[GUIDE] Unlocking the Galaxys S5 Bootloader using DEV Bootloader [KK-MM] - Verizon Galaxy S 5 Android Development

The S5 Bootloader Unlock is here! Huge thanks to @beaups for the research and sourcecode and tool, @ryanbg for researching this method in the firstplace, @autonomousperson For compiling the source to a app for us all, @haggertk for his CID and aboot! @jrkruse for innovating methods, one click apps, and MM methods @magic_man185 for recompiling the binary to disable SD requirements for MM, and everyone else for being patient for me being slow! Also thank you all for being a great supportive community!
I Have Updated the OP Hoping this is less messy and hopefully neater to deal with
DO NOT ASK ABOUT ROMS, KERNELS, OR OTHER THINGS. THIS IS ONLY FOR UNLOCKING THE BOOTLOADER. WE WILL LAUGH AT YOU IF YOU ASK ANYWAYS!!!​EMMC 15 Unlocking Bootloader
2022_VZW_EMMC_15_ AIO_Tool To Unlock_Bootloader+Install_TWRP And MM_QL1_Rooted_Rom Works On Any Version Bootloaders_MM_LL_KK-Reactivation Lock Remover
This Process Will Root Phone Unlock Your VZW EMMC 15 Chipset Bootloader Install TWRP Recobery And Imstall Latest QL1 Stock Rom . Downloads S5_Root_Tools_2023.7z EMMC_15_Rom.zip -- Stock QL1 6.0 Directions For Unlocking Stock Phone I would...
forum.xda-developers.com
EMMC 15 Updating Unlocked Bootloaders Or Downgrading
2022_VZW_EMMC_15_Chipset For Unlocked Dev BL To Downgrade To LL_KK Or Upgrade To MM_And Keep Unlock Bootloader
This Process Will Update Or Downgrade Your VZW EMMC Chipset DEV Aboot Bootloader Unlocked S5 To Marshmallow 6.0 Lollipop 5.0 Or Kitkat 4.2 or 4.4 Root And Unlock Instructions Can Be Found Here EMMC 15 Rooting And Bootloader Unlocking EMMC 11...
forum.xda-developers.com
For Rooting EMMC 11 Phones
2021_VZW_Locked_Bootloader_EMMC_11_Rooted/NonRooted_Roms_With_Safestrap_MM_LL_KK
This Process Will Install On The EMMC_11 Locked Bootloader Verizon S5 Marshmallow QL1 Stock Rom NonRooted With Safestrap. Lollipop PB1 Stock Rom Rooted With Safestrap. KK Rom Rooted With Safestrap What This Does This gives you the ability to...
forum.xda-developers.com
All the methods below are only preserved for historical purposes!!! Please use the new methods above!
Warnings
READ THE ENTIRE OP AND THE POST BELOW BY @jrkruse BEFORE DOING ANYTHING AT ALL!!!!!!!!!!
THIS IS ONLY FOR THE VERIZON S5. DOES NOT WORK FOR AT&T!!!!!
This is for users with 15' Sasmung eMMC's not users with 11 Toshiba eMMC's. You can check this by reading the file
/sys/block/mmcblk0/device/cid
Just the first 2 15xxxxxxxxxxxxxxxxxxxxxx or 11xxxxxxxxxxxxxxxxxxxxxxx(my number of x's are random, just read the first 2)
We still are unsure if changing the CID causes app store, verification, activation, provision, or other issues, everything you do is at your own risk!(Pretty sure it's safe)
REACTIVATION LOCK MUST BE TURNED OFF. YOU'VE BEEN WARNED
Starting notes​
*REQUIRES ROOT*
If you don't have root, please goto @jrkruse thread here
https://forum.xda-developers.com/ve...ot-method-t3561529/post71202995#post71202995/
For Method 4
You must make sure first of all you have authorized your computer in developer options and that USB debugging is on, you could also using adb tools use adb wireless if your device is configured for this!
You also on screen must grant ADB root access, please make sure of this!
Make sure you have a blank sd card, EVERYTHING on it WILL BE WIPED as a backup for the bootloader!
*If you have no root access OR SAFESTRAP you must proceed to the rooting thread, nothing below works without root*
Methods​
Method 1: Primary Method (Old thanks @jrkruse) For PB1, PD1, PF4, PG2, PJ2, PL1, QA1 (MARSHMALLOW)*REQUIRES SAFESTRAP
Download these files
Bootloader_Unlock_Safestrap.apk
VZW_BPB1_ODEX_DEODEX_V9.zip
G900V_Firmware_PB1.tar.md5
S5_KLTE_USA_VZW.pit
Download and install VZW_BPB1_ODEX_DEODEX_V9.zip
Reboot to Download Mode
In Odin Under AP slot load G900V_Firmware_PB1.tar.md5
Now in Odin Under PIT load S5_KLTE_USA_VZW.pit If you have a 32gb phone instead of 16gb phone skip this step
Click Start
After Phone reboots pull battery reboot to download mode (pwr+voldwn+home) and make sure current binary status is official If not In Odin Under AP slot load G900V_Firmware_PB1.tar.md5 and Odin Under PIT load S5_KLTE_USA_VZW.pit If you have a 32gb phone instead of 16gb phone skip this step
Click Start
If current binary is official reboot phone and enter Rom Setup. There is no need to setup any accounts unless you plan on running this rom
Download and install Bootloader_Unlock_Safestrap.apk
Open Safestrap app and install the safestrap recovery to the system
Open safetrap app and click Reboot To Recovery Button
Flash: (Choose 1 Whatever One You Choose Is The Firmware And Bootloader Version You Will Be On)
SafeStrap_PB1_Bootloader_Unlock_AIO.zip
SafeStrap_PD1_Bootloader_Unlock_AIO.zip
SafeStrap_PF4_Bootloader_Unlock_AIO.zip
SafeStrap_PG2_Bootloader_Unlock_AIO.zip
SafeStrap_PJ2_Bootloader_Unlock_AIO.zip
SafeStrap_PL1_Bootloader_Unlock_AIO.zip
SafeStrap_QA1_Bootloader_Unlock_AIO.zip
Phone will Power Off.
Pull Battery enter TWRP Recovery (volup+pwr+home) Wipe Data and System and Flash A Rom That matches Firmware For example PB1 would be a 5.0 rom PD1 Or PF4 would be 6.0.1 Rom
Method 2: Unlocker via Safestrap (Old thanks @jrkruse) For OE1, OK3, PB1 (LOLLIPOP)
1. Flash this Samsung_Bootloader_Unlocker.zip in safestrap or flashfire
2. Reboot phone click on SamsungUnlocker app
3. Wait and make sure to grant SuperSu access. This may take a few seconds to come up
4. type yes in the terminal screen when it ask you (Yes/No) Hit enter on the keyboard
5. wait for phone to power off
6. reboot to bootloader and verify it says MODE: Developer
7. Flash Twrp recovery using Odin
8. Your done!
Method 3: ADB For 4.4-5.0 (OLD, OUTDATED)
This Method is old and outdated, Do not use unless the new method isn't working!!!
1. Download https://github.com/beaups/SamsungCID/blob/master/samsung_unlock
2. Download View attachment adb.7z
3. Extract adb to /adb
4. Extract samsung_unlock
5. Put samsung_unlock inside the adb folder
6. Launch adb tools
7. Select push file
8. Source is samsung_unlock
9. Destination is /data/local/tmp/
10. Select the option for Pull
11. Source is /sys/block/mmcblk0/device/cid
12. Destination is cid.txt
13. Select the option for adb shell
14. Continue after the warning
15. type the following
Code:
su
cd /data/local/tmp/
chown root.root samsung_unlock
chmod 777 samsung_unlock
./samsung_unlock
Device will shut down, manually reboot
16. once it reboots, in adb tools connect to the shell again
17. Enter the following commands
Code:
su
cd /data/local/tmp/
./samsung_unlock
18. once this is done, you can type exit twice to return to the menu of adb tools
19. Select reboot
20. Reboot to bootloader
21. Verify you now have a dev edition
Method 4: On Device For 4.4-5.0 (OLD, OUTDATED)
This Method is old and outdated, Do not use unless the new method isn't working!!!
1. On your device download https://github.com/beaups/SamsungCID/blob/master/samsung_unlock
2. Move to your root directory of your internal storage(if you can't figure out where that is, you shouldn't be doing this)
3. Using a root file explorer goto /sys/block/mmcblk0/device
4. Copy the file cid to your internal storage(this is a backup of your old cid, if it fails to copy, just open it as text and copy paste the text)
5. open a terminal emulator app
6. type the following
Code:
su
cd /storage/emulated/0/
chown root.root samsung_unlock
chmod 777 samsung_unlock
./samsung_unlock
7. Device will poweroff, focefully power on
8. Enter the terminal again and enter the following commands
Code:
su
cd /storage/emulated/0/
./samsung_unlock
9. Once completed reboot to bootloader using your favorite way
10. Verify you are a Developer edition phone now
Photo of what your Bootloader should say
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Working TWRP and International Rom Patch
​
TWRP 3.0.0 Flashable recovery zip. Can be flashed in safestrap or flashfire if you have not installed it yet
TWRP_3.0.0-0-klte-klte.zip
International Rom Patch For Data And MMS. Flash right after you flash the rom.
VZW_5.0_International_Rom_Patch_No_Boot.zip
VZW_5.0_International_Rom_Patch_VZW_BOOT.zip
Directions To Update Or Downgrade Bootloaders
If you have already Unlocked your bootloader and are running TouchWiz Rom(Stock kernel)​
Download this files
PB1_Firmware_Only_NK2_Kernel.tar.md5
TWRP_Prepare.zip
SafeStrap_PB1_Bootloader_Unlock_AIO.zip
SafeStrap_PD1_Bootloader_Unlock_AIO.zip
SafeStrap_PF4_Bootloader_Unlock_AIO.zip
SafeStrap_PG2_Bootloader_Unlock_AIO.zip
SafeStrap_PJ2_Bootloader_Unlock_AIO.zip
SafeStrap_PL1_Bootloader_Unlock_AIO.zip
SafeStrap_QA1_Bootloader_Unlock_AIO.zip
S5_KLTE_USA_VZW.pit
In TWRP Flash TWRP_Prepare.zip
Reboot to Download Mode
In Odin Under AP slot load PB1_Firmware_Only_NK2_Kernel.tar.md5
Now in Odin Under PIT load S5_KLTE_USA_VZW.pit If you have a 32gb phone instead of 16gb phone skip this step
Click Start
When finished on reboot watch for Safestrap Splash Screen and enter Safestrap
Now goto Power Menu/Reboot Menu and reboot to Download Mode
Make sure in download mode the current binary is Official. If it is not reflash In Odin Under AP slot load PB1_Firmware_Only_NK2_Kernel.tar.md5
Now in Odin Under PIT load S5_KLTE_USA_VZW.pit
Click Start on reboot enter Safestrap reboot back to download mode and make sure binary status is Official
If Binary Status is Official Pull battery restart and enter SafeStrap
Flash: (Choose 1 Whatever One You Choose Is The Firmware And Bootloader Version You Will Be On)
SafeStrap_PB1_Bootloader_Unlock_AIO.zip
SafeStrap_PD1_Bootloader_Unlock_AIO.zip
SafeStrap_PF4_Bootloader_Unlock_AIO.zip
SafeStrap_PG2_Bootloader_Unlock_AIO.zip
SafeStrap_PJ2_Bootloader_Unlock_AIO.zip
SafeStrap_PL1_Bootloader_Unlock_AIO.zip
SafeStrap_QA1_Bootloader_Unlock_AIO.zip
Phone will Power Off.
Pull Battery enter TWRP recovery Wipe Data and System and Flash A Rom That matches Firmware For example PB1 would be a 5.0 rom PD1 Or PF4 would be 6.0.1 Rom
[FIX] MM Users. Wifi not working? Hardkeys not working???
​
View attachment 3772847
Unzip recover.zip place on internal storage flash in TWRP choose install image then choose recovery.img and flash to recovery
power off device
reboot to bootloader and reflash PD1_Firmware_Modem_HLOS_No_Aboot.tar.md5 in odin uncheck auto reboot when done pull battery reboot back to recovery wipe data and cache and system reinstall rom.
Notes:
If You Bricked Your Device somehow someway
​
1. Download the following image https://www.androidfilehost.com/?fid=24562946973631519
2. Download https://sourceforge.net/projects/win32diskimager/
3. Attach a micro sdcard(min 16GB class 10, others may work but unsure) to your PC via a reader
4. Backup all data on the micro sdcard, EVERYTHING WILL BE ERASED
5. Extract the image from the zip
6. Select write option, select the img file, select SDcard
7. Now write
8. Pop the Sdcard into the phone, and try and power it up
9. When you do open download mode
10. Goto odin and flash a FULL STOCK TAR
11. Start from scratch
To reuse the card it will need to be formatted using fdisk, diskpart, or android
If you have issues flashing modems, firmware, or anything​
jrkruse said:
Ok here is the solution
The Stock Boot.img and Stock Recover.img that match your firmware must be flashed before any firmware can be updated on your phone. What I mean by firmware is the things other than images that are flashed in odin like the modem.bin. If your just wanting to flash a custom boot or recovery image then you can just flash them you and dont need to do any of this.
So after the Stock and Recovery images are flashed the phone needs to return to a power off state. Then a reboot to stock recovery and wipe the cache. Then reboot the phone and the goto bootloader mode from there.
After doing this the phone will allow firmwares to be flashed through odin.
Instructions
Flash the Kernel_Recovery Only either odin package or zip package in custom recovery
If using Odin uncheck reboot now then flash Kernel_Recovery package pull battery Reboot to recovery (Pwr+Hme+VolUp) wipe cache reboot phone then reboot back to bootloader and flash whatever your wanting to upgrade.
Reboot phone make sure your changes applied the you can flash your custom recovery again
If Flashing In recovery, flash the zip then reboot to recovery which will now be stock recovery and wipe cache and then power off Do not reboot, the phone must go to a poweroff state
Reboot phone then reboot to bootloader and use odin to update what ever your needing to do
Reboot Phone make sure your changes took. Then reboot back to odin and flash custom recovery or use flashfire or safestrap to flash the custom recovery zip.
If for some reason the bootloader becomes locked again simply do the unlock procedure again
https://www.androidfilehost.com/?w=files&flid=53300
Click to expand...
Click to collapse
To make the SD card usable again, format using android!
Or keep it as a backup
IF YOU FLASH STOCK BACK TO THE PHONE, IT WILL RELOCK THE BOOTLOADER, Requiring your run the script ONCE and it will be unlocked again
Source Located @ https://github.com/beaups/SamsungCID
beaups said:
its done
If any bounties applicable, please donate to "make a wish foundation" or @ryanbg (he's getting married)
--beaups
Click to expand...
Click to collapse
Sourcecode
https://github.com/beaups/SamsungCID
eMMC 11 is non-exploitable
http://forum.xda-developers.com/ver.../toshiba-11-series-bootloader-unlock-t3349346

