Related
Taken from here:
http://forum.xda-developers.com/showpost.php?p=26422045&postcount=84
Quote from the Asus Global website, on the tab "download" choose "Android" as OS, then browse to "Utilities" and download the bootloader unlock tool, it dates from 22 may 2012:
http://support.asus.com/download.asp...mzkQ4yoz5WzBrW
Unlock Device App: Unlock boot loader.
Notice:
1. Only suitable for Andriod4.0 Ice Cream Sandwich OS version.
2. Before you download, install, and use the Unlock Device App you acknowledge and assume complete risk to the quality and performance of this App, including but not limited to the following: once you activate the App you will not be able to recover your ASUS product (“Original Product”) back to original locked conditions;the Original Product with the activated App will not be deemed the Original Product; the Revised Product will no longer be covered under the warranty of the Original Product; the software of Revised Product will no longer be deemed the software of the Original Product and can no longer receive ASUS software updates; your purchased digital content may also be affected.
You also acknowledge ASUS does not guarantee service satisfaction to any Revised Product, including events involving paid service requested by you to be performed to the Revised Product.
Furthermore, such repaired Revised Product will not be covered under the warranty of the Original Product; the software of the repaired Revised Product will not be deemed the software of the Original Product and will not receive ASUS software updates.
It is strongly advised that you avoid activating this App unless you fully understand and accept the risks that may arise.
※This tool now only works with TF300T ICS of TW,US,WW SKU. It won’t work on other devices.
http://dl.dropbox.com/u/25830232/UnLock_Device_App_V7.apk - APK
Amazing!
I'm proud to announce that I'm going to start porting CyanogenMod 9 to this little thing
XpLoDWilD said:
Amazing!
I'm proud to announce that I'm going to start porting CyanogenMod 9 to this little thing
Click to expand...
Click to collapse
Device here ready to run it
is it true you cant lock it again?
I dont wanna unlock and then it breaks and Im at a loss.
Awesome news! Hopefully someone will figure out a way to re-lock the device if something goes wrong.
Nekromantik said:
is it true you cant lock it again?
I dont wanna unlock and then it breaks and Im at a loss.
Click to expand...
Click to collapse
If Asus says it's true, then it's true, since they made it . But maybe some smart XDA dev will find a way to re-lock it.
maspro said:
If Asus says it's true, then it's true, since they made it . But maybe some smart XDA dev will find a way to re-lock it.
Click to expand...
Click to collapse
Thanks.
I may wait and see if anyone does come up with a way to relock.
That and the less bright screen are only thing holding me back as I want to use it outside and its getting to summer so will be bright out.
Nekromantik said:
is it true you cant lock it again?
I dont wanna unlock and then it breaks and Im at a loss.
Click to expand...
Click to collapse
I'm with you on this one lol
Sent from my ASUS Transformer Pad TF300T using XDA
One a recovery is adapted hopefully there will a stock recovery made.
Sent from my VS910 4G using xda premium
Giggity!!!
Sent from my Galaxy Nexus using Tapatalk
Still can't mine unlocked though, keeps saying network error
Just unlocked by bootloader! AWESOME! Cant wait for a custom recovery and new roms!
Hopefully TWRP will be ported over.
I am hoping for AOKP!
Anyone able to unlock a bricked tab? That would be top notch...
Nevermind, I see it's a .apk file
Now we can have the stock ROM rooted without any modifications so we can get root without downgrading our firmware. New kernels, too?
Im receiving this tablet in the mail this week.
Im hoping for a quick port of CWM and then CM9 or AOKP to follow.
great circumstances to walk into!
SilentStormer said:
Im receiving this tablet in the mail this week.
Im hoping for a quick port of CWM and then CM9 or AOKP to follow.
great circumstances to walk into!
Click to expand...
Click to collapse
No doubt. I just got this tab on Sunday after a month of researching and was super bummed that the bootloader was locked.
Does the release of the bootloader, mean it will be easier to root and not have to do the downgrade any longer?
I spent last night to no avail trying to downgrade (the adb access was an issue, which I might have solved today, but haven't put the time in to test it out).
If it means that I won't have to do the downgrade and it might be end up having easier steps to root, then I think (being too much a newbie in tablets) I should wait.
Just wanted to know if that is what this release means?
Thanks!
Rob
rlanza1054 said:
Does the release of the bootloader, mean it will be easier to root and not have to do the downgrade any longer?
I spent last night to no avail trying to downgrade (the adb access was an issue, which I might have solved today, but haven't put the time in to test it out).
If it means that I won't have to do the downgrade and it might be end up having easier steps to root, then I think (being too much a newbie in tablets) I should wait.
Just wanted to know if that is what this release means?
Thanks!
Rob
Click to expand...
Click to collapse
Bootloader means custom recovery and then custom ROM's. If you intend to continue running stock rom and merely want to be rooted, then you may still need to figure out the downgrade issue. If you just wanna run cm 9, then you could just continue to wait patiently. Sounds like you oughta figure out ur adb issue either way, though.
