Develop Bugs

[Q] TWRP For 550/551M Zenfones

So I'm wondering if any intrepid dev is willing to compile TWRP for our lovely phone. I am willing to contribute to a fund for whoever is able to get a functional version of the recovery.
This is such a nifty phone. The WW version works great in the US, and it'd be nice if we could get full functionality sooner than later.

mrbubs3 said:
So I'm wondering if any intrepid dev is willing to compile TWRP for our lovely phone. I am willing to contribute to a fund for whoever is able to get a functional version of the recovery.
This is such a nifty phone. The WW version works great in the US, and it'd be nice if we could get full functionality sooner than later.
Click to expand...
Click to collapse
Well for starters, we'd need the bootloader unlocked (as per Asus) and a preferably better rooting method to get started. Other than that, you'll be pleased to know that we may end up receiving OFFICIAL TWRP since DeesTroy is planning to get a Zenfone 2!:thumbup: (as mentioned here: http://forum.xda-developers.com/showthread.php?p=60352547)
Sent from the Ace's MB865 using Tapatalk

I thought the bootloader was already unlocked, as you can push system.img via bootloader. Or does the locked bootloader only prevent the changing of the boot.img file?

mrbubs3 said:
I thought the bootloader was already unlocked, as you can push system.img via bootloader. Or does the locked bootloader only prevent the changing of the boot.img file?
Click to expand...
Click to collapse
I don't really have the details on that, I'm only reiterating what was confirmed by a mod on the Zentalk forums that it is indeed locked. It's rather interesting that we can flash through it, but I'm not really experienced in bootloader unlocking enough to tell what's going on.
Sent from the Ace's MB865 using Tapatalk

mrbubs3 said:
So I'm wondering if any intrepid dev is willing to compile TWRP for our lovely phone. I am willing to contribute to a fund for whoever is able to get a functional version of the recovery.
This is such a nifty phone. The WW version works great in the US, and it'd be nice if we could get full functionality sooner than later.
Click to expand...
Click to collapse
Are you sure that the WW version works great since it doesn't support Band 17 (700MHZ) which is mainly used by AT&T?

huzgu444 said:
Are you sure that the WW version works great since it doesn't support Band 17 (700MHZ) which is mainly used by AT&T?
Click to expand...
Click to collapse
I use T-Mobile, so perhaps those limitations do not apply to me. I have not seen anyone reporting on service issues with AT&T at the time of posting.

The difference between a locked and unlocked bootloader is that a locked bootloader only accepts signed packages (packages built with the unique keys from Asus) while an unlocked bootloader will accept packages signed by anyone.
The rooted images are signed by Asus themselves, which lets us flash them through a locked bootloader.
If you push a system.img not signed with Asus' keys your device will not boot.

seshmaru said:
The difference between a locked and unlocked bootloader is that a locked bootloader only accepts signed packages (packages built with the unique keys from Asus) while an unlocked bootloader will accept packages signed by anyone.
The rooted images are signed by Asus themselves, which lets us flash them through a locked bootloader.
If you push a system.img not signed with Asus' keys your device will not boot.
Click to expand...
Click to collapse
That's ^ said by people who never tried it by himself.
Locked bootloader won't boot unsigned kernel images only (you can flash them through fastboot, but won't be able to boot). This includes recovery.img and boot.img. There is no signature in system.img, that's why you can flash pre-rooted system.img an boot.

sorg said:
That's ^ said by people who never tried it by himself.
Locked bootloader won't boot unsigned kernel images only (you can flash them through fastboot, but won't be able to boot). This includes recovery.img and boot.img. There is no signature in system.img, that's why you can flash pre-rooted system.img an boot.
Click to expand...
Click to collapse
Feel free to try and unpack, modify, and pack system.img. Then feel free to attempt to flash it.

