computers, 5 USB cords and 40+ usb ports.

bazbazbaz said:
The first time I run casual after reboot it tells me I don't have root and need to get root. The second time I run casual it gives me this.
mkdir failed for /data/local/tmp, File exists
Pushing dependencies
Pushing su binary...
7484 KB/s (91980 bytes in 0.012s)Pushing SuperSU app...
7429 KB/s (996704 bytes in 0.131s)Pushing Exynos-Abuse exploit
6984 KB/s (64373 bytes in 0.009s)Pushing root script
352 KB/s (361 bytes in 0.001s)Pushing Busybox
7068 KB/s (1867568 bytes in 0.258s)Pushing viewmem
2645 KB/s (5417 bytes in 0.002s)Pushing raw exploit code
54 KB/s (56 bytes in 0.001s)Setting Permissions....
Executing Root Exploit.
[*] s_show->seq_printf format string found at: 0xC086C348
[*] sys_setresuid found at 0xC00967C4
[*] patching sys_setresuid at 0xC0096808
remounting system rw....
moving su into position
moving Superuser.apk into position
Your device should be rooted. If you have upgraded past VRALJB firmware the exploit may not function properly.
CASUAL requires a reboot because we look at the memory logs after the device boots to verify proper bootloader version.
rebooting...
[x]Ready for exploit
[x]Found rooted device
[INFO] Reading 512 bytes at 0x40000200...
HellNo
IMPROPER BOOTLOADER VERSION DETECTED. FOLLOW DIRECTIONS NOOB! GUYS LIKE YOU ARE THE REASON DEVELOPERS HAVE SO MUCH PROBLEMS!!!!!! DO YOU REALIZE WHAT IT TAKES TO MAKE SOMETHING LIKE THIS COME TOGETHER?? AND HERE YOU ARE JUST TRYING TO SCREW THINGS UP.... DAMNIT! GET OFF THE INTERNET!
Click to expand...
Click to collapse
slightly off-topic, but I almost want to do this to my phone to see that end message. amazing. who wrote that, adam?

[RECOVERY+LOKI][CWM][MDK][VZW] SCH-I545 CWM v1.0

DISCLAIMER:
Your device, your responsibility. I am not liable for anything you flash, including this.
As a result you'll probably want to read the rest of the thread and at least be aware of what you're flashing.
You've been warned.
CM: CWM Based Recovery for SCH-I545 (jfltevzw)​
Features:
This is comes from CM as it is provided in the source repos. I will be keeping it as such at this time.
If modifications deviate from CM source we will set up a new repo.
The recovery image has already been patched using the Loki method.
This also means it is tied to MDK signature and should only be flashed on MDK.
Screenshots: None
Latest Build: v1.1
Tar/ZIP Mirror: [CWM][RECOVERY]Team SXTP CWM for Galaxy S4 (Team SXTP Site)
Flash Instructions - READ THESE CAREFULLY!!!
1) Download Zip
2) Unpack Zip and place items on your phone. Assumes you're doing commands from folder where files were extracted to.
For the sake of testing let's say /data/local/tmp like djrbliss used. (ADB push was used in that example)
Code:
adb push recovery.lok /data/local/tmp/
adb push loki_flash /data/local/tmp/
3) Go to ADB shell, su and flash using following commands: (assumes path is /data/local/tmp for Step 2)
Code:
adb shell
su
chmod 755 /data/local/tmp/loki_flash
/data/local/tmp/loki_flash recovery /data/local/tmp/recovery.lok
If successful you should see something similar to:
Code:
[+] Loki validation passed, flashing image.
2253+1 records in
2253+1 records out
9230848 bytes transferred in 0.656 secs (14071414 bytes/sec)
[+] Loki flashing complete!
Assuming you see the above, you should be ready to boot to recovery.
If you do not see this you should immediately flash the stock recovery by dd.
If you don't know how to do that, stop, ask for help. Let's try not to brick a phone doing this, okay?
Summary Changelog:
Code:
v1.1 - Correct typo on device name (in CM device tree). Repo was still okay.
v1.0 - Initial based on Sprint progress (jf series shares same fstab)
Source:
CyanogenMod Official Repositories
Device Dependencies:
android_device_samsung_jf-common
android_device_samsung_msm8960-common
android_device_samsung_qcom-common
Verizon GS4 Device Repository
NOTE: Due to potential copyright issues I do not include a vendor repo.
You can extract the files from the phone or ROM as needed - should you decide to build on your own.
Credits:
Early Bringup Advice: Entropy512, Shabbypenguin, Cordell12
Current Advisors/Collaborators: Noobnl (CM CDMA Maintainer)
Testers: Mohogalore, robbyamor, crawj and others
Steve Kondik (Cyanogen) for CM development and jf common work
The CM maintainters who continue to improve CM along with Mr. Kondik
The crew that is Paranoid Android - Pure Hybrid!
Djrbliss for the Loki Method. (and for permission to include loki_flash in the zip!)
...and of course! You, the community, for your support as well! Thank you!

OP has been updated with a Loki patched recovery image and flash instructions.
If you run into problems, STOP and post here with the issue.
Let's do this as safely as possible until we confirm some safe flashes.

Again, asking that anyone who flashes this post their results. Obviously a lot of folks watching and although it shouldn't be an issue everyone likes to wait for first outside validation before flashing.