Sent from my ASUS Transformer Pad TF300T using Tapatalk
It seems we are getting the keymaster keys very soon:
https://twitter.com/laginimaineb/status/737051964857561093
Could this mean we all get to unlock our bootloaders?
And more importantly, can we lock our bootloaders? I've got the H815, European model, so I can unlock my bootloader, but then it's stuck unlocked. Bam! Warranty gone.
Can someone briefly explain the end-user aspect of this to me please? Does this mean we'll eventually be able to unlock Qualcomm bootloaders and/or boot unsigned images on the Verizon G4? If so, any idea if it's dependent on a MM or KK base or should work on any version?
Icculus760 said:
Can someone briefly explain the end-user aspect of this to me please? Does this mean we'll eventually be able to unlock Qualcomm bootloaders and/or boot unsigned images on the Verizon G4? If so, any idea if it's dependent on a MM or KK base or should work on any version?
Click to expand...
Click to collapse
What I DO know is that if you encrypt your device. The device can now be decrypted in the hands of a hacker or anyone else for that matter with the relevant skillset.
The only real roadblock is the passcode on your phone if there is one set. And at that point, brute force (aka trying til you get it right) will get the job done.
As for the bootloader. I'm not too educated in Android (Took level 1 Android at school, didn't like it) but it looks like it might have some potential in helping us out. But I'll let one of the devs make that call. Feels too good to be true.
If it can decrypt 64 bit sys like it claims very well could be possible.
---------- Post added at 05:54 PM ---------- Previous post was at 05:52 PM ----------
256 bit sorry
Just saw this news today, hoping we get a universal bootloader unblocker soon!
Sent from my LG-H815 using XDA-Developers mobile app
He said he did it on the nexus 6 why would this work on current phones?
Sent from my SM-G930P using XDA-Developers mobile app
Sounds like a good news. I don't have phone encrypted, so no bad news for me.
by this point G4 is over a year old
even if this was a viable option of unlocking the bootloader, I doubt many would be interested in it and that it would suddenly bring ROM developers to the G4..
LG blew it with G4 (regarding the bootloader unlock), the damage has been done and most of the relevant people moved on
Furma said:
by this point G4 is over a year old
even if this was a viable option of unlocking the bootloader, I doubt many would be interested in it and that it would suddenly bring ROM developers to the G4..
LG blew it with G4 (regarding the bootloader unlock), the damage has been done and most of the relevant people moved on
Click to expand...
Click to collapse
About the same thing ive been saying for months now. Again ive seen unlocks come more than 2 or3 years after release but unlikly and most devs have already moved on
furzewolf said:
And more importantly, can we lock our bootloaders? I've got the H815, European model, so I can unlock my bootloader, but then it's stuck unlocked. Bam! Warranty gone.
Click to expand...
Click to collapse
warranty is not gone unless they see your phone broke because of something you made (i repaired my phone twice un 2 months, for free)
I wish the script would get released just to see if i can decrypt the partitions even if it dont unlock unencrypted will help 10 fold . thats why oem unlock isnt even reconized. Cause of the encryption
TheMadScientist420 said:
I wish the script would get released just to see if i can decrypt the partitions even if it dont unlock unencrypted will help 10 fold . thats why oem unlock isnt even reconized. Cause of the encryption
Click to expand...
Click to collapse
I've seen you around in the Sprint G4 forum and I wish you luck. We need some good to come from this situation.
LaughingCarrot said:
I've seen you around in the Sprint G4 forum and I wish you luck. We need some good to come from this situation.
Click to expand...
Click to collapse
Thanx man i aint no one special. Im just puttin in my best i aint in it for no bounty or nothin i just want a device that works rite. Just hopin is all. Ive been in this for a while. I used to mod nes roms back in the day on hex edit so i have a little know how in that area. Ive managed To fix all my hardbricks most def with the help of others but if theres a tool thatll get us one step closer im in. Ill test it on my own device im so mad at lg and sprint i dont care if it does brick at this point ill go back to my og note 1
All i know at this point that most of the boot partitions are encrypted with a 256 bit key which would take some of the strongest computers in the world a long time to brute force thats why i think this script prob wont work but i dont know until i try it. Its kinda like tryin to hack the password on a zip file but worse. Ive spent weeks trying to brute force zips so thats why i got my doubts
TheMadScientist420 said:
Thanx man i aint no one special. Im just puttin in my best i aint in it for no bounty or nothin i just want a device that works rite. Just hopin is all. Ive been in this for a while. I used to mod nes roms back in the day on hex edit so i have a little know how in that area. Ive managed To fix all my hardbricks most def with the help of others but if theres a tool thatll get us one step closer im in. Ill test it on my own device im so mad at lg and sprint i dont care if it does brick at this point ill go back to my og note 1
All i know at this point that most of the boot partitions are encrypted with a 256 bit key which would take some of the strongest computers in the world a long time to brute force thats why i think this script prob wont work but i dont know until i try it. Its kinda like tryin to hack the password on a zip file but worse. Ive spent weeks trying to brute force zips so thats why i got my doubts
Click to expand...