Updated 04-08-23!!
2023 EMMC_11 Exploit To Root And Flash Custom Boot And Recovery Images Allowing Custom Roms To Be Used
This process will allow flashing custom boot and recovery images on EMMC11 S5 Yes this will allow the EMMC11 S5 to run custom roms like Lineage Than You ryanbg Summary Of What This Does You must be on G900VVRU2DPD1 bootloader for the exploit too...
forum.xda-developers.com
EMMC_11 S5 phones now have an explot that allows flashing custom boot and recovery images giving the ability to run custom AOSP based roms such as Lineage and root with Magisk root on android 6.0 bootloaders. It is not a bootloader unlock so no custom images can be flashed with odin

jrkruse said:
It doesn't work dev bootloaders are specific to the phone they don't work on other phones even other dev phones
Click to expand...
Click to collapse
I read in another forum somewhere about someone editing a hex value in a kernel to allow it to be loaded by odin (I think by changing some kind of version or product number). I expect if a VZW dev edition bootloader is specific to the phone, it incorporates some kind of IMEI or ESN check. Maybe it's possible to change that in the bootloader? Or perhaps it would work by spoofing the IMEI of the phone?

I think it's some kind of shared key encryption and that won't work

Going to take a peek then, I need a bootloader dump please? Anyone got a Dev Edition GS5?
Knowing verizon it's got a boot signature key probably with Secureboot. Damn
If thats the case, Another dead end?

GeTex said:
Going to take a peek then, I need a bootloader dump please? Anyone got a Dev Edition GS5?
Knowing verizon it's got a boot signature key probably with Secureboot. Damn
If thats the case, Another dead end?
Click to expand...
Click to collapse
Would this help?
https://docs.google.com/file/d/0B8a454A1K5eOSEJFMEZTUmMyeTg/edit
Sent from my Motorola XT912 using XDA Labs

Bobcus Leper said:
Would this help?
https://docs.google.com/file/d/0B8a454A1K5eOSEJFMEZTUmMyeTg/edit
Sent from my Motorola XT912 using XDA Labs
Click to expand...
Click to collapse
Unfortunately, no. That only includes the kernel and ROM itself. What we need is an img of a vzw dev edition aboot.mbn. This can be acquired using the dd command.
I was looking at some of the many long threads regarding attempts at unlocking the galaxy s4 as well as beaups' galaxy s5 developer edition hack, and I've come to think that what beaups did is to edit some unprotected small flag or string somewhere which is accessed by a developer ed. bootloader to check whether the phone matches the bootloader. He ran his program FIRST, then flashed what I suspect to be a signed dev edition bootloader which booted. If we can pick through the dev edition aboot.mbn with IDA pro and see where in memory the bootloader is checking to verify the phone, maybe we can copy his exploit.
If beaups had some kind of other exploit (to bypass security or other checks), there would be no reason for him to flash a new aboot.mbn, or even if so, he would have to edit some kind of string anyways to get the dev edition bl to work.
does anyone have any thoughts or feedback (or dev edition bootloaders)?

I figure I can make this work but I need a bootloader dump.

There's a guy who just posted about selling his dev edition, maybe he'd supply you with the dump??

Hariiiii said:
Unfortunately, no. That only includes the kernel and ROM itself. What we need is an img of a vzw dev edition aboot.mbn. This can be acquired using the dd command.
I was looking at some of the many long threads regarding attempts at unlocking the galaxy s4 as well as beaups' galaxy s5 developer edition hack, and I've come to think that what beaups did is to edit some unprotected small flag or string somewhere which is accessed by a developer ed. bootloader to check whether the phone matches the bootloader. He ran his program FIRST, then flashed what I suspect to be a signed dev edition bootloader which booted. If we can pick through the dev edition aboot.mbn with IDA pro and see where in memory the bootloader is checking to verify the phone, maybe we can copy his exploit.
If beaups had some kind of other exploit (to bypass security or other checks), there would be no reason for him to flash a new aboot.mbn, or even if so, he would have to edit some kind of string anyways to get the dev edition bl to work.
does anyone have any thoughts or feedback (or dev edition bootloaders)?
Click to expand...
Click to collapse
When the mmc card is initialized in aboot, it loads /populates ddi_data and ddi_priv data. These contain info about the product generated from the Cid. It checks a value in qfprom and if a certain value makes it so sw_id or sw_revision isn't checked and/or is ignored. This also happens to correspond with a value of cc_type and determines if the device is a developer edition or not. I'm guessing @beaups has an exploit that writes over the mmc card Cid so the value returns from qfprom in such a way as to register as a developer edition device and this also allows the flashing of a dev edition boot chain. I'm guessing he had to flash the dev edition boot chain because the Cid hack probably wasn't going to remain permanently to whatver he wrote to it.
Maybe he'll chime in and tell me if I'm thinking on the right path/track. I'm not sure, I didn't study the function for very long, it was just something I noticed when I was going through the note 4 aboot.

Surge1223 said:
When the mmc card is initialized in aboot, it loads /populates ddi_data and ddi_priv data. These contain info about the product generated from the Cid. It checks a value in qfprom and if a certain value makes it so sw_id or sw_revision isn't checked and/or is ignored. This also happens to correspond with a value of cc_type and determines if the device is a developer edition or not. I'm guessing @beaups has an exploit that writes over the mmc card Cid so the value returns from qfprom in such a way as to register as a developer edition device and this also allows the flashing of a dev edition boot chain. I'm guessing he had to flash the dev edition boot chain because the Cid hack probably wasn't going to remain permanently to whatver he wrote to it.
Maybe he'll chime in and tell me if I'm thinking on the right path/track. I'm not sure, I didn't study the function for very long, it was just something I noticed when I was going through the note 4 aboot.
Click to expand...
Click to collapse
I'll reply for a change. I didn't do any research on aboot or the lock mechanism, @ryanbg did. There may be other "features", but his research indicated the eMMC cid was hashed, signed, and stored in the dev edition aboot for the device it was targeted for. So in order to flash (and more importantly boot) someone's "borrowed" dev-edition aboot, you need a cid that matches the signed hash. So, yes, I just changed the CID to match that. Then the flash is easy.
--beaups

beaups said:
I'll reply for a change. I didn't do any research on aboot or the lock mechanism, @ryanbg did. There may be other "features", but his research indicated the eMMC cid was hashed, signed, and stored in the dev edition aboot for the device it was targeted for. So in order to flash (and more importantly boot) someone's "borrowed" dev-edition aboot, you need a cid that matches the signed hash. So, yes, I just changed the CID to match that. Then the flash is easy.
--beaups
Click to expand...
Click to collapse
So... This would in theory be possible then? If so, I have more digging to do. THANKYOU for the response. I'm getting a grip on this

Holy **** I was right kind of. We need a dev edition aboot with its corresponding Cid NOW

Hariiiii said:
Holy **** I was right kind of. We need a dev edition aboot with its corresponding Cid NOW
Click to expand...
Click to collapse
You also need a way to change the CID.
Sent from my XT1254 using Tapatalk

beaups said:
You also need a way to change the CID.
Sent from my XT1254 using Tapatalk
Click to expand...
Click to collapse
And therein lies the rub

Surge1223 said:
And therein lies the rub
Click to expand...
Click to collapse
Indeed I plan to release details soon, I've been working on and off with documenting it. It won't be a "double click here to unlock", but the details will be sufficient for someone with coding/technical knowledge to turn it into a functioning tool (you seem to fit that description).
--beaups

Hariiiii said:
Holy **** I was right kind of. We need a dev edition aboot with its corresponding Cid NOW
Click to expand...
Click to collapse
GeTex said:
So... This would in theory be possible then? If so, I have more digging to do. THANKYOU for the response. I'm getting a grip on this
Click to expand...
Click to collapse
I would suggest researching how/what the the CID does to effect these values though, fwiw, getting a dev edition aboot would be the least of your problems imho.