If it helps at all, I used the same process for the most part. It does indeed work.
1|[email protected]:/ # /data/local/tmp/loki_flash recovery /data/local/tmp/twrp.lok
covery /data/local/tmp/twrp.lok <
[+] Loki validation passed, flashing image.
2559+1 records in
2559+1 records out
10484224 bytes transferred in 0.713 secs (14704381 bytes/sec)
[+] Loki flashing complete!
only difference is I used TWRP

NxtGenCowboy said:
If it helps at all, I used the same process for the most part. It does indeed work.
1|[email protected]:/ # /data/local/tmp/loki_flash recovery /data/local/tmp/twrp.lok
covery /data/local/tmp/twrp.lok <
[+] Loki validation passed, flashing image.
2559+1 records in
2559+1 records out
10484224 bytes transferred in 0.713 secs (14704381 bytes/sec)
[+] Loki flashing complete!
only difference is I used TWRP
Click to expand...
Click to collapse
where'd you get the twrp.lok file? following djrbliss' instructions?

t3project said:
where'd you get the twrp.lok file? following djrbliss' instructions?
Click to expand...
Click to collapse
No.
thats what I renamed it to since I used a twrp img

im losing my damn mind. someone care to explain this?
Code:
[email protected]:/sdcard # /sdcard/loki_flash recovery /sdcard/twrp.lok
/sdcard/loki_flash recovery /sdcard/twrp.lok
sh: /adcard/loki_flash: not found
127|[email protected]:/sdcard #
i get this after a chmod of loki_flash. if i dont do chmod on it it says it cannot find the file loki_flash.....wtf?
Code:
[email protected]:/sdcard # /sdcard/loki_flash recovery /sdcard/twrp.lok
/sdcard/loki_flash recovery /sdcard/twrp.lok
sh: /sdcard/loki_flash: can't execute: Permission denied
126|[email protected]:/sdcard #

t3project said:
im losing my damn mind. someone care to explain this?
Code:
[email protected]:/sdcard # /sdcard/loki_flash recovery /sdcard/twrp.lok
/sdcard/loki_flash recovery /sdcard/twrp.lok
sh: /adcard/loki_flash: not found
127|[email protected]:/sdcard #
i get this after a chmod of loki_flash. if i dont do chmod on it it says it cannot find the file loki_flash.....wtf?
Code:
[email protected]:/sdcard # /sdcard/loki_flash recovery /sdcard/twrp.lok
/sdcard/loki_flash recovery /sdcard/twrp.lok
sh: /sdcard/loki_flash: can't execute: Permission denied
126|[email protected]:/sdcard #
Click to expand...
Click to collapse
Derp. What permissions are you giving it?

NxtGenCowboy said:
No.
thats what I renamed it to since I used a twrp img
Click to expand...
Click to collapse
I tried just renaming the .img file to .lok, but it gave me a few errors. So using djrbliss's Loki tool (much thanks!) I generated a file for the TWRP recovery.
Here is the link: twrp.lok - 10.00 MB
---------- Post added at 02:52 PM ---------- Previous post was at 02:50 PM ----------
t3project said:
im losing my damn mind. someone care to explain this?
Code:
[email protected]:/sdcard # /sdcard/loki_flash recovery /sdcard/twrp.lok
/sdcard/loki_flash recovery /sdcard/twrp.lok
sh: /adcard/loki_flash: not found
127|[email protected]:/sdcard #
i get this after a chmod of loki_flash. if i dont do chmod on it it says it cannot find the file loki_flash.....wtf?
Code:
[email protected]:/sdcard # /sdcard/loki_flash recovery /sdcard/twrp.lok
/sdcard/loki_flash recovery /sdcard/twrp.lok
sh: /sdcard/loki_flash: can't execute: Permission denied
126|[email protected]:/sdcard #
Click to expand...
Click to collapse
You have to put the files in a folder like /data/local/tmp since the sdcard folder does not allow executables contrary to the instructions provided. (At least that was my understanding when trying to debug the same issue!)

fallingup said:
Derp. What permissions are you giving it?
Click to expand...
Click to collapse
all the good ones. haha 755
trvrlol said:
I tried just renaming the .img file to .lok, but it gave me a few errors. So using djrbliss's Loki tool (much thanks!) I generated a file for the TWRP recovery.
Here is the link: twrp.lok - 10.00 MB
---------- Post added at 02:52 PM ---------- Previous post was at 02:50 PM ----------
You have to put the files in a folder like /data/local/tmp since the sdcard folder does not allow executables contrary to the instructions provided.
Click to expand...
Click to collapse
lol.....see told you i was losing it

I get a successful flash but still only get stock android recovery. I think it is because I can't find the install reovery.sh to delete it

mikebuck69 said:
I get a successful flash but still only get stock android recovery. I think it is because I can't find the install reovery.sh to delete it
Click to expand...
Click to collapse
It's in /system/etc.