Click to collapse
https://www.reddit.com/r/Android/comments/4luifx/qualcomm_trustzone_keymaster_keys_are_extracted/
Have you taken a look at this Reddit post?
LaughingCarrot said:
https://www.reddit.com/r/Android/comments/4luifx/qualcomm_trustzone_keymaster_keys_are_extracted/
Have you taken a look at this Reddit post?
Click to expand...
Click to collapse
Im trying to find one of the scripts that extract the keys i cant find one. Most of the comments lean towards it being able to decrypt any qualcom chiped device from what it sou ds
TheMadScientist420 said:
Im trying to find one of the scripts that extract the keys i cant find one. Most of the comments lean towards it being able to decrypt any qualcom chiped device from what it sou ds
Click to expand...
Click to collapse
The guy hasn't released the script yet so that may be why.
TheMadScientist420 said:
Im trying to find one of the scripts that extract the keys i cant find one. Most of the comments lean towards it being able to decrypt any qualcom chiped device from what it sou ds
Click to expand...
Click to collapse
So what exactly does this mean for us assuming the script is released? Will we be able to pull our encryption keys and therefore unlock the bootloader (assuming any necessary changes are made), or am I misinterpreting all of this? Also, it appears that he did this with phones containing the Snapdragon 805 SoCs, does that have any bearings on us seeing as ours is an 808 SoC, or is it not bound by the SoC? Sorry for the newbish questions. Not really well versed in the inner workings and creations/implementations of hacking/exploits/etc.
Quickdraw996 said:
So what exactly does this mean for us assuming the script is released? Will we be able to pull our encryption keys and therefore unlock the bootloader (assuming any necessary changes are made), or am I misinterpreting all of this? Also, it appears that he did this with phones containing the Snapdragon 805 SoCs, does that have any bearings on us seeing as ours is an 808 SoC, or is it not bound by the SoC? Sorry for the newbish questions. Not really well versed in the inner workings and creations/implementations of hacking/exploits/etc.
Click to expand...
Click to collapse
thats about it were just hopin it will unencrypt the bootloader then from there a unlock should be a lot easier
"@laginimaineb And wrote a script to decrypt all keystore keys. This can also be used to bruteforce the FDE passphrase off the device! (2/2)"
First of all: Do not continue if you don't know what a hard brick is!!!
so well its that simple: Either my method will work or fail.
Please follow the story here now:
https://forum.xda-developers.com/g4/general/bl-unlock-unlock-bootloader-proof-t3648288
Previously this was the OP:
if not: this could result in a completely unusable device (soft or even hard bricks are possible)
If it works: you could unlock your phone in fastboot with a simple command - no unlock key is required (but even when the method WORKS its possible that this produces other issues. we can not know all impacts yet)
So AGAIN
The whole process is dangerous but the chance to get an unlocked phone would be worth it - maybe. It depends on you.
I can't test it atm by myself because my device is on its way to LG (due to another issue)..
My method does not modify something within the bootloader like others tried already - because this would definitively break the boot chain.
I will not release any details to the public until there is anything proofed or verified. The whole process is very risky and as said: I have currently no device to test it.
The only thing which is proofed is the theory. It should work as long as nothing unpredictable happens: As long as we do not own the complete sources of all parts of the boot chain there is still a risk.
Keeping the details under the hood is not to make things mysterious. It's just for safety reasons until I can proof anything.
If you still ask for details here or by PM they will not be answered.
If you not able to join an IRC channel you better leave it directly.
I'm not 24/7 online but usually from Mo-Fr for sure so it is important to wait for answers while in the IRC because depending on your timezone this can take some hours (hey I have to sleep somewhen!)
Once I have my device back from LG I can test the method by myself on a H815 EUR version. It doesn't matters that this can be officially unlocked though. The risks are the same.
So if you're too scared for the moment just wait about 2 weeks or so and then I can tell if it worked on my device at least.
.... and if you do not want to wait: Follow me into the IRC for instructions
If you never were in touch with IRC before here are some client examples for you:
PC (HexChat and Pidgin are only 2 of them! This list is not complete!)
Android (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)
The IRC channel is: #Carbon-user
The IRC server network is: freenode
Once you're connected with the IRC network I need this from you:
your phone model
the currently installed EXACT firmware (link to the used KDZ would be most helpful. If you have none check the phone details and e.g. make screenshots)
.
reserved
Super excited about the possible G4 unlock! Wish I could test it but my phone is my daily driver and my source of internet at home so if it breaks, I'm screwed for my online classes. Thanks for your hard work as always!
steadfasterX said:
reserved
Click to expand...
Click to collapse
ima see if i can get her to boot up since mines about trashed anyways lol
ls991
zv6 firmware
lol i got the perfect test subject if she will boot
cant try it on a g5 can you
Good luck to the testers, we're all rooting for an unlocked H818p Brazil.
TheMadScientist420 said:
ima see if i can get her to boot up since mines about trashed anyways lol
ls991
zv6 firmware
lol i got the perfect test subject if she will boot
cant try it on a g5 can you
Click to expand...
