Related
Full Disclaimer: All credit for this goes to @enzymeyllw, whose guide I followed. It looks like that guide has gone offline (and has been cloned on a few dozen shameless websites), so I thought I'd rewrite it for the sake of anyone else needing help. All of the files can be found around this site, and I'll do my best to update this later with links. But for now, I'll post the instructions. Additional thanks goes to @xBIGREDDx and @anggusss. Hard to imagine my device has been bricked for the last 9 months... (Also, kinda funny how I just posted this and it has already been ripped off on >3 other websites.)
What you'll need:
Phone Flash Tool: https://01.org/android-ia/downloads/intel-platform-flash-tool-lite
Open-Source Firmware Files: http://opensource.dell.com/releases...s_rd_opensource-blankphone-userdebug-1397.zip
Tethered Root for Windows (Thanks to @social-design-concepts for this): http://forum.xda-developers.com/android/development/intel-android-devices-root-temp-cwm-t2975096
-or-
Tethered Root for Linux / Mac (Thanks to @vampirefo for this): http://forum.xda-developers.com/dell-venue/general/linux-tethered-cwm-recovery-version-t2963104
System and Boot Images (Thanks to @xBIGREDDx for these):
- System.img: https://mega.co.nz/#!w9AjBCSI!YdQenTLDVVk0M9xx1LJT1OnKq5VhESgiyULA1FVIA8A
- Boot.img: https://mega.co.nz/#!Fk4FUSza!1gY1RjvnEI_HS0zk17WTHiywXFWc1VOCH-P2V5fVFPI
1. Phone Flash Tool
- Install USB drivers (if on Windows)
- Install Phone Flash Tool Lite
- Run PFT, open "Dell_Venue_8_7840_Lollipop_5.0.2_qs_rd_opensource-blankphone-userdebug-1397.zip"
- Select "flash-DD0_BB.xml" and flash it
- Tablet will restart in bootloader, flashing isn't done yet, so wait
- Sometimes it can be hard to get the progress bar past 4% before things fail. Just keep trying if this happens, it'll randomly work.
2. Tethered Recovery ("IntelAndroid-FBRL-07-24-2015.7z")
- Unpack the system image (from "system.zip") to a convenient directory
- With tablet still in Bootloader mode, open app, select CWM mode, then T4
- Phone will restart in CWM once everything loads
3. Flash system
- Go to the mounts / format area, format "/system" and then unmount it
- Insert Micro SD card and mount it
- Format "/external_sd"
- On computer, type "adb push <path-to-system.img> /external_sd/", wait for it to finish
- When finished, type "adb shell" to enter the device shell (make sure the prompt is "~ #" to make sure you are root (or type "whoami" at the prompt to confirm root)
- (If not root, restart to bootloader and trigger the tethered recovery again. You should be root this time.)
- Type in "dd if=/external_sd/system.img of=/dev/block/by-name/system" and wait for it to finish
- When finished, type "exit" on your computer to close the shell
- Reboot the device (to bootloader)
4. Flash boot
- Back on the computer, type in "fastboot devices" to confirm the tablet is connected
- Type "fastboot flash boot <path-to-boot.img" in order to flash the boot
5. Reboot
- On the device, tell it to boot normally
- Wait. It's a first-boot so it's gonna be a bit slow as the cache is built and whatnot
6. Enjoy!
7. (Optional) Root using the Update-SU.zip using the tethered mode again.
I noticed that it won't take any updates so this leaves you vulnerable to the Stagefright bug. It also sometimes boots to the bootloader and waits to you to select normal boot. Sorry. (Anyone know how to help?)
wirebook said:
Full Disclaimer: All credit for this goes to @enzymeyllw, whose guide I followed. It looks like that guide has gone offline (and has been cloned on a few dozen shameless websites), so I thought I'd rewrite it for the sake of anyone else needing help. All of the files can be found around this site, and I'll do my best to update this later with links. But for now, I'll post the instructions. Additional thanks goes to @xBIGREDDx and @anggusss. Hard to imagine my device has been bricked for the last 9 months... (Also, kinda funny how I just posted this and it has already been ripped off on >3 other websites.)
What you'll need:
Phone Flash Tool: https://01.org/android-ia/downloads/intel-platform-flash-tool-lite
Open-Source Firmware Files: http://opensource.dell.com/releases...s_rd_opensource-blankphone-userdebug-1397.zip
Tethered Root for Windows (Thanks to @social-design-concepts for this): http://forum.xda-developers.com/android/development/intel-android-devices-root-temp-cwm-t2975096
-or-
Tethered Root for Linux / Mac (Thanks to @vampirefo for this): http://forum.xda-developers.com/dell-venue/general/linux-tethered-cwm-recovery-version-t2963104
System and Boot Images (Thanks to @xBIGREDDx for these):
- System.img: https://mega.co.nz/#!w9AjBCSI!YdQenTLDVVk0M9xx1LJT1OnKq5VhESgiyULA1FVIA8A
- Boot.img: https://mega.co.nz/#!Fk4FUSza!1gY1RjvnEI_HS0zk17WTHiywXFWc1VOCH-P2V5fVFPI
1. Phone Flash Tool
- Install USB drivers (if on Windows)
- Install Phone Flash Tool Lite
- Run PFT, open "Dell_Venue_8_7840_Lollipop_5.0.2_qs_rd_opensource-blankphone-userdebug-1397.zip"
- Select "flash-DD0_BB.xml" and flash it
- Tablet will restart in bootloader, flashing isn't done yet, so wait
- Sometimes it can be hard to get the progress bar past 4% before things fail. Just keep trying if this happens, it'll randomly work.
