Related
Can this brick your phone/void your warranty? Of course it could! I wouldn't be posting it on XDA if it couldn't!
TeutonJon78 said:
Just be aware that once you unlock, you won't get anymore OTA updates at the current moment, and there's not full factory images to fall back on. They will still try to push OTAs if anyone does this bootloader unlock method, but they will always fail due to version checking.
Click to expand...
Click to collapse
So as it stands right now, if you do this, you're not going to get further updates from ZTE, unless they change their stance.
Here's a method that should work for any brave souls. It's the method I used so far.
My understanding is this update only makes the required patches to allow the command fastboot oem unlock to actually unlock the bootloader. That being said, I do not know for sure that this is not specific to my phone's IMEI. If someone would supply me with the file/link they get from using adb shell logcat > ota.txt while checking for updates, then grep ota.txt | ZDMLog (if you use linux) or do a find for https:// in ota.txt it would be useful for this verification.
For microSD card method:
Take this (Thanks DrakenFX) or this file and put it in /sdcard/, making sure extension is .zip
Enable OEM unlock from the settings->development menu.
Reboot phone (or boot phone) while pressing volume up. This will get you into stock recovery. From here, apply update from SD card, P996A01B20Fastboot_ssl.zip
No microSD card method:
This may also be possible without an SD card using the adb sideload option in stock recovery and "adb sideload P996A01B20Fastboot_ssl.zip" on your desktop. If you are successful using this method, send me a PM so I can update this post.
Now if you reboot into bootloader (which you can do right from recovery), you will hopefully find that "fastboot oem unlock" actually brings up the bootloader unlock prompt on your phone.
You should be able to verify to this point as per below.
Without using the fastboot oem unlock command I have not lost any user data (but it's still a good idea to back it up!) If you do unlock, you will lose your data!
This method requires 20B to already be installed, correct? If so, is there a way to sideload the 20B update (so one can go from launch firmware -> sideloaded 20B -> sideloaded 20B_boot)? Juuuust in case ZTE puts out a 20C or something that blocks sideloading and renders "unofficial" bootloader unlock attempts like this invalid.
xtermmin said:
This method requires 20B to already be installed, correct? If so, is there a way to sideload the 20B update (so one can go from launch firmware -> sideloaded 20B -> sideloaded 20B_boot)? Juuuust in case ZTE puts out a 20C or something that blocks sideloading and renders "unofficial" bootloader unlock attempts like this invalid.
Click to expand...
Click to collapse
It does require 20B to be installed. It appears 20B can sideloaded as well. The only error message I received was 20B expects 20160624 or 20160707 (and I'm now at 20160805). Maybe someone can try to sideload 20B on 20B?
So looking through the update script, it seems to check for SHA1 matches for certain parts of the boot, system and recovery partitions. I'm not sure if the patch itself has content specific to an IMEI or if this is just a simple check to make sure the phone has the correct build installed.
Looking at this, it seems the purpose of the part of the script before # ---- start making changes here ---- is used to verify a correctly configured system, with no apparent relation to the IMEI. It looks like the script itself is completely generic, and the checks could probably be removed so this will work on any build. Now we just need another update package to compare the other content (fastboot.img, patch\boot.img.p, patch\recovery.img.p) with to see if they're generic as well. This makes me wonder if flashing fastboot.img alone is enough, as that's what is used to interface with the bootloader unlock.
Helpful references:
Built-in functions in update binary
range_sha1
dennis96411 said:
So looking through the update script, it seems to check for SHA1 matches for certain parts of the boot, system and recovery partitions. I'm not sure if the patch itself has content specific to an IMEI or if this is just a simple check to make sure the phone has the correct build installed.
Looking at this, it seems the purpose of the part of the script before # ---- start making changes here ---- is used to verify a correctly configured system, with no apparent relation to the IMEI. It looks like the script itself is completely generic, and the checks could probably be removed so this will work on any build. Now we just need another update package to compare the other content (fastboot.img, patch\boot.img.p, patch\recovery.img.p) with to see if they're generic as well. This makes me wonder if flashing fastboot.img alone is enough, as that's what is used to interface with the bootloader unlock.
Helpful references:
Built-in functions in update binary
range_sha1
Click to expand...
Click to collapse
Man I hope so, then the rest of the world can get a bootloader unlock even if ZTE won't unlock the bootloader for us.....
Has anyone captured 20B and has it for others to try?
My phone won't come until next week (first wave of grays), but I'll try capturing it if it's not already installed. We just have to wait 5 days
rczrider said:
Has anyone captured 20B and has it for others to try?
My phone won't come until next week (first wave of grays), but I'll try capturing it if it's not already installed. We just have to wait 5 days
Click to expand...
Click to collapse
I think this is it: http://forum.xda-developers.com/showpost.php?p=68109239&postcount=5
There are no full system images available for the US model yet, unfortunately.
xtermmin said:
I think this is it: http://forum.xda-developers.com/showpost.php?p=68109239&postcount=5
There are no full system images available for the US model yet, unfortunately.
Click to expand...
Click to collapse
So in theory, the process would be to sideload the 20B update, reboot, then sideload the file in the OP?
Hopefully someone will get around to testing this method (or at least the OP's file) before my phone comes next week, but if not, I'll do it first thing.
rczrider said:
So in theory, the process would be to sideload the 20B update, reboot, then sideload the file in the OP?
Hopefully someone will get around to testing this method (or at least the OP's file) before my phone comes next week, but if not, I'll do it first thing.
Click to expand...
Click to collapse
In theory, yes (You could also update to 20B normally, but good to have it as a backup). Hopefully 20B_Boot is not device-specific.
xtermmin said:
In theory, yes (You could also update to 20B normally, but good to have it as a backup). Hopefully 20B_Boot is not device-specific.
Click to expand...
Click to collapse
I assume the most likely outcome is that it simply wouldn't flash. Even so, I'm willing to be a bit reckless as I can just return the phone for new one (via the retailer, not ZTE)
rczrider said:
I assume the most likely outcome is that it simply wouldn't flash. Even so, I'm willing to be a bit reckless as I can just return the phone for new one (via the retailer, not ZTE)
Click to expand...
Click to collapse
Haha same but never dealt with B&H so we'll see how that goes. Still waiting for the grey one.
---------- Post added at 09:17 AM ---------- Previous post was at 09:16 AM ----------
So everyone should update to B20 as soon as possible and then not update to anything else.
reddrago said:
Haha same but never dealt with B&H so we'll see how that goes. Still waiting for the grey one..
Click to expand...
Click to collapse
They're fantastic. 30-day (from delivery) no-questions-asked return policy on smartphones. If there's an actual problem with the phone, they'll even pay for return shipping. No restocking fee in either case.
If there is a problem with the phone itself, you can exchange it and the 30-day return policy resets from delivery of the replacement unit.
jkuczera said:
Reboot phone (or boot phone) while pressing volume up. This will get you into stock recovery. From here, apply update from SD card, P996A01B20Fastboot_ssl.zip
Click to expand...
Click to collapse
I was trying but Can't use " apply update from SDCard " but the "apply update from ADB " seems to be enable just didn't try cuz i don't have my laptop with me at the moment (till i get home) , check picture.
P.S. just to clear things up when i select "apply Update from SDCard" is when i get that message, so the ADB option is the only way for me to apply this and yes I'm in B20.