Click to collapse
is download mode working?
zv6 is LL or MM?
Go familiar with IRC asap then.. see u there
.
steadfasterX said:
is download mode working?
zv6 is LL or MM?
Go familiar with IRC asap then.. see u there
.
Click to expand...
Click to collapse
no she wont boot anything dead as can be like no power no nothing pc dont even been when plugged in
---------- Post added at 06:59 AM ---------- Previous post was at 06:48 AM ----------
ive took her apart like 5 times hoping something stupid shes got a hairline crack in the motherboard rite by the main camera rite on the top
Unbrick
TheMadScientist420 said:
no she wont boot anything dead as can be like no power no nothing pc dont even been when plugged in
---------- Post added at 06:59 AM ---------- Previous post was at 06:48 AM ----------
ive took her apart like 5 times hoping something stupid shes got a hairline crack in the motherboard rite by the main camera rite on the top
Click to expand...
Click to collapse
It happened to mine 818p too, you need to disasseble it and short two pins on the motherboard while starting it. (They are in the upper left corner on the MB.) This page (forum.gsmhosting.com/vbb/f779/unbrick-lg-g4-brick-hs-usb-qdloader-9008-without-box-2211744/) has the entire process explained but I was unable to sucessfully use the QFIL app, it didnt recover anything, at least the phone was seen on PC as the 9008 serial port. I hope it helps
P.S: Sorry for my bad english.
i hope you get it going man. so lots of users can enjoy this device like it should be.. youll be saving LG G4.. am glad that what i mentioned you got your brain thinking and finding ways i beleive this all was what i mention on fish. good luck to all of you.:fingers-crossed:
Tomonok said:
It happened to mine 818p too, you need to disasseble it and short two pins on the motherboard while starting it. (They are in the upper left corner on the MB.) This page (forum.gsmhosting.com/vbb/f779/unbrick-lg-g4-brick-hs-usb-qdloader-9008-without-box-2211744/) has the entire process explained but I was unable to sucessfully use the QFIL app, it didnt recover anything, at least the phone was seen on PC as the 9008 serial port. I hope it helps
P.S: Sorry for my bad english.
Click to expand...
Click to collapse
Its not bricked. I thre it about 6 months ago. Destroyed her. It cracked the mb ruined the rear camera. The earpice speaker. Ir port. And wifi antenna.
I put a old cracked screen on her and been using it since til about 2 or weeks ago it just shut off. Dead. It has heavy damage interiorly. I got the multimeter out and not getting any voltage any where on the board. Thats why i say if itll boot i got a perfect canidate
---------- Post added at 01:45 PM ---------- Previous post was at 01:43 PM ----------
raptorddd said:
i hope you get it going man. so lots of users can enjoy this device like it should be.. youll be saving LG G4.. am glad that what i mentioned you got your brain thinking and finding ways i beleive this all was what i mention on fish. good luck to all of you.:fingers-crossed:
Click to expand...
Click to collapse
Im trying to solder a coulple point together on mb to see if shell boot. But im jot even gettin charging lights.
---------- Post added at 01:45 PM ---------- Previous post was at 01:45 PM ----------
Like i said ill throw down my g5 on nougat lol. If it work for her should for g4
TheMadScientist420 said:
Its not bricked. I thre it about 6 months ago. Destroyed her. It cracked the mb ruined the rear camera. The earpice speaker. Ir port. And wifi antenna.
I put a old cracked screen on her and been using it since til about 2 or weeks ago it just shut off. Dead. It has heavy damage interiorly. I got the multimeter out and not getting any voltage any where on the board. Thats why i say if itll boot i got a perfect canidate
Click to expand...
Click to collapse
Oh, sorry, I thought it was bricked, not physically broken.
Tomonok said:
Oh, sorry, I thought it was bricked, not physically broken.
Click to expand...
Click to collapse
Yea i still used it for about 6 months. Put the fish to her. Even still vred with thr cracked screen. Like i said. Went to check the time and nothin. So im assuming shes dead. Ive done got a g5.no root and no twrp. Yea. Just the way i like it. I know i know. If i wanted root i shoulda bought an unlockable model. But i take what i can get cheap. Bought my sprint g5 for 25 bucks at a police auction
steadfasterX said:
is download mode working?
zv6 is LL or MM?
Go familiar with IRC asap then.. see u there
.
Click to expand...
Click to collapse
Hi, I have the model H815T but... now it Hard Bricked haha. Anyway, I can boot it like LS991 model (with QFIL), and Download Mode it's working too. So... is useful for your method?
steadfasterX said:
First of all: Do not continue if you don't know what a hard brick is!!!
so well its that simple: Either my method will work or fail.
if not: this could result in a completely unusable device (soft or even hard bricks are possible)
If it works: you could unlock your phone in fastboot with a simple command - no unlock key is required (but even when the method WORKS its possible that this produces other issues. we can not know all impacts yet)
So AGAIN
The whole process is dangerous but the chance to get an unlocked phone would be worth it - maybe. It depends on you.
I can't test it atm by myself because my device is on its way to LG (due to another issue)..
