[GUIDE][UNBRICK] Patch LGUP to unlock features & unbrick V20 (Variant mismatch fix)
Team
After a flash gone very bad, I got myself a brick with a locked bootloader & wrong viariant in LGUP [US996-->H990ds].
In my attempt to recover I tried several silly things including flashing another variants firmware, however I managed to find a way to unbrick & restore the original firmware.
I ran into the G5 thread by @smitel, and did something similar for our V20 by patching LGUP.exe & our phones LGUP_common.dll with HxD Hex editor (my patched files attached).
After doing this I was able to force-flash either partial or full stock kdz using the [PARTITION DL] option, bypassing the variant mismatch warning (Phone was fully recognised as US996).
It even corrected the partition layout (H990DS is different to US996).
Credits about the original patch should go to @smitel
Press the THANKS button if you have found this thread helpfull
Prowler_gr said:
I ran into the G5 thread by @smitel by patching LGUP.exe & our phones LGUP_common.dll with HxD Hex editor (my patched files attached)
After doing this I was able to force-flash either partial or full stock kdz using the [PARTITION DL] option, without getting the dreaded variant mismatch.
Click to expand...
Click to collapse
I very glad to read you managed to save your phone! What you've found though may potentially be rather more powerful than you think (I don't know how powerful you think this is).
Instead of the complex DirtySanta procedure using DirtyCOW/CVE-2016-5195, it should be possible to use this to directly rewrite aboot. At which point you've greatly simplified the procedure, as well as opening it up for phones which lack a sufficiently early KDZ (Sprint which has no KDZ, H990TR which January is earliest).
Does still need a bit of experimentation to confirm though...
emdroidle said:
I very glad to read you managed to save your phone! What you've found though may potentially be rather more powerful than you think (I don't know how powerful you think this is).
Instead of the complex DirtySanta procedure using DirtyCOW/CVE-2016-5195, it should be possible to use this to directly rewrite aboot. At which point you've greatly simplified the procedure, as well as opening it up for phones which lack a sufficiently early KDZ (Sprint which has no KDZ, H990TR which January is earliest).
Does still need a bit of experimentation to confirm though...
Click to expand...
Click to collapse
I'm aware of the great value of my discovery. (Almost makes us unbrickable)
I was able to upgrade official firmware without loosing root or twrp.
To be honest I haven't tried flashing aboot or unofficial kdz, but if possible it unlocks full potential....
Prowler_gr said:
I'm aware of the great value of my discovery. (Almost makes us unbrickable)
I was able to upgrade official firmware without loosing root or twrp.
To be honest I haven't tried flashing aboot or unofficial kdz, but if possible it unlocks full potential....
Click to expand...
Click to collapse
I'd hardly rate it as "almost unbrickable" (`dd if=/dev/zero of=/dev/block/bootdevice/by-name/xbl2`; you're toast), but does give additional tricks.
There are a few other methods of doing firmware upgrades without losing root or TWRP. Both extracting the KDZ and turning into a flashable .zip, or my tool for directly writing the contents of a KDZ file.
The real potential here is if this can be used to install the DirtySanta aboot image, then it is a much simpler installation method. This should also be able to avoid the unreliable installing TWRP via `fastboot flash`. Additionally since this isn't relying on DirtyCOW/CVE-2016-5195 even up to date phones should be able to use this.
You're on a vanilla H990 single-SIM? Rooted via my method? Other method?
I agree that this method won't save you once you lose "Download Mode" that's why I used the word "Almost"
I have a dual-sim H990DS, originally rooted with your method (even paid for your bounty. although hadn't pledged).
I had a US996 rom fully flashed on my phone (with different partition layout), & I was still able to go back using this method.
Well, I will be the guinea pig
I got my H910 back from LG, and of course dirtycow was patched, so if this can flash the us996 debug aboot and not brick my phone, that will be something.
EDIT: @emdroidle I am not at home, but looking at your repo, it looks like you are now able to package back up a v20 format KDZ. If that is true, and this patched LG UP can ignore the signature of the KDZ -- this may very well be one of the greatest finds in a long time. Really looking forward to testing it to see....