I think I read in the other thread, they had success doing this on the pre-release kernal.
Sent from my SCH-I545 using Xparent Green Tapatalk 2

garwynn said:
It's in /system/etc.
Click to expand...
Click to collapse
not on my S4 it isn't lol. I get the successful flash, reboot to recovery, get stock recovery, reboot system from there and I then get the Samsung logo with the unlocked padlocked telling me SOMEthing unnoficiall got installed. Phone boots up and I boot back into recovery, still stock recovery, reboot system again and I get normal boot up, no padlock screen. I'm still on the mdk kernel so I will try flashing the pre-release kernel a little later and trying again.

I see a recovery-resource.dat in /system/etc but not recovery.sh.
Sent from my SCH-I545 using Xparent Green Tapatalk 2

You can use GooManager and install Twrp... Just have root first.

NxtGenCowboy said:
You can use GooManager and install Twrp... Just have root first.
Click to expand...
Click to collapse
Have you done this? I tried it on a (locked bootloader) Note 2 and got the screen that I needed to take the phone to a Verizon store. It took me an hour or more to fix it.
Sent from my SCH-I545 using Xparent Green Tapatalk 2

NxtGenCowboy said:
You can use GooManager and install Twrp... Just have root first.
Click to expand...
Click to collapse
I tried that and got the "You have installed unofficial blah blah contact Verizon" message. I had to generate a TWRP loki image and flash using the OP's instructions.

It works fine. Make sure you are rooted.

NxtGenCowboy said:
It works fine. Make sure you are rooted.
Click to expand...
Click to collapse
Yea they posted an updated release already that is Loki modified, so you are actually correct!

Can't unlock Verizon Incredible 4G phone, was previously unlocked

I am trying to unlock my HTC Incredible 4G on Verizon to load a new ROM onto it. All of my attempts have failed up to this point, by using the WinDroid v2.3 automated tool. I get the following output during the process:
Code:
Task:
1) WINDROID USERS CHOOSE THIS OPTION!
2) Set CID to SuperCID (11111111) - Requires Root
3) Revert CID to original state (VZW__001) - Requires Root
4) Re-lock the bootloader
5) Install recovery
6) Put phone into temp-root mode
10) Exit
Choose a task: 1
========================
= Step 1: Temp-Root =
========================
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
FA************ device
Under "List of devices attached" above, you should see your device
listed (looks like HTXXXXXXXXXX).
Do you see your device (Y/N)? y
Now unlock your device and confirm the restore operation.
By the time you are done reading this sentence, it should be safe to
accept the restore prompt on your device. You should not have a backup
password set on your phone, so leave both password fields empty.
If this process is successful, the script will continue. If not, this
shell will run forever and you must exit by closing this window.
When you see this message, the restore is complete. Your phone will
now reboot to what looks like an unusable state (be patient!). A
status bar will show across the top, but there will be no ring unlock.
This is good! Wait for the script to begin step 2: SuperCID.
========================
= Step 2: SuperCID =
========================
Your phone's CID is being modified to SuperCID. Once complete, your
phone will reboot to the bootloader.
2+0 records in
2+0 records out
1024 bytes transferred in 0.025 secs (40960 bytes/sec)
142 KB/s (1024 bytes in 0.007s)
31 KB/s (1024 bytes in 0.032s)
2+0 records in
2+0 records out
1024 bytes transferred in 0.035 secs (29257 bytes/sec)
< waiting for device >
...
(bootloader) cid: VZW__001
OKAY [ 0.011s]
finished. total time: 0.012s
Just above, you should see (bootloader) cid: 11111111
1) Yes, my cid is 11111111. Keep going.
2) No, my cid is VZW__001. Factory reset and try again.
3) No, my cid is VZW__001. Exit the script.
There are two things I notice here:
1) My phone is not identified as "HTxxxxxxxxxx" but rather "FA**********".
2) It appears to work, with the reading and writing of the files, but then it doesn't work.
One thing that I noticed was that when I go into the bootloader when this does not work, I get the first attachment.
When I go to the "Recovery" option, then I get the second attachment.
It appears that I originally put a ROM or S-off'd and unlocked my phone, but somehow lost the unlock and can't figure out how to fix it.
Any help in figure it out would be appreciated.

Do you know which OTA is currently on the phone? The unlock method depends greatly on which one is installed. Assuming you're on the latest, try this method: http://forum.xda-developers.com/showthread.php?t=2664460 The script looks slightly different than what you've posted above.

junkmail9 said:
Do you know which OTA is currently on the phone? The unlock method depends greatly on which one is installed. Assuming you're on the latest, try this method: http://forum.xda-developers.com/showthread.php?t=2664460 The script looks slightly different than what you've posted above.
Click to expand...
Click to collapse
Thanks for the input.
My device is at the most current OTA: 2.19.605.2 710RD
Android: 4.0.4
Kernel:
3.0.8-01625-g9d06ef9
[email protected] #1
SMP PREEMPT
I tried the link that you pointed to with no success. I got the following error messages:
Code:
/sdcard/cid: cannot open for write: Read-only file system
remote object '/sdcard/cid' does not exist
The system cannot find the file specified.
cannot stat 'cid': No such file or directory
/sdcard/cid: cannot open for read: No such file or directory
rm failed for /sdcard/cid, No such file or directory
Could Not Find C:\Users\Keith\Downloads\cid
I've tried just the straight-forward process of a number of different scripts. I think there is something specific that I am missing.