@beaups
Yes....i quickly began to realize that this was the issue. I actually have no idea where the CID is on the galaxy s5, but based on reading some of ryanbg's posts, I'm going to guess it's in the rpmb partition at mmcblk0rpmb. This post in particular seems to be the important one:
http://forum.xda-developers.com/showpost.php?p=52454292&postcount=18
I suppose the plan would be then to mount the partition as read/write, then scan through it with a hex editor, find the location of the CID in memory, and then maybe write over it using dd like in the link below? Or maybe I'm just crazy.
http://unix.stackexchange.com/questions/214820/patching-a-binary-with-dd

Hariiiii said:
@beaups
Yes....i quickly began to realize that this was the issue. I actually have no idea where the CID is on the galaxy s5, but based on reading some of ryanbg's posts, I'm going to guess it's in the rpmb partition at mmcblk0rpmb. This post in particular seems to be the important one:
http://forum.xda-developers.com/showpost.php?p=52454292&postcount=18
I suppose the plan would be then to mount the partition as read/write, then scan through it with a hex editor, find the location of the CID in memory, and then maybe write over it using dd like in the link below? Or maybe I'm just crazy.
http://unix.stackexchange.com/questions/214820/patching-a-binary-with-dd
Click to expand...
Click to collapse
No, CID is in the eMMC hardware.

beaups said:
You also need a way to change the CID.
Sent from my XT1254 using Tapatalk
Click to expand...
Click to collapse
beaups said:
No, CID is in the eMMC hardware.
Click to expand...
Click to collapse
Ok, so I found a file called CID in /sys/block/mmcblk0/device/
it has a number in it.....
it can't be that easy, can it? this is the number:
11010048313647453208872a30e41200

Related

[GUIDE]Newbie Guide for Root/Recovery/Stock Restore etc. ATT LG G2 (LG D800)

If you have KK or LP there are two ways to get back root and custom recovery:
1) THIS IS THE EASIEST WAY.
Use stumproot app from playstore or their thread to root and then cloudyfa's Autorec app to flash twrp. You can also get autorecd800[/URL from play store (easier)
OR the harder way
2) Go back to JB d80010d (see section 4) and then follow the guide for rooting and recovery (section 2 and 3)
If you are on JB and need to upgrade to ATT kitkat use garyd9's [URL="http://forum.xda-developers.com/showthread.php?p=50882393"]method
or AndroidUser00110001's method.
These methods are almost as easy as flashing ROM and keep root and recovery intact
While the information on rooting, flashing recovery, going to stock exists in LG G2 forum, I found them scattered all over and overwhelming. The different models and different ATT firmware makes it even more confusing for newbies and so I thought we should have a ATT G2 guide. This guide is a combination of various threads in G2 forums and my rooting experience.
I will try to keep this guide up to date. Please let me know if you find something wrong or missing
THANKS: autoprime, hyelton,djrbliss, WACOMalt, PhilZ, TWRP team( DeesTroy et al), Koush, CWM, thecubed,vincom, Judge Joseph Dredd, SuperSport,bigfau. If I missed someone please let me know
Content:
1) Introduction
2) How to root
3) How to flash recovery
4) How to go back to stock (ATT Firmware)
- How to flash Official ATT KitKat
5) FAQs (ADB, Loki, Download Mode, Go to Recovery etc.)
6) Troubleshooting (unbricking)
1) Introduction:
There are many variants of LG G2. The ATT version is called LG D800. This guide is specifically for LG D800.
LG D800 ships with a custom Android Firmware that has been “enhanced” by LG and ATT.
The firmware is unrooted and has its bootloader locked meaning they designed it so that you cannot flash custom ROMS.
Fortunately, XDA’ers are very smart people and ways have been found to circumvent these “security” locks.
Before we begin we need to take care of few things.
Make sure you have drivers for your phone (http://www.lg.com/us/support-mobile/lg-D800)
Enable Developer option (General Settings -> About Phone -> Software Information and tap “Build Number” repeatedly(7-10 times) till you see a toast notification )
Enable USB debugging in developer option
2) ROOTING:
You need root privileges in your phone to run various useful apps like Titanium Backup, AdAway and install custom ROMs. Fortunately, rooting is very easy. Head over to autoprime’s thread) to download the IOroot .I have tested it (on KK). It works perfectly (LP not so sure).
thecubed also has an excellent guide on rooting with a video that you should check out.
Extract the zip into a folder. (I prefer C:\LG\ioroot). Remember this location.
Turn on USB debugging on LG D800 and connect it to your computer
Windows user double click root.bat and you will see a command screen pop up. Linux and Mac user should run the shell script ./root.sh(make sure they have proper permissions- chmod 777 should do it)
Follow the instructions on that screen. They are pretty simple.
It may ask you to disconnect the phone and turn off and then on the usb debug option and then reconnect the phone. Do so if prompted
Also keep an eye on your phone. It may prompt you with a warning. Go ahead and hit continue.
Once your phone is rooted it will give you an option of backing up EFS partition. PLEASE DO SO AND KEEP IT SOMEWHERE SAFE(dropbox etc.)
The screenshots in the "Click to Show Content" below show how ioroot process will progress
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Another advantage of ioroot is that it has adb.exe in it. So if you need to do anything adb you can do that by going to ioroot folder through your command prompt.
***THIS METHOD WILL TRIP THE LG ROOT CHECK AND VOID WARRANTY. YOU HAVE BEEN WARNED*****.
If you encounter any problem head over to FAQs and Troubleshooting section
3) RECOVERY:
To install ROM’s and Kernels you need a custom recovery. Installing custom recovery is discouraged by ATT and hence the bootloader is locked. Fortunately djrbliss has released a tool called lokithat circumvents this lock and lets us flash recoveries, ROMs etc.
WACOMalt’s guide on installing TWRP is a must read for Newbies.
Before we go ahead please make sure that your firmware version is D80010d. If you have D80010o I would recommend going back to D80010d (see “How to go back to Stock” section). While you can flash recovery on D80010o, it does not behave well and you will not be able to flash some ROMs properly.
Things needed before flashing:
Proper drivers (see section 1)
ADB. There are various ways to get it but if you used ioroot you already have it
Go to windows command prompt (cmd) and go to your ioroot folder. which in my case was C:\LG\ioroot. From there you can type adb commands
For more info on ADD and how to get it see FAQs below
To flash recovery:
Get recovery of your choice. TWRP or PhilZ CWM . As of this writing TWRP by Blastagatoris preferable.
Copy the recovery image(.img file) to your adb folder (C:\LG\ioroot in my case). The twrp file is openrecovery-twrp-2.7.6.1-g2att.img. I would rename it to recovery.img just so that it is easier to type later on.NOTE: If you have a terp zip file extract the img file from the archive to use with loki
Download loki from github(https://github.com/djrbliss/loki). Select download zip on the right side on github page.The only file you need from the zip is loki_flash from bin folder.
Copy loki_flash to your adb location (C:\LG\ioroot in my case)
Run the following commands one at a time
Code:
adb push loki_tool /data/local/tmp/loki_tool
adb push recovery.img /data/local/tmp/recovery.img
adb shell
su
cd /data/local/tmp
chmod 777 loki_tool
./loki_tool flash recovery /data/local/tmp/recovery.img
exit
adb reboot recovery
**NOTE: loki_flash HAS BEEN REPLACED WITH loki_tool. JUST A NAME CHANGE. IF YOU HAVE OLDER VERSION OF ZIP REPLACE loki_tool with loki_flash**
The final command will reboot your phone and take you to your recovery
The screenshots in the "Click to Show Content" below show how the process will look like and what would happen if you try to flash non-loki image
4) How to go back to stock (ATT Firmware)
There are many reasons to go back to stock. Restoring warranty, reverting to 80100d firmware, soft bricks or plain old nostalgia. Fortunately, LG has a tool similar to odin called LGFlashTools for D800. Unfortunately, it is not as simple as odin and you have to jump through some hoops.
SuperSport has made restoring to Stock much easier with an installer.
Go to SuperSport thread and get the installer. Install the exe file and you are good to go.
An important thing to keep in mind: There is another better tool called LG Mobile Support Tool but it is for other G2 variants and not for ATT (or Sprint)
hyelton has written an excellent guide on reverting to stock. The tools in this section are from hyelton’s guide. Please read it for more information.
Before we start:
Make sure you have the drivers (section 1)
Download the LG Flash Tool
Download the firmware LGD800AT-01-V10d-310-410-AUG-14-2013.zip and LGD800_20130904_LGFLASHv160.dll files
Extract .tot file from V10d zip
To go back to stock:
Put your phone to download mode (power off. Then press the up volume button and connect it to computer without releasing the vol up button )
Once in download mode it may install stuff. Let it do so
Then change the COM port of your phone to 41 by going to devices and selecting LG G2 (see images below). Then unplug the phone and power it off
Find a key for LG Flash Tool (google search for it) and keep it with you
Now change date of your computer to 2012 January and disconnect internet
Install LG flash tool. It will ask for key. Enter it
You will see a place for loading dll file and tot file. Go ahead load files and click OK.
DO NOT CHANGE ANY OTHER SETTING
Then click on Yellow arrow
Then put you phone on download mode again (vol up and connect to computer)
You will see activity in LG Flash Tool. Let it run. It will automatically boot your phone.
Once your phone is booted and you see your all apps etc. disconnect the phone from comp.
The screenshots in the "Click to Show Content" below show how to change port to 41 and how LG FlashTool will look like when things are going OK.
Congratulations: You are all done
5) FAQs:
Tomsgt has a thread with videos on how to root, flash roms etc. that you should check out.
a) Boot to recovery:
If you have installed recovery you will need to go to it to flash stuff. Most custom ROMs have option in power menu to go to recovery. ATT Stock does not and so there are two ways to do so.
From adb type adb reboot recovery