2. Tethered Recovery ("IntelAndroid-FBRL-07-24-2015.7z")
- Unpack the system image (from "system.zip") to a convenient directory
- With tablet still in Bootloader mode, open app, select CWM mode, then T4
- Phone will restart in CWM once everything loads
3. Flash system
- Go to the mounts / format area, format "/system" and then unmount it
- Insert Micro SD card and mount it
- Format "/external_sd"
- On computer, type "adb push <path-to-system.img> /external_sd/", wait for it to finish
- When finished, type "adb shell" to enter the device shell (make sure the prompt is "~ #" to make sure you are root (or type "whoami" at the prompt to confirm root)
- (If not root, restart to bootloader and trigger the tethered recovery again. You should be root this time.)
- Type in "dd if=/external_sd/system.img of=/dev/block/by-name/system" and wait for it to finish
- When finished, type "exit" on your computer to close the shell
- Reboot the device (to bootloader)
4. Flash boot
- Back on the computer, type in "fastboot devices" to confirm the tablet is connected
- Type "fastboot flash boot <path-to-boot.img" in order to flash the boot
5. Reboot
- On the device, tell it to boot normally
- Wait. It's a first-boot so it's gonna be a bit slow as the cache is built and whatnot
6. Enjoy!
7. (Optional) Root using the Update-SU.zip using the tethered mode again.
I noticed that it won't take any updates so this leaves you vulnerable to the Stagefright bug. It also sometimes boots to the bootloader and waits to you to select normal boot. Sorry. (Anyone know how to help?)
Click to expand...
Click to collapse
Any news? I'm stuck at 5.0.2. I wonder if it's possible to port cyanogenmod.
Hey there! Super helpful tutorial and most helpful so far that I found! However, my tablet just goes black after I press Normal Boot and just stays that way. Also when performing ADB Shell (Mac) for some reason it stays in the shell for few seconds and goes back. Any ideas why that might be happening? On top of that I can only enter the shell command really quickly so I have no idea when it finishes copying system.img across... Any help would be appreciated!
Hi guys,
does this method flash the 7840 with a 5.0.2 image or with a 5.1 one?
Thanks
I tried and I can reply to myself: it restores a clean 5.0.2 image ...
EDIT: xposed framework work perfectly on 5.0.2 . I'm perfectly happy with it now
Guys, please disable Driver Signature before installing ANYTHING on your PC to mod, change or rescue your DELL 7840
Intels Platform Flash Tool wont flash ( ifwi error ), and tethered recovery wont upload through bootloader
took me a while to realise itself, even though i did it many many times, after not doing for couple of years, i almost forgott that you need to allow unsigned driver installatino before
have grait ****,
Iko
What if you can't boot into fastboot mode? When I try to boot into fastboot, the screen only shows a battery logo with a question mark inside. I saw that there's a fix for this problem on Intel processor devices like the Zenfone and Del Venue 8 3840 using xFSTK Downloader. But that requires dnx_PRQ.bin and droidboot.img.POS.bin, which I don't Dell ever released. Any solved this problem before?
Flash tool wont detect tablet
So i would love to try this out, im new to this whole thing and have the problem that the flashtool cant find my device
Any Tips ?
I'm unable to get further then 3%, at best. my tablet starts and shows USB icon, nothing more.
anybody has solved this ever ? has unbricked this model ? I have searched everywhere, not found any one person who solved this with usb ICON showing.
please help, if you know how to .
Intel Flashing
You need to use 'On Demand Flash" option from Intel Flash Tool. Start flashing from computer and continue on your device.
For Venue 7840
- Unplug
- Power off
- Press and hold both Volume keys
- Plug USB cable
- Release keys
It will start loading automatically
I've use Intel Flash Tool Lite 5.3.2
wirebook said:
1. Phone Flash Tool
- Install USB drivers (if on Windows)
- Install Phone Flash Tool Lite
- Run PFT, open "Dell_Venue_8_7840_Lollipop_5.0.2_qs_rd_opensource-blankphone-userdebug-1397.zip"
- Select "flash-DD0_BB.xml" and flash it
- Tablet will restart in bootloader, flashing isn't done yet, so wait
- Sometimes it can be hard to get the progress bar past 4% before things fail. Just keep trying if this happens, it'll randomly work.