Hey, so maybe instead of having a pissing match between superusers/devs, can we perhaps focus on the task of seeing how probable it will be to unlock the bootloader/compile TWRP?

mrbubs3 said:
Hey, so maybe instead of having a pissing match between superusers/devs, can we perhaps focus on the task of seeing how probable it will be to unlock the bootloader/compile TWRP?
Click to expand...
Click to collapse
if asus follows its usual pattern, they'll have a bootloader unlock tool released eventually

seshmaru said:
Feel free to try and unpack, modify, and pack system.img. Then feel free to attempt to flash it.
Click to expand...
Click to collapse
I did it already. Works fine. I've uploaded pre-rooted system.img in this topic: http://forum.xda-developers.com/zenfone2/orig-development/rom-pre-root-img-t3079590
What i'm doing wrong?

lyeith said:
if asus follows its usual pattern, they'll have a bootloader unlock tool released eventually
Click to expand...
Click to collapse
I hope so. I am itching to make this my DD. After that, I would need TWRP, a more robust kernel, and a nifty protective case to make me firmly comfortable. Then I say au revoir to my Moto G 2014.

huzgu444 said:
Are you sure that the WW version works great since it doesn't support Band 17 (700MHZ) which is mainly used by AT&T?
Click to expand...
Click to collapse
I'm in Dallas on At&t and no complaints here. My girl is in PR at the moment and all good too. So I'd say check your zone and what bands it runs thru.

lordpipa said:
I'm in Dallas on At&t and no complaints here. My girl is in PR at the moment and all good too. So I'd say check your zone and what bands it runs thru.
Click to expand...
Click to collapse
Are you getting 4g or 4gLTE and which firmware are you using. My Z00A is not getting 4gLTE atm on ATT in dallas (plano), only getting 4g. Currently connected on Band 5 not band 17

yeah Im getting 4gLTE but im not running stock firmware.

Increasing security in custom roms by re-locking bootloader

Hello, I am completely new so I apologize if this is the wrong place.
I wanted to be able to lock my bootloader but still use cyanogenmod, specifically, only allow roms that I have compiled myself and signed with my cert to work on my phone. I unpacked the stock recovery.img, and made the necessary changes to the ramdisk to replace the stock OnePlus key with my own. I then was then able to confirm that only my signed zips could be sideloaded, both official CM and OxygenOS zips failed - just as I wanted.
The issue is then that this only worked with an unlocked bootloader. When I locked it, the OP3 entered a boot cycle, with a strange graphical glitch appearing then the screen going black, again and again. I could then no longer boot to either recovery or cyanogenmod, nor could I unlock fastboot. This amazing guide got my phone working again.
I now have three questions. What prevented my phone booting after I locked it, how does the unbrick tool work, and is there anything I can alter, like certifications or hashes, lower down in the boot sequence to allow only my signed images to work (using the previous tool. I am unsure what QLoader is, some form of serial interface to the 820 to write to the storage chip?).
Thanks for any advice you can offer!

Update: I have unpacked boot.img provided in the unbrick tool. I cannot find any keys to modify in /res but I have found a file called "verify_keys". Does anyone know what I need to change in boot.img to allow my self-signed recovery and os to boot? Thanks

UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.

I've been meaning to ask this same question for a while now also, so I'm eager to see the response. I suspect the official OnePlus forums might be a good place to ask as well, since they are visited by engineers from OnePlus. For anyone else who's curious as to what's being discussed and better the understand the risks of an unlocked bootloader (and how to mitigate them), there's a brief article here as well as a paper.

It is always suggested that never re-lock the bootloader until there is valid reason to do it

JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
Have you read any of the attached links in my last post? There are valid reasons for doing so.
Just to pose an oversimplified hypothetical, imagine going through immigration/customs in Saudi Arabia (or maybe even the U.S.) with a Android device that has an unlocked bootloader. The officer examines your possesions, then takes your laptop and phone into a back room. Your phone is powered down and encrypted so it's not like they can do anything, right? Wrong. They plug it into a forensics device and flash a surreptitious malware app onto /system before returning it back to you. Then, the next time you turn on your phone your encryption keys and all your data, all your communications are secretly transmitted. You never have a clue... With a locked bootloader and appropriate precautions, that would never be possible.

Update 3:
I am now following the official Android guide for creating a keystore. They show how to create a "keystore.img" not .dat, bu the error I got when trying "fastboot flash keystore ..." said something along the lines of the keystore not being a valid image. Hopefully this will work. After I get this working, I will move on to removing or damaging the OEM key, hence not even allowing OnePlus images to be sideloaded.