keithsmessina said:
Thanks for the input.
My device is at the most current OTA: 2.19.605.2 710RD
Android: 4.0.4
Kernel:
3.0.8-01625-g9d06ef9
[email protected] #1
SMP PREEMPT
I tried the link that you pointed to with no success. I got the following error messages:
Code:
/sdcard/cid: cannot open for write: Read-only file system
remote object '/sdcard/cid' does not exist
The system cannot find the file specified.
cannot stat 'cid': No such file or directory
/sdcard/cid: cannot open for read: No such file or directory
rm failed for /sdcard/cid, No such file or directory
Could Not Find C:\Users\Keith\Downloads\cid
I've tried just the straight-forward process of a number of different scripts. I think there is something specific that I am missing.
Click to expand...
Click to collapse
Sorry for the delay in response. Looking again at your screenshot in the OP, you are indeed missing the CID. It should appear between "FIREBALL" and "HBOOT":
I have not dealt directly with that one before, but I would imaging that during temproot, you'll need to recreate the directory. I vaguely recall in a post in this forum on how to manually push a different CID via memory chunk. That might be the best approach to rebuild that area so that you can get going again.

Two questions for the general community:
1. Does anyone know if flashing the RUU will restore the CID?
@keithsmessina - It probably wouldn't hurt to try this anyway. I am guessing it will fail due to lack of CID.
2. Will sending the following command work while phone is in bootloader if the phone is not s-off and the \sdcard\CID directory is missing? What, if any other damage could occur if the \sdcard\CID directory is missing?
Code:
fastboot oem writecid VZW__001

junkmail9 said:
Two questions for the general community:
1. Does anyone know if flashing the RUU will restore the CID?
@keithsmessina - It probably wouldn't hurt to try this anyway. I am guessing it will fail due to lack of CID.
2. Will sending the following command work while phone is in bootloader if the phone is not s-off and the \sdcard\CID directory is missing? What, if any other damage could occur if the \sdcard\CID directory is missing?
Code:
fastboot oem writecid VZW__001
Click to expand...
Click to collapse
Thank you for the suggestions.
1. I tried this, but got the message: "Main version is older." I think I can only do that if my version is lower than the current RUU.
2. I tried the fastboot write, but I got:
Code:
(bootloader) fighter_init_sd, SD card already power on
(bootloader) sdhw_7xxx_open: id=0
(bootloader) sdcc_init_memory_device done
(bootloader) SD clock freq = 19MHz....
(bootloader) [FAT_ERROR] fat_open_file: can not find SMART_IO.CRD
(bootloader) [JAVACARD_ERR] SMART_IO.CRD cann't find
OKAY [ 0.172s]
finished. total time: 0.174s
When I tried: adb devices with the phone at "fastboot USB", I didn't see anything, so I think it failed for that reason. I tried killing adb, removing and reinserting the USB, adn then running adb devices, but still comes up empty.
I'm really at a loss, but appreciate the help from you guys.

I managed to figure out the read-inly access. HTC Sync Manager started each time and grabbed the SD card before the script could do anything. I renamed the HTC Sync Manager to stop it from running. Then I re-ran the script and got:
Code:
2+0 records in
2+0 records out
1024 bytes transferred in 0.002 secs (512000 bytes/sec)
333 KB/s (1024 bytes in 0.003s)
71 KB/s (1024 bytes in 0.014s)
2+0 records in
2+0 records out
1024 bytes transferred in 0.002 secs (512000 bytes/sec)
< waiting for device >
...
(bootloader) cid: VZW__001
OKAY [ 0.010s]
finished. total time: 0.012s
So, I am still not getting the right CID, but progress nonetheless.

Try uninstalling all HTC software rather than renaming it. Also I believe
http://forum.xda-developers.com/showthread.php?t=2664460 does not require the super cid.
From my Chroma Flo

wmuflyer said:
Try uninstalling all HTC software rather than renaming it. Also I believe
http://forum.xda-developers.com/showthread.php?t=2664460 does not require the super cid.
From my Chroma Flo
Click to expand...
Click to collapse
Thank you for that. I don't know how many times I've gone through it, but I finally got that you just have to do step 6 rather than step 1 to get S-Off. I now have S-Off with TWRP.
The next problem that I am running into is getting an error message when trying to flash the pacman fireball ROM:
Code:
This package is for device: fireballx; this device is .
Really appreciate all the help in getting me to this point.

Need to use the modified TWRP. Read the OP carefully it takes a bit of work, it swaps partitions so you have more space for apps.
Edit: OP in the PAC thread.
Sent from my Nexus 5 using XDA Free mobile app

wmuflyer said:
Need to use the modified TWRP. Read the OP carefully it takes a bit of work, it swaps partitions so you have more space for apps.
Edit: OP in the PAC thread.
Sent from my Nexus 5 using XDA Free mobile app
Click to expand...
Click to collapse
I realize that I kept running into an issue changing one of the file systems during that first process which meant that only one of them changed: the "Data" filesystem.
The "Internal Storage" filesystem gave me an MTP error, but then said it finished successfully. It stayed as a vFAT filesystem.
I did get Liquidsmooth up and running with PaGapps, but am now looking for a way to resize my partitions, as there isn't much room left to install apps.