It worked on my device. thank you very much
---------- Post added at 02:07 PM ---------- Previous post was at 02:02 PM ----------
runningnak3d said:
Well, I will be the guinea pig
I got my H910 back from LG, and of course dirtycow was patched, so if this can flash the us996 debug aboot and not brick my phone, that will be something.
EDIT: @emdroidle I am not at home, but looking at your repo, it looks like you are now able to package back up a v20 format KDZ. If that is true, and this patched LG UP can ignore the signature of the KDZ -- this may very well be one of the greatest finds in a long time. Really looking forward to testing it to see....
Click to expand...
Click to collapse
I have a h910 device and I have kdz to h910pr version. But I can not unlock device to root. And I used this way. It can kdz us996 files without problems
@bilong9 So you flashed a stock US996 KDZ onto your H910 with this method, or did you repackage a KDZ with the US996 debug aboot?
-- Brian
runningnak3d said:
Well, I will be the guinea pig
I got my H910 back from LG, and of course dirtycow was patched, so if this can flash the us996 debug aboot and not brick my phone, that will be something.
EDIT: @emdroidle I am not at home, but looking at your repo, it looks like you are now able to package back up a v20 format KDZ. If that is true, and this patched LG UP can ignore the signature of the KDZ -- this may very well be one of the greatest finds in a long time. Really looking forward to testing it to see....
Click to expand...
Click to collapse
runningnak3d said:
@bilong9 So you flashed a stock US996 KDZ onto your H910 with this method, or did you repackage a KDZ with the US996 debug aboot?
-- Brian
Click to expand...
Click to collapse
Yes. I used this method for my h910 device. My english is very bad sorry
---------- Post added at 02:50 PM ---------- Previous post was at 02:26 PM ----------
---------- Post added at 02:54 PM ---------- Previous post was at 02:50 PM ----------
I already knew that you can flash any V20 variants stock rom if the kdz is officially signed by LG (my phone was fully recognised as US996 when bricked & was able to flash H990DS firmware).
What I don't know is if an unofficial .kdz (not signed by LG - eg compiled with KDZ extractor) can be flashed.
I strongly suspect it would but haven't tried it yet.
I wish this had worked for me. Both LGUP and LG Flashtool 2014 both fail every time. With your patched files for LGUP I got stuck at 4% and then it crashes. Before I used the patched files I got stuck at 9% and then it crashes. I'm on US99610H and I want to downgrade but have had no luck and I can't seem to find how to solve the issues I'm having.
@me2151
Slashbeast24 said:
I wish this had worked for me. Both LGUP and LG Flashtool 2014 both fail every time. With your patched files for LGUP I got stuck at 4% and then it crashes. Before I used the patched files I got stuck at 9% and then it crashes. I'm on US99610H and I want to downgrade but have had no luck and I can't seem to find how to solve the issues I'm having.
Click to expand...
Click to collapse
Perhaps try one partition at a time, or try disabling antivirus (my hex edit invalidates the files signature hence some antivirus may classify it as malware).
To be sure I would try flashing US99610H again (to rule-out anti-rollback)...
pro_granade said:
@me2151
Click to expand...
Click to collapse
already attempted it yesterday. it dumps partitions fine but installing partitions is wonkey. it wouldnt flash my boot.img but would flash its header so the phone refused to boot. crashes when you try to flash aboot on.
Prowler_gr said:
Perhaps try one partition at a time, or try disabling antivirus (my hex edit invalidates the files signature hence some antivirus may classify it as malware).
To be sure I would try flashing US99610H again (to rule-out anti-rollback)...
Click to expand...
Click to collapse
Alright, so I downloaded the US99610H KDZ and I just hit Upgrade and It did say something about Anti-Rollback check passed and the LGUP program didn't crash. Is there any way to go back to a previous firmware version or am I stuck with an Unrootable V20?
Slashbeast24 said:
Alright, so I downloaded the US99610H KDZ and I just hit Upgrade and It did say something about Anti-Rollback check passed and the LGUP program didn't crash. Is there any way to go back to a previous firmware version or am I stuck with an Unrootable V20?
Click to expand...