JumboMan said:
It is always suggested that never re-lock the bootloader until there is valid reason to do it
Click to expand...
Click to collapse
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.

chocol4te said:
I do have a valid reason - security. An unlocked bootloader means any code can be flashed to my device. Even with encryption it is vulnerable to cold boot attacks, it makes it easier to bruteforce, and pulling encryption keys from memory.
Click to expand...
Click to collapse
sir prefer not rooting and staying on stock ROM with locked bootloader.

emptyragnarok said:
sir prefer not rooting and staying on stock ROM with locked bootloader.
Click to expand...
Click to collapse
Look, I'm sorry, I don't need any more useless comments saying the solution to my problem is to not do anything like on every other forum I've tried. I am perfectly aware of how to lock the bootloader with a stock rom, but I don't want to use the stock rom. I want to use custom roms. From what I have done so far it appears to be possible, so don't tell me it's not, at least without a good reason.
In addition, the stock method isn't even the most secure the phone can be. OnePlus can still sign any code and run it on my device and hence requires my trust in a third party that I am unwilling to give. I only want my own code to run.

Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.

chocol4te said:
Update 4:
Using the unbrick utility, I have updated the MD5 partition with the checksums of my modified boot and recovery partitions. Unfortunately, I am now getting a checksum failed error, with both the MD5 and recovery partitions highlighted in red. So I was wrong about the checksum being compared with hashes in the MD5 partition. Does anyone know where the lowest level checksums are stored? Hopefully if I can change that, then locking the bootloader will be no issue.
Click to expand...
Click to collapse
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!

indroider said:
Bro I am not a prolike you but I understand your vision now,... and I am with you in that.... Open Source stuff and ANdroid as an Open source impify that only... We should have our custom code for locking and unlocking our bootloader so we can have the full control over our device.... If not and the guy that said that you can lock the bootloader with the stock rom didn't get that .. even with stock rom and recovery anyone can have the access of the phone by just unlocking the boot loader and that is simple. SO I GOT YOUR VISION AND I AM WITH YOU I WILL TRY TO UNDERSTAND THE LOCKING SYSTEM OF THE BOOT-LOADER AND I WILL TRY TO FIND THE LOCATION OF LOWER LEVEL CHECKSLUMS... WE will try and try untill we succeed.... I AM WITH YOU BRO!!!!!
Click to expand...
Click to collapse
Thanks! I'm glad to hear it!

chocol4te said:
Thanks! I'm glad to hear it!
Click to expand...
Click to collapse
You're most welcome bro.

Did I just witness a major bro-down?

Awsome thread, I'd also like to put my OP3 in a state where only ROMs I signed my self will run...

Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
indieross said:
Did I just witness a major bro-down?
Click to expand...
Click to collapse
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app

indroider said:
Any further development??
Sent from my Pixel XL using XDA-Developers mobile app
---------- Post added at 05:42 PM ---------- Previous post was at 05:41 PM ----------
Whats a bro down?
Sent from my Pixel XL using XDA-Developers mobile app
Click to expand...
Click to collapse
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
Code:
fastboot flash bootloader bootloader-bullhead-bhz11f.img
fastboot reboot-bootloader
sleep 5
fastboot flash radio radio-bullhead-m8994f-2.6.33.2.14.img
fastboot reboot-bootloader
sleep 5
fastboot -w update image-bullhead-nbd90z.zip
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.

chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work, but I am really stuck if I can't understand why the MD5 verification error occurs when I use Loader to flash the modified images. I looked at CopperheadOS, and in their documentation they show how to re-lock the bootloader with a custom ROM. Here is the shell script they use to upload the OS.
As you can see they flash two images, boot loader and radio, then update the main ROM. Then apparently it boots fine and the bootloader is OEM locked inside the OS. This was for the Nexus 5X, but I want to find out if a similar process is possible on the OP3.
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
Ok.. Great to hear... Let me if you need any help.. I m here

chocol4te said:
Sorry, other stuff came up. I am still very interested in getting this to work ... ...
I may also begin work on porting CopperheadOS to the OnePlus 3. I know it sounds unrealistic, but since OnePlus released the binaries and kernels it should make it slightly easier.
Click to expand...
Click to collapse
This sounds exactly like what I was looking for. Have you been able to progress? Do you think that the bootloader and the radio are somehow linked in the boot verification sequence?
---------- Post added at 05:51 AM ---------- Previous post was at 05:43 AM ----------
chocol4te said:
UPDATE 2:
From reading some Android notes it appears that instead of replacing the OEM key, you can also just use fastboot to flash keystores for self-signed recovery and roms. This still allows OEM signed images to run, but is certainly a step in the right direction. I have run into an issue with building a correct keystore. I can use keytool and import my previous certs, but "fastboot flash keystore examplename.keystore" fails. I saw "fastboot flash ssd keystore.dat" used, and it works with my current dot keystore file, but then after locking it fails to boot. I'm going to see how I can convert my .keystore to a .dat.
Click to expand...
Click to collapse
Have you read this: https://mjg59.dreamwidth.org/31765.html

on device kdz flasher?