DrakenFX said:
I was trying but Can't use " apply update from SDCard " but the "apply update from ADB " seems to be enable just didn't try cuz i don't have my laptop with me at the moment (till i get home) , check picture.
Click to expand...
Click to collapse
Did you have an update file in /sdcard/ ? Since this is the stock recovery, I'm quite certain it's looking for a physical microSD for this usage scenario.
jkuczera said:
Did you have an update file in /sdcard/ ? Since this is the stock recovery, I'm quite certain it's looking for a physical microSD for this usage scenario.
Click to expand...
Click to collapse
Yep, have the P996A01B20Fastboot_ssl.zip in actually both internal and SDCard root directory, looks like apply Update from SDCard is block But apply update from ADB isn't (side loading)
DrakenFX said:
Yep, have the P996A01B20Fastboot_ssl.zip in actually both internal and SDCard root directory, looks like apply Update from SDCard is block But apply update from ADB isn't (side loading)
Click to expand...
Click to collapse
Try changing the filename to P996A01B20Fastboot_ssl.up. The direct-link from ZTE for the 20B update has that extension.
DrakenFX said:
Yep, have the P996A01B20Fastboot_ssl.zip in actually both internal and SDCard root directory, looks like apply Update from SDCard is block But apply update from ADB isn't (side loading)
Click to expand...
Click to collapse
It's got to be another issue altogether because I can pull up the SD card menu even if I don't have files in there.
jkuczera said:
It's got to be another issue altogether because I can pull up the SD card menu even if I don't have files in there.
Click to expand...
Click to collapse
I got this from the recovery log from the Recovery menu.
sd_upgrade_disable = 1
Check image
DrakenFX said:
I got this from the recovery log from the Recovery menu.
sd_upgrade_disable = 1
Check image
Click to expand...
Click to collapse
You're also getting a
Code:
get_oem_unlock_statut oem_unlock_enabled=0
that isn't looking good .
TeutonJon78 said:
See, it's bull**** like this that prevents OEMs from wanting to support third party development in the first place with things like bootloader unlocks. In the ZTE forums aren't you arguing that it's fair to not cover software related problems after unlocking, but here you are wanting them to cover that as well. B&H just charges the defective unit back to ZTE in the end.
Click to expand...
Click to collapse
It's all the same to ZTE in this instance because they will reflash their stock software upon return of the phone since it's not for a warranty repair.
djona12 said:
You're also getting a
Code:
get_oem_unlock_statut oem_unlock_enabled=0
that isn't looking good .
It's all the same to ZTE in this instance because they will reflash their stock software upon return of the phone since it's not for a warranty repair.
Click to expand...
Click to collapse
That's because i haven't been able to flash the file from OP and enable OEM after
Any chance someone with an H931 can use LGUP to do a firmware dump? I'm specifically interested in the modem and system partitions (for unlocking band 30 and maybe enabling AT&T WiFi calling), but it might also be possible to do a full flash to the H931 from a bootloader unlocked US998 (depending on firmware signatures).
I'm still on Nougat, but Oreo will probably also work (and I'll eventually want Oreo anyways), so either would be awesome.
To dump the firmware, use the LGUP from this thread (https://forum.xda-developers.com/showthread.php?t=3738917), and use the patched DLL and EXE from this thread (https://forum.xda-developers.com/showpost.php?p=75272845&postcount=23 and use LGUP+V30DLL_PATCHED.zip), and just use the DUMP function. Definitely skip userdata though (I don't want your data, and it's encrypted anyways).
Thanks!
Anybody have an AT&T H931 and can help me out?
Cross flashing the modem to get band 30 seems like a definite possibility, so I'd really appreciate it. ?️
gwillmer said:
Any chance someone with an H931 can use LGUP to do a firmware dump? I'm specifically interested in the modem and system partitions (for unlocking band 30 and maybe enabling AT&T WiFi calling), but it might also be possible to do a full flash to the H931 from a bootloader unlocked US998 (depending on firmware signatures).
I'm still on Nougat, but Oreo will probably also work (and I'll eventually want Oreo anyways), so either would be awesome.
To dump the firmware, use the LGUP from this thread (https://forum.xda-developers.com/showthread.php?t=3738917), and use the patched DLL and EXE from this thread (https://forum.xda-developers.com/showpost.php?p=75272845&postcount=23 and use LGUP+V30DLL_PATCHED.zip), and just use the DUMP function. Definitely skip userdata though (I don't want your data, and it's encrypted anyways).
Thanks!
Click to expand...
Click to collapse
I have a H931, do you still need the dump?
banziitox24 said:
I have a H931, do you still need the dump?
Click to expand...
Click to collapse
Yes! Oreo would be awesome if you have it.
gwillmer said:
Yes! Oreo would be awesome if you have it.
Click to expand...
Click to collapse
don't have Oreo, only have 7.1.2, do you think you can help me make these files flashable, either DZ or KDZ. Can't seem to find anything to do that
Nougat is definitely still useful for me, so I'd really appreciate you uploading that. Using the modem might be questionable across versions, but the wifi calling config in /system would be great.
I'm pretty sure only the bootloader-unlocked models (US998/H930) would have any way to flash this kind of partition dump (using dd from recovery), because they aren't the kdz or dz format that LGUP seems expect. I haven't really looked into how to write those file formats either, but I'm not optimistic about my skills there.
However, I was just thinking about one possible upgrade path to Oreo for the H931s that aren't on AT&T's network: if we get the FOTA upgrade file. Looking at my /fota dump, I think it'd be on the cache partition after downloading/before upgrading, and I bet it'd be in the format LGUP wants for the "FOTA UPGRADE" option, meaning it could be used with a stock H931. Are you on AT&T?
gwillmer said:
Nougat is definitely still useful for me, so I'd really appreciate you uploading that. Using the modem might be questionable across versions, but the wifi calling config in /system would be great.
I'm pretty sure only the bootloader-unlocked models (US998/H930) would have any way to flash this kind of partition dump (using dd from recovery), because they aren't the kdz or dz format that LGUP seems expect. I haven't really looked into how to write those file formats either, but I'm not optimistic about my skills there.
However, I was just thinking about one possible upgrade path to Oreo for the H931s that aren't on AT&T's network: if we get the FOTA upgrade file. Looking at my /fota dump, I think it'd be on the cache partition after downloading/before upgrading, and I bet it'd be in the format LGUP wants for the "FOTA UPGRADE" option, meaning it could be used with a stock H931. Are you on AT&T?
Click to expand...
Click to collapse
No I'm not with AT&T I just need these files converted in a way that I could use them to flash into another phone, I'm uploading files now I'll send you a PM when i have them uploaded, also how you plan to flash modem or the files that you need from this dump because that might help me a little
banziitox24 said:
No I'm not with AT&T I just need these files converted in a way that I could use them to flash into another phone, I'm uploading files now I'll send you a PM when i have them uploaded, also how you plan to flash modem or the files that you need from this dump because that might help me a little
Click to expand...
Click to collapse
With the disclaimer that I haven't tested this yet, here's my plan. Before flashing anything, I'm going to open up the modem in a hex editor to check if the secure boot RSA certificate matches the one from mine (it seems the US998, AS998, VS996, and LS998 have the same one, while the H932 does not). If it doesn't, then I can't flash the modem, because then it won't boot.
I should be able to flash /system though, because I have an unlocked bootloader (which disables the signature check). I don't actually want most of AT&T's bloatware though, so I'm going to open the system image in 7zip, and extract what I need.