Click to collapse
That hints that anti-rollback is active on your phone (you can flash your current firmware or a higher version - not an older one). Try flashing system only & see what happens (cannot guarantee you won't get a brick, but I believe its highly unlikely - you have been warned)
me2151 said:
already attempted it yesterday. it dumps partitions fine but installing partitions is wonkey. it wouldnt flash my boot.img but would flash its header so the phone refused to boot. crashes when you try to flash aboot on.
Click to expand...
Click to collapse
Is your phone still recognised?
I suggest you retry with another cable (try the lg stock), updated drivers etc. I have flashed aboot many times on my H990DS.
Prowler_gr said:
Is your phone still recognised?
I suggest you retry with another cable (try the lg stock), updated drivers etc. I have flashed aboot many times on my H990DS.
Click to expand...
Click to collapse
lol my phones bricked now(different reason than this) and im leaving the v20 scene
Prowler_gr said:
Perhaps try one partition at a time, or try disabling antivirus (my hex edit invalidates the files signature hence some antivirus may classify it as malware).
To be sure I would try flashing US99610H again (to rule-out anti-rollback)...
Click to expand...
Click to collapse
Prowler_gr said:
That hints that anti-rollback is active on your phone (you can flash your current firmware or a higher version - not an older one). Try flashing system only & see what happens (cannot guarantee you won't get a brick, but I believe its highly unlikely - you have been warned)
Click to expand...
Click to collapse
Alright, so if I just flash the system while clicking Partition DL, I run the risk of having a brick. If I don't get a brick would that somehow deactivate anti-rollback if I just flash the US99610H System?
me2151 said:
lol my phones bricked now(different reason than this) and im leaving the v20 scene
Click to expand...
Click to collapse
lol. You got me sweating. I farewell you (in your thread), & then I read your post here thinking it's because of this...
Enjoy your new toy!!!
Related
I haven't flashed either of these so I don't promise that they work. They ought to though.
I suggest you follow the instructions in the original root post under Commands to dump system.img and dump an image from your working phone. Name it something you'll remember and keep it on your internal storage. If something goes wrong from flashing the rooted image you can hopefully recover by changing the filename in the flash command to your original image. Don't run a factory reset or the original image will be deleted.
You'll want to rename the image file you extract from the RAR file. I named them with detail so I wouldn't get them confused.
Good luck!
A user reported that the H81010b image bootlooped their phone. Use at your own risk. You can flash the H810PR KDZ to recover but there's no going back to AT&T stock then. Keep a good copy of your original system.img on internal memory to recover and don't factory reset!
ATT_H81010b_Rooted.system.rar
ATT_H81010e_Rooted.system.rar
Why'd I use RAR? Why not? I'm one of those weirdos that paid for it. A site license even!
Here's my H810 repository on Androidfilehost if you're looking for other H810 files.
It says the img is not mountable, is it safe?
Edit: For 10e, yes it works.
thanks
and winrar 5 is awesome, love it. I've always been a fan of winrar
yoavst said:
It says the img is not mountable, is it safe?
Edit: For 10e, yes it works.
Click to expand...
Click to collapse
Here's a way to open the img file in Windows, but it's much easier to make an Ubuntu boot flash drive and mount it in Linux.
@phineous, it seems the 10e file works so I will give it a try tomorrow morning.
For my personal knowledge of the whole process, how did you determine the dd command parameters (block size, count, skip, etc) for the system.img dump command as well as the flashing command that fit the 10e software version? Are all 810 software versions (10e, 10b, 10g, etc) all the same command parameters of is there a way to determine the correct parameters to enter. Regardless of if all 810 versions are the same parameters, I'm sure there is a process to figure out the right things to enter into the dd command?
Thanks!
Sent from my LG-H810 using Tapatalk
Norcalz71 said:
@phineous, it seems the 10e file works so I will give it a try tomorrow morning.
For my personal knowledge of the whole process, how did you determine the dd command parameters (block size, count, skip, etc) for the system.img dump command as well as the flashing command that fit the 10e software version? Are all 810 software versions (10e, 10b, 10g, etc) all the same command parameters of is there a way to determine the correct parameters to enter. Regardless of if all 810 versions are the same parameters, I'm sure there is a process to figure out the right things to enter into the dd command?
Thanks!
Sent from my LG-H810 using Tapatalk
Click to expand...