People have looked at resizing the partitions but nobody has had any luck. The partition change seems to be the best bet it was set up by MDMower for his CM builds http://mdmower.cmphys.com/cyanogenmod-fireball/ it might give you more information to make the swap. Beeko has stopped work on Liquid Smooth so for current Android 5.x PAC or CM are the choices and they only work with the partition swap. I have PAC on my Fireball but will probably try CM 12.1 soon.

keithsmessina said:
Thank you for that. I don't know how many times I've gone through it, but I finally got that you just have to do step 6 rather than step 1 to get S-Off. I now have S-Off with TWRP.
Click to expand...
Click to collapse
Excellent! Glad you got it done.

junkmail9 said:
Excellent! Glad you got it done.
Click to expand...
Click to collapse
I've managed to swap the partitions and get the Pacman ROM installed, thanks to the instructions you sent me, wmuflyer. No hiccups with the Pacman ROM, it seems to be polished and working flawlessly. Thanks again for all the help, guys! Really appreciate it.

[ROOT] TMO/VZW/ATT/SPRINT/INTL Root your LG G4 with Low Effort Root!

Hello all,
It's that time of the night where I post things on XDA and wake up to a bajillion PMs.
Without further ado, I introduce "Low Effort Root".
What is this?
Low Effort Root is a root for your LG G4, named such because this is a root we really weren't too interested in releasing, but the phone is gaining critical mass so we figured waiting any longer would be a disservice to the community.
(We also don't like that the root ends up being ~4GB, since we're flashing whole new system partitions.)
We had originally planned on releasing an in-android root app, however time constraints on all the team members has prevented us from devoting the necessary time to it.
This root will root any LG G4, provided we have a pre-rooted system image for it. This is akin to 'flashing a rooted odin' image on a Samsung phone, as we're simply writing a system partition that contains Superuser.
No exploits here, no trickery, just a plain and simple flash and be on your merry way.
Click to expand...
Click to collapse
How do I use this?
Please read the whole directions here carefully. If you miss a step, or you copy the wrong command and run it, your phone will be BRICKED. You will have flashed a partition to some random place on your phone's internal SD, and no amount of sad private messages will be able to help you.
I'm 100% serious, if you do this wrong, you will turn your phone into a paperweight - so please don't go rooting your mom/dad's phone with this method. Wait for something better from us.
Ensure you have the proper drivers for your phone. If you don't, download and install the proper driver below.
Code:
All G4 (except Verizon) - [URL="http://downloads.codefi.re/autoprime/LG/LG_G4/LGUnitedMobile_Win_Driver_Ver_3.14.1.exe"]http://downloads.codefi.re/autoprime/LG/LG_G4/LGUnitedMobile_Win_Driver_Ver_3.14.1.exe[/URL]
Verizon - [URL="http://downloads.codefi.re/autoprime/LG/LG_G4/LG_VZW_United_WHQL_v2.22.0.exe"]http://downloads.codefi.re/autoprime/LG/LG_G4/LG_VZW_United_WHQL_v2.22.0.exe[/URL]
Open this forum link and keep it up in another tab. We'll refer to it again in step 6: http://forum.xda-developers.com/android/development/guide-root-method-lg-devices-t3049772 (and while you're at it, give the op there a thanks!)
Download the appropriate files for your phone from the section below. Make sure to grab the Send_Command tools (named LG_Root.zip below)
Extract the tar.gz file you downloaded for your phone, and move the resulting "system.rooted.phonemodel.img" file to the root of your phone's internal SD card with MTP mode. Do not rename this file, or move it into any folders. If you don't get a file named "system.rooted.phonemodel.img" DO NOT continue. You need to properly extract the file.
On the page you opened in step 2, follow steps 1,2,3,6,7,8,and 9 on that page only, then come back here.
Ensure that on step 9, you use the right COM port.
Type "id" and press enter (no quotes).
You should get back some text starting with "uid=(0)root gid=(0)root". If not, press CTRL-C, and do step 9 again (the application sometimes doesn't respond on the first command).
Run the command specified in the section below titled 'Commands to Run' to flash the rooted system image.
After a few minutes of sitting, you should get back a "#" prompt. This indicates the process has finished.
Type "LEAVE" (no quotes) and press enter. Your phone should reboot, and your phone will be rooted.
Now that you're rooted, MAKE SURE YOU DISABLE OTA UPDATES, if you accidentally take an OTA, you might not be able to roll back or fix it.
You can also delete the system.rooted.modelnumer.img from your phone's internal SD card to save some space.
Click to expand...
Click to collapse
Commands to Run
T-Mobile H811 10H Version:
Code:
dd if=/data/media/0/system.rooted.H81110h.img bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
VZW VS986 11A Version:
Code:
dd if=/data/media/0/system.rooted.vs98611a.img bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
International H815 10c Version (NOT H815T, H815TR, H815P, etc - you will lose internationalization and possibly features):
Code:
dd if=/data/media/0/system.rooted.H81510c-EU.img bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
AT&T H810 10G Version:
Code:
dd if=/data/media/0/system.rooted.h81010g.img bs=8192 seek=65536 count=579584 of=/dev/block/mmcblk0
Sprint LS991 ZV5 Version:
Code:
dd if=/data/media/0/system.rooted.LS991ZV5.img bs=8192 seek=65536 count=557312 of=/dev/block/mmcblk0
If your phone isn't listed here DO NOT run these commands on your phone. You will break your phone.
If your phone isn't running the EXACT firmware version specified, you will need to OTA to the proper version to root. If you'd like to not OTA, sit tight while we get a better root together.
Click to expand...
Click to collapse
Download Links (more to come soon)
Send_Command tools - ALL variants require this (you'll use this in step #5):
Code:
[URL="http://downloads.codefi.re/thecubed/lg_g4/lef/LG_Root.zip"]http://downloads.codefi.re/thecubed/lg_g4/lef/LG_Root.zip[/URL]
(I'm mirroring these because unfortunately Dev-Host is tricking users into downloading malware with a 'Download' versus 'Download Now' button. As much as I feel bad for mirroring, I'd feel worse if I let people get led astray by a site that is tricking users.)
Download one of the following, depending on your phone's model
T-Mobile:
Code:
[URL="http://downloads.codefi.re/thecubed/lg_g4/lef/h81110h.tar.gz"]http://downloads.codefi.re/thecubed/lg_g4/lef/h81110h.tar.gz[/URL]
Verizon:
Code:
[URL="http://downloads.codefi.re/thecubed/lg_g4/lef/vs98611a.tar.gz"]http://downloads.codefi.re/thecubed/lg_g4/lef/vs98611a.tar.gz[/URL]
International H815 10c Version:
Code:
[URL="http://downloads.codefi.re/thecubed/lg_g4/lef/h81510c-eu.tar.gz"]http://downloads.codefi.re/thecubed/lg_g4/lef/h81510c-eu.tar.gz[/URL]
AT&T:
Code:
[URL="http://downloads.codefi.re/thecubed/lg_g4/lef/h81010g.tar.gz"]http://downloads.codefi.re/thecubed/lg_g4/lef/h81010g.tar.gz[/URL]
Sprint:
Code:
[URL="http://downloads.codefi.re/thecubed/lg_g4/lef/LS991ZV5.tar.gz"]http://downloads.codefi.re/thecubed/lg_g4/lef/LS991ZV5.tar.gz[/URL]
Please do not mirror these files. Also, you do NOT have my permission to roll any of this into a 'one-click' root.
Click to expand...
Click to collapse
Ah Gawd, something went wrong!
Did it really? That's interesting... Luckily short of running the wrong command, you can easily recover from a bad flash by simply looking for the "Return to Stock" thread here on XDA for your phone, and flashing the KDZ from there.
KDZs cover a multitude of sins (short of you putting something in the completely wrong place on the EMMC).
Click to expand...
Click to collapse
Why isn't my variant supported?
See Post #2 by @autoprime (or click here: http://forum.xda-developers.com/showpost.php?p=62028523&postcount=2 )
Click to expand...
Click to collapse
Special Thanks
First, I really need to thank everyone that donated to get Team Codefire phones.
You all are *super* awesome, and we are very grateful to be the recipients of your kindness
That said, if you'd like to consider donating to us for our work, our donation links are here. Thanks!
@thecubed - Paypal Donate - That's me!
@IllegalArgument - Paypal Donate - As usual, IllegalArgument is a genius. He also might be a mad scientist, it won't surprise me when he achieves cold fusion somehow.
@autoprime - Paypal Donate - 99.92% of testing for this root and pretty much all our other goodies get tested by autoprime - he's awesome -- he even wrote up the instructions for this root for me
@jcase - Paypal Donate - Gotta add jcase here, he's a wealth of information and a damn smart dude all around.
Click to expand...
Click to collapse