As far as how I would actually flash, I'm going to use the dd command after booting TWRP (using either adb shell, or TWRP's built in terminal). dd is a tool for doing low level disk and file copying, and it can be really dangerous (I've seen it called "disk destroyer" lol). The command will be something like:
Code:
dd if=/external_sd/modem.img of=/dev/block/platform/soc/1DA4000.UFSHC/by-name/modem
Unfortunately, this has to be done from a custom recovery, because the stock recovery doesn't have a terminal or the dd command, and you won't be able access anything under /dev/block when booted without root. Trying to write an image to a live file system is not a good idea, and even if you could, it would check the signature on boot and have problems.
This PDF explains secure boot, though I think it's a little different for the file system images (like /system).
https://www.qualcomm.com/media/docu...d-image-authentication-technical-overview.pdf
This post by @runningnak3d explains which images are signed (for both regular and bootloader unlocked). https://forum.xda-developers.com/showpost.php?p=76319892&postcount=34
Thanks again!
gwillmer said:
With the disclaimer that I haven't tested this yet, here's my plan. Before flashing anything, I'm going to open up the modem in a hex editor to check if the secure boot RSA certificate matches the one from mine (it seems the US998, AS998, VS996, and LS998 have the same one, while the H932 does not). If it doesn't, then I can't flash the modem, because then it won't boot.
I should be able to flash /system though, because I have an unlocked bootloader (which disables the signature check). I don't actually want most of AT&T's bloatware though, so I'm going to open the system image in 7zip, and extract what I need.
As far as how I would actually flash, I'm going to use the dd command after booting TWRP (using either adb shell, or TWRP's built in terminal). dd is a tool for doing low level disk and file copying, and it can be really dangerous (I've seen it called "disk destroyer" lol). The command will be something like:
Code:
dd if=/external_sd/modem.img of=/dev/block/platform/soc/1DA4000.UFSHC/by-name/modem
Unfortunately, this has to be done from a custom recovery, because the stock recovery doesn't have a terminal or the dd command, and you won't be able access anything under /dev/block when booted without root. Trying to write an image to a live file system is not a good idea, and even if you could, it would check the signature on boot and have problems.
This PDF explains secure boot, though I think it's a little different for the file system images (like /system).
https://www.qualcomm.com/media/docu...d-image-authentication-technical-overview.pdf
This post by @runningnak3d explains which images are signed (for both regular and bootloader unlocked). https://forum.xda-developers.com/showpost.php?p=76319892&postcount=34
Thanks again!
Click to expand...
Click to collapse
Yeah I figured you where either going to zip it and flash it via TWRP or even via Fastboot, here's a link for the dumped ROM.
https://www.mediafire.com/download/zp558y5y5qms3i7
Please don't make mirrors or redistribute my link without my consent.
Thank you
Sent from my SM-N950U using Tapatalk
It will be interesting to see if you can get any of this to work. I'd like to get WiFi calling and band 30 support on my unlocked US998 on AT&T. I recently just updated mine to Oreo. So if anyone can dump Oreo I can try that.
I have Oreo and the H931.
Do you still need this done and if so, will I be taking any risks by doing this?
I meant to report back what happened with Nougat, but life got a little crazy. Using the Nougat modem didn't seem to unlock band 30, but I didn't get to test much further because it also made my fingerprint reader not work (flashing back to my US998 modem fixed it). No issues booting though!
Sulgor84 said:
I have Oreo and the H931.
Do you still need this done and if so, will I be taking any risks by doing this?
Click to expand...
Click to collapse
Yes please! I think the Oreo modem won't cause the same problem with the fingerprint reader, and I'm much more optimistic about getting wifi calling to work using the Oreo system dump. And no, it won't harm your phone (you aren't writing anything to the phone, only reading). Thank you so much!
Sulgor84 said:
I have Oreo and the H931.
Do you still need this done and if so, will I be taking any risks by doing this?
Click to expand...
Click to collapse
Any chance you were able to do this, it would be very useful to have this around given the cross flashing/bootloader unlock. Unfortunately there are no KDZ/TOT's for the ATT variant like there are for other models.
Thanks
Anybody with the H931 and Oreo able to help us out? It'd be very much appreciated!
gwillmer said:
Anybody with the H931 and Oreo able to help us out? It'd be very much appreciated!
Click to expand...
Click to collapse
I have two V30's that I can access, both H931 Oreo. One is still stock entirely, bootloader still locked and running the ATT OTA oreo update. The other is mine, converted to a US998 running a custom rom rooted. Would you like me to dump the stock phone? I'd be very interested in seeing band 30 support on a custom rom possibly, and wifi calling would be a bonus.
Phoked said:
I have two V30's that I can access, both H931 Oreo. One is still stock entirely, bootloader still locked and running the ATT OTA oreo update. The other is mine, converted to a US998 running a custom rom rooted. Would you like me to dump the stock phone? I'd be very interested in seeing band 30 support on a custom rom possibly, and wifi calling would be a bonus.
Click to expand...
Click to collapse
Yeah, that would be awesome. Backup boot and modem also if you can. At&t has no kdz like sprint. It would be nice for at&t users to have a stock flashable zip also.
Phoked said:
I have two V30's that I can access, both H931 Oreo. One is still stock entirely, bootloader still locked and running the ATT OTA oreo update. The other is mine, converted to a US998 running a custom rom rooted. Would you like me to dump the stock phone? I'd be very interested in seeing band 30 support on a custom rom possibly, and wifi calling would be a bonus.
Click to expand...
Click to collapse
Yes! Not only is there potentially band 30 and wifi calling, but as of right now, there's no way to bring an H931 back to stock Oreo after doing any crossflashing. Modem and system definitely are most important, but it might not be a bad idea to dump everything except userdata (so that a crossflashed H931 can be completely returned to stock in case of warranty issues, etc).
Thanks!
gwillmer said:
Yes! Not only is there potentially band 30 and wifi calling, but as of right now, there's no way to bring an H931 back to stock Oreo after doing any crossflashing. Modem and system definitely are most important, but it might not be a bad idea to dump everything except userdata (so that a crossflashed H931 can be completely returned to stock in case of warranty issues, etc).
Thanks!
Click to expand...
Click to collapse
I'll be glad to help development in any kind of way.
Didn't know there was so many partitions haha. Dumping all partitions except userdata with patched LGUP as I type this. Is there any uploading site you would prefer me to use? I haven't uploaded large files for public use before.
---------- Post added at 09:16 AM ---------- Previous post was at 09:05 AM ----------
Hmm, I unfortunately ran into an error towards the end of the dump
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Is this dump still valid or should I try something else? All the files I got from it are sitting at 8.42gb so far.
Edit: Just tried again. Watched the progress from 0-100% this time and it his the error once at 100%. Produced the same error and dump files are the same size as before. 74 files in total. There are 3 modem files, the first one at 110mb, the rest at 2mb. The system file is at 6.58gb. Let me know if these files are still of use despite the error and I will upload to the site of your choice.
Phoked said:
I'll be glad to help development in any kind of way.
Didn't know there was so many partitions haha. Dumping all partitions except userdata with patched LGUP as I type this. Is there any uploading site you would prefer me to use? I haven't uploaded large files for public use before.
---------- Post added at 09:16 AM ---------- Previous post was at 09:05 AM ----------
Hmm, I unfortunately ran into an error towards the end of the dump
Is this dump still valid or should I try something else? All the files I got from it are sitting at 8.42gb so far.