Click to collapse
Yes I did with the original params for the G version (I had e).
Norcalz71 said:
@phineous, it seems the 10e file works so I will give it a try tomorrow morning.
For my personal knowledge of the whole process, how did you determine the dd command parameters (block size, count, skip, etc) for the system.img dump command as well as the flashing command that fit the 10e software version? Are all 810 software versions (10e, 10b, 10g, etc) all the same command parameters of is there a way to determine the correct parameters to enter. Regardless of if all 810 versions are the same parameters, I'm sure there is a process to figure out the right things to enter into the dd command?
Thanks!
Sent from my LG-H810 using Tapatalk
Click to expand...
Click to collapse
@autoprime posted the commands to flash the different versions in the original root thread. All the AT&T H810 versions use the same command to flash.
The variables for the flash command are determined based on the location of the partition you want to overwrite in the partition table on the phone. There's a little discussion about it in the original root thread, but I'm sure it's discussed more in depth in rooting threads for earlier phones and threads about Android rooting in general.
phineous said:
@autoprime posted the commands to flash the different versions in the original root thread. All the AT&T H810 versions use the same command to flash.
The variables for the flash command are determined based on the location of the partition you want to overwrite in the partition table on the phone. There's a little discussion about it in the original root thread, but I'm sure it's discussed more in depth in rooting threads for earlier phones and threads about Android rooting in general.
Click to expand...
Click to collapse
Got it, thanks @phineous. I can follow directions like these pretty easily (it is all indeed low effort) but I like to try and understand the process behind the commands. So the seek/count/block size parameters, whether dumping a system.img or flashing a stock or rooted system.img are all the same for each command and for each software version across the H810? In this case they are:
bs=8192
seek=65536
count=579584
I'll have to dig a little more to learn how they figured out the proper parameters for each model.
Thanks again
Norcalz71 said:
Got it, thanks @phineous. I can follow directions like these pretty easily (it is all indeed low effort) but I like to try and understand the process behind the commands. So the seek/count/block size parameters, whether dumping a system.img or flashing a stock or rooted system.img are all the same for each command and for each software version across the H810? In this case they are:
bs=8192
seek=65536
count=579584
I'll have to dig a little more to learn how they figured out the proper parameters for each model.
Thanks again
Click to expand...
Click to collapse
It's the same for the AT&T H810s. The Claro H810pr that some us used after we killed our AT&T phones is different.
Look for posts about android partitions. @rightonred has a couple of posts where they show the partition table from our phones.
Here's the man(ual) page for dd where the commands (BS,SEEK,COUNT) are documented.
phineous said:
It's the same for the AT&T H810s. The Claro H810pr that some us used after we killed our AT&T phones is different.
Look for posts about android partitions. @rightonred has a couple of posts where they show the partition table from our phones.
Here's the man(ual) page for dd where the commands (BS,SEEK,COUNT) are documented.
Click to expand...
Click to collapse
Have a question for OP, this is just came into my head but flashing this img into 810pr fw will break the system itself as the seek and count partition are totally different..or what if we used code seek and count from PR??
faizalotai said:
Have a question for OP, this is just came into my head but flashing this img into 810pr fw will break the system itself as the seek and count partition are totally different..or what if we used code seek and count from PR??
Click to expand...
Click to collapse
That could work, but I don't know much about how the system checks itself and the bootloader. I think it would probably end up with the security error boot screen.
phineous said:
That could work, but I don't know much about how the system checks itself and the bootloader. I think it would probably end up with the security error boot screen.
Click to expand...
Click to collapse
autoprime said:
I just looked into the H810PR 10A files and it seems it's about equal to the AT&T H810 10G (newest ATT OTA). The H810PR 10A and the H810 10G (and I think 10E as well) have updated bootloaders with the "1" version... which was updated from the initial version out of box.. i think it was 10A (or 10b/10c/d.. not e/f).
So... obviously for people who were "bricked" (stuck in download mode) you should use this KDZ as that's about you're only hope at this point. KDZ will upgrade bootloader and you will be set at "1".. never to be at "0" again. 0 vs 1 doesnt mean anything yet... so it may not matter. But any possible bootloader exploit that may happen in the future that somehow only works on v0 bootloaders... you'll be out of luck. But lets hope that isn't the case. And who knows if there will even be an unofficial unlock.