I just wanna say thanks again to everyone who donated to the original gofundme so we could get these G4's in hand. :highfive:
If you use MTP it shouldnt take too long to move the system.img over to internal scard (no u cant use external sd for this).
If you use ADB push... it takes a good.. 20-25min to push the file over to internal storage.
Using the dd commands to flash the system img should only take a few minutes.
As for the bounty/donations for root... yes there are 4 paypals linked. Ideally you'd split each donation up... as we only get what's donated to each of us. Due to taxes.. multiple ppl involved etc... it's just more difficult (on us) to use a single email.
I'm gonna call out everyone who pledged but doesn't come thru. JK.. maybe.. :silly:
be sure to follow me on twitter to keep up with the latest news and updates.. @utoprime
Command to Flash System.img (All Variants):
These commands are an extension of the OP.. adding support for the rest of the G4 variants not included in initial release.
REPLACE "rootedsystem.img" in your command with the name of the actual rooted.system.img you're using.
Example... if you downloaded a rooted system img for F500K 10F you'd change:
dd if=/data/media/0/rootedsystem.img bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
into
dd if=/data/media/0/rooted.system.F500K10F.img bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
(or whatever the filename is...)
AS991:
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=509952 of=/dev/block/mmcblk0
F500K/L/S :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
H810 AT&T :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=579584 of=/dev/block/mmcblk0
H810PR :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H811 T-Mobile :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
H812 Canada (All H812s) :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
H815 EU/SEA/TWN :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H815L :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H815P :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H815T :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H815TR :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H818 China:
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
H818N :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H818P :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=55296 count=529920 of=/dev/block/mmcblk0
H819 China:
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
LS991 Sprint :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=557312 of=/dev/block/mmcblk0
VS986 Verizon :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
US991 US Cellular :
Code:
dd if=/data/media/0/[B]rootedsystem.img[/B] bs=8192 seek=65536 count=548352 of=/dev/block/mmcblk0
Click to expand...
Click to collapse
Pre-Rooted System.img Download Links
These are links for pre-rooted system.imgs from the users.
I will not link to new threads... only system.imgs posted in this thread.
AS991 10C:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62213418&postcount=1578"]http://forum.xda-developers.com/showpost.php?p=62213418&postcount=1578[/URL]
H810 10B / 10E:
Code:
[URL="http://forum.xda-developers.com/att-g4/development/root-images-h81010b-h81010e-t3168427"]http://forum.xda-developers.com/att-g4/development/root-images-h81010b-h81010e-t3168427[/URL]
H810 10I:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62809806&postcount=2091"]http://forum.xda-developers.com/showpost.php?p=62809806&postcount=2091[/URL]
H810PR 10A:
Code:
[URL="http://forum.xda-developers.com/att-g4/development/ahhh-root-sweet-delicious-root-h810pr-t3168322"]http://forum.xda-developers.com/att-g4/development/ahhh-root-sweet-delicious-root-h810pr-t3168322[/URL]
H812 (All Variants):
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62115644&postcount=1249"]http://forum.xda-developers.com/showpost.php?p=62115644&postcount=1249[/URL]
H812 10G:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=63010862&postcount=2172"]http://forum.xda-developers.com/showpost.php?p=63010862&postcount=2172[/URL]
H815 10B Vodafone Germany:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62132150&postcount=1365"]http://forum.xda-developers.com/showpost.php?p=62132150&postcount=1365[/URL]
H815 10B Germany EUR (Open):
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62161571&postcount=1477"]http://forum.xda-developers.com/showpost.php?p=62161571&postcount=1477[/URL]
H815 10D EUR (Open):
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62225446&postcount=1596"]http://forum.xda-developers.com/showpost.php?p=62225446&postcount=1596[/URL]
H815 SEA 10B:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62140625&postcount=1400"]http://forum.xda-developers.com/showpost.php?p=62140625&postcount=1400[/URL]
H815T 10B HKG:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62114467&postcount=1242"]http://forum.xda-developers.com/showpost.php?p=62114467&postcount=1242[/URL]
H818P 10D:
Code:
[URL="https://www.androidfilehost.com/?fid=24052804347781803"]https://www.androidfilehost.com/?fid=24052804347781803[/URL]
US991 10A Unlocked:
N/A
US991 10A US Cellular:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=64854943&postcount=2642"]http://forum.xda-developers.com/showpost.php?p=64854943&postcount=2642[/URL]
US991 10C US Cellular:
Code:
[URL="http://forum.xda-developers.com/showpost.php?p=62115811&postcount=1251"]http://forum.xda-developers.com/showpost.php?p=62115811&postcount=1251[/URL]
Click to expand...
Click to collapse
Backup System to Internal Storage (Commands for all variants):
Rather than flashing a pre-rooted system.img.. the following commands are to backup your current system partition into a system.img on your internal sdcard. You would do this if you want a stock system.img.. possibly to upload/share with others on this forum so someone can pre-root it... or to unroot and go back to stock (though it's probably easier to use a KDZ to go back to stock if you have one available).
AS991:
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=65536 count=509952 of=/data/media/0/system.img
H810PR, H815 (All variants), H818N/P :
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=55296 count=529920 of=/data/media/0/system.img
F500, H811, H812, H818, H819, VS986, US991 :
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=65536 count=548352 of=/data/media/0/system.img
H810 AT&T :
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=65536 count=579584 of=/data/media/0/system.img
LS991 :
Code:
dd if=/dev/block/mmcblk0 bs=8192 skip=65536 count=557312 of=/data/media/0/system.img
Click to expand...
Click to collapse
How-to Videos:
If you have a related video I think is worth sharing I will add it below.
[How to] Root the LG G4 without bootloader unlock by @rirozizo
How to Root your LG G4 all variants by @Tomsgt aka Rootjunky
Click to expand...
Click to collapse