Edit: Just tried again. Watched the progress from 0-100% this time and it his the error once at 100%. Produced the same error and dump files are the same size as before. 74 files in total. There are 3 modem files, the first one at 110mb, the rest at 2mb. The system file is at 6.58gb. Let me know if these files are still of use despite the error and I will upload to the site of your choice.
Click to expand...
Click to collapse
The size sounds about right. The last file it dumped might be corrupted, but it's odd that it did the same thing twice. It does say timeout, so maybe the phone just stops sending data when it's done? Either way, all the other files should be fine.
banziitox24 used mediafire and that worked pretty well. Also, putting them all in an zip or rar would cut down on the file size and save you some time.
Thanks again!
Glad to help, uploading compressed rar (2.54gb) to mediafire right now. If there's a way to fix the error I was seeing and you at some point need the file that perhaps got corrupted, let me know and I will be happy to try again. Also, I noticed a file popped up after LGUP finished the dump, titled "LG_358164080144563_20180619092912.xml", is this of any use too?
---------- Post added at 10:46 AM ---------- Previous post was at 10:05 AM ----------
http://www.mediafire.com/file/jy11ghyhh5iddz3/H93120d.rar/file
Hope this helps. Would be exciting to see these carrier limited functions come back for those rooted, especially if my V30 dump contributed to so haha. Feel free to ask me if there's anything else I can help with.
I have the variant of this phone by boost Mobile. There is so far as I can tell no way to do a normal bootloader unlock procedure on this device. So I have been trying to experiment trying to break or disable verity. Before I get any more excited, let me make sure I understand correctly. None of the partitions for example system, or boot or recovery cannot be flashed while verity is enabled, most certainly if you don't have root access on the device.
Well somehow, and I have yet to be able to repeat this, I was able to flash a system image in Odin, but the device would not boot because I successfully flashed it but because the other binaries did not match the signature of the "custom system". While doing this I was also able to downgrade from binary 8 to binary 7 (android 10 to 9). So I guess my question is, if I am able to repeat this process then how good is it that I am able to flash a system image and How likely would I be able to continue flashing the other partitions? Before I get into detail on how I managed or how I think I managed to do this I want to make sure that this can actually go anywhere before I waste my time.
Okay I I'm not sure if this is what happened that caused the custom system. Inside the AP tar file of the firmware for this device, is a zip file called 'fota'.for a minute it was useless because in order to extract any of the files from it or modify it you need a password, and chain fire just so happen to figure it out a while back and it still works. So with the password I can essentially delete any number of the files I want inside that zip, and it will still flash to the device successfully. Inside that file are various other files like ADBD, sbin and other various interesting files and bin files. I guess I have to experiment more but wouldn't I just be able to modify the fstab, also inside that zip file, to remove verification from the various partitions (verity)? I guess the question is would it still flash. And there's no way to find out without trying because magisk does not touch that folder.
i rooted it
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Well it is a successful root, but it doesn't hold. Something stops it from taking fully. It will last for a minute or so before disappearing. So I looked at a logcat briefly and saw a few lines every so often mentioning something about the kernel and relocking it. I'm not at my PC right now so I can't post the logs.
DragonFire1024 said:
Well it is a successful root, but it doesn't hold. Something stops it from taking fully. It will last for a minute or so before disappearing. So I looked at a logcat briefly and saw a few lines every so often mentioning something about the kernel and relocking it. I'm not at my PC right now so I can't post the logs.
Click to expand...
Click to collapse
What files did you flash through odin?
sikkinixx said:
What files did you flash through odin?
Click to expand...
Click to collapse
only the ones I am able. Still haven't figured out how i downgraded from 10 to 9. I flashed the stock firmware (AIO firmware. apparently all carrier stock firmware can be flashed, regardless if its Boost Mobile [BST]). I however did flash the modem (CP) with modem.bin and modem_debug.bin from a combination firmware that's supposed to be factory binaries (which I can't flash any others from that combination because it tells me to get permission to flash them lol).
Im glad someone is trying this I just frp unlocked a galaxy s7 and im feeling confident about rooting this sm-a102u but its what i am using for my every internet access but Im cheering for you DragonFire1 You Got this !
majored said:
Im glad someone is trying this I just frp unlocked a galaxy s7 and im feeling confident about rooting this sm-a102u but its what i am using for my every internet access but Im cheering for you DragonFire1 You Got this !
Click to expand...
Click to collapse
I'm quite sure I don't. I've been able to mimic what I've been able to flash to the device. But regardless it doesn't matter because no matter what way I do or what I flash it fails all kinds of check sums. A lot of things do flash, but a bunch of red text comes across the screen that tells me about binary checks sum errors.but the images do flash to the device but until you restore the firmware that was previously on there it will never work again. I really do hate boost Mobile.
DragonFire1024 said:
I'm quite sure I don't. I've been able to mimic what I've been able to flash to the device. But regardless it doesn't matter because no matter what way I do or what I flash it fails all kinds of check sums. A lot of things do flash, but a bunch of red text comes across the screen that tells me about binary checks sum errors.but the images do flash to the device but until you restore the firmware that was previously on there it will never work again. I really do hate boost Mobile.
Click to expand...
Click to collapse
interesting well now that you mention that if you flash similar firmware cant you essentially add whats misssing i mean ive flashed over an install and still had wifi password saved and some apps im confusing myself now but im pretty sure thats how it went
majored said:
interesting well now that you mention that if you flash similar firmware cant you essentially add whats misssing i mean ive flashed over an install and still had wifi password saved and some apps im confusing myself now but im pretty sure thats how it went
Click to expand...
Click to collapse
It depends. So far I have only been able to use a different modem image and nothing else. Even if I flash the images that do match the flashed files that fail checksum, it still fails secure check. What i am confused about is how I am able to flash anything and even get a check sum failure. I was under the impression that images that fail anything, check sum or secure check, won't flash. So my question is how is it I am able to do so? If something is flashing there has to be a way to flash the files it needs.
So I have successfully made kingroot device owner. Not that it does any good because it doesn't seem to give me root. But using one of my favorite apps to seek the activity
Code:
com.kingroot.kinguser/.receiver.DeviceOwnerReceiver
I used dpm to set-device-owner. I did this from the most recent available firmware for this device on a fresh factory reset with no accounts attached.
Before that I also was able to make icebox apps freezer device owner and disable knox apps.
If anybody knows any other tricks I can use for device owner or something that can escalate privileges from here...
I love icebox apps freezer. You can set it as device owner and have the ability to freeze all applications Including system apps. I have been doing so one by one and as I do, some of Samsung's UI disappears and stock Android fills in. This is probably as close to root as I'll get for a while.