Is there any way to flash a kdz from my G4 ?
LG G4 with locked bootloader, Twrpinfish installed

jason_l367 said:
Is there any way to flash a kdz from my G4 ?
LG G4 with locked bootloader, Twrpinfish installed
Click to expand...
Click to collapse
It would help if you were more specific about what you are trying to do.
With that said, are you talking a stock kdz or a rooted system image? If a rooted system image you can do it with TWRP-in-FiSH, provided you can obtain the one you want from a member who provides his own TWRP-in-FiSH system image backup but you can't do a stock KDZ. Cross-flashing any different model firmwares, at this stage (until steadfasterX completes and publishes his boot loader unlock process), runs a high risk of a hard brick.

sdembiske said:
It would help if you were more specific about what you are trying to do.
With that said, are you talking a stock kdz or a rooted system image? If a rooted system image you can do it with TWRP-in-FiSH, provided you can obtain the one you want from a member who provides his own TWRP-in-FiSH system image backup but you can't do a stock KDZ. Cross-flashing any different model firmwares, at this stage (until steadfasterX completes and publishes his boot loader unlock process), runs a high risk of a hard brick.
Click to expand...
Click to collapse
Hi Sdembiske, I read about the unnofficial bootloader unlock: https://forum.xda-developers.com/g4/general/bl-unlock-unlock-bootloader-proof-t3648288 and it seems H812 is not fully tested yet (see Proofs section). I'm not brave enough to try it on my phone until it has been fully tested. I know if everyone thought like me, there would be no progress.. :laugh:. Thank god theres some brave people out there....

sdembiske said:
It would help if you were more specific about what you are trying to do.
With that said, are you talking a stock kdz or a rooted system image? If a rooted system image you can do it with TWRP-in-FiSH, provided you can obtain the one you want from a member who provides his own TWRP-in-FiSH system image backup but you can't do a stock KDZ. Cross-flashing any different model firmwares, at this stage (until steadfasterX completes and publishes his boot loader unlock process), runs a high risk of a hard brick.
Click to expand...
Click to collapse
Thx. I was provided a tot of genysys with Twrpinfish injected. Just thought there might be a way. Also, itd be neat to flash my kdz or tot from the device

Thx to @the_naxhoo for this tot
Also there seems to be easy ways to edit a kdz with hex editors apps than winhex for example, which requires a hefty priced pro add-on. BTW I've flashed different region kdz with LGUP without issues.

jason_l367 said:
Thx to @the_naxhoo for this tot
Also there seems to be easy ways to edit a kdz with hex editors apps than winhex for example, which requires a hefty priced pro add-on. BTW I've flashed different region kdz with LGUP without issues.
Click to expand...
Click to collapse
Being able to flash different region kdz's is very Model specific - e.g. H815 International/Europe version plus a very limited number of other models and only one or two with locked bootloaders (most of which have issues from what I can tell). Some models, like the H812 are locked up tighter, running a very high risk of hard bricks screwing around with other model/region firmware flashing- So again, you have to be specific.

Apologies. I own a H815T and have flashed H815 kdz's , so my question is- if there is any way to zip a kdz for flashing, extract correct partitions for the zip , edit the kdz for flashing from the device etc, i think it would be a pretty handy tool
Just a thought.

jason_l367 said:
Apologies. I own a H815T and have flashed H815 kdz's , so my question is- if there is any way to zip a kdz for flashing, extract correct partitions for the zip , edit the kdz for flashing from the device etc, i think it would be a pretty handy tool
Just a thought.
Click to expand...
Click to collapse
Once steadfasterx releases his unofficial bootloader unlock you can flash any g4 variants firnware and even better, custom roms. Just hang in there man...its coming soon

jason_l367 said:
Apologies. I own a H815T and have flashed H815 kdz's , so my question is- if there is any way to zip a kdz for flashing, extract correct partitions for the zip , edit the kdz for flashing from the device etc, i think it would be a pretty handy tool
Just a thought.
Click to expand...
Click to collapse
Check out steadfasterX's SALT: https://forum.xda-developers.com/g4/general/tool-salt-lg-revolution-t3717864
Has some of what you're looking for now and will eventually, when completed, be able to flash what you need.