I'm off to bed here shortly... If anything breaks, I blame autoprime

OMG!!! the links are down though.
I want to try it on mine H815L, i could flash H815 KDZ with no problem, can i root it?

Thanks for the BEST releasing, but does it support Hong Kong H818N? Or H818P? Thank you.

Derpling said:
OMG!!! the links are down though.
I want to try it on mine H815L, i could flash H815 KDZ with no problem, can i root it?
Click to expand...
Click to collapse
Links should be back up.. had some quick scheduled maintenance.
As for if H815L or H815T or H815TR or H815P will work with the existing H815 image... not sure to be honest. It SHOULD but I'm not sure what sort of localization files are included in each of those H815X variants. I would say.. if u wanna go for it.. go for it... just confirm you can grab a KDZ for your phone first.
See here for KDZ info http://forum.xda-developers.com/showthread.php?goto=newpost&t=3147406
Worst case.. the language is wrong or something and you flash back to stock KDZ. We plan on adding more intl system images later today/tomorrow if you don't wanna risk it.
jkvndst said:
Thanks for the BEST releasing, but does it support Hong Kong H818N? Or H818P? Thank you.
Click to expand...
Click to collapse
Like my above answer.. it's hard to say. Im not sure if there are any different files due to dual sim H818N/H818P. I can confirm worst case would be.. just flash KDZ if it doesnt work out with H815 img (for your exact models you mentioned). We plan on adding H818N/P and H818/H819 etc etc later today/tmw.
I can say, if you are H818/H819 china.. do NOT flash anything yet. You need your own images.
F500, H810, H812, H818/9, H818N/P, H815X, LS991, US991 all coming soon. :good:
(we need sleep)

When i flashed H815 KDZ over my L, it does give error when u start the phone, that some language was not found, but i have all languages and all works perfect, so i guess i good to go.
Anyway i gonna try it , need root so badly to change Kernel stuff, THANK YOU!