DragonFire, which files did you change in order to obtain root? I want to try this out for myself. Please respond
Nothing in the thread mentioning what files he flashed?
for anyone who needs to test code on this type device i have a sm-a102u1 unlocked running android 9 i wont send it off but i will test anybodys wierd root code maybe this exploit could work https://github.com/grant-h/qu1ckr00t let's make history guys i will be the dude who doesn't know what hes doing somebody compile this and tinker with it all you want and send it off to me to test i think CVE-2019-2215 will be our best bet of pwning this sucker i got a laptop running windows 10 for all your needs so if you like just wanna help but dont have the device or dont wanna brick yours be my guest
and even if you have almost 0 coding knowlage feel free to send your abomnation of a rooting software to just get it tested no matter how bad it is
even if you don't have the device
DragonFire1024 said:
Okay I I'm not sure if this is what happened that caused the custom system. Inside the AP tar file of the firmware for this device, is a zip file called 'fota'.for a minute it was useless because in order to extract any of the files from it or modify it you need a password, and chain fire just so happen to figure it out a while back and it still works. So with the password I can essentially delete any number of the files I want inside that zip, and it will still flash to the device successfully. Inside that file are various other files like ADBD, sbin and other various interesting files and bin files. I guess I have to experiment more but wouldn't I just be able to modify the fstab, also inside that zip file, to remove verification from the various partitions (verity)? I guess the question is would it still flash. And there's no way to find out without trying because magisk does not touch that folder.
Click to expand...
Click to collapse
DragonFire1024 said:
Well it is a successful root, but it doesn't hold. Something stops it from taking fully. It will last for a minute or so before disappearing. So I looked at a logcat briefly and saw a few lines every so often mentioning something about the kernel and relocking it. I'm not at my PC right now so I can't post the logs.
Click to expand...
Click to collapse
Sounds like debugging level needs set to Mid or High from the stock setting of low. This can be done and allow the root to stick until a user reboot.
Applying that whole method After, setting debug level, might actually work. It did for the Note5.
At that point, once root is achieved, it really comes down to making sure all partitions are mounted with the same options.
You can't just remount system as read/write only, if that partition normally has "noatime, etc" mounting options. That automatically triggers a verity panic reboot
You got to do the profit work, as well as, get every letter down to the T as far as copying stock fw. File names in Odin, CB, QL, Date fingerprints, file size to the byte (almost).
It's possible to spoof ALL Day, but most don't think (aka Over Think) all the possible checks and balances that would deviate from a standard stock download/flash.
DragonFire1024 said:
Well somehow, and I have yet to be able to repeat this, I was able to flash a system image in Odin, but the device would not boot because I successfully flashed it but because the other binaries did not match the signature of the "custom system". While doing this I was also able to downgrade from binary 8 to binary 7 (android 10 to 9).
Click to expand...
Click to collapse
Plenty of stock firmware packages in revision 8 ship as Android 9. So really it might not have downgraded as much as you think then.
And going from revision 8 to 7....which part of the firmware downgraded? Just the system image? Do you know this for sure if it couldn't boot?
The old samFAIL method would work something similar to that but you would've had to modify the system image you flashed first.
DragonFire1024 said:
Okay I I'm not sure if this is what happened that caused the custom system. Inside the AP tar file of the firmware for this device, is a zip file called 'fota'.for a minute it was useless because in order to extract any of the files from it or modify it you need a password, and chain fire just so happen to figure it out a while back and it still works. So with the password I can essentially delete any number of the files I want inside that zip, and it will still flash to the device successfully. Inside that file are various other files like ADBD, sbin and other various interesting files and bin files. I guess I have to experiment more but wouldn't I just be able to modify the fstab, also inside that zip file, to remove verification from the various partitions (verity)? I guess the question is would it still flash. And there's no way to find out without trying because magisk does not touch that folder.
Click to expand...
Click to collapse
But will flash successfully like you state or are you asking that question without modifying the otacerts first? Because normally the fota.zip contains a lot of data for most of those things you're saying is failing the checks.
So I'm just not sure about the entire story now....
Delgoth said:
Plenty of stock firmware packages in revision 8 ship as Android 9. So really it might not have downgraded as much as you think then.
And going from revision 8 to 7....which part of the firmware downgraded? Just the system image? Do you know this for sure if it couldn't boot?
The old samFAIL method would work something similar to that but you would've had to modify the system image you flashed first.
But will flash successfully like you state or are you asking that question without modifying the otacerts first? Because normally the fota.zip contains a lot of data for most of those things you're saying is failing the checks.
So I'm just not sure about the entire story now....
Click to expand...
Click to collapse
strange how he didnt post anything on how he did it
timba123 said:
If we pay $50 to $75 for a flash token, maybe factory combo could be flashed then root figured out from there but its not worth it to me to spend that for this pos. So stuck with adb debloat I guess. Oh well
Click to expand...
Click to collapse
I mean, after upgrading, yeah the A10e is a bit dated. BUT WAIT...
The A10e is still a device using an Exynos octa-core SoC. Not a snapdragon or mtk chipset. With full command line access and root privileges the hardware itself is actually still quite capable with its 2gb of RAM.
Moto G8 Play was a phone launched in October 2019 and that curiously had few (or none) mods created, and until today, February 2021, no one had managed to at least root this device, with guides that bricked the device(or made it bootloop), or at least did not work, where even with the boot.img patched, the magisk manager could not get root access on the device. Thinking about it and after losing many nights trying to do everything to root my phone, I finally got it, and decided to write this guide for you, with proof of operation and a lot of joy in having made such progress,
but enough with ceremonies, let's go to the guide in fact.
What do I need to do before read this guide?
First of all, backup all your data, you will surely lose it if you don't.
Second, keep in mind that I am not responsible for any errors or damage to the device, keep in mind that this is a mod guide that makes you lose the warranty on your device. What I did worked for me, and theoretically it works for you as long as you do everything correctly.
And lastly and most importantly, unlock the bootloader of your device, if you don't do this, it is possible to brick and transform it into a paper weight for lack of attention. Thinking about it, I wrote a quick guide to unlock bootloader, follow the steps:
1. Go to settings> System> About phone> Build Number and follow the image
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
2. Still in the settings, go to System> Advanced> Developer options and again follow the image:
3. On your computer, download platform-tools here and extract it to any folder you prefer. Also download and install Motorola USB drivers. After extracting and installing, open the platform-tools folder and copy the folder path, then open windows command prompt(cmd) and type the following commands:
in cmd, type cd and paste the path you copied, and hit enter. After that, type "adb devices" with your USB connected device(Remember to authorize USB debugging when connecting your device to the PC), if you did everything right, you will see something like this:
then type "adb reboot bootloader" to reboot your device for the correct mode. Once in bootloader mode, do not close cmd, it will still be useful. Access the motorola bootloader unlock site and follow the instructions provided. If you did everything right, your bootloader will appear with the status of flashing unlocked on the screen.
Ah, I talked about backup at the beginning, right? I'm glad you did the backup, because you just had your phone reset and data deleted. Now that you've installed everything right, let's start the hybridization process of your smartphone ... Let's install the Motorola One Macro ROM, which is basically the same thing as Moto G8 Play, but with more RAM, storage and 64- bit enabled, following this, download the One Macro Stock ROM here and extract it to the same folder as platform-tools:
It will look more or less like the photo above. After that, you will need a script to transform flashfile.xml into an appropriate flashfile.bat, and you can download this script here. Extract the .exe in the same folder as the platform-tools and the one macro rom, after this run and it will generate a flashfile.bat file. If your device is connected to the usb in bootloader mode you can now run the .bat and flash the rom on your device. Always remember to leave the battery with more than 50% charge to avoid problems and brick the device. If you did everything right, your device will start up normally. Configure, then go to settings and activate debugging following the steps at the beginning of the guide. You can notice that virtually your device is now a Motorola One Macro with the hardware of a Moto G8 Play, done that, let's go to the root process.