Thanks mates

sdembiske said:
Check out steadfasterX's SALT: https://forum.xda-developers.com/g4/general/tool-salt-lg-revolution-t3717864
Has some of what you're looking for now and will eventually, when completed, be able to flash what you need.
Click to expand...
Click to collapse
Sorry if I'm asking in the wrong place but I followed your guide to bullet proof method to get started with SALT - FWUL 2.5 persistent.
I get to the welcome screen but when I press enter on 'FWUL 2.5 persistent' it says no such directory.
I have chosen -linux ,arch linux32bit (64bit wasn't available on my laptop) after following steps to create the .vdi drive in VirtualBox directory

Nevermind ,I had to use x64 arch Linux.

jason_l367 said:
Sorry if I'm asking in the wrong place but I followed your guide to bullet proof method to get started with SALT - FWUL 2.5 persistent.
I get to the welcome screen but when I press enter on 'FWUL 2.5 persistent' it says no such directory.
I have chosen -linux ,arch linux32bit (64bit wasn't available on my laptop) after following steps to create the .vdi drive in VirtualBox directory
Click to expand...
Click to collapse
We should move this over to the FWUL thread.
First, confirm you have downloaded only from this location in the FWUL OP for the persistent versions (my concern here is that you have downloaded a forgetful version):
https://androidfilehost.com/?w=files&flid=214529
Make sure you are running the latest version of (Windows) VirtualBox and that you have installed the Extension Pack as well.
Even if your Windows PC/laptop is 32bit, the VirtualBox drop-down menu should allow you, in the 'New' setup menu, to select Linux and under that entry, the 64bit Arch Linux OS (it should be right above or below the 32bit version in the drop-down menu) - that is what FWUL is based on ... i.e., it doesn't matter that your PC/laptop is 32bit.
Ensure you are matching your .img file name in the conversion command exactly to the persistent .img file name you downloaded, extracted and moved over to the VirtualBox original install folder to run the conversion command. Copying and pasting the conversion command from my post, is the most error free way to do it, provided the file name matches exactly to the .img file you downloaded.
Important: Insure you have enough available hard drive space on you PC/laptop to install the size of FWUL .vdi disk you created, in addition to the .img file you downloaded.
Check the following two locations on your PC/Laptop hard drive for the .vdi file you created from the conversion command.
C:\Users\Your_User_Name\VirtualBoxVMS
C:\Users\Your_User_Name\AppData\Local\VirtualStore\Program Files\Oracle\VirtualBox\
If you need to try again, remove the FWUL install and delete all FWUL related files - double check the two file locations above to make sure there are no FWUL related files there whatsoever.
Any further questions, please post to the FWUL thread.

Thanks dude. It worked :good:

jason_l367 said:
Thanks dude. It worked :good:
Click to expand...
Click to collapse
No problem. I can probably use the troubleshooting guide I prepared for you again on the FWUL thread.
Glad it worked - had me concerned there for a bit as I thought I laid everything out pretty succinctly in my original post, to avoid errors.
Enjoy - particularly when steadfasterX completes the full-meal-deal.

SALT v4.0 will come with flashing support for kdz and restoring image files (e.g from a previous backup)
Sent from my LG-H815 using XDA Labs

steadfasterX said:
SALT v4.0 will come with flashing support for kdz and restoring image files (e.g from a previous backup)
Click to expand...
Click to collapse
Yeah I'm backing up now
One question. How may hours does it take to do a full backup in salt?
I don't mean to be rude, but its been like 3 hours..

Sorry , took a basic backup but it failed verification. I'll have to do some reading
epescially when trying out the usu unlock feature!!!!

jason_l367 said:
Yeah I'm backing up now
One question. How may hours does it take to do a full backup in salt?
I don't mean to be rude, but its been like 3 hours..
Click to expand...
Click to collapse
My full backup (29GB) took up to approx. 6 hours to complete. Partial completes very quickly ...

Yeah I downloaded 30GB FWUL.

Proper Latest ROM for Franken-build G4 (Has H81510h but Board VS986); on ARB v2.

Hello all,
-I bought a 'refurbished' LG G4 online (claimed to be H815), but when I got it & checked the motherboard inside, it's VS986 instead.
Currently it's on H815 v10h (Lollipop), with ARB v2, and Baseband is MPSS.BO.2.5.c3-00070-M8992FAAAANAZM-1.19025.1
-What's is the best option I have (which ROM to flash)? I'm from Malaysia & I need GSM for 2G/3G capability (AFAIK Verizon's VS986 uses CDMA)*.
Please advise, thank you.
*EDIT: I entered Service Menu & found that several GSM & WCDMA modes are supported, but none of LTE modes is available.