For those who ARENT stuck in download mode but don't care about being on an updated "1" bootloader.. feel free to flash H810PR KDZ all you want.
For those who are on the original AT&T sw (10a/b/c/d) with a "0" bootloader who want root and wanna stay at "0"... someone with your 10a/b/c/d sw will need to dump and upload that system.img and then someone will have to root it.. then upload that img... then H810 10a/b/c/d users will have a safe root method that won't cause a security error and also won't update the bootloader. And maybe it'd be safe for now to keep the pre-rooted system.img (the one that doesnt yet exist as of the moment i am typing this) on your internal storage so if anything were to happen you could reflash system.. never needing an H810 KDZ/TOT (as long as you don't mess with other partitions).
Click to expand...
Click to collapse
@autoprime
I forgot about that post. It wouldn't work then. There was a version # in the build.prop that made me think H810PR had an older bootloader.
How do we determine/confirm if a software version bootloader count is at 0 or 1? I thought 10e was at 0 still but maybe not? Hopefully it is...
Sent from my LG-H810 using Tapatalk
Have we confirmed this works with 1010e? I just got the phone and that is the version installed and I want me some root
Edit, nvm it worked perfectly, thanks!
Rooted my at&t 10e with your image. Work great. Thanks.
Sent from my LG-H810 using Tapatalk
Obsolete
GvIn2it said:
Has anyone rooted their H81010b with this file?
---------- Post added at 09:01 AM ---------- Previous post was at 08:48 AM ----------
How can this work with the original root post, that file is 4GB. This one is only 1.6GB. Just interested to know. It's a little scary when someone posts:
"I haven't flashed either of these so I don't promise that they work. They ought to though." Where did they come from? Did you make them, or someone else who tested them? I would really like to try the H81010b but need a little verification.
Click to expand...
Click to collapse
You must extracted zip/rar to image..than copy to internal memory.
have you tried the H810 10b yet. I tried it on my phone and i keep getting a bootloop......
I really want my 4g back
scabbie1980 said:
have you tried the H810 10b yet. I tried it on my phone and i keep getting a bootloop......
I really want my 4g back
Click to expand...
Click to collapse
I don't think anyone has tested it yet.
Are you flashing it on an AT&T H810 with 10b or on the H810PR? It won't work on the H810PR.
If my 10b image really is broken I'll take it down.
Since none of the updates have prevented root, I doubt LG has made security changes to the bootloader. It's probably safe to upgrade to a new version. They're having a hard enough time making the phone work. I hope they're not wasting time patching, especially when we haven't even found a bootloader unlock. I could be wrong though.
EDIT: Looks like its not MM but some security update, so that sucks but I'd still like to know if anyone successfully got back to stock from rooted 5.1.1
Hi everyone.
I'm trying to find a way to restore my H950 to stock and completely remove any trace of root so that I can install an OTA update. I have tried installing the update with LG PC Suite and LGMobile Support Tool. Both of them say that I am on the latest software (5.1.1 H950v11?). It has been so long since I rooted it that I can't remember what method I used. If anyone has any idea how to flash it back to stock, I'd appreciate the help!
More Details:
I have an H950 (US AT&T) rooted on 5.1.1 and I just started getting an update yesterday saying that I have a system update available. When I tried to download and update, the phone I got an error while the update was still at 0%. When the phone restarted I got the "This phone is suspected in rooting..." Error.
I have tried following this thread [Guide] LG G Flex 2 Stock Firmware (Go Back to Stock) KDZ & TOT Method
but it didn't work. I got the flash utility to run but I still had SuperSU after it flashed my phone and the update still failed due to "Suspect in rooting."
I also tried following this thread [Tool] Easy Restore/Unroot Tool for LG G Flex 2 [09/15/15]!!
but I could not get it to work. The utility just hangs at "Working..."
Anyone successfully used either of these methods on an H950 with 5.1.1 to get back to stock?
Thanks in advance!
2nd method
timishue said:
EDIT: Looks like its not MM but some security update, so that sucks but I'd still like to know if anyone successfully got back to stock from rooted 5.1.1
Hi everyone.