Power off the phone. Then press volume down+power key. Do not release till you see LG logo. Then release and again press Vol down and power button. You will see a “Factory hard reset” screen that will say press power key to confirm. Do so. It will ask again. Go ahead and press power button again. Then you will boot into recovery.
b) Boot to download Mode:
If you are on custom ROM you should see this option under Power menu.
The other way to do it is Power off phone. Then while pressing volume up button plug the phone into computer. That should bring up the download mode in the phone
c) ADB (Android Debug Bridge):
ADB lets you communicate with your phone through a command line from your computer. You can upload file, flash zips, get logs etc. through adb. For the complete guide go to http://developer.android.com/tools/help/adb.html.
To get ADB you should get the Android SDK (http://developer.android.com/sdk/index.html). It is available for Windows, Linux and Mac. Once you have installed this get the Android SDK Platform Tools (ADB is in this Tools).
Windows users can just use the adb.exe in the ioroot folder (see Introduction Section). Just go to ioroot folder location from your DOS command prompt and type adb commands.
ADB drivers should have installed once you installed the drivers I had suggested in Introduction section.
Koush has a iniversal ADB driver for windows(http://download.clockworkmod.com/test/UniversalAdbDriverSetup6.msi, https://github.com/koush/UniversalAdbDriver). You can try that if you experience driver issues.
d) LOKI:
Loki is a tool/hack made by Dan Rosenberg(djrbliss) to work around the Galaxy S4 bootloader. The tool does not unlock the bootloader but tricks it into running custom kernel. There is an excellent article explaining the hack and I encourage you to read it once. Loki was ported over to G2 and gives us the ability to flash recoveries and ROMs.
As end users you really do not need to worry too much about loki. It is the ROM developers job .
Note than any OTA by ATT may well contain fix for Loki. So DO NOT TAKE OTA.
e) Flash ROM:
PhilZ CWM: Go to “Wipe Data/ Factory Reset” and select “Clean to Install a new Rom”. Once done go back to “Install Zip” and then “choose zip from sd card”
TWRP: Similar but after factory reset you will have to do a “format system” under “mounts and storage”. I have not used twrp in a while so if this is old info please let me know
6) Troubleshooting
a)Unbricking
If you are reading this you have a problem. Your phone has become a brick. But do not despair yet as there are a few ways to unbrick your phone. Let us first determine whether it is a soft brick or a hard one.
Soft Brick: Basically it means your phone is bootlooping or showing a blank screen but you can still go to recovery/download mode. The easiest way to fix this (and determine if you have a soft vs hard brick) is turn off the phone and then press the volume up button and connect to the computer (keeping vol up pressed). If you see your phone enter download mode you are fine. Just restore to stock (see section 4 of this guide). Make sure you flash 80100d firmware.
Hard Brick: If you cannot enter download or recovery mode then you may have a hard-brick. This is not a fun situation to be in but there is a fix that may work. It involves lots of linux commands and is not for newbies but then if you are hard-bricked what have you got to lose. Head over to Partager.info's thread where he explains how @Shelnutt2 helped him unbrick his phone.
reserved
reserved
Good info here for the ATT LG G2 (LG D800), Stickied. Thank you.
Judge Joseph Dredd said:
Good info here for the ATT LG G2 (LG D800), Stickied. Thank you.
Click to expand...
Click to collapse
awesome guide! thank you for taking the time to make this. a couple things suggestions i would make in the guide. first is dont use twrp 2.6.3.2. use 2.6.3.3. it is much better. also dont use the latest philz recovery as of today. it is causing alot of issues so i would change the recommendation for recoveries to twrp 2.6.3.3.
thanks again.
edit: here is a link to 2.6.3.3. no need to loki it because it has already been loki'fied.
http://techerrata.com/browse/twrp2/g2att
freebee269 said:
awesome guide! thank you for taking the time to make this. a couple things suggestions i would make in the guide. first is dont use twrp 2.6.3.2. use 2.6.3.3. it is much better. also dont use the latest philz recovery as of today. it is causing alot of issues so i would change the recommendation for recoveries to twrp 2.6.3.3.
thanks again.
edit: here is a link to 2.6.3.3. no need to loki it because it has already been loki'fied.
http://techerrata.com/browse/twrp2/g2att
Click to expand...
Click to collapse
Thanks
The issue I had was that 2.6.3.3 was a zip and not a loki image. When I tried loki_flash I encountered issue. Hence I recommended using 2.6.3.2 and then flash whatever recovery one wants(2.6.3.3 or PhilZ). But then I was on 80100o when I did that so it could have been firmware's error and not twrp's. If you were able to loki_flash the recovery.img from 2.6.3.3 please let me know.
The PhilZ recovery I recommend above is older one (with no issues )
epapsiou said:
Thanks
The issue I had was that 2.6.3.3 was a zip and not a loki image. When I tried loki_flash I encountered issue. Hence I recommended using 2.6.3.2 and then flash whatever recovery one wants(2.6.3.3 or PhilZ). But then I was on 80100o when I did that so it could have been firmware's error and not twrp's. If you were able to loki_flash the recovery.img from 2.6.3.3 please let me know.
The PhilZ recovery I recommend above is older one (with no issues )
Click to expand...
Click to collapse
yes 10o ota update gives recoveries problems. that's why it is recommended not to do the ota. twrp 2.6.3.2 is the version that takes forever to do wipes. 2.6.3.3 is the version that fixed that and now the wipes are fast.
here is a twrp 2.6.3.3 loki'd recovery. it's for d800 though and i dont think it'd work on other models. that's why the zip files have loki inside of it with a script that loki's specifically for that device. the reason loki_flash wouldnt work for you is because you were trying to use it on a zip file and not an image file. if you would have taken the image file out of the zip file and used that then it would have worked for you. like it just did for me when i just loki'd this attached image.
at&t d800 twrp 2.6.3.3 loki'd recovery = http://d-h.st/Wmg
freebee269 said:
yes 10o ota update gives recoveries problems. that's why it is recommended not to do the ota. twrp 2.6.3.2 is the version that takes forever to do wipes. 2.6.3.3 is the version that fixed that and now the wipes are fast.
here is a twrp 2.6.3.3 loki'd recovery. it's for d800 though and i dont think it'd work on other models. that's why the zip files have loki inside of it with a script that loki's specifically for that device. the reason loki_flash wouldnt work for you is because you were trying to use it on a zip file and not an image file. if you would have taken the image file out of the zip file and used that then it would have worked for you. like it just did for me when i just loki'd this attached image.
at&t d800 twrp 2.6.3.3 loki'd recovery = http://d-h.st/Wmg
Click to expand...
Click to collapse
Thanks. OP updated
I would suggest you add that users who already have the 11o update to "downgrade" to the 11d firmware.
I had lots of problems when I restored my phone back to stock using the 11o update so started fresh from the 11d firmware.
I have 10o with the lateset twrp 2.6.3.3. are you saying that I can not flash rooms with this set up, or if i do it will not work.
irokgalaxy said:
I have 10o with the lateset twrp 2.6.3.3. are you saying that I can not flash rooms with this set up, or if i do it will not work.
Click to expand...
Click to collapse
you can. but you might have complications with the rom after you boot into it.
AndroidUser00110001 said:
I would suggest you add that users who already have the 11o update to "downgrade" to the 11d firmware.
I had lots of problems when I restored my phone back to stock using the 11o update so started fresh from the 11d firmware.
Click to expand...
Click to collapse
I had mentioned that in Introduction section. Have emphasized it now- red and bold
Thanks
epapsiou said:
I had mentioned that in Introduction section. Have emphasized it now- red and bold
Thanks
Click to expand...
Click to collapse
Ha I guess I missed it. Never did learn that lesson about reading and skimming
Nice guide!
experiencing an odd problem when restoring back to factory. of course it still fails but its not that. now when i click on software update it says phone is not registered????? wth is that? now i cant update?
Excellent Work
Thanks for this information.
I was looking for this kind of information at one place, for the new comers like me.
podagee said:
experiencing an odd problem when restoring back to factory. of course it still fails but its not that. now when i click on software update it says phone is not registered????? wth is that? now i cant update?
Click to expand...
Click to collapse
can you provide with detailed steps you followed with screenshots
epapsiou said:
can you provide with detailed steps you followed with screenshots
Click to expand...
Click to collapse
http://forum.xda-developers.com/member.php?u=5182870&tab=quotes
OP updated. Added info on un-bricking (both soft and hard)
I'm trying to return to stock... But when I go into download mode It is stuck at "Firmware Update - 0%". Any tips?
Thanks for this incredible write-up.
I'm sorry, but some of the information about twrp and ota's is out of date and confusing. I just bought a D800 2 weeks ago, and it came with the 10o firmware. I did not have to downgrade, nor do I have any issues flashing or running any roms. I followed autoprime's thread and used ioroot21, and as it is repeated over and over again in that thread, downloaded freegee from the play store and flashed the proper recovery. Simple as that.
Sent from my Dark Chocolate 4.4 G2
aaronDroid80 said:
Thanks for this incredible write-up.
I'm sorry, but some of the information about twrp and ota's is out of date and confusing. I just bought a D800 2 weeks ago, and it came with the 10o firmware. I did not have to downgrade, nor do I have any issues flashing or running any roms. I followed autoprime's thread and used ioroot21, and as it is repeated over and over again in that thread, downloaded freegee from the play store and flashed the proper recovery. Simple as that.
Sent from my Dark Chocolate 4.4 G2
Click to expand...
Click to collapse
I too have 10o firmware. Please let me know if I've to really downgrade it to 10d and then root (just trying to avoid the extra step!). Also please provide that link for rooting as well. Thanks! .

[OutDated!] Working Root Method For 5.0 Lollipop Roms [OE1] [OG5] [OK3] [PB1]

THIS IS AN OUT DATED METHOD. A MUCH EASIER METHOD CAN BE FOUND
EMMC 15
EMMC 11
Scroll Down To This Post#3 For Instructions​
This is the main thread for rooting (and installing safestrap) on VERIZON Galaxy S5's running
OE1
OK3
OG5
PB1
If your firmware is NOT listed above, you MUST FIRST Follow the section that says "Flashing PB1", This will upgrade/downgrade depending on if you are on any other versions of Android. Yes it will downgrade from marshmallow, so don't ask.
Important Information​
One of the apps in this thread "Supersu-me" Is required to complete this process, otherwise you will be stuck with the Kingroot Superuser Manager(which blocks alot of actions we need). You can buy the App here. Supersu-me Pro The new version MAY NOT WORK ANYMORE!!! If you have issues, please message the developer of the app @gatesjunior, we cannot help.
If anyone wants to make a donation make a donation to @GeTex
[email protected]
A Special Thanks To @GeTex For Mods to the root.bat and updating the old instructions
A Special Thanks Also To @be free for the new simple method
WARNINGS​This Is Very Important!!! Once Your Rooted Do Not Flash Any Firmware Zips Found In My Other Threads Unless They Specify NO_BOOTLOADERS In The File Name!
Reactivation lock MUST BE TURNED OFF!!!
Before Doing Anything Please Install The Latest Samsung Drivers SAMSUNG_USB_Driver_for_Mobile_Phones_v1.5.45.0.exe
YOU MUST DO THIS
General Information​This is confirmed working on BOK3 Rom with BOK3 Bootloaders, BOG5 with BOG5 Bootloaders, BPB1 with BPB1 Bootloaders and BOE1 with BOE1 Bootloaders!, that were previously unrootable! Just make sure in bottom directions you flash the kernel that matches your firmware!
These files were provided to me by @voices! the files are by CDMA YEMEN TEAM.
I provided the method and editing of files and last but not least @alnazef34 he was the first to tell me about this.
Also would like to thank @gatesjunior for making the Supersu Me app. Please goto his thread and thank him donate to him and go buy his Super-Sume Pro at the playstore and keep a copy for future.
A Special Thanks To @GeTex For Mods to the root.bat and updating the old instructions
A Special Thanks Also To @be free for the new simple method
Understanding the process​
So alot of confusion has surfaced from this thread and how it works and I'd like to explain most of whats going on hopefully without error. When verizon updated the bootloader they made it impossible to downgrade the system back to Kitkat so we could abuse towelroot. Later it was found that while we cannot flash our Systems back we could flash the kernel, allowing us to run the same basic exploit via an ADB terminal remotely and install a root exploit. The end result is that we can then flash our kernel back to Lollipop and then use the exploit to allow kingroot to install it's root method, and then shortly after, we are able to use supersu me to remove kingroot and install SuperSu. Your original kernel is important but for the most part you should all do this on PB1 anyways. NI2 or NK2 are both kitkat kernels and can be used(one is included in the zip)to accomplish this process. because you clearly are not on a Kitkat system it will FREEZE while booting because it's not supposed to boot a lollipop system. So In order for root.bat to work(or root2.bat) you MUST flash a kitkat kernel(NI2 or NK2) and once it succeeds you must flash your original kernel(probably PB1)
Installing PB1​
(You will lose all of your app data and apps installed, your internal storage will be fine, backup is recommended anyways
1. Download G900VVRU2BPB1_G900VVZW2BPB1_VZW.zip and unzip it
2. Reboot to recovery (Power+Volume Up+Home Button) and wipe data from recovery, reboot to bootloader
3. Plug In your phone and open Odin located in the OK3_ROOT folder
3a. Make sure your phone is recognized (In the Odin Screen Under ID:COM the box under will be blue with your com port id #)
4. Click the AP button in the Odin Screen and locate and click on the G900VVRU2BPB1_G900VVZW2BPB1_G900VVRU2BPB1_HOME.tar.md5 this is the file that was unziped from the G900VVRU2BPB1_G900VVZW2BPB1_VZW.zip(Everything you do will be flashed via AP!!!!)
4a. This will take a few minutes for odin to load and verify MD5. When done in the odin message box it will say
Code:
Enter CS for MD5..
Check MD5.. Do not unplug the cable..
Please wait..
G900VVRU2BPB1_G900VVZW2BPB1_G900VVRU2BPB1_HOME.tar.md5 is valid.
Checking MD5 finished Sucessfully..
Leave CS.
5. Under options DO NOT CHANGE ANYTHING (Previously I had you check NandErase but this was part of the problem with root not finishing)
6. Now click on Start
7. When finished you will get a green box that says PASS!
8. Phone will reboot automatically to recovery and finish updating then it will restart
9. When Phone has finished loading and has booted up go through setup and do not add any google accounts or samsung accounts or anything
Rooting Instructions​Please read EVERYTHING ABOVE BEFORE CONTINUING
This is the BlackCat Update, Hopefully it's better
1. Download this zip GS5_LOLLIROOT_BLACKCAT.7z
2. Unzip folder.(You need a unzip application like 7z or Winrar)
3. Open The Folder and click Bat file #1, Install APKs, plug in your phone and follow directions
All the Steps for the main rooting process are done ON THE BAT FILES, READ THEM!!!!
If the root process hangs Close the bat, unplug phone pull battery and reboot phone to recovery (VolUp+Pwr+Home). In recovery wipe cache only and reboot. If phone reboots back to recovery instead, pull battery and manually reboot. Now plug phone back in and Launch Bat #3.
IF you get into android and cannot get root, Open bat file #2 and start from there again
If your phone wont reboot, use Bat #4 and try and enter download mode manually(VolDown+Pwr+Home)
4. Open KingRoot.apk Click The Up Arrows a couple of time until you get to Try It and click Try It and that's it don click nothing else just close Kingroot. You should now have root. If It says Root not available and the bat said your were rooted Reboot Phone and open KingRoot You should now be rooted(otherwise reboot phone and check again)
5. Optional: If you Dont want to use SuperSu Me Skip To 6 and try but if it doesnt work then you will have to use SuperSume . Now open SuperSU-Me app (This app is now a paid app so setup Google Play and buy and it will remove kinguser and replace it with SuperSu. If you can't get the Paid version to work. The SuperSu Me 6.7 version worked. So you may have to hunt that one down by asking the Dev of the app) After this process SuperSu will ask to update binary click update normal
6. Copy this G900V_Fix Safestrap.zip (It may come in handy later on) to your SD Card and Internal Storage Copy Safestrap_Flashable_Kernels and Safestrap_Flashable_Firmware and anything else you want to install like the below rom
7. Now open Busybox Installer Allow KingRoot permission click on install
8. Click on Safstrap Allow KingRoot permission then click Install Safestrap after it installs reopen Safestrap and click on install again
9. Reboot phone open Safestrap app and Click Reboot To Recovery. If during this process you every get stuck on samsung screen.
Pull battery reboot phone to bootloader (VolDwn+Pwr+Home) Plug phone into computer open Odin In the AP Slot Flash VZW_BPB1_KERNEL_ONLY.tar.md5 Located in the LOLLIROOT Folder
10. Install This zip Knox_Removal_SU_BB_INIT.D.zip If you dont want a custom rom your done!
11. If you want to flash a custom rom make a backup In safestrap. Then in safestrap Click Wipe then Click Advanced Wipe Then Wipe System,Wipe Data,Wipe Cache Then Install any rom of your choosing as long as it is a Verizon S5 TocuchWiz Based Rom CM builds will not work! If you want you can try this it is stable. If for some reason you get an error flashing zips install this zip G900V_Fix Safestrap.zip in safestrap then you will be able to install roms. That zip wipes system and formats it so you will need to install a rom or backup before leaving safestrap
VZW_BPB1_ODEX_DEODEX_V8.zip This is a fully stock rom just like you had except it is Pre Rooted Knox free Deodexed with Tethering Fix, SDWrite Fix. Other than that all the bloat is still there but now your rooted you can remove it or flash different rom whatever
12. After flashing any rom I would head over to my Safestrap Thread and flash the latest version of Safestrap
Extra Information​Extra Information
If you soft brick your device and you made a backup in safe strap, flashing the NK2 kernel will get you back into safestrap, allowing you to restore your backup
THIS DOES NOT UNLOCK YOUR BOOT LOADER!!! To Unlock the bootloader look at the Sticky in the Development Forum. You cannot flash anything through the stock recovery. Do not try to, you will softbrick!
If you try and flash a rom or anything else, make a backup first, it saves many headaches.
If you cannot flash roms with the error "set_metadata_recursive failed" or something, you likely need to start from scratch BUT with the S5 PIT file(matching your size, there's a 16GB pitfile floating somewhere)
Realize your phone warranty is likely gone after doing this, should anything arise, you can try and get to download mode and flash the stock image again and it may go back to normal status but we cannot encourage fraudulent warranties, no matter how pathetic Samsung's policies are.
If something goes wrong! Here is the Factory Tar BPB1 Full Restore Image.
G900VVRU2BPB1_G900VVZW2BPB1_VZW.zip
Here are the new safestrap flashable firmware zips with no bootloaders these are safe to flash on all versions of bootloaders
BOC4_Firmware_No_Bootloaders.zip
BOD5_Firmware_No_Bootloaders.zip
BOE1_Firmware_No_Bootloaders.zip
BOG5_Firmware_No_Bootloaders.zip
BOK3_Firmware_No_Bootloaders.zip
BPB1_Firmware_No_Bootloaders.zip
Here are the new safestrap flashable kernel zips these are safe to flash on all versions of bootloaders
G900V_OC4_Stock_KERNEL_SafeStrap-Flashable.zip
G900V_OD5_Stock_KERNEL_SafeStrap-Flashable.zip
G900V_OE1_Stock_KERNEL_SafeStrap-Flashable.zip
G900V_OG5_Stock_KERNEL_SafeStrap-Flashable.zip
G900V_OK3_Stock_KERNEL_SafeStrap-Flashable.zip
G900V_PB1_Stock_KERNEL_SafeStrap-Flashable.zip
Wow ...
Chopstix9 said:
Wow ...
Click to expand...
Click to collapse
Edit: Its confirmed Working!!
Need some testers to confirm!
jrkruse said:
Need some testers to confirm!
Click to expand...
Click to collapse
No disrespect intended but I am not going to flash up to stock locked from where I am to test it !! Come on people !!! If you have a locked phone and want root, here's your chance to contribute to a potential major break through on our phones ...
Chopstix9 said:
No disrespect intended but I am not going to flash up to stock locked from where I am to test it !! Come on people !!! If you have a locked phone and want root, here's your chance to contribute to a potential major break through on our phones ...
Click to expand...
Click to collapse
Edit: Confirmed Working!!
Notice I didn't either, but it should work since all you have to do is flash the NI2 kernel which you can still do on the oe1.og5 and ok3 firmwares. They just wouldn't let you flash the ncg system.img
Edit: Confirmed Working!!
Yes it works. However my unknown mistake after achieving root with my bok phone was that I immediately installed titanium backup and a message came up saying something about an unauthorized action. My phone rebooted and now says start up failed . Use the verizon softwair repair assistant on a computer to repair your device. Of course this is impossible. I suppose if I had installed busybox and safestap first and placed a rom on the phone I would have been ok. Fortunately the phone was a spare but I'm still not happy.
rnh said:
Yes it works. However my unknown mistake after achieving root with bok was that I immediately installed titanium backup and a message came up saying something about an unauthorized action. My phone rebooted and now says start up failed . Use the verizon softwair repair assistant on a computer to repair your device. Of course this is impossible. I suppose if I had installed busybox and safestap first and placed a rom on the phone I would have been ok. Fortunately the phone was a spare but I'm still not happy.
Click to expand...
Click to collapse
Flash the BOK3 kernel it should boot
If it doesnt, Here is the Odin Factory tar image just flash in odin G900VVRU2BOK3_G900VVZW2BOK3_VZW.zip. This does not have the BOD5 bootloaders so it will flash fine for you
Thank you JK. How you stay up with all of these threads impresses me. Flashing the bok3 kernel worked. Now to continue I should install the bb and ss because apparently using the phone just rooted with rooted apps won't work?
Also, in the process of rooting as advice to anyone who wants to do it; when using the bat program, I found if it doesn't work right away close it then reopen it and it starts right away.
With titanium backup still installed the unauthorized app messge remained so I uninstalled tb and rebooted the phone with no problem
rnh said:
Thank you JK. How you stay up with all of these threads impresses me. Flashing the bok3 kernel worked. Now to continue I should install the bb and ss because apparently using the phone just rooted with rooted apps won't work?
Also, in the process of rooting as advice to anyone who wants to do it; when using the bat program, I found if it doesn't work right away close it then reopen it and it starts right away.
With titanium backup still installed the unauthorized app messge remained so I uninstalled tb and rebooted the phone with no problem
Click to expand...
Click to collapse
I added the apk above that will work with lollipop
So it seems this works!. The only thing you will want to do is make sure the kernel you flash after you root matches your firmware so you dont get the unauthorized actions message!. And I would get a custom rom flash asap because the stock verizon rom still has knox. I posted in the OP the files you should need to get busybox and lollipop safestrap installed
Edit Root_OG5_V2.zip contained a folder called SafeStrap Flashable Firmwares please dont use these as they contain older bootloaders and may brick your phone. So if you downloaded Root_OG5_V2.zip before i pulled it please dont use those zips
Edit Root_OG5_V3.zip Contains all the files you will need
Tried it, and got stuck after the NI2 kernel update. The batch file would never recognize the device again... ended up having to wipe and recover... more than happy to try again though
***my bad, tried the old method... didn't realize it was updated.
---------- Post added at 07:20 AM ---------- Previous post was at 06:29 AM ----------
confirmed working! You guys rock!
We have a winner! I followed the steps exactly and poof ROOT!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks millions
Mine does not reboot after the .bat file fails the first time. I continue on, and when I get to the samsung screen, and I run the .bat once more it gets stuck at 'installing root now' and does not proceed. Help would be appreciated!
Awesome job @jrkruse.
I don't personally need this because I never updated my bootloader but for all of the people out there who updated via OTA or bought a phone that was already updated, you are a life saver.
As always, great work.
---------- Post added at 07:43 AM ---------- Previous post was at 07:27 AM ----------
Actually, I'm quite curious if I may just want to do a full stock Odin flash of OK3 (bootloader and all) since I never plan on going back to kitkat and I can just gain root and deodex the ROM myself for Xposed afterwards.
I've noticed that using the old bootloader with new updates causes my phone's screen to do weird things when I try to charge it while it's off. Using the correct bootloader may fix that.
so once more, I have installed every package for the SDK. Modded my paths correctly so that adb is usable.
flashed phone back to the OK3 .tar provided.
I run the .bat, it sees the phone and attempts to install root.
I now get 1 of two results.
first, it will hang at 'installing root now' and never proceed, or it will error out "error; device not found" and fail. Neither of these options promp a reboot.
as I mentioned earlier, if I proceed to install the kernal provided, the screen gets stuck at samsung, and the .bat once again hangs at 'installing root now'
Aireos said:
so once more, I have installed every package for the SDK. Modded my paths correctly so that adb is usable.
flashed phone back to the OK3 .tar provided.
I run the .bat, it sees the phone and attempts to install root.
I now get 1 of two results.
first, it will hang at 'installing root now' and never proceed, or it will error out "error; device not found" and fail. Neither of these options promp a reboot.
as I mentioned earlier, if I proceed to install the kernal provided, the screen gets stuck at samsung, and the .bat once again hangs at 'installing root now'
Click to expand...
Click to collapse
Maybe try using a different port on your computer. Did you goto developer options and enable usb debugging? After that did you accept the Allow USB debugging dialog
View attachment 3606452
jrkruse said:
Maybe try using a different port on your computer. Did you goto developer options and enable usb debugging? After that did you accept the Allow USB debugging dialog
View attachment 3606452
Click to expand...
Click to collapse
I have enabled debugging, and have tried different ports. Must've gone over every detail about 6 times total. For now, I just flashed back to factory. Will try again in a few hours if I get some decent replies..
Juust brought my spare to work. Seeems I was on boe1. Is there a kernel for that? I don't think it will do a software update to bok while rooted.

[GUIDE][HUAWEI TAG-Lxx] P8 lite smart/GR3/Enjoy 5S Modding (unlock, root ecc...)

INFO
This device have different names in different countried (TAG-L01/L03/L13/L21/L22/L23 ecc..), but they are the same, everything writed in this post work on every TAG-Lxx device.
DISCLAIMER FOR ANDROID 6.0
A lot of people asked me to port android 6 or 7, so i answer once and for all:
I have alredy tryed but kernel needs some changes, the problem is that kernel source code they provided is simply incomplete! Compiled kernel without any mods don't boot at all
I've checked and i found that the first problem that cause this is missing/wrong lcd driver(this is the first but i think there are a lot of other driver missing)
So this are the options:
-fix it myself and add drivers from other device(already tried, risked to damage my device, i won't do anymore)
-ask huawei for correct source(i will try)
-find a way to bypass this changing android source(if kernel is not compatible by android, i can make android compatible with kernel), but its not easy
STOCK ROM
Single sim version(system dump of TAG-L01)
I can't find it on internet, so i have created a flashable zip that contains system and boot dumped from my device(using TAG-L22 offical one, because this is the only firmware i have found)
update.zip
if something goes wrong place it into your sdcard, reboot into recovery and flash it, your device is now fully working
-build: TAG-L01C212B123
-brand:TIM
-rooted:yes
this is my dump:
https://www.androidfilehost.com/?fid=24591000424961455
This zip contains boot recovery and system image of my device.
Dual sim version(offical TAG-L22, work on every dual sim variant)
official download link
UNLOCKING BOOTLOADER
Unlock bootloader is the same for all huawei devices:
-enable developer options(7 tap on build number)
-enable "oem unlock"
-go into http://emui.huawei.com/en/plugin.php?id=hwdownload and register an account
-select chinese language (is important, otherwise you can't access bootloader unlock page)
-click on the green lock and select first choice
-accept
-you are now into bootloader unlock page
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
-serial number can be found in settings/about phone/state
-IMEI have to be in the phone box
-product id can be found writing *#*#1357946#*#* in phone dialer
-solve captcha and click on the blue button
-you have bootloader unlock code
-MAKE A BACKUP, BECAUSE WHEN YOU UNLOCK YOUR DEVICE WILL BE FACTORY RESET
-put your indevice in bootloader mode(by using "adb reboot bootloader" or by volume up+power and selecting fastboot mode)
-type "fastboot oem unlock yourcode" (i suggest to write code letter by letter, copy-paste has not worker for me)
-type "fastboot oem get-bootinfo" and you have to see unlocked:yes
-type "fastboot reboot" to reboot into android
ROOT
recommender method(need an unlocked bootloader):
-Install twrp(look under for the link)
-download supersu
-reboot into recovery and flash it
phone can be rooted also without unlocking bootloader, but if something goes wrong to fix you need an unlocked bootloader, and i'm receveing a lot of report of people who have bricked, so i won't show how to do it anymore.
Restore huawei bootlogo(for branded devices)
Thanks a lot @ervius !
download
simply run logo_huawei.bat (or, if you are on linux read that and run all commands inside)
If SIM card is not recognised:
Sometimes, if you wipe data or change rom you will face this problem, fix is easy(but need root):
-go into / and delete nvdata folder(you will see a "read-only filesystem" message, ignore it)
-reboot(not soft reboot, normal reboot)
CUSTOM RECOVERY
TWRP 3.0.2-0
CUSTOM ROMS
Cyanogenmod 12.1
XPOSED
Official thread
-download Xposed for EMUI 3.1 Android 5.1.1 arm64 version
-flash it using twrp
-download and install this apk
NOTE:some module won't work because this device have emui
Thanks, I've been waiting weeks for this!
Can confirm TWRP works on my GR3 (TAG-L13) and was able to SuperSU from there.
felzam said:
Thanks, I've been waiting weeks for this!
Can confirm TWRP works on my GR3 (TAG-L13) and was able to SuperSU from there.
Click to expand...
Click to collapse
Good
Now you can also install xposed and other mods, i'm uploading a zip that fully re-stock this device, so if something goes wrong you can easily restore (some kind of "official firmware" but based on my dump, because official does not exist)
edit: ah ok, you have a TAG-L13, so probably with this firmware your sim wont work
what about tag l21
MedNour said:
what about tag l21
Click to expand...
Click to collapse
This guide will work and TWRP also, TAG-L01 and TAG-L21 are identical, the only problem is dual sim(so if i will succed compiling cyanogenmod, you probably can't use your sim)
mac12m99 said:
This guide will work and TWRP also, TAG-L01 and TAG-L21 are identical, the only problem is dual sim(so if i will succed compiling cyanogenmod, you probably can't use your sim)
Click to expand...
Click to collapse
good news then but i will be able to use 1 sim and micro sd ????
mac12m99 said:
This guide will work and TWRP also, TAG-L01 and TAG-L21 are identical, the only problem is dual sim(so if i will succed compiling cyanogenmod, you probably can't use your sim)
Click to expand...
Click to collapse
Cyanogenmod would be wonderful! I have major push notification problems while on WiFi and would love to move away from EMUI. Would it work on different versions though (on any TAG-LXX)?
MedNour said:
good news then but i will be able to use 1 sim and micro sd ????
Click to expand...
Click to collapse
Micro sd not, but probably all sims will not work
felzam said:
Cyanogenmod would be wonderful!
Click to expand...
Click to collapse
Yes
I have compiled succesiful, but don't boot, i need more time...
felzam said:
I have major push notification problems while on WiFi and would love to move away from EMUI.
Click to expand...
Click to collapse
Settings, protected apps, allow all apps that you want notification
felzam said:
Would it work on different versions though (on any TAG-LXX)?
Click to expand...
Click to collapse
Yes, but in dual sim devices proably sim will not work
Just wanted to say i'm also looking forward to see if an update to Android 6 is possible.
TheEversor said:
Just wanted to say i'm also looking forward to see if an update to Android 6 is possible.
Click to expand...
Click to collapse
There is only a stock rom on internet and is android 5.0(for TAG-L22), so for now no 6.0
My goal is compiling cyanogenmod 13(whitch is based on android 6), but it will take a lot of time.
mac12m99 said:
There is only a stock rom on internet and is android 5.0(for TAG-L22), so for now no 6.0
My goal is compiling cyanogenmod 13(whitch is based on android 6), but it will take a lot of time.
Click to expand...
Click to collapse
I'm absolutely new to this kind of things, but would it be theoretically possible to cook the huawei rom for the Honor 5X (also known as GR5) that is Android 6, adding the drivers of the official Android 5 huawei rom of the GR3 or TAG-L01 ?
TheEversor said:
I'm absolutely new to this kind of things, but would it be theoretically possible to cook the huawei rom for the Honor 5X (also known as GR5) that is Android 6, adding the drivers of the official Android 5 huawei rom of the GR3 or TAG-L01 ?
Click to expand...
Click to collapse
No, because has different hardware, i have to found a device that have the same processor whitch have android 6.0, but i will do late, first i have to build cm12.1(based on the same android version that have this device)
Hang on boot and adb driver problem
Dear friends, I made a little mess and I need your help.
I followed the guide by mac12m99, but I did some mistakes. A little recap:
1) I became developer (7 taps on build) -> OK
2) I enabled ADB debug, OEM unlock -> OK
3) Connected the phone while OS was running and did "adb reboot bootloader" -> OK
the phone booted in "fastboot mode". Now I had a problem: I cannot connect the phone anymore: if I tried "adb devices" no device was found. I think this is a driver related problem (I use Win 7 64bit). I googled a lot, but I wasn't able to find a working driver to solve this issue.
And now I made my BIG mistake! Since I couldn't connect the phone correctly to unlock the bootloader, I tried Kingroot -> success. But I don't like Kingroot much, due to many permissions requested. So I switched Kingroot with superSU using a guide from another forum (sorry I cannot post links).
During the process superSU asked for upgrading and I did -> success, but... after reboot the phone hung on boot.
Panic! tried to factory reset it, but after boot still hung.
Now I don't know how to proceed.
So I need your help:
1) Where can I find the correct driver to connect Win7 64 bit to the phone in fastboot mode ?
2) How could I revive the phone ? I thought if I successfully connect the phone in fastboot mode, maybe I could unlock the bootloader and see if the boot proceeds.
Thank you for your help, and sorry form my English and my ignorance.
mac12m99 said:
INFO
...
I can't find it on internet, so i have created a flashable zip that contains system and boot dumped from my device(using TAG-L22 offical one, because this is the only firmware i have found)
[ mediafire URL ]
if something goes wrong place it into your sdcard, reboot into recovery and flash it, your device is now fully working
-build: TAG-L01C212B123
-brand:TIM
-rooted:yes
Click to expand...
Click to collapse
Sorry but this content has been removed from Mediafire. Could you upload it again? Thankyou
Hang on boot and adb driver problem - update
OK I solved the first problem: it was a driver related problem as suspected. I succeeded to flash recovery and from there superSU, but after reboot still hang. So I need the stock image to revert the situation. I didn't understand well which image I should use: the first one from Mediafire (not available) or the second one: dumped from your device ? If I should use the second one: what is the procedure? Thank you
Triglia said:
OK I solved the first problem: it was a driver related problem as suspected. I succeeded to flash recovery and from there superSU, but after reboot still hang.
Click to expand...
Click to collapse
Did you unlocked the bootloader?(i guess yes, because twrp booted)
If yes, you have done a factory reset, so it needs 3-4 minutes to re-create cache and then will be working
Triglia said:
So I need the stock image to revert the situation. I didn't understand well which image I should use: the first one from Mediafire (not available) or the second one: dumped from your device ? If I should use the second one: what is the procedure? Thank you
Click to expand...
Click to collapse
They have blocked it
If waiting don't work, for now do this:
-go here
-search for gr3
-download firmware
-flash it using twrp
If you have a TAG-L01 SIM will not work, but device is usable.
If you use the second one you can only flash stock recovery, because system partition is refused by bootloader , but i think you can flash it using adb and twrp(an advanced method, i you want i can explain )
mac12m99 said:
Did you unlocked the bootloader?(i guess yes, because twrp booted)
If yes, you have done a factory reset, so it needs 3-4 minutes to re-create cache and then will be working
They have blocked it
If waiting don't work, for now do this:
-go here
-search for gr3
-download firmware
-flash it using twrp
If you have a TAG-L01 SIM will not work, but device is usable.
If you use the second one you can only flash stock recovery, because system partition is refused by bootloader , but i think you can flash it using adb and twrp(an advanced method, i you want i can explain )
Click to expand...
Click to collapse
Since I'm using TAG-L01 TIM branded, I think I should use your dump. Please explain me how to do. Meanwhile I'm downloading your image.
What do you mean that the SIM won't work? I cannot use it as a telephone anymore???!!!
Thank you.
Triglia said:
Since I'm using TAG-L01 TIM branded, I think I should use your dump.
Click to expand...
Click to collapse
So waiting have not worked?
Triglia said:
Please explain me how to do. Meanwhile I'm downloading your image.
Click to expand...
Click to collapse
-boot into twrp
-place system.img in internal sdcard
-type this:
Code:
adb shell
dd of=/sdcard/system.img if=/dev/block/mmcblk0p22
-flash boot.img using the recovery method(install-install image ecc..)
-reboot and wait 3-4 minutes
But if my firmware wasn't deleted, you can restore by easily flash the zip
Triglia said:
What do you mean that the SIM won't work? I cannot use it as a telephone anymore???!!!
Click to expand...
Click to collapse
Because my firmware was deleted, i've linked to you the only "official firmware", that is for the TAG-L22, i've tested it on TAG-L01 and everything work but SIM not(this firmware is not branded), it means that using this will not work, but if you install another that work, SIM will work
Triglia said:
Thank you.
Click to expand...
Click to collapse
Welcome
mac12m99 said:
So waiting have not worked?
-boot into twrp
-place system.img in internal sdcard
-type this:
Code:
adb shell
dd of=/sdcard/system.img if=/dev/block/mmcblk0p22
-flash boot.img using the recovery method(install-install image ecc..)
-reboot and wait 3-4 minutes
But if my firmware wasn't deleted, you can restore by easily flash the zip
Because my firmware was deleted, i've linked to you the only "official firmware", that is for the TAG-L22, i've tested it on TAG-L01 and everything work but SIM not(this firmware is not branded), it means that using this will not work, but if you install another that work, SIM will work
Welcome
Click to expand...
Click to collapse
Waited for about 15 min. but still hang.
In the file image "zt...G-L01_stock.gz", there is only 1 file "HUAWEI TAG-L01 stock" about 3.8Gb uncompressed. There is no "system.img " file.
I cannot restore a different ROM, I need to use the phone. Please could you send me the correct file? I sent you a private message with my direct contacts.
[SOLVED] hang at boot after Kingroot to superSU switch
After 2 days of test, and with the essential help of mac12m99 :highfive:,
I succeeded to revive my phone. It was necessary to flash the "update.zip" from the first post (but unavailable in the last days) and my phone was back, then I started again from scratch.
A suggestion: DO NOT try to switch from Kingroot to superSU using "superSUME", because you'll end in soft brick as I did.
If you gained root access through Kingroot and you want to switch to superSU, you should do the following:
1) Be sure that Kingroot is installed and working
2) Disable root from Kingroot itself, and uninstall Kingroot (you can do everything within Kingroot's options)
3) reboot in recovery (TWRP)
4) install superSU from TWRP
5) reboot: you are rooted again but with superSU and the phone is still working :good:
So, a big THANK YOU to mac12m99, for his precious help and patience and happy modding to everyone.

[ROOT] [MAGISK] (Without Recovery) Root your device with MAGISK Without Recovery

Hello Everyone,
This is my first tutorial here.
So, any mistakes should be reminded in the thread.
==================================================
Guide for rooting with MAGISK​==================================================
This guide is for those devices for which currently there is no custom recovery available. So, don't be sad instead have MAGISK Root for your device and and sleep well.:angel:
Note - USE THIS GUIDE ON YOUR OWN. I AM NOT RESPONSIBLE IF YOU END UP BRICKING YOUR DEVICES.
BETTER KNOW WHAT YOU ARE DOING AND ITS CONSEQUENCES.
==================================================
REQUIREMENTS -
1 - An Android 5.0+ device
2 - PC with working ADB
3 - Stock boot image (boot.img) of your device
4 - Magisk Manager app
5 - A good file browser like Mixplorer, Solid explorer etc..
6 - Active Internet connection
7 - Active mind and patience.
==================================================
Step 1: Patching the stock boot.img
- Install MagiskManager apk on your android device
- Copy the stock boot.img of your device to your phone's internal storage or SD card
- Launch Magisk Manager app
- If prompted to install Magisk, select NO THANKS
- If you are using a samsung device and wish to flash using Odin, then select Options > Settings > Update Settings > Patched Boot Output Format > img.tar )
- Select Install > Install > Patch Boot Image File >
Navigate to the location of the stock boot.img you copied earlier on, then Select it
-Magisk Manager should begin downloading the magisk zip file used for patching
-Once download is complete, MagiskManager will automatically patch the boot file and store it under SDcard/MagiskManager/patched_boot.img[.tar]
Step 2: Flashing the patched boot.img
You have a variety of options to flash the patched boot.img depending on your chipset (e.g Mediatek MTK, Spreadtrum SPD, Qualcomm QLM etc ), the resources you have and your skills. Note that some flashing methods might require you to rename the file to boot.img
- For those using MTK devices and have the specific scatter file for their device, you can flash the patched boot.img using SP flash tool or Miracle Box
-For those using SPD devices and have the PAC file for their device, you can flash the patched boot.img using Research download tool by replacing the stock boot.img with your patched boot.img
- For those using Samsung devices and then use ODIN to flash.
-You could also use Fastboot to flash the patched_boot.img or boot.img (if you've renamed then the command must reflect the file name) as outlined below
How to Flash patched_boot.img using Fastboot
-Setup adb and fastboot on your PC.
-Unlock the phone's Bootloader (if its not unlocked)
-Re-enable USB debugging on the phone
-Connect the phone to the PC via USB cord
-Boot into fastboot mode.
-Flash the patched_boot and reboot by typing in the commands below into adb CMD prompt window and hitting Enter after each line -
Code:
fastboot devices
fastboot flash boot patched_boot.img
fastboot reboot
Click to expand...
Click to collapse
-Verify root using Root Checker
Credits goes to topjohnwu of XDA for Magisk
Also to X3non of Hovatek for original guide.
Does this work with lenovo vibe k4 note?
I think this thing would be risky to do.
Or what do you think?
Does the bootloader need to be unlocked still? I have a S6 Active (sm-g890a) that I would love to root with this method but I haven't wanted to try anything in fear of bricking. Sorry for the newb question but I'm a noob.
Sent from my SM-G900V using XDA Labs
2FrEsH99 said:
Does the bootloader need to be unlocked still? I have a S6 Active (sm-g890a) that I would love to root with this method but I haven't wanted to try anything in fear of bricking. Sorry for the newb question but I'm a noob.
Sent from my SM-G900V using XDA Labs
Click to expand...
Click to collapse
if the bootloader checks boot.img, it will fail since Magisk patches the boot.img and it will have an invalid signature.
This process is only useful for locked bootloaders that do not check boot.img or people who want stock or are stuck with stock recovery.
2FrEsH99 said:
Does the bootloader need to be unlocked still? I have a S6 Active (sm-g890a) that I would love to root with this method but I haven't wanted to try anything in fear of bricking. Sorry for the newb question but I'm a noob.
Sent from my SM-G900V using XDA Labs
Click to expand...
Click to collapse
Hi, the best way is to flash a custom recovery beforehand. But if you can't find you can go for this method but bootloader must be UNLOCKED. And also if anything goes wrong even if the bootloader is UNLOCKED , the phone will only be soft brick not hard brick. But the best thing will be a custom recovery method.
Cjoman said:
Does this work with lenovo vibe k4 note?
Click to expand...
Click to collapse
If your device bootloader is UNLOCKED, then you are good to go. But you should look for a custom recovery for your device and flash magisk.zip . Try this method only if you can't find one. Although every method is risky, you should play safe.
DE SEXIEST said:
I think this thing would be risky to do.
Or what do you think?
Click to expand...
Click to collapse
Of course this method is risky yet safe.
If you have a less secure device with UNLOCKED bootloader, you should try this.
But the best thing will be to find a custom recovery or try to port one.
This method should work on most devices.
Aquib132 said:
If your device bootloader is UNLOCKED, then you are good to go. But you should look for a custom recovery for your device and flash magisk.zip . Try this method only if you can't find one. Although every method is risky, you should play safe.
Click to expand...
Click to collapse
Okay thanks!
---------- Post added at 02:33 AM ---------- Previous post was at 02:03 AM ----------
Will this factory reset my phone?
does it work / may work with S9 plus G965U Qualcomm chipset?
as i didn't find any Oem unlock option in the developer menu.
A7 2017 (Android 8)
So i have an a7 2017 with android oreo or know as 8.0.0. So i want to flash the patched boot image with odin. How do i do that? Like i understand you need oem unlocked but where do you flash it specifically in odin?
Use ADB and the push command.. Be careful what you type.. This thing is a ***** to get the first time.. I wish you good luck
---------- Post added at 07:16 AM ---------- Previous post was at 07:10 AM ----------
Remember one other thing.. Sammy can not use Fastboot.. It's not that it's bad.. But it just won't in most cases.. Try CROM first to unlock the bootloader
Thanks, very helpful!
Well i tried to root my phone before with cf auto root and with twrp and it said device verification has failed or something. Will it happen for this device?
How do i copy the stock boot image onto my internal storage?
I'm having a question: does the new patched_boot.img file also contain my personal data? If not, then what's the best way to make a backup so that when I restore it my phone to be just like I didn't do anything to it(it should have all my apps, files,contacts, accounts etc untouched), but to be rooted? I have a Elephone a4 and I can't set up a custom recovery, that's why I want to follow this tutorial...
Pcarioca said:
I'm having a question: does the new patched_boot.img file also contain my personal data? If not, then what's the best way to make a backup so that when I restore it my phone to be just like I didn't do anything to it(it should have all my apps, files,contacts, accounts etc untouched), but to be rooted? I have a Elephone a4 and I can't set up a custom recovery, that's why I want to follow this tutorial...
Click to expand...
Click to collapse
Go to smart switch and create a backup.
Easy peezy
Works as advertised. One thing i would add to the guide is copying the patch boot img to where the command prompt window is opened. If i was using my noodle, it would be an unspoken, but i forgot and had to reboot once more. This would've saved me about 30 seconds, but i won't complain. I am on the moto z2 force sprint may 1 update with an unlocked bootloader
I think this thing would be risky to do.
emod0705 said:
Try CROM first to unlock the bootloader
Click to expand...
Click to collapse
Sir what is CROM?

2022_VZW_EMMC_15_ AIO_Tool To Unlock_Bootloader+Install_TWRP And MM_QL1_Rooted_Rom Works On Any Version Bootloaders_MM_LL_KK-Reactivation Lock Remover

