Database Info

Bootloader unlock Hack

Dan Rosenberg deserves all the credit for this.
I have recently used this method on my XT926/HD Maxx to successfully unlock the boot loader. I was running 4.1.2 with root, and now I'm using 4.2.2 XenonHD.
This hack requires root access and a working version of SuperUser, aka 'SU'.
Motorola Bootloader Unlocking
I recently unlocked the bootloader for the consumer editions of Motorola Android devices using Qualcomm Snapdragon processors. This includes the Razr HD, Razr Maxx HD, Razr M, and Atrix HD models. The details of this research have been published on Azimuth Security’s blog.
Terms of Use
I have created a tool that may be used to unlock your bootloader. It requires that your device has been rooted and that the “su” binary has been properly installed. By using this tool, you agree to the following conditions:
1. You understand that using this tool will permanently, irreversibly void your device’s warranty.
2. You understand that it may not be possible to “relock” your device’s bootloader after unlocking using this tool. A side effect of this is that if you lose your device and you are not using disk encryption, a malicious party who acquires your phone may be able to extract all personal data from the device regardless of any lock screen.
3. You agree that I am in no way responsible for any damage to your device as a result of using this tool.
Instructions
The tool may be downloaded here. It may be used as follows:
1. Extract the entire contents of the zip file.
2. If you are using Windows, ensure you have installed the latest Motorola USB drivers available for your phone.
3. Ensure your device has been rooted and you have a working installation of “su”.
4. Ensure USB Debugging mode is enabled on your device.
5. If you are using Windows, navigate to the extracted directory and execute “run.bat”. If you are using Linux or OS X, navigate to the extracted directory in a terminal and execute “./run.sh”.
Click to expand...
Click to collapse
This process is quite painless and takes only a few minutes.
Neither I nor Dan guarantee this will work and that you will not brick your device. Proceed at your own risk.
Read all the instructions before you proceed and make sure you understand the process before you follow through.
He does have a PayPal donate button on the webpage and I urge anyone who uses this to donate to him. This opens up the doors to so many people that were otherwise left out of the mod community.
http://vulnfactory.org/blog/2013/04/08/motorola-bootloader-unlocking/

This thread is a simple re-post of existing thread. We don't need that.
Closed.