Copy the boot.img file from the platform-tools folder to any folder on your android. After that, install the magisk manager on the official website and open the app. In the magisk tab, click install and then "Select and Patch a file", select the boot.img file, after that make the selection process again, click the arrow and wait for magisk to finish the patch. After that, open google files and copy magisk_patched_XXXXX.img to your phone's root folder, and copy it to your computer again, in the platform-tools folder. Preferably rename it to an easier name, like magisk.img.
Do the process of opening cmd and pasting the folder path with the command "cd" before it. Then restart to bootloader mode as you learned above, and enter the command "fastboot flash boot_a magisk.img"
after finishing the process, type "fastboot flash boot_b magisk.img" and restart your device. If all goes well the magisk manager will detect the root and your phone will be ready.
This is the guide, I hope I have helped everyone who has gone so long without being able to root their devices. I wasted a night testing and writing this, so please consider giving feedback and if you post as a tutorial, leave the method credits to Daniel Santos (me).
Not works, when i flash the rom and the device restart, it give a message that is corrupt
CÆSAR said:
Not works, when i flash the rom and the device restart, it give a message that is corrupt
Click to expand...
Click to collapse
Did you unlock the bootloader correctly? If so, which version of Macro One did you use? If you want, I can pass the exact same version that I installed here and it works perfectly
Yes, i've already unlocked the bootloader and runned a comand in adb to check it, and used the last rom available. One question, installing the one macro firmware can damage the device? Because a 64 bit OS need more resources than the 32 bit software from the g8 play.
CÆSAR said:
Yes, i've already unlocked the bootloader and runned a comand in adb to check it, and used the last rom available. One question, installing the one macro firmware can damage the device? Because a 64 bit OS need more resources than the 32 bit software from the g8 play.
Click to expand...
Click to collapse
well, i used the version of the image i sent and it works 100% normal. As for the system, Motorola One Macro and Moto G8 Play have the exact same architecture. They differ only from some sensors, RAM and internal storage. If you want more details of the process, you can send me a dm on twitter (@danadsees) and I can give you the necessary support. I've never tested with the latest version, which uses Android 10, but versions using Android 9 work normally
ok, i will try with that version, and a last question, you tried to play games after install that version?
FInnaly i tried with your version and it works, thx
Does the G8 Play work flawlessly with the One Macro Rom?
RandoMike said:
Does the G8 Play work flawlessly with the One Macro Rom?
Click to expand...
Click to collapse
I think so. I didn't test it in depth, but in games performance looks to be better, and it worked normally in this few days that i've using it.
CÆSAR said:
I think so. I didn't test it in depth, but in games performance looks to be better, and it worked normally in this few days that i've using it.
Click to expand...
Click to collapse
That's curious. I'm gonna try to root my phone. I hope not to brick it haha.
RandoMike said:
That's curious. I'm gonna try to root my phone. I hope no to brick it haha.
Click to expand...
Click to collapse
I ended hard bricking my device . However, I managed to repair it . I dunno what could go wrong xd. I hope this tutorial would make this forum alive again xdxd.
RandoMike said:
I ended hard bricking my device . However, I managed to repair it . I dunno what could go wrong xd. I hope this tutorial would make this forum alive again xdxd.
Click to expand...
Click to collapse
This is my third update. It worked! I can't really believe it!
I would tell all the people who want to do this to be careful. You can hard brick your cellphone, specially if you flash the preloader.bin image. Being that said, thank you, Daniel. Finally I found a tutorial that works haha!
RandoMike said:
This is my third update. It worked! I can't really believe it!
I would tell all the people who want to do this to be careful. You can hard brick your cellphone, specially if you flash the preloader.bin image. Being that said, thank you, Daniel. Finally I found a tutorial that works haha!
Click to expand...
Click to collapse
thank you for your trust. I missed many nights looking for a valid method and I had to develop it myself. this also makes it possible to use custom roms and recoveries from Macro One as well
Daniel69cc said:
thank you for your trust. I missed many nights looking for a valid method and I had to develop it myself. this also makes it possible to use custom roms and recoveries from Macro One as well
Click to expand...
Click to collapse
Finally, there is some hope to revive this forum hahaha
Someone tryed with the android 10 version?
CÆSAR said:
Someone tryed with the android 10 version?
Click to expand...
Click to collapse
In my case, my cellphone just bootlooped. I think I also have to upgrade the fastboot, but I'm afraid it'll just make the phone hard brick. Or maybe I just need to try other Android 10 versions haha.
RandoMike said:
In my case, my cellphone just bootlooped. I think I also have to upgrade the fastboot, but I'm afraid it'll just make the phone hard brick. Or maybe I just need to try other Android 10 versions haha.
Click to expand...
Click to collapse
First update: I tried to restore the stock firmware of my Moto and it hard bricked (what a surprise, huh xD). I had to flash the original fastboot doing some stuff. Maybe we can upgrade to Android 10 doing that hardbrick trick (however, if you are not lucky, you can render the device unbootable), which allows you to reflash either the G8 Play's fastboot or the Macro one (it's weird that the fastboot of the One Macro also works on the G8 Play hahaha).
Second update: The One Macro Rom of Android 10 can't be flashed. It just gives me the error "sparse image size span overflow". I just proceeded to reflash the original Android 10 firmware of the G8 Play (I didn't wanna hardbrick it hahaha). It would be wonderful if anyone managed to solve or try to solve this problem.
Third update: I managed to root my G8 Play with its Stock Android 10 image! hahaha. I just flashed the "boot_a" slot with the original boot.img patched by magisk.
RandoMike said:
First update: I tried to restore the stock firmware of my Moto and it hard bricked (what a surprise, huh xD). I had to flash the original fastboot doing some stuff. Maybe we can upgrade to Android 10 doing that hardbrick trick (however, if you are not lucky, you can render the device unbootable), which allows you to reflash either the G8 Play's fastboot or the Macro one (it's weird that the fastboot of the One Macro also works on the G8 Play hahaha).
Second update: The One Macro Rom of Android 10 can't be flashed. It just gives me the error "sparse image size span overflow". I just proceeded to reflash the original Android 10 firmware of the G8 Play (I didn't wanna hardbrick it hahaha). It would be wonderful if anyone managed to solve or try to solve this problem.
Third update: I managed to root my G8 Play with its Stock Android 10 image! hahaha. I just flashed the "boot_a" slot with the original boot.img patched by magisk.
Click to expand...
Click to collapse
the root really works with the g8 play android 10 rom? i'm going to try
CÆSAR said:
the root really works with the g8 play android 10 rom? i'm going to try
Click to expand...
Click to collapse
Yep. I believed I would just get the "no bootable a/b slot" error, but it worked!
This guide is for moto g8 play or moto one macro or both ?
I know it's an old phone. The LG G5. But I bought it because my Galaxy died, the G5 was cheap, you can run Lineage OS on it! But wait! No you can't! You'll never make it past loading the custom recovery file. The guide on Lineage's website is worthless, as it's from before 8.0 Oreo. LG patched the that hole closed tighter than a... a.. <insert good simile here>. I have tried every way in the world to get into this phone. I've looked at every thread here. Dirtycow doesn't work. You can't revert back to 7.x Nougat anymore. It can't be done. LG won't let you in.
I have dreamed of escaping google's clutches. It's really important to me. But I can't afford to buy some $250+ dollar phone that may or may not have a working exploit right now.