My method does not modify something within the bootloader like others tried already - because this would definitively break the boot chain.
I will not release any details to the public until there is anything proofed or verified. The whole process is very risky and as said: I have currently no device to test it.
The only thing which is proofed is the theory. It should work as long as nothing unpredictable happens: As long as we do not own the complete sources of all parts of the boot chain there is still a risk.
Keeping the details under the hood is not to make things mysterious. It's just for safety reasons until I can proof anything.
If you still ask for details here or by PM they will not be answered.
If you not able to join an IRC channel you better leave it directly.
I'm not 24/7 online but usually from Mo-Fr for sure so it is important to wait for answers while in the IRC because depending on your timezone this can take some hours (hey I have to sleep somewhen!)
Once I have my device back from LG I can test the method by myself on a H815 EUR version. It doesn't matters that this can be officially unlocked though. The risks are the same.
So if you're too scared for the moment just wait about 2 weeks or so and then I can tell if it worked on my device at least.
.... and if you do not want to wait: Follow me into the IRC for instructions
If you never were in touch with IRC before here are some client examples for you:
PC (HexChat and Pidgin are only 2 of them! This list is not complete!)
Android (Yaaic, AndChat, HoloIRC, AndroIRC are only a few of them! This list is not complete!)
The IRC channel is: #Carbon-user
The IRC server network is: freenode
Once you're connected with the IRC network I need this from you:
your phone model
the currently installed EXACT firmware (link to the used KDZ would be most helpful. If you have none check the phone details and e.g. make screenshots)
.
Click to expand...
Click to collapse
Now out of curiosity would a bootlooped g4 work. Most of em boot into dl mode and if it bricks dl modde youd know rite away anyways right?
the_naxhoo said:
Hi, I have the model H815T but... now it Hard Bricked haha. Anyway, I can boot it like LS991 model (with QFIL), and Download Mode it's working too. So... is useful for your method?
Click to expand...
Click to collapse
Qcom 9008 mode? It could be fixed afaik.. You can also try the sdcard boot method for this kind of brick. you should try that first in any case..
I'm not sure if my method will work in that kind of brick mode you are in but if you nevertheless want to test you need Linux / best is using FWUL because it has everything needed inside.
Once ready went to IRC on Mo-Fr and stay until Im there.
TheMadScientist420 said:
Now out of curiosity would a bootlooped g4 work. Most of em boot into dl mode and if it bricks dl modde youd know rite away anyways right?
Click to expand...
Click to collapse
it depends. When it stays in download mode without looping.. yes - maybe!
I need access to to the partitions which may work even in download mode via a special shell but it may requires MM and will not work for LL firmware (strange right? normally one would expect the other way around..).
That has to be tested though. On my device (locked H815) I had access but that may differ from other models.
Having root access makes things so much more easier
Testing if it would be possible on a bootlooping device would be simple:
You best use FWUL (recommended because here is all installed and working) or any other Linux with the LGLaf shell.
You would then connect while in download mode and you will have a shell like in adb.
I can guide you but again IRC is the best way to go here..
I'm searching since several days for such looping and even otherwise broken/defect devices but they all want to have a plenty of money for it (80-150 €!!)
.
steadfasterX said:
Qcom 9008 mode? It could be fixed afaik.. You can also try the sdcard boot method for this kind of brick. you should try that first in any case..
I'm not sure if my method will work in that kind of brick mode you are in but if you nevertheless want to test you need Linux / best is using FWUL because it has everything needed inside.
Once ready went to IRC on Mo-Fr and stay until Im there.
.
Click to expand...
Click to collapse
Yes, QCOM 9008 mode. I can't flash the H815 image and make my G4 H815 again so, the only way to booting, it's flashing the LS991 image (and with Fastboot; I flashing every partition one by one).
I have Linux Mint whit adb/fastboot drivers, It's enough?
the_naxhoo said:
Yes, QCOM 9008 mode. I can't flash the H815 image and make my G4 H815 again so, the only way to booting, it's flashing the LS991 image (and with Fastboot; I flashing every partition one by one).
I have Linux Mint whit adb/fastboot drivers, It's enough?
Click to expand...
Click to collapse
Hmm I can't help you unbricking. I just know that there are ways to do so. You need the correct drivers etc.. But well if you tried all this already we can try
Any Linux is ok as long as you can handle it
Havin TeamViewer installed may help too...
Well so if you like go to IRC Monday to Friday and we will see
Edit:
--------
Do you have seen this? https://forum.xda-developers.com/g4/help/lg-g4-force-to-enter-qhsusbbulk-t3633583
.
Sent from my LG-H815 using XDA Labs
So... This has been quite quiet... Has anyone tried this method yet??
Sent from my LG-H870 using Tapatalk
U
lmiked said:
So... This has been quite quiet... Has anyone tried this method yet??
Click to expand...
Click to collapse
Yes. today I have bad and good news.
First of all I had 1 single tester who was brave enough going the first approach I had. Unfortunately my first idea failed.
JL if you see this come back I said I can unbrick your device!!!