Excellent news for those not already rooted. I have been lucky enough to have been rooted from Day One but now thanks to you guys its finally time. Let the ROM's commence!

You guys are amazing, thank you very much. You mention blocking the OTA's immediately once we have root, should we use the same method as before with the debloater tool, or is there a better method once we're rooted to disable? Thanks again

My Verizon G4 has the latest OTA update, will that be an issue? Thanks

thenewbigmack said:
You guys are amazing, thank you very much. You mention blocking the OTA's immediately once we have root, should we use the same method as before with the debloater tool, or is there a better method once we're rooted to disable? Thanks again
Click to expand...
Click to collapse
No, users should look into seeing which apks to freeze/delete from system. Debloater tool is nice without root.. but freezing with titanium backup or something.. or just removing the apk might be best bet. As for which apks or services to freeze.. that's gonna differ for each variant.. and it's gonna take a community effort to compile all of that. I think we'll have enough time between now and the next OTA to sort that out. But anyone who doesnt keep up on this and doesnt block ota.. may be stuck without root after that ota. Of course.. there's also a chance that LG will not update the "bootloader version" used for anti-rollback for each update. And if thats the case.. it may still be possible to downgrade using KDZ. Only time will tell... but better to be safe than sorry.
slick_shoes said:
My Verizon G4 has the latest OTA update, will that be an issue? Thanks
Click to expand...
Click to collapse
not an issue. you can use it on 11A. Tmo users can use it on 10h.
no current OTA period will cause an issue for root. as for anything in the future... beware.

Is it now possible to backup the drm-keys before unlocking BL?
Gesendet von meinem LG-H815 mit Tapatalk

Model H815L, root is WORKING, no errors no bootloopes whatsoever, now time to install recovery and smile.
THANK YOU VERY MUCH!!!

Anyone tried H815TUR?

Bigdaddy168 said:
Is it now possible to backup the drm-keys before unlocking BL?
Gesendet von meinem LG-H815 mit Tapatalk
Click to expand...
Click to collapse
Sure, you can backup any partition now.
Code:
su
dd if=/dev/block/bootdevice/by-name/drm of=/sdcard/drm-backup.img
would save your drm partition to your internal sdcard.
Derpling said:
Model H815L, root is WORKING, no errors no bootloopes whatsoever, now time to install recovery and smile.
THANK YOU VERY MUCH!!!
Click to expand...
Click to collapse
Awesome, thanks for confirming... you've now made the "bounty" official :good:
But this is just root... no custom recovery yet (unless you are able to unlock officially thru LG.. but that is only H815 EU Open (no carrier version).

Will this work with v10c-OPT5-SI?
H815-Poland

sardroid said:
Will this work with v10c-OPT5-SI?
H815-Poland
Click to expand...
Click to collapse
yes.. H815 is supported. Country is not relevant. Check your box or settings menu for model.
ALL H815's are supported. User above has confirmed H815L working with the H815 method.
H815T, H815TR, H815P models most likely will work but languages or localization settings may not be included.
If anyone isnt up for "taking a risk".. please wait for us to add support for your exact model.
ALL firmware versions as of today are supported by this root. Future OTAs.. too early to say.

Tmobile H811 10H rooted. No issues so far. Installed Titanium Backup and Adaway and confirm both are working as normal.
Quick question just to confirm: Factory reset shouldn't affect the root right?

Bootup said:
Tmobile H811 10H rooted. No issues so far. Installed Titanium Backup and Adaway and confirm both are working as normal.
Quick question just to confirm: Factory reset shouldn't affect the root right?
Click to expand...
Click to collapse
Sorry, don't have the answer you're looking for, but have a quick question. How have you gone about disabling future OTA's? I'm also on TMobile which is why I ask. Thank you.
---------- Post added at 10:56 AM ---------- Previous post was at 10:53 AM ----------
You guys are amazing... thank you
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

Am I doing this correctly?
Code:
C:\Users\Hubert\Desktop\LG_Root>Send_Command.exe \\.\COM3
Author : blog.lvu.kr
SPECIAL COMMAND : ENTER, LEAVE
#id
uid=0(root) gid=0(root) context=u:r:recovery:s0
#
Code:
C:\Users\Hubert\Desktop\LG_Root>Send_Command.exe \\.\COM3
Author : blog.lvu.kr
SPECIAL COMMAND : ENTER, LEAVE
#id
uid=0(root) gid=0(root) context=u:r:recovery:s0
#dd if=/data/media/0/system.rooted.H81510c-EU.img bs=8192 seek=55296 count=52992
0 of=/dev/block/mmcblk0
#