This time I gambled and lost, so I'm asking for help. Does anyone know of any way I might salvage the situation? I'd be open to buying a phone with Lineage already on it, if it were reasonably priced. I'd also be open to paying someone else to install it on this LG G5, but I have serious doubts you'd be able to. Any help or advice to get Lineage would be greatly appreciated!
bennylava said:
I know it's an old phone. The LG G5. But I bought it because my Galaxy died, the G5 was cheap, you can run Lineage OS on it! But wait! No you can't! You'll never make it past loading the custom recovery file. The guide on Lineage's website is worthless, as it's from before 8.0 Oreo. LG patched the that hole closed tighter than a... a.. <insert good simile here>. I have tried every way in the world to get into this phone. I've looked at every thread here. Dirtycow doesn't work. You can't revert back to 7.x Nougat anymore. It can't be done. LG won't let you in.
I have dreamed of escaping google's clutches. It's really important to me. But I can't afford to buy some $250+ dollar phone that may or may not have a working exploit right now.
This time I gambled and lost, so I'm asking for help. Does anyone know of any way I might salvage the situation? I'd be open to buying a phone with Lineage already on it, if it were reasonably priced. I'd also be open to paying someone else to install it on this LG G5, but I have serious doubts you'd be able to. Any help or advice to get Lineage would be greatly appreciated!
Click to expand...
Click to collapse
Hey, easy man. There's some things you should consider before giving up on a phone. The quick search i did on Google let me know that this device can be bootloader unlocked, and rooted. At this point, I may ask: Is your device linked in someway with Verizon? Did you unlocked its bootloader? did you manage to install TWRP with no issues? Maybe you´re lucky enough to find a way out yourself. I'll try to help you in everything i can.
eduardvi995 said:
Hey, easy man. There's some things you should consider before giving up on a phone. The quick search i did on Google let me know that this device can be bootloader unlocked, and rooted. At this point, I may ask: Is your device linked in someway with Verizon? Did you unlocked its bootloader? did you manage to install TWRP with no issues? Maybe you´re lucky enough to find a way out yourself. I'll try to help you in everything i can.
Click to expand...
Click to collapse
Thanks! I could really use the help. I have unlocked the bootloader. Made it that far. But I haven't been able to root it because all the root exploits seem to have been patched out by the time I got the phone. It's running Android 8.0. It is a U.S Tmobile phone.
Here's where my progress ground to a halt: I can't get that LG program, LGup, to flash 7.0 to the phone. It gives me an error saying "Error - Invalid KDZ file". Well that's odd, I got that KDZ file from LG's official website. They have a section where they keep all the old stock ROMs.
Maybe I'm wrong here, but I think this part is absolutely necessary. You must install 7.0 Nougat in order to roll back the changes LG made when they patched up the recovery mode. Otherwise you can't install a custom recovery file, which is vital. No custom recovery file = no Lineage. Looking forward to your reply !
bennylava said:
Thanks! I could really use the help. I have unlocked the bootloader. Made it that far. But I haven't been able to root it because all the root exploits seem to have been patched out by the time I got the phone. It's running Android 8.0. It is a U.S Tmobile phone.
Here's where my progress ground to a halt: I can't that LG program, LGup, to flash 7.0 to the phone. It give me an error saying "Error - Invalid KDZ file". Well that's odd, I got that KDZ file from LG's official website. They have a section where they keep all the old stock ROMs.
Maybe I'm wrong here, but I think this part is absolutely necessary. You must install 7.0 Nougat in order to roll back the changes LG made when they patched up the recovery mode. Otherwise you can't install a custom recovery file, which is vital. No custom recovery file = no Lineage. Looking forward to your reply !
Click to expand...
Click to collapse
Here is what i found out. Considering your device is LG G5 H830, with android 8.0, it seems you cant install TWRP straight on. However, there is still something you can try. At this point I may ask: can you enter Fastboot Mode? this your only hope to actually root the phone, and then flash TWRP.
Check if you actually can enter fastboot. If you can, then try to send some basic commands like "fastboot devices" "fastboot reboot". I say this because some devices have Fastboot mode disabled on oem, rendering on useless fastboot. Hope this is not your case. Also, post here your exactly fingerprint version (your rom version). It has to be exactly the same one, otherwise it might soft-brick your phone. Maybe you can flash a patched boot image of your actual rom to then flash twrp.
eduardvi995 said:
Here is what i found out. Considering your device is LG G5 H830, with android 8.0, it seems you cant install TWRP straight on. However, there is still something you can try. At this point I may ask: can you enter Fastboot Mode? this your only hope to actually root the phone, and then flash TWRP.
Check if you actually can enter fastboot. If you can, then try to send some basic commands like "fastboot devices" "fastboot reboot". I say this because some devices have Fastboot mode disabled on oem, rendering on useless fastboot. Hope this is not your case. Also, post here your exactly fingerprint version (your rom version). It has to be exactly the same one, otherwise it might soft-brick your phone. Maybe you can flash a patched boot image of your actual rom to then flash twrp.
Click to expand...
Click to collapse
I can indeed send "fastboot devices" and "fastboot reboot", and it does work. The device will be listed in the command window on the computer, and the phone will reboot if you enter the command "Fastboot reboot".
As for the fingerprint version, here's what I was able to accomplish via a terminal in Manjaro Linux. Is this the full fingerprint?
[[email protected] ~]$ adb devices
List of devices attached
LGH8305d6bec71 device
[[email protected] ~]$ adb shell getprop ro.build.fingerprint
lge/h1_tmo_us/h1:8.0.0/OPR1.170623.032/182251913485f:user/release-keys
[[email protected] ~]$
bennylava said:
I can indeed send "fastboot devices" and "fastboot reboot", and it does work. The device will be listed in the command window on the computer, and the phone will reboot if you enter the command "Fastboot reboot".
As for the fingerprint version, here's what I was able to accomplish via a terminal in Manjaro Linux. Is this the full fingerprint?
[[email protected] ~]$ adb devices
List of devices attached
LGH8305d6bec71 device
[[email protected] ~]$ adb shell getprop ro.build.fingerprint
lge/h1_tmo_us/h1:8.0.0/OPR1.170623.032/182251913485f:user/release-keys
[[email protected] ~]$
Click to expand...
Click to collapse
Its seems you were lucky enough. I checked your rom build and compared it with the only rom on your phone that can be rolled back. It totally matchs the anti-rollback v01 firmware 8.0, so you still can roll-back to Nougat if you try the firmware version H83020c, wich you can download over here:
Fastboot-Flashable rom:
Codefire - Listing of H83020c
KDZ Format rom:
http://dl02.gdms.lge.com:5006/dn/downloader.dev?fileKey=FWAAZHZF92MNARE76685PNJ/H83020o_00_0205.kdz
Its seems the first one it's Fastboot-Flashable, so you should know what to do next if the KDZ Rom doesn't work. However, check this website and compare the rom build yourself, just to be clear about it:
Download T-mobile LG G5 H830 Stock kdz firmware H83030C
Download T-mobile LG G5 H830 Stock kdz firmware H83030C -
www.mylgphones.com
The first link has 3 flashable roms there. including KDZ and fastboot format. Make sure to try them all if one doesnt work
If both methods are useless to roll back to Nougat, dont hesitate to tell me. There's still a workaround available.
To be clear, the phone needs to be in "Firmware update" mode in order to use flashboot to flash that Fastboot rom, correct? That's where a "Firmware update" message appears on the screen, and it's encircled by two arrows. It's in the middle of the screen, and it's not small like when you're using fastboot.