Ok so the good news are: I'm able to give you a near unlocked experience with all the things you love like installing custom kernel, recovery and ROM. Without actually unlocking!!! It's all tested on a h815 device which was never unlocked !
Near unlocked means it will behave like an unlocked device without actually unlocking the bootloader. Or to say it in other words: The boot chain verification is ignored.
The bad news: the process is not cleaned out yet but it requires one thing for sure: it will convert your whole device bootloader stack. The basic idea is to replace the whole bootloader stack with a modified one which allows all the mentioned things.
That way is very risky and I HARD bricked my device over 30 times until getting to the finally working result.
It also means that once your device is converted there is no way back atm. Flashing an original kdz will BRICK your device in 9008 mode! Not that bad because you can recover at any time but that's one thing you have to have in mind. It may never be a h811, h812..... whatever again. Until we find a corresponding and working bootloader replacement which may never happen. So no LG up or LG flash tools anymore! Instead you will have the qfil tool.
Again I know no way back to original state so warranty will be very very likely refused once you do this. Ok there is a way to blank out all partitions just for the case you need to send it really back. This should delete then most traces of this hack but no guarantees.
Besides this I don't know if there are any issues in functionality after doing all this. I havent made any tests for this yet. That includes phone calls, WiFi etc. I just checked booting ROM, booting TWRP, flashing supersu, getting root.
I will upload a video asap to show you the current result.
I need to test things further and of course I need testers with other devices. Again that process is risky and even if it worked for me it may not work for you (very unlikely but who knows). Manually forcing the 9008 is very easy and it may be required to do so. This may requires opening the device (I think it will work even without but I need testers.. ) so if you want to test... See you in the IRC.
If all this is working and verified by others I will provide the whole story ofc!
....can't believe that all these above took me 5 days in full time of work. And for what? I mean I do not need it because I can unlock my device OFFICIALLY..
BUT it was all for educational learning. I learned really a LOT of android and qcom during all these hours ...
Ok but Now I need some couple of hours of sleep
See u on the other site..
sfX
.
Sent from my LG-H815 using XDA Labs
so........what now ? i have a F500k device . and i'm willing to test your method . but i'm not sure what you are saying here. ( i didn't understand a single word) . but if it means that i can't flash official KDZ or can't use LGUP....no problem to me.
just share to me how i'll do it and if i hardbrick how i'll restore it. thats all.
Hello Verizon V30 Users,
I am providing the full KDZ file for the Verizon V30 software version 10C, the latest available for the VS996.
You can download it from HERE!
Coming from the V10, I've noticed the KDZ for the Verizon V30 is almost 3.5 GB, compared to just over 2 GB with the V10.
>> NEW DLL FILE REQUIRED TO FLASH!! <<
You must use LGUP to flash this. If you haven't upgraded your DLL file for LGUP, inside this same archive, you'll find a dll file named LGUP_Common.dll. Place that DLL file in C:\Program Files (x86)\LG Electronics\LGUP\model\common. Just as a precaution, change the extension of the existing LGUP_Common.dll to .bak or something in case this doesn't work for you. After you put the new DLL file in that folder, open LGUP and in the very lower left hand corner of the window, you should see DLL Version 1.0.31.9.
Enjoy! If anyone has any questions, feel free to hit me up!
Reserved
And again.
Perfect! I was thinking about buying the V30 but was worried I couldn't dev on it as there was nothing to go back to. Thank You.
je2854 said:
Perfect! I was thinking about buying the V30 but was worried I couldn't dev on it as there was nothing to go back to. Thank You.
Click to expand...
Click to collapse
What kind of Dev work do you plan on doing?
abine45 said:
What kind of Dev work do you plan on doing?
Click to expand...
Click to collapse
As of right now just internals.
Sounds, Bloatware, Boot Animations... right now until I can get my computer back up and running...
Once I get my machine back up and running I will be doing audio mods and deeper customizations...
We also need to get root!
I'm going to experiment on it now that we can revert back!
je2854 said:
As of right now just internals.
Sounds, Bloatware, Boot Animations... right now until I can get my computer back up and running...
Once I get my machine back up and running I will be doing audio mods and deeper customizations...
We also need to get root!
I'm going to experiment on it now that we can revert back!
Click to expand...
Click to collapse
So you are going to work on root? May I be of any service to you? I am pretty knowledgeable and may be able to help.
abine45 said:
So you are going to work on root? May I be of any service to you? I am pretty knowledgeable and may be able to help.
Click to expand...
Click to collapse
Once I get operational I will attempt it.
I see no reason why we cannottry together.
je2854 said:
Once I get operational I will attempt it.
I see no reason why we cannottry together.
Click to expand...
Click to collapse
Awesome, DM me when you are able to get going Thank you
There are rumors someone cracked the bootloader and rooted a Verizon LG G6, but for their own reason chose not to publish the method. Knowing the person who told me, I have no reason to doubt it. But, no, I don't know how they did it, as I am not a dev.