Click to expand...
Click to collapse
I stucked on step 1. If I use "On demand flash", after the dell plugged in, the program close by itself. If I don't use "On demand flash", it display
Flash failed (Ifwi)
Click to expand...
Click to collapse
Any help is appreciated!
Before I begin, I'd like to thank everyone in this forum, you have been a great help with customizing and troubleshooting phones. I'm also going to apologize for the long wall of text. I wanted to be as detailed as I can while I tried doing this on my own. Any help is appreciated!
The problem and what I want to do:
- My old P780 starts throwing out errors about 2 minutes after booting up the phone, about various apps (Notification Center, Process System, google play services, etc.) has stopped or is not responding. Errors pop up at a rate of about 1-2 messages per second, making the phone unusable. Since this starts 2 minutes after boot, I am still able to navigate and change settings for a while.
- I want to restore the phone to a working state with stock ROM or if not asking too much, maybe better TWRP + Custom ROM + SuperSU.
Phone details:
Lenovo P780 8GB, ROW
OS: Android 4.4.2
Build: P780_ROW_8G_S228_150112
BB Chip : MT6589
MS Board. : P780_ROW
IMEI1 : [Hidden for safety and privacy reasons]
IMEI2 : [Hidden for safety and privacy reasons]
Modem Ver. : P780. V24, 2015/0
Bar code : [Hidden for safety and privacy reasons]
Build Time: : Mon Jan 12 16:49
Kernel Ver. : 3.4.67 ([email protected])
MP PREEMPT Mon Jan 12 16:2
Android Ver. : 4.4.2
SW Ver. : ALPS.KK1.MP5.V1
Custom Build Verno. : P780_ROW_
Observations:
- Takes about 5-15 minutes to boot.
- Restoring to factory via settings does not work, it goes thru the motions, but on reboot its back to the home screen, my 4-digit PIN to unlock the device is still there along with the wallpaper, messages from 2015, etc. Only the internal clock appears to have reset to 1/1/2010.
- Setting changes do not appear to survive reboot, including enabling developer mode. They get put back to what ever the setting was.
- This makes enabling developer mode a pain, but is still possible.
- After enabling developer mode and USB Debugging, I can see the phone storage on windows, currently 2.68GB of 5.73GB free. Unable to create, paste, modify or delete files.
- I do not remember if this phone was made in 2014. Some info on phone suggest it is 2015. Not sure if this helps.
What I've tried:
- Successfully installed Windows_10_MTK_VCOM_USB_Preloader_Drivers my windows 10 x64 machine, and ADB
- I can get to developer settings and enable USB debugging, which lets me see the phone via 'adb devices' on an administrative command line on PC, also confirming that the phone drivers are correctly installed.
Code:
C:\Users\arnol\Desktop\P780RestorationSetup>adb devices
List of devices attached
OZ8PQKGMIRY5DMZS device
- I can browse from the command line using 'adb shell' but only as $ and not #. both su and sudo fail to run.
Code:
C:\Users\arnol\Desktop\P780RestorationSetup>adb shell
[email protected]_ROW:/ $ su
[-] Connection to ui timed out
[email protected]_ROW:/ $ sudo
/system/bin/sh: sudo: not found
127|[email protected]_ROW:/ $
- I tried rooting from command line but it fails
Code:
C:\Users\arnol\Desktop\P780RestorationSetup>adb root
adbd cannot run as root in production builds
- Run 'adb reboot-bootloader' reboots the phone into normal mode instead of fastboot.
- Run 'adb reboot recovery' reboots the phone into stock recovery.
- power on + volume up it says "Have been in factory mode..." and some chinese text and some memory test options and phone info. I've added the info to phone details above.
- Running adb while here shows unauthorized.
Code:
C:\Users\arnol\Desktop\P780RestorationSetup>adb devices
List of devices attached
? unauthorized
- Navigating to clear emmc will make it say formating /data, then reboots almost immediately afterwards. No noticable effect.
- power on + volume down it says "Have been in meta mode..." and some chinese text, and nothing else happens. It still shows as unauthorized in adb, and is not found in fastboot.
- Followed the steps in https://forum.xda-developers.com/lenovo-p780/development/lenovo-p780-guide-t2658144 to flash STOCK ROM ROW119 8GB. SP Flash Tool seems to be working but after 15 minutes and 90% done, it gives this error: BROM ERROR: S_CHKSUM_ERROR(1041). Some more research I found said this could be a fatal error, whle others say they got around it by deleting the Checksum.ini file. I deleted the checksum file and re-ran SP Flash Tool. It got to 100% but still give error 1041. Note: I used SP Flash Tool V3.1304.0.sn119 for this step.