I ask because iirc, KDZ files require the use of LGup, that LG official program.
bennylava said:
To be clear, the phone needs to be in "Firmware update" mode in order to use flashboot to flash that Fastboot rom, correct? That's where a "Firmware update" message appears on the screen, and it's encircled by two arrows. It's in the middle of the screen, and it's not small like when you're using fastboot.
I ask because iirc, KDZ files require the use of LGup, that LG official program.
Click to expand...
Click to collapse
It needs to be in firmware update mode only if you are flashing a kdz rom through Lg official flashtool. If you are going to flash through fastboot, you have to make sure your PC recognizes your device sending "fastboot devices". The fastboot flashable room is right in the first link (.zip file, 1,6 GB size file)
The one I'm seeing says it's 1.9 Gigabytes in size. It's #15 on that list, and it's called:
LG-H83020c-Flashable.COMPLETE-ARB01.zip
Correct?
Just wanna be clear on this, the last thing we need is a brick lol
bennylava said:
The one I'm seeing says it's 1.9 Gigabytes in size. It's #15 on that list, and it's called:
LG-H83020c-Flashable.COMPLETE-ARB01.zip
Correct?
Just wanna be clear on this, the last thing we need is a brick lol
Click to expand...
Click to collapse
That should be it. Download it and check it has all partitions (boot, system, recovery, etc...)
You are probably gonna have to flash each partition manually (for example, if you are flashing system, you should write "fastboot flash system system.img" and so on)
Below is a pic of everything that came in that zip file, just to make sure we're on the same page and I've got everything necessary.
I must admit that I'm a little intimidated by flashing each individual component in that zip file. I understand that you can just tell it "Flash this thing!" and it will do it. But how does it know where exactly to flash the new thing? How does it know not to just write it over the previous item you just flashed?
Next question: What all needs to be flashed individually? As you can see, there are a total of 28 entries shown in the pic. But the folders "bootloader" and "META.INF" both contain a lot of stuff. Do you just flash bootloader and META.INF, and it already knows to flash everything the folder contains?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
bennylava said:
Below is a pic of everything that came in that zip file, just to make sure we're on the same page and I've got everything necessary.
I must admit that I'm a little intimidated by flashing each individual component in that zip file. I understand that you can just tell it "Flash this thing!" and it will do it. But how does it know where exactly to flash the new thing? How does it know not to just write it over the previous item you just flashed?
Next question: What all needs to be flashed individually? As you can see, there are a total of 28 entries shown in the pic. But the folders "bootloader" and "META.INF" both contain a lot of stuff. Do you just flash bootloader and META.INF, and it already knows to flash everything the folder contains?
Click to expand...
Click to collapse
You don't have to write "fastboot flash" 28 times. You can just write "fastboot flash all". But I'd rather flashing manually.
Ignore the META-INF folder. You can't flash any file inside there. You should only flash every file ending in "xx. Img* such as boot.img or. system.img.
This zip contains that folder because it was meant to be flashed through recovery, but if you try to do that, the recovery will not do it, or it will cancel installation, as there is a line that checks your actual fingerprint to avoid Rolling back.
So the command to flash that whole bootloader file at once is "flashboot flash all bootloader"? And it won't care that it's a folder, and not a .img file?
I see what you mean about flashing the .img files that are below the "bootloader" folder in that pic I posted. To me it makes sense that it would flash those. But as you said, you should only flash every file ending in .img and "bootloader" is actually a folder, even if it is full of those files. So I just want to be clear on how exactly to flash that bootloader file.
Sorry about all the newb questions lol. Once I see your reply here, I'm going to attempt the flash. After that, hopefully I won't need any more help.
bennylava said:
So the command to flash that whole bootloader file at once is "flashboot flash all bootloader"? And it won't care that it's a folder, and not a .img file?
I see what you mean about flashing the .img files that are below the "bootloader" folder in that pic I posted. To me it makes sense that it would flash those. But as you said, you should only flash every file ending in .img and "bootloader" is actually a folder, even if it is full of those files. So I just want to be clear on how exactly to flash that bootloader file.
Sorry about all the newb questions lol. Once I see your reply here, I'm going to attempt the flash. After that, hopefully I won't need any more help.
Click to expand...
Click to collapse
Let's try something a little bit easier first. As you say you unlocked bootloader, maybe you can flash the full rom through recovery. Copy the rom to a sdcard and try that first, maybe you will save yourself a lot of headaches doing this first.
I've bought two H830's and got both to TWRP/LOS ROM no problem. Regardless of your current official build on your phone, you can rollback to version 30c and dirtycow from there to get TWRP. You can get necessary tools/info from here.
0. (If you havn't already...) Enable OEM unlock in settings and unlock bootloader/fastboot
1. Use LGUP tool to clean flash an official 30c version (H83030c_00_0813.kdz) build to your LG H830
2. Dirtycow exploit to get TWRP
3. Use TWRP to install
Let me know how it shakes out
Also an important note, you CANNOT flash directly the recovery via fastboot to get TWRP, only the H850 can do that, NOT the H830. That's something important no one ever brings up. You must use the dirtycow exploit.
EDIT: Oh yeah, and I recommend using UPPERCUT to flash the kdz file since LGUP is such broken trash.
eduardvi995 said:
Let's try something a little bit easier first. As you say you unlocked bootloader, maybe you can flash the full rom through recovery. Copy the rom to a sdcard and try that first, maybe you will save yourself a lot of headaches doing this first.
Click to expand...
Click to collapse
So just put the zip file on my external SD card, and then tell flashboot to...? Or somehow use only the phone itself to flash the rom? Sorry I'm afraid I'm having trouble following along as I've never done this before.
But as per your instructions, the rom (the whole zip file) is now on the external storage SD Card.
Or did you mean to extract the zip file to a folder, and put that on the SD card? My next question would be thus:
What is the exact command to begin flashing, once I have everything in it's proper place? I did a little experiment where I tried to flash one of the files individually. The Linux terminal gave me the following error:
[[email protected] Desktop]$ cd bootloader
[[email protected] bootloader]$ fastboot flash aboot.img
unknown partition 'aboot.img'
fastboot: error: cannot determine image filename for 'aboot.img'
[[email protected] bootloader]$
As you can see, the bootloader folder is on the desktop, with many .img files inside it. Just as the pic in post #11 shows. Inside the bootloader folder is a .img file called "aboot.img". And for some reason fastboot "cannot determine the image filename for aboot.img"
DrowningInFreedom said:
EDIT: Oh yeah, and I recommend using UPPERCUT to flash the kdz file since LGUP is such broken trash.
Click to expand...
Click to collapse
Thank you for the reply! I've got two questions for you:
1. Do you have a link to the version of LG UP that you'd recommend using? It seems that there are many links out there in the wild, and some of them are to old versions. I'm not sure exactly which one I should use.
2. How exactly do you use Uppercut with LG Up? I got Uppercut, but it didn't seem to do anything when I double clicked on it. It just sat there. Is it like some kind of addon or modification to LG up? Or is it supposed to open as it's own program. Thanks!
Use the files provided by codefire , Launch UPPERCUT which will then hook into and launch LGUP automatically (All it does is make LGUP work without errors)
DrowningInFreedom said:
Use the files provided by codefire , Launch UPPERCUT which will then hook into and launch LGUP automatically (All it does is make LGUP work without errors)
Click to expand...
Click to collapse
Here's what happened when I tried to flash the right 80320a file (Nougat):
Any idea why it would say that?