This of course leads to a bunch of questions. Is it possible some of the 2017 LG flagship (G6, V30) carrier models have ADB flash commands if you can get past the bootloader? We know the T-mobile LG G6 and LG V30 do not, because the bootloader is easily unlocked and they are ADB crippled. We just assumed all the other carrier modes were the same way, because no one has cracked the bootloader and published the results.
Or this person cracked the bootloader and found some other way to root. They didn't go any further than that, but they did unlock the bootloader and root a Verizon LG G6.
ChazzMatt said:
There are rumors someone cracked the bootloader and rooted a Verizon LG G6, but for their own reason chose not to publish the method. Knowing the person who told me, I have no reason to doubt it. But, no, I don't know how they did it, as I am not a dev.
This of course leads to a bunch of questions. Is it possible some of the 2017 LG flagship (G6, V30) carrier models have ADB flash commands if you can get past the bootloader? We know the T-mobile LG G6 and LG V30 do not, because the bootloader is easily unlocked and they are ADB crippled. We just assumed all the other carrier modes were the same way, because no one has cracked the bootloader and published the results.
Or this person cracked the bootloader and found some other way to root. They didn't go any further than that, but they did unlock the bootloader and root a Verizon LG G6.
Click to expand...
Click to collapse
Do they know who possibly did this? Where are the rumors coming from?
abine45 said:
Do they know who possibly did this? Where are the rumors coming from?
Click to expand...
Click to collapse
Yes, I know.
https://forum.xda-developers.com/showpost.php?p=74470375&postcount=333
That link above discusses it more, but other than that I'm not interested in "proving" anything. I'm not the dev, and he can release what he wants to release. I encourage everyone to buy the "open market" version of the LG V30. That will have guaranteed root, TWRP, ROMs, kernels, etc.
If you want to read where I got it from, read back through my posts. It was discussed in open thread about three weeks ago.
The only reason I'm mentioning it here is it might be relevant to the LG V30, to let people know a carrier branded LG G6 was bootloader unlocked and rooted. If one person can do it, others can.
je2854 said:
Once I get operational I will attempt it.
I see no reason why we cannottry together.
Click to expand...
Click to collapse
The bootloader for the LG V30 has to be cracked correct?
abine45 said:
The bootloader for the LG V30 has to be cracked correct?
Click to expand...
Click to collapse
Technically no. The V20 doesn't have a cracked BL and it still has full root.
je2854 said:
Technically no. The V20 doesn't have a cracked BL and it still has full root.
Click to expand...
Click to collapse
How did it allow TWRP and roms to be installed especially if the bootloader still does it's checks?
abine45 said:
How did it allow TWRP and roms to be installed especially if the bootloader still does it's checks?
Click to expand...
Click to collapse
If I remember correctly, engineering boatloaders don't have such a rigorous check...
je2854 said:
Technically no. The V20 doesn't have a cracked BL and it still has full root.
Click to expand...
Click to collapse
Dirty Santa exploit cracked the bootloader of the V20 (December 2016). And here (June 2017).
DirtySanta Exploit Unlocks the Bootloader of the LG V20 H990 -- XDA article, June 2017
And the 2016 V20 still had all the ADB flash commands. So, once past the bootloader, you had free reign. That has changed with the 2017 LG flagships, where LG has removed most of the ADB flash commands.
Even this LG V20 method, in a thread started END of August 2017 has as a first step -- RUN Dirty Santa! Even though Dirty Santa/Dirty Cow exploit was now patched, you can swap out modules in the phone, so it will then still run. So, I do not know of any LG V20 that were rooted where the bootloader was not first unlocked -- even if you are replacing out modules with "Engineering" modules or whatever to allow Dirty Santa to still run. If you have other information to the contrary, I would be interested in hearing it.
Now back during the LG G2 and LG G3 era you could root and install TWRP without unlocking the bootloader, but that was back when signed packages were not required.
ChazzMatt said:
Dirty Santa exploit cracked the bootloader of the V20 (December 2016). And here (June 2017).
DirtySanta Exploit Unlocks the Bootloader of the LG V20 H990 -- XDA article, June 2017
And the 2016 V20 still had all the ADB flash commands. So, once past the bootloader, you had free reign. That has changed with the 2017 LG flagships, where LG has removed most of the ADB flash commands.
Even this LG V20 method, in a thread started END of August 2017 has as a first step -- RUN Dirty Santa! Even though Dirty Santa/Dirty Cow exploit was now patched, you can swap out modules in the phone, so it will then still run. So, I do not know of any LG V20 that were rooted where the bootloader was not first unlocked -- even if you are replacing out modules with "Engineering" modules or whatever to allow Dirty Santa to still run. If you have other information to the contrary, I would be interested in hearing it.
Now back during the LG G2 and LG G3 era you could root and install TWRP without unlocking the bootloader, but that was back when signed packages were not required.
Click to expand...
Click to collapse
You seem pretty smart with this stuff? do you do developing or hacking of your own?
abine45 said:
You seem pretty smart with this stuff? do you do developing or hacking of your own?
Click to expand...
Click to collapse
I'm not a developer, but I research a lot and I have knowledgeable people tell me stuff.