- Used SP Flash Tool V5.13.52.200 to format EMMC and run memory test. It now gives BROM ERROR: S_DA_MT_DEDICATED_PATTERN_ERROR (3094). Attempt to flash STOCK ROM ROW119 8GB, it also gives error (1041).
- I tried the steps listed here https://forum.xda-developers.com/lenovo-p780/help/rooting-tutorial-kitkat-t2835605 to install TWRP. It gave "pmt changed for the rom it must be downloaded". Tried editing the scatter file as suggested, but same error. Also tried firmware upgrade button, still no go.
- I am out of ideas at this point. If there's anything I might have missed please let me know. I appreciate the help!
Background Info:
- I'm an IT guy who's very familiar with Windows, and starting to learn how to use Linux.
- Phone was rooted before with KingRoot.
- I remember trying to uninstall a system app, which may be partly or directly the cause of this
- I do not remember what system app it was (did it way back 2015).
- This was my first attempt to mess around with my phone, I was pretty noobish at the time.
- I have since been more careful and successfully flashed custom roms on 2 other phones, an Android One Sprout8 and a Xiaomi Mi5, both now happily running LineageOS 14.1.
- We can skip any steps involving backups. Nothing is needed from the phone (other than to get it working!).
I finally managed to root my SM-T820 on Android Pie. How I did it is still up in the air to me. I know I was on Oreo (rooted), used the AP file only from Pie download and then reflashed TWRP, without letting the tablet boot up. then once in recovery, installed Oreo encrypted file, Magisk, and RMM.
Anyhow, things where going good but I noticed that when I removed "bloatware" things were not being completely removed. So I went back into recovery and did a wipe of internal storage, data, and cache (only). Then rebooted. Oh wow at the cleaned up OS, but now I have a few issues that I did not have before and can not seem to figure out how to resolve.
1st: The hardset buttons (home, recent) no longer work
2nd. the cog wheel in nofication no longer works -- taking you to settings
3rd: No longer able to set up any kind of accounts -- in settings, playstore, chrome, google
4th: No longer able to access developer options
5th: Playstore will not download or update apps
TWRP is installed with Magisk. Deivce is rooted. I have manually updated Playstore, Play service and AR, and Framework. Any advise you can give would be great. Titanium does give the warning that USB debugging is off, even though it was on along with OEM unlock.
Resolved and Upgrade Root Process For Pie
Thanks for the help. I figured it out and fixed the issue. For anyone else who has a similar issue, here is what I did. It may help you.
First Portion:
Enter recovery mode.
Link to computer
Open adb shell and issue following commands.
adb devices (to list your device)
adb oem unlock (to ensure OEM is unlocked)
Next Steps:
Once done, go to your recovery reboot options and reboot to downloader.
On computer open newest Odin and uncheck auto start.
In AP slot insert AP file only of Android Pie.
Start
At PASS, reset Odin (uncheck auto start), and re-enter downloader
(Reconnect to computer if needed)
In AP slot insert newest TWRP file
Start.
At PASS, reboot to RECOVERY
Notice device has not been allowed to fully boot into system. Do not allow it to boot into system or you will have to restart.
Recovery:
Swipe to allow modifications
Flash the Oreo Forced encryption patch
Go into Wipe menu and "Format data"
Use boot menu to Reboot into recovery
Swipe to "Allow modifications
Flash RMM-State_Bypass.zip
Flash Magisk
Reboot the phone into system
During the set up wizard, make sure you do not check diagnostic data!!
Thank you to ashyx and corsicanu for providing the links and their work that helped me figure this out. Enjoy. You can also use this to upgrade your rooted Oreo Samsung Galaxy Tab S3(SM-T820) to Pie.
Hi All,
With the recent launch of LineageOS 18.1 I decided to take the plunge and get it installed on my fully stock Videotron/Freedom H915. Since I had to smash together info from a half dozen other threads, I figured I'd gather it all together here for folks with a Canadian phone trying to make this work.
Since I knew absolutely nothing coming into this, I'm going to go a little more detailed on this write-up. If you've been flashing ROMs since the old days of Cyanogenmod you can probably skim half of this.
Disclaimer : I'm not responsible for any bricked phones or other negative outcomes. This is what worked for me, but I'm far from being an expert. If you continue past this point you agree to take your time, do your reading, be responsible for your own device/actions and not hold me or the forum accountable for anything that might go wrong. You've been warned.
IMPORTANT NOTE #1
If you've picked up an H915 on ebay and you are intending to use it on a network other than the one it's SIM locked on, make sure you do the whole SIM unlock process on the stock ROM either before you get started at all, or once you've reverted to the vulnerable stock ROM after Step 1 below.
I actually use Telus as my provider and I wasted a bunch of time trying to figure out why I couldn't get signal because only the stock ROM will prompt you for a SIM Unlock code. Lineage will just sit there dumbly and not allow you to enable data.
Once you've unlocked the SIM it will stay unlocked from that point forward, just make sure to unlock it and verify your SIM is working with LTE on the stock ROM before you get started.