Musafir_86 said:
Hello all,
-I bought a 'refurbished' LG G4 online (claimed to be H815), but when I got it & checked the motherboard inside, it's VS986 instead.
Currently it's on H815 v10h (Lollipop), with ARB v2, and Baseband is MPSS.BO.2.5.c3-00070-M8992FAAAANAZM-1.19025.1
-What's is the best option I have (which ROM to flash)? I'm from Malaysia & I need GSM for 2G/3G capability (AFAIK Verizon's VS986 uses CDMA)*.
Please advise, thank you.
*EDIT: I entered Service Menu & found that several GSM & WCDMA modes are supported, but none of LTE modes is available.
Click to expand...
Click to collapse
The problem with Frankensteins like this is nobody knows what EXACTLY they did to make it look like a h815.
First thing to try is checking the ARB (Antirollback, see my sig) and if you are one of the 1% of lucky users then you may see "nonfusing device" instead of an ARB level.
Assuming that you did that already (as u mentioned ARB2) u are screwed.
There is no valid way to get to a good result here.
Your main issue is that the modem partition must be a vs986 one - or at least a vs986 compatible one as the ARB also takes place in that partition.
Second, if you cannot change the modem partition u might not be able to get 2G/3G as you already found out.
unlocking the device won't help either as the main issue you have relies on the the modem (partition) and even when flashing a vs986 ROM or any other it might never work.
Last - but not least - whatever you do or plan to do: kee my first sentence in mind. Each step you do can easily hard brick your device.
Ofc you can use QFIL to likely bring it back to life (the G4's are really hard to brick until an unusable state) but for this you need the extra tools, knowledge and time to learn.
sorry but there is nothing much you can do other then request your money back as you were tricked.
if you can't I may would try getting another modem partition to work with but doing that requires also a lot of time to learn how to use SALT to extract KDZs, identify the ARB of the modem partition properly (so you do not increase the ARB level by flashing a wrong modem partition) and so on..
gl
.-

steadfasterX said:
The problem with Frankensteins like this is nobody knows what EXACTLY they did to make it look like a h815.
First thing to try is checking the ARB (Antirollback, see my sig) and if you are one of the 1% of lucky users then you may see "nonfusing device" instead of an ARB level.
Assuming that you did that already (as u mentioned ARB2) u are screwed.
There is no valid way to get to a good result here.
Your main issue is that the modem partition must be a vs986 one - or at least a vs986 compatible one as the ARB also takes place in that partition.
Second, if you cannot change the modem partition u might not be able to get 2G/3G as you already found out.
unlocking the device won't help either as the main issue you have relies on the the modem (partition) and even when flashing a vs986 ROM or any other it might never work.
Last - but not least - whatever you do or plan to do: kee my first sentence in mind. Each step you do can easily hard brick your device.
Ofc you can use QFIL to likely bring it back to life (the G4's are really hard to brick until an unusable state) but for this you need the extra tools, knowledge and time to learn.
sorry but there is nothing much you can do other then request your money back as you were tricked.
if you can't I may would try getting another modem partition to work with but doing that requires also a lot of time to learn how to use SALT to extract KDZs, identify the ARB of the modem partition properly (so you do not increase the ARB level by flashing a wrong modem partition) and so on..
gl
.-
Click to expand...
Click to collapse
-Thanks for your reply.
-About returning & requesting a refund, I think it'll be hard as I already damaged the warranty sticker over one of the screws while trying to check the board.
-If we ignore the modem issue for now (maybe use it as WiFi-only device), then what's the best ROM I could flash? I hope at least Marshmallow so it'll last longer as more & more apps are targetting higher Android API levels.
-BTW, I just tried flashing VS9862BA_00_0525_ARB02.kdz but LG UP says "KDZ file is invalid". On another note, while in download mode, I just noticed it says:
Code:
USER S0.0 AS0.0 B91 UHS
S U LG-H810 05.1 Hrev_10
H81010o
-So, now it also has AT&T's H810 pieces inside too?
-BTW, sorry for PM'ing you earlier; I didn't notice your signature (even though you put it in big, red fonts!).

Musafir_86 said:
-Thanks for your reply.
-About returning & requesting a refund, I think it'll be hard as I already damaged the warranty sticker over one of the screws while trying to check the board.
-If we ignore the modem issue for now (maybe use it as WiFi-only device), then what's the best ROM I could flash? I hope at least Marshmallow so it'll last longer as more & more apps are targetting higher Android API levels.
-BTW, I just tried flashing VS9862BA_00_0525_ARB02.kdz but LG UP says "KDZ file is invalid". On another note, while in download mode, I just noticed it says:
Code:
USER S0.0 AS0.0 B91 UHS
S U LG-H810 05.1 Hrev_10
H81010o
-So, now it also has AT&T's H810 pieces inside too?
-BTW, sorry for PM'ing you earlier; I didn't notice your signature (even though you put it in big, red fonts!).
Click to expand...
Click to collapse
-Okay, now I have successfully flashed VS9862BA_00_0525_ARB02.kdz by extracting the DZ file & flashing it directly! :good:
However, it seems Android FRP (Firmware Reset Protection) has been triggered; need to figure on how to bypass this while on 2BA firmware.....

Musafir_86 said:
-Thanks for your reply.
-About returning & requesting a refund, I think it'll be hard as I already damaged the warranty sticker over one of the screws while trying to check the board.
-If we ignore the modem issue for now (maybe use it as WiFi-only device), then what's the best ROM I could flash? I hope at least Marshmallow so it'll last longer as more & more apps are targetting higher Android API levels.
-BTW, I just tried flashing VS9862BA_00_0525_ARB02.kdz but LG UP says "KDZ file is invalid". On another note, while in download mode, I just noticed it says:
-Okay, now I have successfully flashed VS9862BA_00_0525_ARB02.kdz by extracting the DZ file & flashing it directly! :good:
However, it seems Android FRP (Firmware Reset Protection) has been triggered; need to figure on how to bypass this while on 2BA firmware.....
Click to expand...
Click to collapse
Warranty or not i would return it as its not what you had paid for. But up to you and ofc as you flashed a kdz on it you would need to get it back to the state jt was before..
You could unlock and flash nougat, oreo, pie but as with flashing the vs986 kdz/dz nothing comes without a risk ofc. Especially on Frankensteins!
The good is that you likely can revert UsU if you ever want to as you have a fusing device.
Sent from my OnePlus 7T Pro using XDA Labs

Question Is any way to root devices without BL unlocked?

I have an interesting idea, but I don't have enough technical skills to implement it.
I noticed that edload mode can brush all partitions without BL unlocked. So i`m think, if i can modify init_boot.img and package it into the flashing package, can I bypass the BL lock and forcibly flash root into the device?
If that available, I can own rooted devices without data loss, fingerprint also does not appear abnormal.

No. Root require a patched boot.img, so you have to get access to other partition.
To do this the unlocked bootloader is needed.

CrazyMoney said:
modify init_boot.img and package it into the flashing package
Click to expand...
Click to collapse
AFAIK this won't work because this image needs to be signed. If we can patch init_boot.img, sign it, flash it and also flash signature of this file, we might be able to relock bootloader. Try with caution: unless there's good instruction for EDL unbricking, you might end up with a bricked device without any free way to fix it.

zSyntex said:
No. Root require a patched boot.img, so you have to get access to other partition.
To do this the unlocked bootloader is needed.
Click to expand...
Click to collapse
I remember Andriod 13 need patch init_boot.img instead of boot.img. And edload mode doesen`t need anything because that used a underlying layer.

aaa.bbb111222 said:
AFAIK this won't work because this image needs to be signed. If we can patch init_boot.img, sign it, flash it and also flash signature of this file, we might be able to relock bootloader. Try with caution: unless there's good instruction for EDL unbricking, you might end up with a bricked device without any free way to fix it.
Click to expand...
Click to collapse
I think you are right. But in the past, I can make fake signature in the past, just don`t know how to deal now.

CrazyMoney said:
I think you are right. But in the past, I can make fake signature in the past, just don`t know how to deal now.
Click to expand...
Click to collapse
From the past a lot of things had changed.
Now you need to unlock the BL to get root in the correct and safe way.

zSyntex said:
From the past a lot of things had changed.
Now you need to unlock the BL to get root in the correct and safe way.
Click to expand...
Click to collapse
Maybe, but everything only by trying can step foreward. Isn`t it?
I'm just sharing my ideas, not necessarily implementing them, just discussing a possibility.