I keep up with LG phones, and I know V20 bootloader was unlocked by Dirty Santa exploit. Which was why I corrected the misinformation that the V20 was rooted without unlocking the bootloader.
Maybe there's another method of rooting V20 of which I'm unaware, but in V20 forum all I see are the links I posted above - which all involve unlocking the bootloader.
But the v30 is too new to have a dirty santa version anyway. And no adb commands.
Unless this makes it on to the lg list for unlocking I dont think it will happen.
Sent from my HTC One_M8 dual sim using XDA Labs
I'm using a sim-unlocked Verizon pixel 3 on Fi and (though I've hit the 'check for update' button, which should now get the update whether it was automatically available via OTA or not) I still haven't received the December security patch. I would just flash it, but the Verizon model has a locked bootloader so unfortunately that isn't an option. Is anyone else having this same issue? I know some over on Reddit were.
jacobsface said:
I'm using a sim-unlocked Verizon pixel 3 on Fi and (though I've hit the 'check for update' button, which should now get the update whether it was automatically available via OTA or not) I still haven't received the December security patch. I would just flash it, but the Verizon model has a locked bootloader so unfortunately that isn't an option. Is anyone else having this same issue? I know some over on Reddit were.
Click to expand...
Click to collapse
Nothing wrong with your phone. Since you are BL locked you are just somewhere in the queue of the phased roll-outs and they complete 2-3 weeks after the first Monday every month. It's unfortunate because with some other GSM carriers, when you pay the phone off you can unlock the BL. The Red Devil does not work like that and there is no workaround.
v12xke said:
Nothing wrong with your phone. Since you are BL locked you are just somewhere in the queue of the phased roll-outs and they complete 2-3 weeks after the first Monday every month. It's unfortunate because with some other GSM carriers, when you pay the phone off you can unlock the BL. The Red Devil does not work like that and there is no workaround.
Click to expand...
Click to collapse
Dang it sucks that the rollout can take that long. Someone on Reddit had said it should be out to all by yesterday because the patch is dated the 5th, but that obviously didn't happen. The thing is I didn't even buy it from Verizon, I got it from someone on Ebay who just said it was the unlocked version. At the time I didn't realize Verizon variants were bootloader locked and didn't think to ask for clarification on the bootloader. There's a whole other thread here for trying to unlock it that I've been following but there hasn't been much luck besides luck rma's. It'd be a lot easier if I didn't live in rural West Virginia with service only from a few locked down carriers who barely support any phones besides Galaxies and iPhones. Oh well!
Yeah, I haven't received Dec OTA either. I have a BL unlocked 3XL from Google Fi and normally flash the FULL factory image but I took the OTA last month and like that process better so I'll keep waiting...
jacobsface said:
Dang it sucks that the rollout can take that long. Someone on Reddit had said it should be out to all by yesterday because the patch is dated the 5th, but that obviously didn't happen. The thing is I didn't even buy it from Verizon, I got it from someone on Ebay who just said it was the unlocked version. At the time I didn't realize Verizon variants were bootloader locked and didn't think to ask for clarification on the bootloader. There's a whole other thread here for trying to unlock it that I've been following but there hasn't been much luck besides luck rma's. It'd be a lot easier if I didn't live in rural West Virginia with service only from a few locked down carriers who barely support any phones besides Galaxies and iPhones. Oh well!
Click to expand...
Click to collapse
Hear ya. True statement, the images really *are** out to all who can flash it the first Monday of each month, and YES you can manually flash the OTA image with a locked bootloader. You should read up on getting ADB/Fastboot running on your PC. Instructions on how to flash OTA's are on Google's developer page. Get the latest toolkit you need HERE.* Getting ADB/Fastboot up and running on your PC is a necessary lifesaving skill and really just takes reading and paying attention. Off you go.
Just giving my 2 cents. Stock 3XL. No update here yet either.
v12xke said:
Hear ya. True statement, the images really *are** out to all who can flash it the first Monday of each month, and YES you can manually flash the OTA image with a locked bootloader. You should read up on getting ADB/Fastboot running on your PC. Instructions on how to flash OTA's are on Google's developer page. Get the latest toolkit you need HERE.* Getting ADB/Fastboot up and running on your PC is a necessary lifesaving skill and really just takes reading and paying attention. Off you go.
Click to expand...
Click to collapse
It worked finally! See, Verizon hid their recovery mode behind a button combination on the bootloader. That, and forcing anything to happen from the bootloader screen itself via adb was a no go. But, you have to do a button combination on it to be able to select to apply update from ADB
jacobsface said:
It worked finally! See, Verizon hid their recovery mode behind a button combination on the bootloader. That, and forcing anything to happen from the bootloader screen itself via adb was a no go. But, you have to do a button combination on it to be able to select to apply update from ADB
Click to expand...
Click to collapse
Happy to see you were able to get it done. After a couple of times it just becomes routine. As for recovery button press, we can't blame that one on Verizon. That is the how the stock recovery works even on unlocked phones directly from Google. Don't feel bad, lots of people get tripped up on that too. Cheers :good: