Related
Soooooo,
for years I have spent hours and hours every time I got a new android, reading up on the tips and tricks, root methods etc. and in those years I have managed to brick the **** out of a few ( all ) of those devices. but through xda I was always able to get them back.
well, today isn't one of those days. I got a new M8 last week. and in the span of a few hours I have managed to render it dead I think.
I initially installed the temp root, I don't have my notes with me....
then I installed SU
then I installed twrp
everything was going fine, until somehow I deleted my OS without having a back up recovery.
thennnn, somehow I managed to relock the device.
adb will not find the device, fast root isn't allowed to write to any partitions.
im completely and utterly hosed. right now I don't even have twrp installed, it just boots into fastboot over and over.
ive managed to get s-on back on it and well.....its not been a good day.
id really love to see what you guys think. at this point id try anything, but I feel like with me not able to install a rom because its locked, and not able to unlock it because I don't have an OS, I dunno what to do.
You don't need an OS to run fastboot to unlock it.
Just start at the beginning and make sure you get the recovery for Verizon model.
im not sure where to even start now. the verizon M8 apparently has to have weaksauce and SU to get root. my phone was botoable and i used those on the front end.
id really appreciate any help you guys could offer. right now if i tried to install a recovery it would fail due to the lock . im at a loss
BenPope said:
You don't need an OS to run fastboot to unlock it.
Just start at the beginning and make sure you get the recovery for Verizon model.
Click to expand...
Click to collapse
HTCdev Unlock.
fastboot flash recovery recovery.img
fastboot erase cache
adb push rom.zip /sdcard
Use recovery to flash ROM
Don't panic as long as you can use fastboot, there is always a way to get things back. As said first and foremost you need to unlock the boot loader. You will need the original unlock.bin file then just use the instructions on htcdev to apply the unlock.
Get a custom recovery on there or boot into one.
From there you could try and restore the system partition from a stock nandroid in the stock backup thread.
thanks for the help. I knew I could count on you guys.
heres the main issue with your suggestions. both depend on the htcdev unlock. I tried that first thing when I decided to root. Verizon does not allow their m8 to be unlocked using that method. it always fails. so I will need another way to unlock ;( if I can get past that I feel pretty sure I can get it back together.
ashyx said:
Don't panic as long as you can use fastboot, there is always a way to get things back. As said first and foremost you need to unlock the boot loader. You will need the original unlock.bin file then just use the instructions on htcdev to apply the unlock.
Get a custom recovery on there or boot into one.
From there you could try and restore the system partition from a stock nandroid in the stock backup thread.
Click to expand...
Click to collapse
EFS Professional works. Restored my aboot today, as a test, and it does in fact work, at least the restore of it did.
No, I did not lock my device with a retail rom, nor did I do any other kind of brick. All I did was a backup and restore of the aboot.
Device is a Note 4 Developer Edition on the NJ5 rom
If, there is a "better" test, like complete loss of phone - e.g. brick etc. flash of retail rom (not sure I'm willing to do that... so easy)
but in other threads regarding EFS (unless they are really old, old threads) which state recovery of the aboot has not really been tried - a theory, yet the suggestion was to wait till something does go wrong rather than just try it for the heck of it. Well, I did not head warning, and tested it anyway...
any comments?
Where can I get that cause I messed up me efs trying to unlock my phone.
anticloud said:
EFS Professional works. Restored my aboot today, as a test, and it does in fact work, at least the restore of it did.
No, I did not lock my device with a retail rom, nor did I do any other kind of brick. All I did was a backup and restore of the aboot.
Device is a Note 4 Developer Edition on the NJ5 rom
If, there is a "better" test, like complete loss of phone - e.g. brick etc. flash of retail rom (not sure I'm willing to do that... so easy)
but in other threads regarding EFS (unless they are really old, old threads) which state recovery of the aboot has not really been tried - a theory, yet the suggestion was to wait till something does go wrong rather than just try it for the heck of it. Well, I did not head warning, and tested it anyway...
any comments?
Click to expand...
Click to collapse
I'm glad it worked. You are brave.
What version EFSPro? Did you just restore aboot.mbn.tar.gz?