IMPORTANT NOTE #2
Use LGUP's "DUMP" feature to take a backup of ALL partitions on your phone before you start. If you're reading this thinking "I just bought this phone off ebay, there's nothing on it I care about", take the backup anyway. You never know when you might need a copy of the modem partitions or other things from your phone's original build. It came in super handy for me in troubleshooting the process. So go do a backup!
Current Issues:
If signal is too weak to connect to a tower (or non-existent), the OS tends to crash with a modem error. Still trying to figure this one out.
I think I can get this working without first jumping to US996 but haven't had a chance to verify that. If I do I'll update the thread.
Download Prerequisites
Links working as of 2021-06-29
LGUP with patch
Link
Working adb/fastboot environment
Instructions
Download
Fastboot Drivers
Link
Universal ADB Driver
Link
Videotron/Freedom H915 Android 7 (Nougat) version E - H91510e_00_VTR_CA_OP_1205.kdz
Link
USA General US996 Android 7 (Nougat) version F - US99610f_00_1205.kdz
Link
APK for Terminal Emulator
Link or Alternate Link
LG V20 Root Package Original (v4?)
Link
Old TWRP for Root Package
Link
Videotron/Freedom H915 Modem Partition Image
Link
Lineage Install Zip for H910 (grab the latest, I'm using lineage-18.1-20210506-nightly-h910-signed.zip which is already out of date)
Link
MindTheGapps
Link
(Optional, for rooting) Magisk
Link
Different Boot Modes
For those not familiar with these phones, there are three different "modes" the phone can boot into. Here's a quick reference on how to boot into each one.
Download Mode
This mode is used for pushing KDZ files or individual partition backups using LGUP
Turn Off Phone
Hold the Up-Volume Button
Insert USB-C Cable with other end already plugged into PC
Bootloader (aka Fastboot) Mode
The H915 doesn't come with this mode by default. If you try it, you'll just get battery charging. We'll be temporarily converting the phone to a US996 in order to use the DirtySanta exploit to replace the bootloader partition with a leaked Engineering aboot.
This mode is used with the fastboot tool to load the TWRP utility into the Recovery partition.
Turn Off Phone
Hold the Down-Volume Button
Insert USB-C Cable with other end already plugged into PC
Recovery Mode
The recovery mode on a stock phone is used to perform a factory reset. We will be using the Factory Reset a couple times with the stock ROMs, then replacing the contents of the recovery partition with the TWRP tool that allows us to format partitions, load partition images, and sideload apps and LineageOS itself.
Turn Off Phone
Hold the Down-Volume Button
Press and hold Power-On (rear fingerprint sensor/button). When LG Logo appears, release power button for 1 second then press and hold again
When "Factory Data Reset" appears, release all buttons
Press Volume Down to highlight "Yes" then press power button to select the option
Repeat for the confirmation
Note about flashing KDZ files using LGUP
You can flash KDZ files onto the phone using LGUP from two places - either with the phone in "Download Mode", or with the phone booted into the OS with the USB Options set to "File Transfer" and USB Debugging turned on.
The difference between these two is when it performs the OS compatibility check.
In Download Mode it's the code of the Download Mode partition that does the check. In the OS, it's the OS that does the check before booting to Download Mode and bypassing Download Mode's check.
Why is this important? Because when converting from one phone to another (Say, an H915 to a US996 like we do below), you initially can't flash the KDZ using LGUP's "Upgrade" function. You can only use "Partition DL" to replace the contents of partitions with the contents of the KDZ. This kind of works, but ends up with a phone that will sometimes identify as a H915 (in Download Mode) but sometimes identify as a US996 (in the OS). To clean it up, once you've done the Partition DL method, you can do it again from the OS and use the Upgrade method to get a really clean install.
It works going back the other way as well when you want to return to stock.
If this doesn't make sense, don't worry. You don't need to fully understand it to follow the instructions below, I just found it to be interesting info that didn't seem to appear in other threads.
Process Overview
Revert the phone to an old/vulnerable stock Nougat ROM for Videotron/Freedom Mobile
Enable Dev Options
Dump contents of US996 KDZ partitions over top of existing partitions
Cleanup by re-flashing US996 KDZ partitions over top of existing partitions
Transfer files to the SDCard and install Terminal Emulator
Unlock the Bootloader using the DirtySanta exploit
Boot to old TWRP and install new TWRP
Boot to new TWRP, install LineageOS, Google Apps, and flash modem partition image
Reboot to LineageOS
Actual Process
1 - Revert the phone to an old/vulnerable stock Nougat ROM for Videotron/Freedom Mobile
We need to be on Nougat for this to work, so if you're on Oreo you have to downgrade to Nougat before we begin. I chose a Nougat ROM for the H915 that's vulnerable to the DirtySanta exploit because I know it works and because I'm hoping in the future to be able to skip converting the phone to a US996 if possible.