Universal Root Method for Motorola Qualcomm Android 2.x.x Phones

NOTE: This exploit only exists in Qualcomm chipsets due to eFuse in the TI OMAP chipsets. Sorry, for disappointing users with TI OMAP chipsets.
Exploit has been patched. Thanks to mattlgroff. This exploit only exists in Motorola Qualcomm phones with Gingerbread
mattlgroff said:
This is not for all Moto Qualcomms, either. It has been patched for a very long time and is the opposite of far reaching as the OP suggests.
Sent from my SGH-M919 using Tapatalk 2
Click to expand...
Click to collapse
Requirements/Prerequisites:
-Motorola Android 2.x.x Phone
-Motorola Drivers installed
-USB Cable
-Device must have fastboot protocol support in the bootloader otherwise this method won't work.
Tools Required:
-Motorola Android firmware Depacker by Skrilax_CZ
-UPDATE-SuperSU-v1.41.zip by Chainfire
-ADB and Fastboot
-Stock SBF/fastboot files.
Method 1: Firmware is in SBF format and packed in CG2.smg format. Examples of phones that has firmware packed in CG2.smg format are Motorola Defy Mini, Motorola Fire XT, Motorola Motoluxe. This method is for Windows. It will also work for Linux if you have the Linux version of Motorola Android Firmware Depacker.
I have tested this method on my Motorola Defy Mini XT320 which is a Gingerbread phone. It also works on Motorola Fire XT311,XT316,XT530,XT531 and Motorola Motoluxe XT615 (not Canadian XT615).
1. Make sure all drivers are installed.
2. Download the SBF file for your phone.
3. Download Motorola Android Depacker. MotoAndroidDepacker-1.2alpha3.zip
4. Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
5. Make sure you have ADB and Fastboot setup if don't have it setup you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location
6. Open Motorola Android Depacker and select the button 'Open From file' and select the SBF file for your phone and open it.
7. Click on the button 'Split to folder' to split SBF file.
8. Now select the button 'Open from File' and change the selection of file type to 'MOTOBLUR mbn image (*CG2.smg)' go to the folder called nameofsbf-extracted which contains CG2.smg and open it.
NOTE: nameofsbf-extracted this means the name of the SBF file with the word extracted at the end. Here's an example: TNBST_4_0A.1F.0ERPS_flex_WE_Orange_Spain-extracted
9. Minimize Motorola Android Firmware Depacker and go to the folder named 'CG2-extracted' and navigate to a file named 'recoverysec.mbn' OR 'emmc_recovery.mbn' and rename it to 'recovery.img'
10. Go to builder.clockworkmod.com and upload your recovery.img and select build.
11. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
12. Place recovery.img in the same location where ADB and fastboot are.
13. Place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
14. Enable USB Debugging on your phone.
15. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
16. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
17. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
18. Select 'reboot system now' and if it asks you to fix any permissions select yes.
19. Your device should be rooted.
NOTE: METHOD 1 WILL ONLY WORK IF THE SBF FILE IS PACKED IN CG2.SMG FORMAT!
Method 2: TESTED the first 7 steps and it worked. I need some testers please to test the rest of the steps. This is when your firmware is packed in fastboot.xml.zip or .xml.zip format such as Motorola RAZR XT910 firmware. I don't own a phone that has a firmware of fastboot.xml.zip, so I just downloaded XT910 firmware so I could test the first 7 steps. This method should work both in Windows and Linux.
1. Make sure all drivers are installed.
2. Download the fastboot files for your phone.
3.Download UPDATE-SuperSU-v1.41.zip Please don't extract the zip file for this one.
4. Make sure you have ADB and Fastboot setup otherwise you can download adb&fastboot.zip and extract the zip file making sure everything is in the same location.
5. Using a file manager, extract the file named 'recovery_signed' and rename it to recovery.img
6. Go to builder.clockworkmod.com and upload your recovery.img and select build.
7. Once it finishes building CWM Recovery, there will be a few files that are ready to be downloaded, download the file named 'recovery.img' NOT 'inputrecovery.img'
8. Place recovery.img in the same location where ADB and fastboot are.
9. Now place UPDATE-SuperSU-v1.41.zip in the root of your sdcard.
10. Enable USB Debugging on your phone.
11. Reboot the device into fastboot mode by typing this command in cmd:
Code:
adb reboot-bootloader
12. Boot into temporary CWM Recovery by typing this command in cmd:
Code:
fastboot boot recovery.img
13. Now using Volume keys to navigate and power button to select option. Select 'install zip from sdcard' then select UPDATE-SuperSU-v1.41.zip and it will ask you to confirm install and select yes.
14. Select 'reboot system now' and if it asks you to fix any permissions select yes.
15. Your device should be rooted.

Here's Superuser for x86 and ARM devices.
This is Superuser by koush.

NOTE: This method works on both locked and unlocked bootloaders.

Any ideas if this will work on the new Droid RAZR HD and DROID RAZR M update that broke the bootloader unlock method? http://www.droid-life.com/2013/07/1...the-kernel-exploit-for-unlocking-bootloaders/

I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...
Sent from my Galaxy Nexus using Tapatalk 4 Beta

Does UPDATE-SuperSU-v1.41 also works on x86 devices such as the Razr I or would we need to use the su file from here: http://forum.xda-developers.com/showthread.php?t=2123369
I'm asking since they also have different updater-scripts...
Update:
Tried it 5 times now to build a CWM Recovery via the website, failed every time
my id's
e3fc4f10d5e026b4fbb33cc6969d339c
0d2ebce8165bd84fefa20129caf925d6
1ef2ceba6ed2298cdacf677c1a158a71
800b2c95ba9068b30f4e79e905cda0e8
6897f97da88ee7db655f8d1d90816aef
CFC_9.8.2I-50_SMI-26_S7_USASMIJBRTEU.xml.zip
Razr I XT890

adlx.xda said:
I find it weird that a bootloader locked Motorola phone would let you "fastboot boot". That's not what I would expect...
Sent from my Galaxy Nexus using Tapatalk 4 Beta
Click to expand...
Click to collapse
Yeah, it worked on a Motorola Defy Mini XT320, it's the fastboot exploit that's been left by Motorola.