I'm trying to find a way to restore my H950 to stock and completely remove any trace of root so that I can install an OTA update. I have tried installing the update with LG PC Suite and LGMobile Support Tool. Both of them say that I am on the latest software (5.1.1 H950v11?). It has been so long since I rooted it that I can't remember what method I used. If anyone has any idea how to flash it back to stock, I'd appreciate the help!
More Details:
I have an H950 (US AT&T) rooted on 5.1.1 and I just started getting an update yesterday saying that I have a system update available. When I tried to download and update, the phone I got an error while the update was still at 0%. When the phone restarted I got the "This phone is suspected in rooting..." Error.
I have tried following this thread [Guide] LG G Flex 2 Stock Firmware (Go Back to Stock) KDZ & TOT Method
but it didn't work. I got the flash utility to run but I still had SuperSU after it flashed my phone and the update still failed due to "Suspect in rooting."
I also tried following this thread [Tool] Easy Restore/Unroot Tool for LG G Flex 2 [09/15/15]!!
but I could not get it to work. The utility just hangs at "Working..."
Anyone successfully used either of these methods on an H950 with 5.1.1 to get back to stock?
Thanks in advance!
Click to expand...
Click to collapse
i've had success by 2nd method (stock system.img) when i flashed chinese v11z tot.
did u enabled usb debugging option?
also permitted adb access on your computer?
that window show up for a very first few seconds when your computer tries to get adb permission.
all of them fails... tell me i have v12d tot file
sjc0211 said:
i've had success by 2nd method (stock system.img) when i flashed chinese v11z tot.
did u enabled usb debugging option?
also permitted adb access on your computer?
that window show up for a very first few seconds when your computer tries to get adb permission.
all of them fails... tell me i have v12d tot file
Click to expand...
Click to collapse
Could you please upload v12d tot?
It will be very helpful.
Thanks
I cannot upload that on public because of network traffic
fyter said:
Could you please upload v12d tot?
It will be very helpful.
Thanks
Click to expand...
Click to collapse
Instead, give me private message
timishue said:
EDIT: Looks like its not MM but some security update, so that sucks but I'd still like to know if anyone successfully got back to stock from rooted 5.1.1
Hi everyone.
I'm trying to find a way to restore my H950 to stock and completely remove any trace of root so that I can install an OTA update. I have tried installing the update with LG PC Suite and LGMobile Support Tool. Both of them say that I am on the latest software (5.1.1 H950v11?). It has been so long since I rooted it that I can't remember what method I used. If anyone has any idea how to flash it back to stock, I'd appreciate the help!
More Details:
I have an H950 (US AT&T) rooted on 5.1.1 and I just started getting an update yesterday saying that I have a system update available. When I tried to download and update, the phone I got an error while the update was still at 0%. When the phone restarted I got the "This phone is suspected in rooting..." Error.
I have tried following this thread [Guide] LG G Flex 2 Stock Firmware (Go Back to Stock) KDZ & TOT Method
but it didn't work. I got the flash utility to run but I still had SuperSU after it flashed my phone and the update still failed due to "Suspect in rooting."
I also tried following this thread [Tool] Easy Restore/Unroot Tool for LG G Flex 2 [09/15/15]!!
but I could not get it to work. The utility just hangs at "Working..."
Anyone successfully used either of these methods on an H950 with 5.1.1 to get back to stock?
Thanks in advance!
Click to expand...
Click to collapse
You chose cse flash and wiped correct? If you didn't that's why my guide removes everything 100% if you follow it correctly.
Sent from my iPhone using Tapatalk
CSE flash? Sorry I didn't see that in your guide for the H950 on the AT&T network. I'm looking at your guide and not seeing the CSE Flash unless the LG Tool is the CSE FLash? I had the same problem with SuperSU left over and not able to update. I tried the default Upgrade method, then got a minios OS screen on the the Board method.
hyelton said:
You chose cse flash and wiped correct? If you didn't that's why my guide removes everything 100% if you follow it correctly.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
It's entirely possible that I am technologically inept, but I am having the exact same issue as the OP. I followed your guide (which was very helpful) for the TOT method, and there is no option to use CSE flash, or at least it's not discussed in the instructions.
I flashed my phone twice using your TOT guide -- pretty sure I followed it to the letter. It completed successfully, but when the phone rebooted, I still had root access. I'm not sure how to unroot this thing so I can receive OTA updates (and maybe sell later on down the road).
Thanks for the help!
---------- Post added at 04:29 PM ---------- Previous post was at 03:41 PM ----------
Umm, so I found a possible solution on another thread in this forum. Maybe the answer was so simple that nobody thought to mention it. But apparently, you can just remove root access within the SuperUser app; just select "Full Unroot" or "Total Unroot" from settings. Then run this TOT flash, and you should be GTG. I am trying this now and will report as to whether I am successful.
jwhite326 said:
It's entirely possible that I am technologically inept, but I am having the exact same issue as the OP. I followed your guide (which was very helpful) for the TOT method, and there is no option to use CSE flash, or at least it's not discussed in the instructions.
I flashed my phone twice using your TOT guide -- pretty sure I followed it to the letter. It completed successfully, but when the phone rebooted, I still had root access. I'm not sure how to unroot this thing so I can receive OTA updates (and maybe sell later on down the road).
Thanks for the help!
---------- Post added at 04:29 PM ---------- Previous post was at 03:41 PM ----------
Umm, so I found a possible solution on another thread in this forum. Maybe the answer was so simple that nobody thought to mention it. But apparently, you can just remove root access within the SuperUser app; just select "Full Unroot" or "Total Unroot" from settings. Then run this TOT flash, and you should be GTG. I am trying this now and will report as to whether I am successful.
Click to expand...
Click to collapse
Rooted or not you should be able to go back to stock. And CSE flash is for the kdz method of lg flash tool. Which I didn't realize what model they were needing help with. Also with the H950 LGUP should be used instead of normal flash tool to avoid any issues with the flash tool.
Sent from my iPhone using Tapatalk
hyelton said:
Rooted or not you should be able to go back to stock. And CSE flash is for the kdz method of lg flash tool. Which I didn't realize what model they were needing help with. Also with the H950 LGUP should be used instead of normal flash tool to avoid any issues with the flash tool.
Click to expand...
Click to collapse
Hmm. Thanks for helping us out. So I am kind of confused. I reinstalled the Tot file using LGUP, and it completed successfully. I selected "REFURB" mode, and it completed successfully. But after it finished, my phone is still rooted. (I verified with root checker.) I just want to go back to stock so I can get OTA updates (and MM hopefully, when/if AT&T releases it). Now my phone won't get OTA updates because it says it's "suspected of rooting." I bought the phone used off of Swappa, so I'm not sure how exactly the original owner rooted it.
jwhite326 said:
Hmm. Thanks for helping us out. So I am kind of confused. I reinstalled the Tot file using LGUP, and it completed successfully. I selected "REFURB" mode, and it completed successfully. But after it finished, my phone is still rooted. (I verified with root checker.) I just want to go back to stock so I can get OTA updates (and MM hopefully, when/if AT&T releases it). Now my phone won't get OTA updates because it says it's "suspected of rooting." I bought the phone used off of Swappa, so I'm not sure how exactly the original owner rooted it.
Click to expand...
Click to collapse
At this point you'd be better off waiting for a KDZ of MM when it comes out for the H950. (But remember, root will probably never be achieved for our devices on MM, if that's something you care about).
I remember buying TWO H950s. Both needed the OTA for the latest Lollipop. But despite several hours, several methods, and several hours at the ATT store, I was never able to get OTAs working on either of them. It was impossible.
And supposedly impossible for several other users on XDA, who couldn't get OTAs working for their ATT Flex 2's. So even if you manage to unroot, don't get your hopes high believing OTAs will work.
Did somebody ever able to go back to stock (H950) from rooted 5.1.1? Where did you get the TOT file?
trudeo said:
Did somebody ever able to go back to stock (H950) from rooted 5.1.1? Where did you get the TOT file?
Click to expand...
Click to collapse
i think it is only for sale.
tswtech2 said:
i think it is only for sale.
Click to expand...
Click to collapse
It's not for sell.. it's on my server and it's free. Along with h it being in my back to stock thread.