Thanks
can root be achived in retail Note 4? is this a workaround?
radionerd said:
I'm glad it worked. You are brave.
What version EFSPro? Did you just restore aboot.mbn.tar.gz?
Thanks
Click to expand...
Click to collapse
EFS_Professional_2.1.80_BETA.zip; and yes, it was just the aboot. The phone did not even flinch, just works flawlessly.
For some reason I trusted it, right?
What I do not know is, could I have flashed my way to a retail version, locked my device, and reflashed using this utility, back to developer's edition, that'd be the idea, right? But I assume it'd not just be the aboot but all the backed up partitions.
Comment - I tried backing up the userdata partition, and it bombed during md5 verification - I will take a guess that the user data partition changed maybe as a result of the backup itself, maybe, do not know...
but here is what I want to know - and this could be the clincher... follow me on this...
could I not take a developer edition and root it, right? Then, use EFS Professional to back it up - just the system partition, is that not where root resides, yes? then push the backup file to androidfilehost with the instructions in XDA to use EFS Professional to reflash the system partition onto a retail edition, right? would that be a way to flash a rooted system partition in a crude way - on a retail device? how would the phone know? Then, once root is achieved, could a programmer who knows better than I get to the solution of finding a weakness once inside the unit. Is that possible...
What I could do, is take the phone back to absolute stock, with odexed files etc. root it, and save the system partition with root, but stock otherwise... save off the backup like I stated above. I just may do that - what would the worst that could happen, the user community would have to use odin to reflash the system partition and boom, back to stock, right?
I say it's worth a shot -
and, if it worked, would I be eligible for a bounty?
anticloud said:
EFS_Professional_2.1.80_BETA.zip; and yes, it was just the aboot. The phone did not even flinch, just works flawlessly.
For some reason I trusted it, right?
Click to expand...
Click to collapse
I will have to change my aboot backup guide From theory to confirmed I don't plan to flash aboot unless something tragic happens. "I am once bitten, twice shy". Last spring I corrupted my Note-3 DE. It was hard bricked for 6 weeks before I figured out what partitions were corrupt, and how to restore them.
anticloud said:
What I do not know is, could I have flashed my way to a retail version, locked my device, and reflashed using this utility, back to developer's edition, that'd be the idea, right? But I assume it'd not just be the aboot but all the backed up partitions.
Click to expand...
Click to collapse
I'm afraid to say "in theory yes", you might take it as a challenge, please don't, careful If aboot had gotten corrupted the phone then wouldn't boot. Other DE owners flashed Oden stock retail Tars, and some were able recovered to a stock locked device. But here is the hitch, EFS Pro needs root, and busybox. So from a locked device you would need to make and modify an oden tar of your saved aboot.mbn.tar.md5. Then flash via Oden, Fingers and toes crossed, aboot is restored, hopefully.
The PIT has aboot mapped, so it can be flashed via oden once the saved aboot is modified; stripped, and TAR'ed with md5. It then could be flashed. Some other partitions aren't mapped, and can't be flashed like this.
anticloud said:
Comment - I tried backing up the userdata partition, and it bombed during md5 verification - I will take a guess that the user data partition changed maybe as a result of the backup itself, maybe, do not know...
Click to expand...
Click to collapse
Userdata is huge, I backed mine up as soon as I had root and busybox. Before it grew too big, compressing and writing a single file @ +2.5gb to SD and computer is a tall order.
anticloud said:
but here is what I want to know - and this could be the clincher... follow me on this...
could I not take a developer edition and root it, right? Then, use EFS Professional to back it up - just the system partition, is that not where root resides, yes? then push the backup file to androidfilehost with the instructions in XDA to use EFS Professional to reflash the system partition onto a retail edition, right? would that be a way to flash a rooted system partition in a crude way - on a retail device? how would the phone know? Then, once root is achieved, could a programmer who knows better than I get to the solution of finding a weakness once inside the unit. Is that possible...
Click to expand...
Click to collapse
Designed security measures won't allow an easy solution, signed partitions, locked boot loaders... stuffs that makes my head hurt thinking aboot
anticloud said:
What I could do, is take the phone back to absolute stock, with odexed files etc. root it, and save the system partition with root, but stock otherwise... save off the backup like I stated above. I just may do that - what would the worst that could happen, the user community would have to use odin to reflash the system partition and boom, back to stock, right?
I say it's worth a shot -
and, if it worked, would I be eligible for a bounty?
Click to expand...
Click to collapse
Your enthusiasm is refreshing, you are reading, and thinking. Continue to dig into the forums. Search, study, and Be Careful man
If you want to continue this discussion, We should probably skedaddle out of the Developer only forum before we get hollered at. We can move over here
thanks
radionerd said:
I will have to change my aboot backup guide From theory to confirmed I don't plan to flash aboot unless something tragic happens. "I am once bitten, twice shy". Last spring I corrupted my Note-3 DE. It was hard bricked for 6 weeks before I figured out what partitions were corrupt, and how to restore them.
I'm afraid to say "in theory yes", you might take it as a challenge, please don't, careful If aboot had gotten corrupted the phone then wouldn't boot. Other DE owners flashed Oden stock retail Tars, and some were able recovered to a stock locked device. But here is the hitch, EFS Pro needs root, and busybox. So from a locked device you would need to make and modify an oden tar of your saved aboot.mbn.tar.md5. Then flash via Oden, Fingers and toes crossed, aboot is restored, hopefully.
The PIT has aboot mapped, so it can be flashed via oden once the saved aboot is modified; stripped, and TAR'ed with md5. It then could be flashed. Some other partitions aren't mapped, and can't be flashed like this.
Userdata is huge, I backed mine up as soon as I had root and busybox. Before it grew too big, compressing and writing a single file @ +2.5gb to SD and computer is a tall order.
Designed security measures won't allow an easy solution, signed partitions, locked boot loaders... stuffs that makes my head hurt thinking aboot
Your enthusiasm is refreshing, you are reading, and thinking. Continue to dig into the forums. Search, study, and Be Careful man
If you want to continue this discussion, We should probably skedaddle out of the Developer only forum before we get hollered at. We can move over here
Click to expand...
Click to collapse
I think I just did - posted a thread here...
thanks
rob
@yhenks
You can't. This is talking about dev edition devices which have an unlocked aboot partition to start. It is not possible to create your own such version of the partition as dev edition aboot's are tied directly to the device they come on. This is just how to restore a previously unlocked device if you accidentally lock it. Not how to unlock an initially locked device.
I recently installed TWRP's custom recovery on my V495 AT&T but trying to boot into recovery gives me an error and not being familiar with Flashify I missed the step to backup the stock recovery.
Can someone be kind enough to please send me the stock recovery for the AT&T V495 that is made and Flash able through Flashify? Thank you all!!
PS> Warning for others with V495 that want custom Recovery. = Once rooted you can install flashify and the instructions for V496 custom recovery all work without errors but once you try to install TWRP and reboot things may go wrong.
Can someone please upload the stock (v495) recovery created by or flashible through flashify?
I have a new/ rooted v495 that I have not messed with the boot loader. If you can point me in the right direction on getting you a copy of the stock boot loader I would certainly be happy to.
---------- Post added at 07:39 AM ---------- Previous post was at 06:57 AM ----------
I figured it out. I sent you a message with the link. You can repost it if you would like. I still do not have my 10 post quota yet to be able to provide external links.
ksimmons1571 said:
I have a new/ rooted v495 that I have not messed with the boot loader. If you can point me in the right direction on getting you a copy of the stock boot loader I would certainly be happy to.
---------- Post added at 07:39 AM ---------- Previous post was at 06:57 AM ----------
I figured it out. I sent you a message with the link. You can repost it if you would like. I still do not have my 10 post quota yet to be able to provide external links.
Click to expand...
Click to collapse
do you mind sending a copy my way. My stock recovery is also broken TIA
https://www.dropbox.com/s/xjtxfcc9f3t23k4/v495 Stock Recovery?dl=0 Courtesy of ksimmons1571 --- Thanks Buddy..
I have not tested it yet as I just saw it today and I'm at work. If you get it going please let us know. Thanks.
soft bricked v495 on stock recovery
I'm soft bricked on 5.0.2 lg support tool says I'm not in need of update at this time.so I can wait for next update but who knows when that will be lol. Will I be able to flash this stock recovery if I'm on stock recovery. ? I dont think I can thow. I'm thinking I'm going to have to extract my kdz file n use flash tools 2014. Unless I can get on twrp well I'm soft bricked n flash a ROM. But I don't see any Roms for device. Well any help will be much appreciated. Thanks in advance also if I figure it out I'll post back.
can anybody extract kdz or tot file like @Player1211 said or can anybody extract their system folder?
m_reyna_16 said:
can anybody extract kdz or tot file like @Player1211 said or can anybody extract their system folder?
Click to expand...
Click to collapse
If there's a KDZ or TOT available, you can extract it on Windows with WindowsLGFirmwareExtract-ver.1.2.5.0, available at http://forum.xda-developers.com/showthread.php?t=2600575.
My tablet is messed up, stays stuck on att logo after I manually tried extracting and installing xposed framework files. I cannot extract anything on mine.... Unless ure telling me the tot file is on that other forum? Sorry I'm on my phone and driving, can't check in detail
EDIT: read your post right this time, like I said I was driving... No, there's no tot or kde file for my tablet
Hi my friends, I am looking for a STOCK RECOVERY for my LG G Pad F 8.0 AT&T (V495). I was trying to do an OTA upgrade to 6 but after the Download and restart the installation is giving me an error because i am ROOTED. I need to flash stock recovery to be able to install new OTA upgrade to Marshmallow 6. Is someone have a 5.0.2 STOCK Recovery or maybe another idea on how can I do and upgrade to Marshmallow 6 I will appreciate any help. Thanks
Anyone leak a V495 KDZ yet? Mine is toast without a way to flash stock recovery. Bootloop of death.
Tikerz said:
Anyone leak a V495 KDZ yet? Mine is toast without a way to flash stock recovery. Bootloop of death.
Click to expand...
Click to collapse
Haven't seen one. Just the TOT without the necessary .DLL.
roirraW "edor" ehT said:
Haven't seen one. Just the TOT without the necessary .DLL.
Click to expand...
Click to collapse
Arghghghhg
Tikerz said:
Arghghghhg
Click to expand...
Click to collapse
I understand. Although there were at least KDZs for my VK810, we didn't have a known tested TOT until a few months back when a fellow user was nice enough to purchase, test and share the TOT for the VK810 from this site http://www.lgbbs.com:41/thread-838-1-1.html. Since we had KDZs available, we were able to extract the necessary .DLL from one of them.
I know someone else recently looked on that site for V495 stuff but you might want to look again and/or use Google Chrome to translate the site (slow but effective enough), and maybe even there's a section to put a request or a bounty up for a .DLL or at least KDZ, which you'd be able to extract the .DLL from. It appears the standard prices of items is $10 U.S., from what I could tell.
Not advocating the site or the fact that they sell the stuff, but when there's no other option, and at least it's not an arm and a leg.
suspected root.
trying to update after root, what exactly do we need to do to get this Update going? btw i only have a little experience rooting. and that was an HTC about 4 years ago. So far i have Flashfire installed which says can Flash OTA updates but LG is untested. im not going down that road without unlocked bootloader and a rom to pull my ass out of the bricks, unless someones has success already.
So far i haven't heard of an unlocked bootloader for The V495, can we do that yet?
i'm hearing about flashify, never used it, what does it do, how does it work?
Is there a way to remove root evidence with Android studio?
Why don't penguins Fly, do you suppose they miss it?
Sleeper0013 said:
trying to update after root, what exactly do we need to do to get this Update going? btw i only have a little experience rooting. and that was an HTC about 4 years ago. So far i have Flashfire installed which says can Flash OTA updates but LG is untested. im not going down that road without unlocked bootloader and a rom to pull my ass out of the bricks, unless someones has success already.
So far i haven't heard of an unlocked bootloader for The V495, can we do that yet?
i'm hearing about flashify, never used it, what does it do, how does it work?
Is there a way to remove root evidence with Android studio?
Why don't penguins Fly, do you suppose they miss it?
Click to expand...
Click to collapse
I can only address some of your questions.
Flashify simply flashes stuff like kernels and recoveries, but it's limited as to what it can flash and I doubt if you'd be able to flash an OTA with it. There are other apps that do the same thing with the same limitations. Also, just because it can flash something doesn't mean that's all that's required to get it to work. What I mean is, to use an example that doesn't necessarily apply to you or the V495, some LG devices require a certain older version of the bootloader (aboot) in order to be able to get into TWRP, so if you're rooted on a later release of the stock ROM (with newer bootloader) you could flash TWRP with Flashify, but you either still won't be able to actually get into it, or you might not even be able to boot at all after.
Flashfire is reasonably early in its development - having only yesterday been updated to v0.51. I've only tested a little bit. On the Verizon LG G Pad 8.3 VK810, backups seemed to work okay, but I haven't tested restoring through Flashfire. I was able to successfully flash a ROM made from the stock tablet ROM but no matter what it doesn't keep root, even when the ROM includes the necessary SuperSU.zip and flashes/roots fine in TWRP. Flashfire's Everroot option, or having Flashfire flash SuperSU.zip separately didn't work on that device either. @Chainfire said there were segfaults in the log and has no way of determining what's causing them.
I would say you are wise not to try to flash anything without having a way to recover - there are enough people on here with broken V495s with no recovery option already.
Regarding removing root evidence: From Lollipop on (at least on LG), OTAs check to see if your system (and possibly other not normally modifiable) partitions have ever been modified. It doesn't explicitly check for root, but rooting your device usually modifies the system partition. Before Lollipop, OTAs commonly only checked if the files the OTA would update have been modified from their original. OTAs don't normally contain copies of the entire files that will get updated - it contains a "delta", which is basically a list of "change this into that", as quite often files don't need to change completely - only be modifed to be up to date.
You can't reasonably "unmodify" your system manually. Only by flashing a 100% stock unrooted ROM.
*If* or when Flashfire works, it could conceivably get around a modified system partition, but it'll be challenging and might take some time for @Chainfire to support all or most OEMs/models working as smoothly as it does for the #1 primary devices he's testing it on, which I believe are Nexus devices.
I talk to penguins all the time and they do miss flying, especially when they're the prey.
roirraW "edor" ehT said:
You can't reasonably "unmodify" your system manually. Only by flashing a 100% stock unrooted ROM.
I talk to penguins all the time and they do miss flying, especially when they're the prey.
Click to expand...
Click to collapse
Ok so where do we look about getting stock rom?
And poor penguins and all their bricked devices. :crying:
Sleeper0013 said:
Ok so where do we look about getting stock rom?
And poor penguins and all their bricked devices. :crying:
Click to expand...
Click to collapse
LOL re: penguins!
I have a link for where to keep an eye out or possibly request in the post right above yours. tl;dr There's only a TOT available for the V495 that anyone's found so far. It's available in one of these threads in these G Pad 8.3 sections and I've even uploaded it elsewhere just in case the only source I noticed for the link goes down. The bad news is that there's no .DLL available to use with it, which makes it at minimum partially or mostly, at maximum fully useless.
It's fully useless without the .DLL because you can't use the normal TOT flashing software to flash it to your V495 - you need the .DLL (as I've recently written somewhere, maybe above in the post I reference or nearby), the .DLL that's necessary would probably be able to be extracted from the KDZ for the V495 - but there's no KDZs that've been made available. KDZs include the .DLL necessary, TOT's require an external .DLL.
It's partially or mostly useless in that the TOT can still be extracted to obtain the individual partitions. It's conceivable that Flashfire might be able to flash either those partitions or a flashable zip made out of them as long as you're successfully rooted, although I have no idea if Flashfire works with anything but SuperSU - I believe it specifies that SuperSU is required but there's a chance it'll work with Kingroot or another root app.
I'm fully willing to make a flashable zip out of the TOT for anyone who wants to test it - just be aware of the dangers that you might end up with a brick with no way to recover since I'm guessing that there's no TWRP for the V495 and I don't even know the root capability since I don't have that device and I only follow the threads regarding it just to help where I can. If you do have root it's at least somewhat comforting that Flashfire worked fine for flashing the stock ROM on the LG G Pad 8.3 VK810, albeit without being able to re-root it as part of the process. Let me know if you're rooted and want to test such a flashable zip with Flashfire (which would probably be the safest/most trustworthy app that has capability of flashing zips).