Motorola XT881 (Electrify 2) fails to boot custom recovery.img
Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
View attachment 2120232
"Can not boot recovery.img: No error"
Also the next time I success to execute the command, but the device returns me
View attachment 2120251
OKAY
booting...
FAILED (remote:unsupported command)
And now my device seems to be soft-bricked.. I get (Flash failure)
I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.

PsyClip-R said:
Hey ! I've tried your method and I stuck at 12-th step.
This is what I get everytime I try to boot CWM recovery
View attachment 2120232
"Can not boot recovery.img: No error"
Also the next time I success to execute the command, but the device returns me
View attachment 2120251
OKAY
booting...
FAILED (remote:unsupported command)
And now my device seems to be soft-bricked.. I get (Flash failure)
I'd really like to help you with that. Anyone knows what the problem is ?
I think it's all about locked bootloader and deprecated fastboot Motorola has made.
Click to expand...
Click to collapse
It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.

rootdefyxt320 said:
It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.
Click to expand...
Click to collapse
Oh, it looks like it is.
Tomorrow I'll try this with my old Motorola Bravo (which is Defy like device)

PsyClip-R said:
Oh, it looks like it is.
Tomorrow I'll try this with my old Motorola Bravo (which is Defy like device)
Click to expand...
Click to collapse
The SBF is packed in CGXX.smg format as I have decompiled the SBF for my cousin as he owns a Defy MB525 before so this method won't work as Bravo doesn't have fastboot and eFuse on TI OMAP is aggressive and I think recovery is CG47.smg

rootdefyxt320 said:
It looks like this exploit in phones with Qualcomm devices because my Motorola Defy Mini has a Qualcomm chipset. It looks like the eFuse is preventing it to boot into custom img file.
Click to expand...
Click to collapse
This is not for all Moto Qualcomms, either. It has been patched for a very long time and is the opposite of far reaching as the OP suggests.
Sent from my SGH-M919 using Tapatalk 2

rootdefyxt320 said:
NOTE: This method works on both locked and unlocked bootloaders.
Click to expand...
Click to collapse
Wait, we have unlocked bootloader for xt320 ?

Magissia said:
Wait, we have unlocked bootloader for xt320 ?
Click to expand...
Click to collapse
No, we don't.

hey guys does any one know any thing about the xt555c ... theres a link to my thread in my signature.

Downgrade Moto G XT103x (non GPE) from Lollipop to KK + remove unlocked bootloader!

Downgrade Moto G XT103x (non GPE) from Lollipop to KitKat + remove unlocked bootloader warning + root!
Greetings!
After benefitting from XDA for so long, I’m trying to help a little.
Many people I know, myself included, own a Moto G XT1033, which is by far the most popular version in Brazil (XT1032 didn’t sell nearly as much, GPE not officially available). One of these friends complained about issues, like lags and some apps not working, after OTA update to Lollipop. He asked me to downgrade his phone. It took me quite a while to find everything – instructions, firmware, etc.
So I decided to compile a few tricks here and there for you people who want to downgrade.
Inspiration from here:
http://technolect.org/moto-downgrade-lollipop-android-501-android-444-kitkat/
I’M NOT RESPONSIBLE FOR ANY DAMAGES!
DO NOT TRY TO DOWNGRADE TO ANYTHING EARLIER THAN 4.4.4 OR YOU MAY HARDBRICK!
BACKUP YOUR STUFF AS THESE PROCEDURES WILL ERASE YOUR DATA!
FOR NOW, SOME DEVICES SHOW A SCREEN FLICKER DURING/AFTER BOOT. THIS FLICKER IS NOTHING MORE THAN A NUISANCE, AND WILL TEMPORARILY GO AWAY AFTER A SCREEN LOCK AND UNLOCK, APPEARING AGAIN AT NEXT REBOOT. NO PERMANENT FIX FOR THIS BUG IS KNOWN AT THE MOMENT, IF YOU FIND IT OUT, PLEASE SHARE WITH US FOR DUE CREDIT!
I only tested this procedure with Brazilian xt1033/Windows. If this works on other models, and I see no reason why it shouldn’t, please tell me. I will credit you and others will benefit!
Requirements:
1) Moto G XT103x non GPE (duh!). Works like a charm on Brazilian XT1033, should work fine in other models too.
2) Download and install Motorola USB Drivers (http://forum.xda-developers.com/showpost.php?p=48021572&postcount=1)
3) Unlock your bootloader (https://motorola-global-portal.cust...e/bootloader/unlock-your-device-a/action/auth)
4) Battery should be at 60% or better
5) Enable Developer Options. On your device: Settings> About Device and press more than 7 times in a row the number Compilation until a message is displayed notifying the developer options have been activated. Then from your device go to Options developer and check the box USB Debugging
6) Get ADB (http://forum.xda-developers.com/showthread.php?p=42407269#post42407269) and mfastboot (included in the rar, but, just in case, also here http://forum.xda-developers.com/attachment.php?attachmentid=2427667&d=1385958280)
7) Get a custom recovery img file for your device. I like TWRP (http://forum.xda-developers.com/moto-g/development/recovery-twrp-2-8-2-0-touch-recovery-t2980621).
8) Firmware (http://www.filefactory.com/folder/c6cdedc45a775d27). Firmwares in tar.gz should be extracted by a 3rd party app in Windows, like 7Zip (http://7-zip.org/), or natively in Linux/OSX.
XT1033 KitKat firmwares (I’ll leave out of the rar, download the one you prefer) here http://technolect.org/moto-downgrade-lollipop-android-501-android-444-kitkat/
9) Appropriate CF-Auto Root files (http://autoroot.chainfire.eu/)
And a little patience, it should not take more than a few minutes!
INSTRUCTIONS
1) Get everything above working! To test if everything is A-OK, open a command prompt, type “adb devices” (without quotes) and hit enter/return. If there is a number/name listed there, you’re good to go. If not, try reinstalling Moto drivers, ADB...
2) Create a work folder. I usually create a ‘moto’ folder in Desktop.
3) Extract the xml.zip file inside the ‘moto’ folder.
4) Extract the rar file inside the ‘moto’ folder.
5) Extract the CF-Auto Root files in a folder inside the ‘moto’ folder, for example, ‘autoroot’
6) Make sure these files are inside the same folder (for example, Desktop\moto)
* autoroot folder (or any other name you chose)
* lollipop to kitkat xt103x.bat
* mfastboot.exe
* logo.bin
*boot.img
* recovery.img
* system.img_sparsechunk.0
* system.img_sparsechunk.1
* system.img_sparsechunk.2
* NON-HLOS.bin
* fsg.mbn
7) run lp-to-kk-xt103x.bat. The script will automatically reboot into bootloader, factory reset, downgrade to KK and remove the unlocked bootloader warning logo, but will not reset your phone.
8) now enter the ‘autoroot’ (or whatever) folder and run the root-windows.bat file in there. The script will use the CF-Auto Root, install the latest Super SU and reboot your phone.
9) the phone will start in KK and rooted! Enjoy!
10) I recommend installing Flashify (https://play.google.com/store/apps/details?id=com.cgollner.flashify). It is awesome to install custom recoveries.
And that’s it! Sorry for the mistakes and poor English!

{GUIDE} {H918} Restore laf partition/Download mode after root with lafsploit.

As the title states this guide will walk you through restoring your laf partition/download mode after root via the lafsploit method​.
This guide is for the H918/T-Mobile variant ONLY!
Attempting to use the files provided in this thread on any other variant may result in a brick! You have been warned.
YOU MUST HAVE SOME FORM OF ROOT ACCESS FOR THIS PROCESS TO WORK!​
Before we begin this guide will be relatively straight forward, and much easier than rooting the phone itself (IMO). That said when making any modifications to your device, and by following this guide you assume any & all responsibility for any damage physical or otherwise to your device(s).
Prerequisites/Downloads:
1. ADB & Fastboot drivers Download & install (If you don't already have them of course) from here: https://forum.xda-developers.com/showthread.php?t=2588979
(There are other ways to obtain them, but this is the simplest and most straight forward.)
2. I'm not entirely sure they are needed for this, but it wouldn't hurt to install the LG Mobile Drivers either found here: http://www.lg.com/us/support/software-firmware-drivers
3.I have extracted (from 10P KDZ) and tested this image myself before uploading, and now have download mode back on my v20. You can find it here: https://www.androidfilehost.com/?fid=818222786056038567 (Save to a location you can remember. If you're unsure go ahead and save it to your desktop.)
These remaining downloads are entirely optional, but I figured I would include them. Only download these if you intend to extract the laf.img yourself. (More details on that later.) (Not recommended for the average user.)
1. You'll need the kdz to extract the images from. Found here: https://lg-firmwares.com/lg-h918tn-firmwares/#more-3864 (You're looking for the H91810p kdz).
2.You'll also need to download the WindowsLGFirmwareExtractor found here: https://forum.xda-developers.com/showthread.php?t=2600575 (Be sure to leave a thanks for this awesome tool.)
Flashing the image​
1. Begin by verifying USB debugging is enabled on your device. (If it is not go to Settings/About/Software Info. Click build number until you get the toast notification that you are a developer. Back out to Settings Click Developer Options, and turn on USB debugging.)
2. Plug in your device (Make sure it is in File transfer mode.)
3. Open up a command prompt (May require running as admin. I always do so I have no clue.)
Type:
Code:
adb devices
Your device should be listed if you have accepted the prompt on your device. (If you are not quick enough and accept the prompt, but it still shows nothing run adb devices again.)
4. If your device is listed navigate to where you saved the laf.img (again for the purposes of this guide I will be using the Desktop.)
Type:
Code:
cd c:/users/Type your windows username here/Desktop
You should now be in your desktop.
Type:
Code:
adb push -p laf.img /sdcard/laf.img
wait for it to complete.
Type:
Code:
adb shell
then
Code:
su
You will need to grant adb Superuser permissions on your device to continue. If you are successful you should see this "elsa:/ #"
Finally type:
Code:
dd if=/sdcard/laf.img of=/dev/block/bootdevice/by-name/laf
Wait for it to complete.
Type exit twice.
5. You can now unplug your device, power off, and plug in the usb while holding vol up to enter dl mode to verify it worked.
6. Success Congrats. You have download mode back on your device!
Extracting the laf image yourself​(For the extremely paranoid)
1. Download the required files from above.
2. Extract WindowsLGFirmwareExtract v1.2.5.0 to your desktop, and open it up (preferably in it's own folder).
3.Select Open across from KDZ/TOT file, and browse to your KDZ you download previously and double click.
4.After it loads the kdz check H91810p00.dz, and click Extract KDZ.
5.Close and re open the program this time Click open across from DZ File in the folder where you placed WindowsLGFirmwareExtract you should see a file called H91810p00.dz Double click to open it.
6.Check laf_6.bin then click Extract DZ.
7.Rename the laf_6.bin to laf.img.
8.Follow the steps above to flash the newly extracted image to your device.
Credits:
@bullghost for the Extraction tool (And those in his credits as well.)
@runningnak3d (For lafsploit and the countless amount of hours he has put in to getting it working for us.)

reserved

Thanks man u r too good to us.
Sent from my [device_name] using XDA-Developers Legacy app

gavilan2010 said:
Thanks man u r too good to us.
Click to expand...
Click to collapse
Just trying to help give something back to the community. That said this my first guide. I tried to make it as simple as possible, and laid out in a way that's easy to understand and follow. So if anyone has any suggestions please don't hesitate to let me know.
Sent from my LG-D851 using XDA Labs

Or you could just flash the zip in TWRP to get laf back

xXCoolGuYXx said:
Or you could just flash the zip in TWRP to get laf back
Click to expand...
Click to collapse
What zip are you referring too?
Sent from my LG-D851 using XDA Labs

For insure purpose to return the phone how bout making a zip file flash it in twrp then reboot then everything is stock again. But i cant find any zip file to do that please point me to the right link if anybody know
Sent from my [device_name] using XDA-Developers Legacy app

gavilan2010 said:
For insure purpose to return the phone how bout making a zip file flash it in twrp then reboot then everything is stock again. But i cant find any zip file to do that please point me to the right link if anybody know
Click to expand...
Click to collapse
That's because one doesn't exist, but if you follow the OP instructions which are pretty simple then you should be golden
Sent from my LG-H910 using XDA Labs

I've had my h918 arb1 10u rooted for a month now, never noticed in twrp till now of an all in red "The partition cannot be located by the name "LAF".
Do I really need it?. I was coming from RR rom 8.0 back to Super rom 7.0 in twrp. While installing Super rom thats where I noticed the red worded statement in the list of rom install load. I was kinda startle cuz it's laf... I was like ahhh fkkk I'm gonna get bricked but then phone boots like normal, everything is normal, I even install other roms back n fourth just to test for anything else wrong but nope everything is good. I can still enter download mode with USB cord.. it acts normal, I can boot to twrp recovery normally from trwp app in stock super rom and advance menu on aosp roms too. So.... Is laf any important anymore?? Should I go ahead and and follow this guide for laf repair?....
(Edit)
Nevermind, Sorry.
I found that laf after rooting is not needed anymore cuz twrp occupies that spot. I did find a flashable laf restore zip in the thread by "[ROOT] - lafsploit - H918 (any version up to 10u) - now n00b friendly by runningnak3d".
Problem solved.

download link broken

Wanted to thank you this worked perfectly! I was in quite the predicament where I ran the LAF exploit in FWUL but I didn't downgrade before rooting. That made it so I couldn't flash TWRP to recovery and for whatever reason I couldn't boot into TWRP from download mode again (only worked once or twice) I couldn't flash in fastboot and I was sure I was screwed. THANK YOU!!!

dl link is broken, pls reup !
thx

Root LG Velvet (LM-G900EM)

Finally got root on LG-Velvet LM-G900EM
Here is how i did.
I know...this is finally little bit complicated, but i dont want to copy something that possibly affects copyrights or other stuff.
Here is all that i've learned and done.
So you should be able to root also.
Prerequisites:
(allways have a valid backup)
- Unlocked LG-Velvet-Bootloader (on android device)
- Installed Python (on pc):
https://www.python.org/
- Unpacked Steadfast kdz-tools (on pc):
https://github.com/WildOne69/kdztools
(Modify the undz.py: Put a # in line 26. This should look like this:"#import zstandard as zstd"
Otherwhise you will get an error:"ModuleNotFoundError: No module named 'zstandard'"
- Downloaded Velvet Stock-Rom (kdz) (on pc)
http://lg-roms.com/lg-firmware/lmg900em/g900em10c/9081
1. Download the kdz-rom from lg-roms (on pc)
(this uses a special download-tool which may be spain)
Finally you should have something like:
G900EM10f_00_0716.kdz
2. Extract a dz-file from the kdz-file. (on pc)
Go to the directory where you've stored the kdz-tools.
example:
python unkdz.py -f G900EM10f_00_0716.kdz -x
(this gains something like G90010f_0_user-signed-ARB0_COM1_EU_OP_0716.dz in a subdirectory)
3. Extract the boot.img from the extracted dz-file. (on pc)
example:
python undz.py -f c:G90010f_0_user-signed-ARB0_COM1_EU_OP_0716.dz -s 40
..now you've got a boot_a.image hopefully in a subdirectory.
This is the original boot.img
4. Copy the boot.img to your mobile. (from pc to android device)
5. Run Magisk and patch the extracted boot.img (on android device)
6. Copy the magisk_patched.img to your computer again. (from android device to pc)
7. adb reboot bootloader (on pc)
Keep in mind that the Velvet is an A/B device, so we need to flash the boot.img twice.
8. fastboot flash boot_a magisk_patched.img
(on pc)
9. fastboot flash boot_b magisk_patched.img
(on pc)
10. fastboot reboot
(on pc)
11. Open Magisk and pray that you've root.
(on android device)
Have fun.
BR
Mike
PS:
Be careful locking your bootloader afterwards. As i've observed locking the bootloader again resets the mobile back to factory-defaults...so all your work has been gone.
I'm not responsible if you brick your device or it takes harm in any case.
Updates: As LG launched updates twice meanwhile i was forced to patch the boot-partitions again.
Simpliest way to do the updates with root:
- Start the update with LG-Bridge.
- After the download of the new KDZ is complete copy it out of the temp-directory (to extract the boot_a.img later)
- Do the phone-update with LG-Bridge. (Now your phone is in an unrooted state again)
- proceed with steps 2-11
- Jobs done (Actual android-version rooted)

Is there anyway to get this to work with lg-G900UM

Catrock31 said:
Is there anyway to get this to work with lg-G900UM
Click to expand...
Click to collapse
I think the way is the same.
Just depends on the possibility to get an bootloader-unlock file fron LG or not.

MikGx said:
I think the way is the same.
Just depends on the possibility to get an bootloader-unlock file fron LG or not.
Click to expand...
Click to collapse
Guys, can you upload the stock ringtones ?
Thks

Nice work OP. Works like a charm. I remember the pre-Nougat days when rooting an Android device was, for the most part, a simple affair. Nowadays, with A/B partitions, Forward Error Correction (FEC), system-as-root, etc., rooting is tedious to say the least. Nice job figuring this one out. :good:

Hi!
The undz.py returs this error message :
File "undz.py", line 173
if cmd.batchMode:
^
TabError: inconsistent use of tabs and spaces in indentation
Can you help?

Bandetos said:
Hi!
The undz.py returs this error message :
File "undz.py", line 173
if cmd.batchMode:
^
TabError: inconsistent use of tabs and spaces in indentation
Can you help?
Click to expand...
Click to collapse
Just a fast shoot before quittin the day:
Kdz-filename you downloaded is exactly the same as i wrote? (If you got a newer version the kdz-riddle would start again...as this unkdz/undz project is some years old and discontinued.)
@the 1st step this error looks like another dz or corrupt dz-file. (Give the download and kdz unpack a 2nd try?)
Another guess could be that you maybe choose another slice (-s number)?
There are 2 boot-images as velvet is an a/b device.

MikGx said:
Just a fast shoot before quittin the day:
Kdz-filename you downloaded is exactly the same as i wrote? (If you got a newer version the kdz-riddle would start again...as this unkdz/undz project is some years old and discontinued.)
@the 1st step this error looks like another dz or corrupt dz-file. (Give the download and kdz unpack a 2nd try?)
Another guess could be that you maybe choose another slice (-s number)?
There are 2 boot-images as velvet is an a/b device.
Click to expand...
Click to collapse
it doesn't working
maybe attach the boot.img file

if you check the version of python you got:
Python.3.8_3.8.1776.0
?
to be honest...dont want to take care on a file-store in the internet.

LG launchned a new FOTA...and a new kdz.
Turned out that flashin the old magisk_patched.img (boot.img) extracted from the old kdz causes UI-performance problems if you reflash it after update.
Usually magisk-SU should work if you prevent reboot after install the FOTA and then flashing magisk in the newest app version to the inactive slot.
Failback: if you run into this performance-issues, you can use lg bridge (!!!hopefully have an existing LG-Switch-Backup!!!) to set back your Velvet to defaults.
You can copy out the new kdz during the extraction-phase of LGBridge (so you dont need to download it extra) from your win-userprofile (c:\users\username\AppData\Local\LG.....\Update(something)\*.kdz
...and extract the new boot.img as described in the first article.
Install magisk and root the boot.img also as described first.
Then restore your latest LGSwitch backup and all is fine.
At the moment im working on a twrp-solution based on the work of mauronofrio from twrp-team. I can boot TWRP (based on avicii .13) but i am only able to backup (metadata and super).
Not gettin userdata and boot(recovery). Thi is hard as the velvet seems to be treble&A/B.
...i'm no dev...just like to play lego. )

Either way, it's good to see that we at least have a few people trying to figure out things with this device. Honestly, I still carry my Redmi Note 7 Pro with me every day because of how much I miss being able to download a custom rom etc.
MikGx said:
LG launchned a new FOTA...and a new kdz.
Turned out that flashin the old magisk_patched.img (boot.img) extracted from the old kdz causes UI-performance problems if you reflash it after update.
Usually magisk-SU should work if you prevent reboot after install the FOTA and then flashing magisk in the newest app version to the inactive slot.
Failback: if you run into this performance-issues, you can use lg bridge (!!!hopefully have an existing LG-Switch-Backup!!!) to set back your Velvet to defaults.
You can copy out the new kdz during the extraction-phase of LGBridge (so you dont need to download it extra) from your win-userprofile (c:\users\username\AppData\Local\LG.....\Update(something)\*.kdz
...and extract the new boot.img as described in the first article.
Install magisk and root the boot.img also as described first.
Then restore your latest LGSwitch backup and all is fine.
At the moment im working on a twrp-solution based on the work of mauronofrio from twrp-team. I can boot TWRP (based on avicii .13) but i am only able to backup (metadata and super).
Not gettin userdata and boot(recovery). Thi is hard as the velvet seems to be treble&A/B.
...i'm no dev...just like to play lego. )
Click to expand...
Click to collapse

Catrock31 said:
Is there anyway to get this to work with lg-G900UM
Click to expand...
Click to collapse
Hello.
I have a LG from Freedom Mobile.
Does this procedure work on their phones?
I'd like to use the dual sim capabilities.

JackTheMan18 said:
Hello.
I have a LG from Freedom Mobile.
Does this procedure work on their phones?
I'd like to use the dual sim capabilities.
Click to expand...
Click to collapse
I did that on an LM-G900EM. (No dual sim)
As i did it just usin the stock-rom, theoretically dual sim capability shoudnt get lost.
All this stands and falls with the possibility to unlock the bootloader.
If LG provides an unlock-code the rest should work.

Good
Very good, you are very good. As a LG velvet Chinese user, I sincerely hope that you can develop a ROM compatible with China’s 5G

BruceLee131 said:
Very good, you are very good. As a LG velvet Chinese user, I sincerely hope that you can develop a ROM compatible with China’s 5G
Click to expand...
Click to collapse
There was no development.
In my 1st article i just described how to extract, rooted and flashed the original stock boot.img
This should be possible for everybody who:
- got the bootloader unlock code from lg
- isnt afraid to flash boot.img to the mobile
BR
M.

MikGx said:
Just a fast shoot before quittin the day:
Kdz-filename you downloaded is exactly the same as i wrote? (If you got a newer version the kdz-riddle would start again...as this unkdz/undz project is some years old and discontinued.)
@the 1st step this error looks like another dz or corrupt dz-file. (Give the download and kdz unpack a 2nd try?)
Another guess could be that you maybe choose another slice (-s number)?
There are 2 boot-images as velvet is an a/b device.
Click to expand...
Click to collapse
I'm also getting this error. I did try a second time following your steps to a tee and still getting the same error.

MikGx said:
There was no development.
In my 1st article i just described how to extract, rooted and flashed the original stock boot.img
This should be possible for everybody who:
- got the bootloader unlock code from lg
- isnt afraid to flash boot.img to the mobile
BR
M.
Click to expand...
Click to collapse
Hi, I have bought LG Wing. I have entered into Developer Mode and I have activated OEM unlocked option. So do I need a bootloader unlock code? Can I root LG Wing with your instructions?

How did you get adb to recognize your device once you put it in download mode?

MikGx said:
I think the way is the same.
Just depends on the possibility to get an bootloader-unlock file fron LG or not.
Click to expand...
Click to collapse
I'm sorry if this is a dumb question, but if it isn't possible to get an unlock code for the G900UM (U.S. model), is there a way to gain SU status/root without unlocking the bootloader? I'm sure there's no exploit to unlock the bootloader without LG code, but I saw in some other threads (different makes/models) discussion of gaining SU via fastboot without unlocking the bootloader? So if my main concern is knowing everything that is on my phone and eliminating privacy/security vulnerabilties, can I gain SU status without unlocking the bootloader?

MikGx said:
There was no development.
In my 1st article i just described how to extract, rooted and flashed the original stock boot.img
This should be possible for everybody who:
- got the bootloader unlock code from lg
- isnt afraid to flash boot.img to the mobile
BR
M.
Click to expand...
Click to collapse
I got the unlock.bin file from LG.
I'm not afraid to flash any partition...
it's simply impossible to flash twrp-3.4.0-g900em-dom133.imgù
writing 'recovery'...
FAILED (remote: Cannot flash this partition in unlocked state)
And even boot with that recovery
downloading 'boot.img'...
OKAY [ 0.718s]
booting...
FAILED (remote: BootImage is Incomplete)
Finally i'm not able to extract boot.img form LG kdz stock rom