Boot phone into Download Mode
Launch LGUP with Patch
Select "Upgrade" radio button
Select bin file : H91510e_00_VTR_CA_OP_1205.kdz
Click Start
When finished phone will reboot
1.5 - Do this if Step 1 Failed... Otherwise continue to Step 2
Depending on what's loaded on your phone when you start, it might complain about doing Step 1. This should allow us to bypass the issue and allow Step 1 to work. You can use this step if you've already converted the phone to another model as long as it's not bricked.
Boot phone into download mode
Launch LGIP with Patch
Select "PartitionDL" radio button
Select bin file : H91510e_00_VTR_CA_OP_1205.kdz
Click Start
Click the "Select All" partitions checkbox and click OK. When done it will reboot.
If it hangs or loops on reboot, boot into "Recovery Mode" (which at this point will Factory Reset the OS)
The phone boots into the OS
Quickly go through setup wizard. Skip as many things as possible.
Go Settings - General - About Phone - Software Info - Make sure it identifies as H91510e
Change the USB Option mode to "File Transfer"
Then repeat Step 1, but from inside the OS instead of in Download Mode
2 - Enable Dev Options and File Transfer Mode
We need these enabled after every time we flash the OS so that our LGUP and adb commands will work. You'll get used to doing these steps a bunch.
Quickly go through setup wizard. Skip as many things as possible.
Unplug USB-C cable
Swipe down from the top and change from USB Charging mode to File Transfer mode
Settings - General - About Phone - Software Info
Tap on Build Number many times until it unlocks Developer Mode
Go back 2 menus and enter the new "Developer Options" menus
Make sure "Enable OEM Unlock" is enabled
Enable "USB Debugging" (will be greyed out if USB-C cable is still attached)
Go back to main screen
Plug USB-C cable back in.
A pop-up will appear asking to Allow USB Debugging. Check the "Always Allow" box and tap OK
3 - Dump contents of US996 KDZ partitions over top of existing partition
The Videotron/Freedom KDZ has no Bootloader/Fastboot mode. If you try to enter bootloader mode you'll just end up charging the battery. So we have to cross-flash the US996 KDZ to get a phone with a bootloader which we can then replace with the engineering version using the DirtySanta exploit.
Boot phone into download mode
Launch LGUP with Patch
Select "PartitionDL" radio button
Select bin file : US99610f_00_1205.kdz
Click Start
Click the "Select All" partitions checkbox and click OK
When the phone boots back into the OS, repeat all of Step 2.
Note: If it asks for a password on startup, follow the "Boot to Recovery" steps and since
we don't have anything loaded in the recovery partition it will wipe/erase the phone
and remove the password.
4 - Cleanup by re-flashing US996 KDZ partitions over top of existing partitions
As mentioned in the "Note about flashing KDZ files using LGUP" section above, after you use the PartitionDL method you get a kind of dirty phone image that doesn't always identify as its new model. To clean up, we repeat the process in Upgrade Mode, taking advantage of the fact that at least the OS now identifies as US996 even if Download Mode doesn't. After this, Download Mode will also identify as US996.
Starting booted into the OS with a USB-C cable attached (File Transfer mode, USB Debugging on):
Launch LGUP with Patch
Select "Upgrade" radio button
Select bin file : US99610f_00_1205.kdz
Click Start
When the phone boots back into the OS, repeat all of Step 2.
5 - Transfer files to the SDCard and install Terminal Emulator
We will need some files on the SDCard in the phone in order to install them, either inside the OS (in the case of Terminal Emulator), or later on from TWRP. The Terminal Emulator will be used for the DirtySanta exploit so we need to get that installed now.
Make sure the USB Connection is set to Data Transfer mode and copy the following files to the SDCard:
APK for Terminal Emulator
twrp-3.5.1_9-0-us996.img
h915freedommobilemodem.img
Enable installing apps from unknown sources by:
Settings - General - Fingerprints and Security - Unknown sources (turn it On)
Install Terminal Emulator:
Tools - File Manager
Choose "Allow" when prompted
Click the up-arrow next to "Internal Storage"
Choose SD Card
Scroll down and tap on jackpal.androidterm-1.0.70-71-minAPI4.apk
Install
6 - Unlock the Bootloader using the DirtySanta exploit
The US996 KDZ has a bootloader but it's locked. In order to unlock it we need to use the DirtySanta exploit to give us permissions to replace the Bootloader/Fastboot with a leaked engineering version.
Starting booted into the OS with a USB-C cable attached (File Transfer mode, USB Debugging on):
Settings - General - About Phone - Software Info
Verify that Software Version lists as US99610f
Copy the twrp-3.0.2-1-us996.img file into the folder containing the LG V20 Root Package
Open a command prompt window and change to the folder containing the LG V20 Root Package and run "Step1.bat"
It will push multiple files to the phone and apply some patches/exploits.
This proces will take 5 minutes and put you out at an "elsa:/ $" prompt
At this "elsa:/ $" prompt in your command prompt window type the following:
run-as con
chmod 0777 /storage/emulated/0/*
On the phone, launch Terminal Emulator and run the following:
id
Verify that the string which comes back contains the string "context-u:r:untrusted_app".
If not, run Step1.bat again, else continue forward
Enter the follosing command into Terminal Emulator (be very careful to type it properly):
applypatch /system/bin/atd /storage/emulated/0/dirtysanta
If that command came back with an error, close and re-open Terminal Emulator and try again
The command should begin to patch another file. This will take 5 minutes and will return you to the "elsa:/ $" prompt in Terminal Emulator when it has finished
Open another command prompt to the same folder and run "Step2.bat"
This step will download backup copies of the boot and aboot partitions from the phone then boot the phone into bootloader/fastboot mode.
You'll know it worked if the first line at the top of the phone screen appears in red
In the command prompt window, run Step3.bat
It will flash boot1.img and the TWRP Recovery image multiple times then restart the phone
The phone will hang, no matter how long it's left. Wait 5 minutes (at least until the logo re-loads once) then do the following:
Unplug the USB-C cable
Remove the battery from the phone to turn it off
Replace the battery
Boot into Fastboot mode and run the following commands in your command prompt:
fastboot flash boot bootbackup.img
Remove the USB-C cable and battery to turn off the phone. Then replace the battery and enter Recovery Mode
The phone will show a big red exclamation mark saying "Your device is corrupt". This is normal. It will go away after a few seconds then boot into recovery. This error screen is the result of the engineering "aboot" image that was flashed to give us an unlocked bootloader and will always happen on boot.
7 - Boot to old TWRP and install new TWRP
The old version of TWRP recovery will load. Don't ask me why we can't just go straight to new TWRP above, it didn't work well when I tried it.
If it asks for a password to decrypt data, click Cancel
Swipe to allow modifications
Install - Select Storage - MicroSD Card - OK
Install Image - Scroll down and tap the "twrp-3.5.1_9-0-us996.img"
Select the Recovery partition and swipe to confirm flash
Back to main menu
Reboot - Recovery
8 - Boot to new TWRP, install LineageOS, Google Apps, and flash modem partition image
The new version of TWRP will load:
Check the "Never show this screen during boot again" box
Swipe to allow modifications
Wipe - Format Data - type "yes" to continue
This is likely to fail the first time. Repeat it to properly format the data partition.
Go back to Main Menu - Wipe - Advanced Wipe - Select "Dalvik / ART Cache", "System", and "Cache"
Swipe to wipe
Back to main menu
Advanced - ADB Sideload
Plug in USB-C cable
Swipe to start sideload
In command prompt window on PC type the following:
adb sideload lineage-18.1-20210506-nightly-h910-signed.zip
When complete tap "back" and "ADB Sideload" and swipe again to apply another file:
adb sideload MindTheGapps-11.0.0-arm64-20210412_124247.zip
If you want to root the phone (completely optional, not necessary for this process), now is the time to do it. Tap "back" and "ADB Sideload" and swipe again to apply another file:
adb sideload Magisk-v23.zip
Go back to main menu - Install - Install Image - tap the h915freedommobilemodem.img file
Select the Modem partition and swipe to confirm flash
Remove USB-C cable
9. Reboot to LineageOS
Go back to main menu - Reboot - System - Swipe to reboot
References where I got the info to make this tutorial
Official Lineage 18.1 for LG V20 Release Thread
LineageOS Wiki for H910
DirtySanta Bootloader Unlock and Root Guide (Original)
H910 Rooting Thread (Cross-flash H915 then DirtySanta to US996)
H915 Root, TWRP using DirtySanta [WorkingSignals]
Noob Friendly Root TWRP using DirtySanta
General info about Modem Hardware, Firmware, Radio Interface Layer
[Reserved]
thank you so much. i need it
Great job for writing a complete how-to guide!
Thank You, You saved my old V20 H915
hi have you been able to find a better modem?
btw i'm not able to decrypt under twrp, can you?
Just want to confirm, it's only guide wich works for me. But I have issues with modem:
1. When I tried to change mode of modem, "prefered network type", phone stayed in the loop of the kernel panic "modem crash"
2. It were difficult to revert changes back. Finally, safe mode (in order to get it, you need to press volume up and volume down in the same time, during LinageOS booting process) helped me - when I disabled airplan mode, I had 2-10 seconds until next kernel panic. And in ~10 attempts, I were able to finally switch modem's mode to GSM/WDCMA/LTE
3. I used this phone 3 days, and once the kernel panic (because of modem) happened again
Any ideas what to do with modem? Also, the picture "Your phone is corrupt" is not fan Any ideas how to change it?
I did my best to follow all the instructions but after step 7's reboot I just get blocks full of static. I can tell it's trying to do fresh install setup though from what's peeking through the blocks.
Riot54 said:
I did my best to follow all the instructions but after step 7's reboot I just get blocks full of static. I can tell it's trying to do fresh install setup though from what's peeking through the blocks.
Click to expand...
Click to collapse
This is normal. Flash a kernel that's patched for dirty santa OR, cover the proximity sensor on boot and keep it covered until boot is complete.
That worked, thanks.
After multiple attempts going back and forth with step 6, I finally did it! I might switch to Lighthouse or Arros but I wouldn't have gotten this far without your guide.
Hi all,
Well, operator error is definitely at fault here... I made a series of mistakes that got me to where I am now. All I intended on doing was repairing my dad's tablet which was running atrociously slowly. I tried to follow some steps, but improvised as I was getting errors and obviously ended up making things a lot worse...
Now tuning on the tablet will directly go to a command line interface with a long series of errors and these are the last 2 lines:
Rich (BB code):
blkD :HardDisk - Alias (null)
PciRoot (0x0) /Pci (0x17,0x0) Ctrl (0x0) /HD(14,GPT,80868086-8086-8086-8086-000000000008,0x646828,0x16D47D8)
blkE :BlockDevice - Alias (null)
PciRoot (0x0) /Pci (0x17,0x0) Ctrl (0x0)
Press ESC in 1 seconds to skip startup.nsh, any other key to continue.
Shell> _
In this state it cannot be interacted with and won't be detected by my PC over USB.
This happens for normal, recovery and bootloader modes. The only mode that I can access is DNX mode but attempting to boot droidboot will result in the same command line UI described above, including when trying to restore the BIOS using the PC executable (which I assume needs to enter fastboot mode, which it can't do...).
What can I do now? Any way to get anything working in the above screen or through DNX?
I'm thinking that a partition was corrupt in addition to me wiping the ESP is causing this. Maybe it's possible to completely format and setup all the partitions and start from scratch again? How can I flash esp.img when all I have access to on the tablet is DNX mode?
Detailed history below...:
HISTORY
1)
The tablet is a Lenovo Yoga Tab 2 1050F. It was running very slowly to the point where my dad just didn't bother to use it. I thought it would be wise to factory reset it as a first step. There is no option to do so within the Lenovo skin of Android so I started by going into recovery mode and performed a factory reset from there.
After it rebooted, the Android UI would loop back to the language selection after connecting to a WiFi network and I would get "Unfortunately Google Play Services has stopped." error message. It would just loop through the Language Selection > Connect to WiFi network pages over and over.
2)
Having installed CM on my old S3 back in the day, I thought I could go about the same process and flash a gapps ZIP file in recovery mode. That didn't work, I got an error because the zip was unsigned.
I thought I could install TWRP to flash unsigned zips, reinstall Gapps and get the tablet passed the Android UI loop.
3)
I followed this guide on XDA to install an unofficial TWRP (which involved unlocking the bootloader). It didn't work because I couldn't flash over ADB (because the tablet couldn't allow Developer Mode since it was stuck in the Android UI loop). So I flashed as many files as I could in fastboot.
I eventually flashed the TWRP recovery.img but that didn't work : when turning on to Recovery mode it would just go back to the bootloader screen.
4)
I thought I must have screwed up something up so I tried to restore the BIOS using an executable I found but I realized the tablet was already upgraded to Lollipop and the only BIOS restoration exe was for Kitkat. Sure enough it got even worse and I could no longer boot Android.
5)
I still had bootloader and fastboot though so I followed a guide to restore the tablet to the original OS (which ironically I already downloaded before trying to get TWRP but forgot about and didn't unpack). I set up Intel Platform Tools but the flash process didn't work because it went to droidboot and then lost USB connection. On the Intel program it would just stay stuck at 20% Wiping ESP. It would time out twice and then give me a final error message.
6)
So I thought to explore the flash.xml file provided to see if I could do the steps manually. I knew it was stuck at wipe ESP because in droidboot it couldn't get commands from PC. So I went into fastboot and wiped ESP manually myself! Little did I know how foolish this was to do because I was simply unable to flash the provided ESP.img again. Following this I lost access to the bootloader.
7)
I found a guide to restore a bricked 1050F here on XDA but it needs droidboot which now goes to the command line UI described at the top of this post. When attempting to restore the kitkat BIOS again, droidboot is also needed which results in the same cmd UI.
8)
Which leads me to where I am now which is that the tablet doesn't boot to: normal, recovery, bootloader/fastboot or droidboot. Which is why I am now asking for help. What can I do?
I'm thinking that a partition was corrupt in addition to me wiping the ESP is causing this. Maybe it's possible to completely format and setup all the partitions and start from scratch again? How can I flash esp when all I can get access to is DNX mode?
Thanks for reading this far and if you have any more ideas, please let me know, thanks in advance.
Hi, would anyone like to weigh in on this issue?