I don't have enough knowledge to know how to figure out how to root any device that there's no established method for, nor have I ever made TWRP for any device.
I do know that Kingroot is very invasive and is sometimes only a temporary root, requiring re-rooting every time you reboot. It puts things on the system partition that run in the background - all sorts of things not necessary for simply rooting or keeping root, so who knows what kind of calls home it makes and with what data. I've only used it before as a temporary root in order to establish an alternate way to get TWRP installed on the Verizon G3 VS985 without fully downgrading the stock ROM to a more easily rootable/TWRPable version, and ultimately my method leads you to flash a ROM that uses SuperSU so that Kingroot is completely gone anyway.
roirraW "edor" ehT said:
I understand. Although there were at least KDZs for my VK810, we didn't have a known tested TOT until a few months back when a fellow user was nice enough to purchase, test and share the TOT for the VK810 from this site http://www.lgbbs.com:41/thread-838-1-1.html. Since we had KDZs available, we were able to extract the necessary .DLL from one of them.
I know someone else recently looked on that site for V495 stuff but you might want to look again and/or use Google Chrome to translate the site (slow but effective enough), and maybe even there's a section to put a request or a bounty up for a .DLL or at least KDZ, which you'd be able to extract the .DLL from. It appears the standard prices of items is $10 U.S., from what I could tell.
Not advocating the site or the fact that they sell the stuff, but when there's no other option, and at least it's not an arm and a leg.
Click to expand...
Click to collapse
If I buy another V495 do you think I could use the KDZ/TOT extractor here to fix our V495s?
http://forum.xda-developers.com/showthread.php?t=2600575
Or maybe someone with functioning V495 could extract the KDZ/TOT or DLL for us?
Tikerz said:
If I buy another V495 do you think I could use the KDZ/TOT extractor here to fix our V495s?
Or maybe someone with functioning V495 could extract the KDZ/TOT or DLL for us?
Click to expand...
Click to collapse
Having another V495 wouldn't get you a KDZ or TOT. The KDZ/TOT extractor takes an existing KDZ or TOT file and extracts it into the separate partitions - it has nothing to do with making a KDZ or TOT out of an existing device. There's currently no way to do that. And the .DLL isn't available except inside a KDZ, it's not on anyone's running V495.
I haven't took the plunge to 6.0 yet because I'm not ready to part with root yet but what if we were to modify the system.img and re-flash it? I mean similar to injecting root, but don't inject root. We could at least bock ads with a hosts file, push the file to enable tethering, and debloat. Once done, none of those things require root other then to maybe update the hosts file. Anyone that has updated willing to try? I can help by getting files and commands together. Anyway, just thinking out loud here, thanks for reading lol
The problem is with 6.0, Google made changes so that the only way to achieve root is to modify the boot image instead of the System image. Since the VS986 has a locked bootloader, the phone will refuse to boot if you modify it from stock, potentially bricking it.
6.0 + locked bootloader = no root.
As I said above, I'm not wanting to push root to the image, I realize it's blocked now. What I'm proposing is to modify the image to achieve 2 main things, ad blocking and tethering. If we push the 2 files needed for that, then flash the image, root will not be needed for those to continue to work. It won't work if the system is somehow checked for modifications, but kdz should fix that if it don't work.. Anyone willing to try it?
I can't help you with root but Verizon is no longer charging for tethering on most of their plans. I use it all the time on my G4 using stock tethering. Double check with Verizon.
People who still have unlimited data don't have tethering included so we need the modified hotspot. And like I already said, I'm not looking to have root, what I'm wanting to try is a little different. I haven't taken the plunge to 6.0 yet, but I'm looking for someone who has but kinda regrets out cuz they lost root.
jweber228 said:
I haven't took the plunge to 6.0 yet because I'm not ready to part with root yet but what if we were to modify the system.img and re-flash it? I mean similar to injecting root, but don't inject root. We could at least bock ads with a hosts file, push the file to enable tethering, and debloat. Once done, none of those things require root other then to maybe update the hosts file. Anyone that has updated willing to try? I can help by getting files and commands together. Anyway, just thinking out loud here, thanks for reading lol
Click to expand...
Click to collapse
That is exactly what i would like to do. A little debloating, updating hosts and add cerberus as a system app.
this is a step in the right direction : http://forum.xda-developers.com/g4/general/guide-how-to-modify-img-partition-t3196994
This has been asked a few times in the "Root Injection" thread, once by me, with no answer.
It appears the main problem is the download mode exploit may be closed. Entering commands in the send-command app returns "fail".
I once got the command to backup entered without failing but it ran for almost an hour without generating the system.img.
I guess we have to use a fully fledged kitchen. I was hoping to circumvent that
Gesendet von meinem LG-H815 mit Tapatalk
fr4nk1yn said:
This has been asked a few times in the "Root Injection" thread, once by me, with no answer.
It appears the main problem is the download mode exploit may be closed. Entering commands in the send-command app returns "fail".
I once got the command to backup entered without failing but it ran for almost an hour without generating the system.img.
Click to expand...
Click to collapse
In addition that exploit getting patched, Android 6.0 was changed by Google so that you can only achieve root by modifying the boot.img and kernel, not just the system partition. Since the bootloader is locked, if you do manage to modify the system img, you would at best see no results, or at worst brick your phone.
Alright, let me preface this with a few things... I am FAR from new to android, rooting, linux, exploits, or almost anything embedded (UART, JTAG, SPI, I2C, etc...). I am by no means a guru though...
I am attempting to root this device; it is an unlocked LG G4 US Cellular branded, MM 6.0 lgus991 22a rollback 2, and I am so far at a total impasse... I'll explain my situation.
No fastboot.
Bootloader is locked, and I cannot unlock it. If I try and check "Enable oem unlock" it unchecks itself, and reading through the dmesg it references a file stating two errors; one for lack of permissions, and another for no file(same filename though; likely trying to create the file, being denied, then trying to edit a non-existing file). I forget the exact file name but I have the name of it saved somewhere(persis1234 or something like that, I just don't remember the exact path, I can post it later if it makes a difference).
I have had minor success with the dirtycow exploit, but mostly just replacing files and nothing getting anywhere, or the phone quickly reboots if I replace certain system files(ifconfig, toybox, toolbox, etc...) When it works,it says I have root, but it is VERY limited due to selinux, and the context. Also unable to get a root shell open.
Selinux is protected and I haven't been able to find a way to make it permissive as of yet. Past attempts of editing the recovery or init have resulted in "secure boot error 1003"; phone reboots, and then still stock...
If I grenade this thing, I will only slightly give a f**k. I am not above pulling this thing apart and trying to JTAG my way in if I need to, as it is not my only device. Which seems to me to be the only way at the moment aside from finding another kernel exploit like dirtycow or rowhammer... Unless someone else has another idea, but for now I am going to pursue the JTAG route.
Would something that I already own like a buspirate, RPI, or Arduino Mega, be enough or would I need something like a busblaster? I just don't want to spend more than I need to. I'd rather spend the money on a new phone than something like a medusa pro or something like that.
Any help is appreciated
Why not to flash TOT and then proceed with unlock through lg unlock tool? Maybe it fix the fastboot issue.
aanarchyy said:
Alright, let me preface this with a few things... I am FAR from new to android, rooting, linux, exploits, or almost anything embedded (UART, JTAG, SPI, I2C, etc...). I am by no means a guru though...
I am attempting to root this device; it is an unlocked LG G4 US Cellular branded, MM 6.0 lgus991 22a rollback 2, and I am so far at a total impasse... I'll explain my situation.
No fastboot.
Bootloader is locked, and I cannot unlock it. If I try and check "Enable oem unlock" it unchecks itself, and reading through the dmesg it references a file stating two errors; one for lack of permissions, and another for no file(same filename though; likely trying to create the file, being denied, then trying to edit a non-existing file). I forget the exact file name but I have the name of it saved somewhere(persis1234 or something like that, I just don't remember the exact path, I can post it later if it makes a difference).
I have had minor success with the dirtycow exploit, but mostly just replacing files and nothing getting anywhere, or the phone quickly reboots if I replace certain system files(ifconfig, toybox, toolbox, etc...) When it works,it says I have root, but it is VERY limited due to selinux, and the context. Also unable to get a root shell open.
Selinux is protected and I haven't been able to find a way to make it permissive as of yet. Past attempts of editing the recovery or init have resulted in "secure boot error 1003"; phone reboots, and then still stock...
If I grenade this thing, I will only slightly give a f**k. I am not above pulling this thing apart and trying to JTAG my way in if I need to, as it is not my only device. Which seems to me to be the only way at the moment aside from finding another kernel exploit like dirtycow or rowhammer... Unless someone else has another idea, but for now I am going to pursue the JTAG route.
Would something that I already own like a buspirate, RPI, or Arduino Mega, be enough or would I need something like a busblaster? I just don't want to spend more than I need to. I'd rather spend the money on a new phone than something like a medusa pro or something like that.
Any help is appreciated
Click to expand...
Click to collapse
I am new to LG devices so perhaps this is a bit different(had mostly Samsung or HTC). But from what I can find, that won't help unless it's pre-rooted or my bootloader is unlocked. And I am unable to find a pre-rooted TOT. Unless I am just completely missing something here...
I am not trying to go to stock, the device is already stock and functions mostly alright(aside from the inability to add a Verizon APN, so I'm stuck with 3g). But also attempting to have a bit of a failsafe if I wanton flash something I shouldn't have and still have a recovery option. Which is why I brought up the JTAG option, as I'm sure I would use it in more than just this device.
Not sure why you are attempting to reinvent the wheel with a device that has been out for 2 years....
LG devices are very different from Samsung and HTC. You should read up on the LGUP tool to flash .kdz and .tot file to put the device as close to stock as possible before any further attempts.
Could also look at entering hidden menu options via the dialer in order to select/modify apn settings.
TWRPinFish can be found here in the development section. Will likely be your only option if you cannot fully unlock the bootloader.
Since the Tmo and ATT/international versions allowed bootloader unlock, other variants didn't see as much support. Was easy for us... Sorry to say(for you).
Wish ya the best of luck though
Just a quick remark could jtag be used in such a way to make the boolloader thinks it is something else and maybe trick it in to doing something?????
ElfinJNoty said:
Not sure why you are attempting to reinvent the wheel with a device that has been out for 2 years....
LG devices are very different from Samsung and HTC. You should read up on the LGUP tool to flash .kdz and .tot file to put the device as close to stock as possible before any further attempts.
Could also look at entering hidden menu options via the dialer in order to select/modify apn settings.
TWRPinFish can be found here in the development section. Will likely be your only option if you cannot fully unlock the bootloader.
Since the Tmo and ATT/international versions allowed bootloader unlock, other variants didn't see as much support. Was easy for us... Sorry to say(for you).
Wish ya the best of luck though
Click to expand...
Click to collapse
I don't really see this as reinventing the wheel as right now there is no root for this device, I am looking for a way to do it though. Which is why I was asking about JTAG/eMMc programming as a viable option to do this, especially if I may have a few borked flash attempts, it would be a nice fail-safe.
Most dialer codes do not work, and the few that do, pop up a menu saying "This program does not work on your phone"; even though I can see some info behind the toast, I cannot scroll and as soon as I click ok, it closes.
TWRPinFIsH is a no-go, need to be rooted and be able to disable SELinux, neither of which I can do.
The name of the file that stores the "oem unlock" seems to be /dev/block/platform/soc.0/f9824900.sdhci/by-name/persis1234
Would someone that is able to oem unlock be able to tell me what the contents of that file are?
aanarchyy said:
The name of the file that stores the "oem unlock" seems to be /dev/block/platform/soc.0/f9824900.sdhci/by-name/persis1234
Would someone that is able to oem unlock be able to tell me what the contents of that file are?
Click to expand...
Click to collapse
I own a T-Mobile h811
Running ResurrectionRemix Nougat
.../persis1234 not present
I have an LG H812 and I have the same as previous post - the directory is there but no persis1234 file. The directory you are indicating contains a list of the partitions that are present on the phone's internal memory.