This Process Will Root Phone Unlock Your VZW EMMC 15 Chipset Bootloader Install TWRP Recobery And Imstall Latest QL1 Stock Rom .​
Downloads
S5_Root_Tools_2023.7z
EMMC_15_Rom.zip -- Stock QL1 6.0
Directions For Unlocking Stock Phone
I would recommend Windows defender is turned of before starting
1. Download S5_Root_Tools_2023.7z and unzip
2. Make sure Usb debugging is enabled on your phone
3. Plug in phone and run Safestrap.exe and follow directions on command window
4. This process is pretty much 1 click all automatic except following command window prompts
5. This will detect if your phone is EMMC 11 or 15
6. If it detects EMMC 15 it will automatically unlock your bootloaders.
7. Once process is done reboot too twrp and flash rom of choice or use provide one and flash root zip of choice
Regular Magisk
Releases · topjohnwu/Magisk
The Magic Mask for Android. Contribute to topjohnwu/Magisk development by creating an account on GitHub.
github.com
Magisk Delta
Releases · HuskyDG/magisk-files
Contribute to HuskyDG/magisk-files development by creating an account on GitHub.
github.com
ETFSU
EFTSU Root Solutions
The Largest Database for the Root Solutions on the Internet
eftsu.com
Safteynet Fix Module
Releases · kdrag0n/safetynet-fix
Google SafetyNet attestation workarounds for Magisk - kdrag0n/safetynet-fix
github.com
Old Method And Old Downloads
EMMC_15_SS_Install_QL1_6_0_1_MM_Bootloader_Unlock_AIO_Rom.zip -- Rom Zip
EMMC_11_S5_Root_Tools_2022_V7.7z
-- Files Needed To Root Phone
Instructions To Root And Install Safestrap
**If you already have safestrap installed you can skip to Instructions To Unlock Bootloader
**If you are already rooted but do not have safestrap installed download View attachment S5_Safestrap.apk install then skip to Instructions To Unlock Bootloader**
Directions
1. Download both files and unzip EMMC_15_And_11_S5_Root_Tools_2022_V7.7z
2. Reboot phone too Download Mode by holding Power+VolDwn+HomeButton as phone starts up
3. Plug phone into computer and open the Odin provided in the above file in the Odin_Folder
4. In Odin Choose BL slot and choose the COMBINATION_VZW_FA44_G900VVRU2APA1_VZW2APA1_2572656_REV00_user_mid_noship_MULTI_CERT.tar.md5 Located in the Odin_Folder
5. Flash the file using provided Odin let phone reboot. This will wipe your phone
6. Once phone is rebooted make sure its plugged into computer and phone use recognized by computer
7. Run the Install_One_Click.cmd this should install safestrap. If this method fails countinue with below methods.
8. If above method fails you can reboot and try again or run the Manual_Install_Root_Apps.cmd and try below methods to root
Towel Root Method
These steps are only needed if above root method failed
1. You need too be connected to a network. Try one of towel root apps and if not successful then try the other one. If it doesn't work go to King root section
2. If towel root succeeds then run the click on the super su app and choose to update su binary and choose normal once successfully updated reboot phone
King Root Method
These steps are only needed if towel root failed
1. You will need to be connected to a network. Click on King root app then click try root
2. Once root is successful don't click on the optimize and close the king root app.
3, Run the Manual_Install_SuperSu.cmd
Installing Safestrap
9. This only needs to be done if 1Click bat method failed. Now click on safestrap app and clisk install safestrap click allow in root dialog app once installed click reboot to safestrap
10. Busybox must be installed ifirst if you used towelroot method too root
Instructions To Unlock Bootloader
11. Enter safestrap now in safetrap it will ask you to swipe to allow modding system make sure to do this now . If you have not copied the EMMC_15_SS_Install_QL1_6_0_1_MM_Bootloader_Unlock_AIO_Rom.zip from the EMMC_15_Bootloader_Unlock_Zip folder do so now Click install tab and choose EMMC_15_SS_Install_QL1_6_0_1_MM_Bootloader_Unlock_AIO_Rom.zip and install.
12. When done phone will power off.
13. Reboot phone to recovery you should now have TWRP recovery installed and the choose wipe the advanced wipe and wipe data only then reboot
14. Phone will reboot and stick on red Verizon screen for probably 15 to 20 min be patient. When finally booted you will have an unlocked bootloader with TWRP recovery running a Deodexed Rooted QL1 stock MM 6.0 Rom Rooted with EFTSU with root hide and safetynet pass module
Disabling Reactivation Lock
Thanks bbsc
1. Follow above directions too obtain safestrap and root
2. Download and flash EMMC_11_NCG_KK_Safestrap_Full.zip in safestrap then wipe data
This has Samsung Setup Wizard removed so you can get through setup
3. Set up a wireless connection or use your SIM-card and internet connection from your provider.
4. Navigate to Settings - Security, find Reactivation Lock and untick it. The phone will ask you for your existing credentials or to register a new Samsung account. Accept too update app then allow google check when it ask
5. Login to your new account and you will be able to untick Reactivation Lock.
6. When it unticked, Navigate to Settings - Backup Reset - Factory data Reset.
7. Phone will reboot too stock recovery and wipe data and remove current samsung account and you are good too go.
8. Now proceed with unlocking bootloader step 11 you have to enter safestrap from the safestrap splash screen on bootup its not installed as a recovery image because stock recovery is needed
Credits
beaups Sourcecode and tool
ryanbg
haggertk For his CID
autonomousperson For compiling the source to a app
magic_man185 For compiling the source
GeTex
klabit87 - Basically Everything
@GSMCHEN Lots of stuff
elliwigy Lots of stuff
afaneh92 -Safestrap and too much too mention
Sourcecode
https://github.com/beaups/SamsungCID
Instructions for downgrading or updating bootloaders can be found here
2022_VZW_EMMC_15_Chipset For Unlocked Dev BL To Downgrade To LL_KK Or Upgrade To MM_And Keep Unlock Bootloader
This Process Will Update Or Downgrade Your VZW EMMC Chipset DEV Aboot Bootloader Unlocked S5 To Marshmallow 6.0 Lollipop 5.0 Or Kitkat 4.2 or 4.4 Root And Unlock Instructions Can Be Found Here EMMC 15 Rooting And Bootloader Unlocking EMMC 11...
forum.xda-developers.com
​
jrkruse said:
mine
Click to expand...
Click to collapse
Nice job man! [emoji106]
stang5litre Edition 5.0 Roms
stang5litre said:
Nice job man! [emoji106]
stang5litre Edition 5.0 Roms
Click to expand...
Click to collapse
I was bored so I thought it would be fun to mess around with some old school stuff. Man things were alot more simple back in these days
@jrkruse awesome job...!! :good:You definitely must be bored... Lol. May try that on an old one for craps and giggles... Lol. Again, awesome to bring a lil history back to life... :good:
jrkruse said:
I was bored so I thought it would be fun to mess around with some old school stuff. Man things were alot more simple back in these days
Click to expand...
Click to collapse
Nice job man, much appreciated.
If you ever get bored try to make a pre-rooted rom/safestrap recovery (course no bootloader unlock) for the G930U/G935U with the latest firmware UUESACSI1 (Aug 27 2019), since it looks like Samsung has stopped updating this phone, or better yet a root-patcher for a stock sytem.img like you did for the G950/N950. I have uploaded the latest eng-boot vA/10 here: https://forum.xda-developers.com/sho...postcount=1826
jrkruse said:
I was bored so I thought it would be fun to mess around with some old school stuff. Man things were alot more simple back in these days
Click to expand...
Click to collapse
How do I update the bootloader and rom to newer QL1 if I had already unlocked the bootloader and installed twrp with much older stock rom and bootloader?
I still have the stock rom from 2016 when the bootloader unlock method was discovered.
googlephoneFKLenAsh said:
How do I update the bootloader and rom to newer QL1 if I had already unlocked the bootloader and installed twrp with much older stock rom and bootloader?
I still have the stock rom from 2016 when the bootloader unlock method was discovered.
Click to expand...
Click to collapse
https://forum.xda-developers.com/ve...ent/vzwemmc15chipset-dev-bl-unlocked-t4010757
Sent from some device I modified
the rar seems to be corrupted ... says unknown or damaged format. I tried a few of the download points.
Would you be able to re-create / upload?
bigstack said:
the rar seems to be corrupted ... says unknown or damaged format. I tried a few of the download points.
Would you be able to re-create / upload?
Click to expand...
Click to collapse
What are you extracting it with?
Sent from some device I modified
First of all, thank you so very much Jkruse! I followed all of your instructions and everything went perfectly! The reason why I wanted to get this completed on my old S5, is that we want to gift this phone to my wife's mother. The catch is, she only speaks Russian, and I was wondering if I would now be able to flash an international version of firmware on the S5, so that she can have access to Russian as a language option? Is this doable?
Remedy1230 said:
First of all, thank you so very much Jkruse! I followed all of your instructions and everything went perfectly! The reason why I wanted to get this completed on my old S5, is that we want to gift this phone to my wife's mother. The catch is, she only speaks Russian, and I was wondering if I would now be able to flash an international version of firmware on the S5, so that she can have access to Russian as a language option? Is this doable?
Click to expand...
Click to collapse
Its really no easy process to flash an international rom if you are using Verizon then data will probably not work with out some editing. You can always try it but Verizon will probably need Verizon csc stuff to work and build.prop edits.
Sent from some device I modified
Hey thanks for this post! I was worried about using some of the old guides on my phone, glad I found this.
However, I have a question due to why I want to root my phone.
My situation: My phone went through the factory reset process without giving me a warning before doing so. I plan on rooting my phone and trying a few different methods for recovering the files.
My Main Question: Will I be good to go with a fully rooted phone after completing step 12?
I don't feel a need to unlock the bootloader for what I'm doing (although I might do so anyway after I'm done attempting to recover files).
I've never rooted a phone before. Aside from verifying that I'm using the EMMC 15 chipset (I used the eMMC_CID_Checker_apk from this thread:https://forum.xda-developers.com/ve.../testers-required-easier-root-method-t3561529), is there anything else I should do or know about?
SaltedSand said:
Hey thanks for this post! I was worried about using some of the old guides on my phone, glad I found this.
However, I have a question due to why I want to root my phone.
My situation: My phone went through the factory reset process without giving me a warning before doing so. I plan on rooting my phone and trying a few different methods for recovering the files.
My Main Question: Will I be good to go with a fully rooted phone after completing step 12?
I don't feel a need to unlock the bootloader for what I'm doing (although I might do so anyway after I'm done attempting to recover files).
I've never rooted a phone before. Aside from verifying that I'm using the EMMC 15 chipset (I used the eMMC_CID_Checker_apk from this thread:https://forum.xda-developers.com/ve.../testers-required-easier-root-method-t3561529), is there anything else I should do or know about?
Click to expand...
Click to collapse
By the time you root there will be no files to recovery. There is another wipe involved to root so chances are there will not be much left to recover
Sent from some device I modified
jrkruse said:
By the time you root there will be no files to recovery. There is another wipe involved to root so chances are there will not be much left to recover
Sent from some device I modified
Click to expand...
Click to collapse
I'm wondering if he's wanting to root to use a file recovery app, like DiskDigger. It can recover but device needs to be rooted to access the complete internal system to recover files. As he mentioned a few times about recovering/restoring files. I recall using that (DD) a couple times and it actually worked after I mistakenly did a full wipe/reset when I was switching between ROM's and back to stock...
al50 said:
I'm wondering if he's wanting to root to use a file recovery app, like DiskDigger. It can recover but needs device needs to be rooted to access the complete internal system to recover files. As he mentioned a few times about recovering/restoring files. I recall using that (DD) a couple times and it actually worked after I mistakenly did a full wipe/reset when I was switching between ROM's and back to stock...
Click to expand...
Click to collapse
Like i said though in order to root you have to wipe again before you can root. So there aren’t going to be much left to recovery after 2 wipes and a repartition
Sent from some device I modified
al50 said:
I'm wondering if he's wanting to root to use a file recovery app, like DiskDigger. It can recover but device needs to be rooted to access the complete internal system to recover files. As he mentioned a few times about recovering/restoring files. I recall using that (DD) a couple times and it actually worked after I mistakenly did a full wipe/reset when I was switching between ROM's and back to stock...
Click to expand...
Click to collapse
Yeah that's what I have in mind.
jrkruse said:
Like i said though in order to root you have to wipe again before you can root. So there aren’t going to be much left to recovery after 2 wipes and a repartition
Sent from some device I modified
Click to expand...
Click to collapse
Yeah I figured, makes sense, but I don't see a mention of wiping before step 12 though. This is why I'm asking if it would be okay for me to stop there, attempt to recover some files, and then continue with the rest of the steps?
Could this potentially screw something up if I do it this way? I'd rather play it safe than sorry, most of my important stuff on this phone is backed up anyway.
SaltedSand said:
Yeah that's what I have in mind.
Yeah I figured, makes sense, but I don't see a mention of wiping before step 12 though. This is why I'm asking if it would be okay for me to stop there, attempt to recover some files, and then continue with the rest of the steps?
Could this potentially screw something up if I do it this way? I'd rather play it safe than sorry, most of my important stuff on this phone is backed up anyway.
Click to expand...
Click to collapse
Flashing the combo firmware so you can root wipes your phone
Sent from some device I modified
jrkruse said:
Flashing the combo firmware so you can root wipes your phone
Sent from some device I modified
Click to expand...
Click to collapse
Ah, I see, but would it be safe for me to stop at step 12 anyway?
I figure I might as well give it a shot anyway, even if It's unlikely I'll recover anything, but I'd rather only wipe it a single time than twice.
SaltedSand said:
Ah, I see, but would it be safe for me to stop at step 12 anyway?
I figure I might as well give it a shot anyway, even if It's unlikely I'll recover anything, but I'd rather only wipe it a single time than twice.
Click to expand...
Click to collapse
If you stop at 12 you will just have king root and some apps work with kingroot but some do not
Sent from some device I modified

Categories

Resources