Sent from my iPhone using Tapatalk
hyelton said:
It's not for sell.. it's on my server and it's free. Along with h it being in my back to stock thread.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
oh ok . i apologize for the confusion
tswtech2 said:
oh ok . i apologize for the confusion
Click to expand...
Click to collapse
No problem. I think I've had it since March
Sent from my iPhone using Tapatalk
tswtech2 said:
oh ok . i apologize for the confusion
Click to expand...
Click to collapse
is it the v12d tot?
tswtech2 said:
is it the v12d tot?
Click to expand...
Click to collapse
11z. 12d is non existent or if it is available it's being sold for a crazy price.
Sent from my iPhone using Tapatalk
hyelton said:
11z. 12d is non existent or if it is available it's being sold for a crazy price.
Sent from my iPhone using Tapatalk
Click to expand...
Click to collapse
yeah that's why i was saying it was for sale. i had you confused with this jinior member that says they have it but they aren't posting it.
tswtech2 said:
yeah that's why i was saying it was for sale. i had you confused with this jinior member that says they have it but they aren't posting it.
Click to expand...
Click to collapse
If any member is trying to sell it on the forums report them. That's not allowed and looked down upon here. I pubically post everything I have and can get for everyone
Sent from my iPhone using Tapatalk
tswtech2 said:
yeah that's why i was saying it was for sale. i had you confused with this jinior member that says they have it but they aren't posting it.
Click to expand...
Click to collapse
i flashed this v11 firmware to a [hone that had 12d and now it shows authenticate error #9. so i was looking for 12d firmware
---------- Post added at 02:16 PM ---------- Previous post was at 02:07 PM ----------
tswtech2 said:
i flashed this v11 firmware to a [hone that had 12d and now it shows authenticate error #9. so i was looking for 12d firmware
Click to expand...
Click to collapse
and now when i connect to lg support tool it says i have the latest firmware eventhough it has v11 not, v12d.
Yes, I know there are other threads, but I've never found one with all this info right in the OP so I'm making one to make it simpler for peeps.
I added the extract KDZ info and rename the .dll file information.
Edit: I included the files I used except the huge KDZ as attachments, all scanned with Bitdefender. I also uploaded the files to www.virustotal.com and they were all clean
You can use this method to install the 10D firmware which may be needed to root a phone as well. Later versions of the firmware may not root right.
Original thread I copied/pasted most stuff is here, the .dll info is hidden in a later post in the thread.
https://forum.xda-developers.com/v20/how-to/restore-v20-to-100-stock-bricked-devices-t3524903
Here is what you need to do if restore is failing at 9% or not completing.
1. Download .kdz file for your v20 model from the following links. Currently v20 models available are:
F800K, F800L, F800S, H915, H918TN, H990, VS995, H990N and H990DS
http://lg-firmwares.com/category/lg-series/lg-v20-dual/
http://lg-firmwares.com/category/lg-series/lg-v20/
2. Search, download and install LGUP ( LGUP_Store_Frame_Ver_1_14_3.msi ) See attachments for all of the following three files at bottom of post.
3. Search, download and install LG Driver ( LGMobileDriver_WHQL_Ver_4.1.1.exe )
Make a folder called common in C:\Program Files (x86)\LG Electronics\LGUP\model.
Extract the .KDZ for your phone with 'WindowsLGFirmwareExtract-1.2.6.1-Release' and it will provide a LGUPc.dll, rename to LGUP_Common.dll and place in C:\Program Files (x86)\LG Electronics\LGUP\model\common\
4. Completely Power off the v20 ( or to remove and put the battery back )
5. Plug the USB end of sync cable to your PC
6. Press and hold "Volume Up"
7. Plug in the USB-C end of sync cable to the v20. The phone will enter download mode (or Firmware Update). Now you can release the "Volume Up".
I had to do a battery pull, put USB cable in, battery back in, then as it's booting quickly press and let go of power button a few times. But if it boots into download mode first method you're fine.
8. Run LGUP. The program will recognise the v20.
9. At the file path, click "..." and chose the .kdz file
10.Choose "UPGRADE"
11.Click "Start" and wait until the process is complete. :good:
KedarWolf said:
1. Download .kdz file for your v20 model from the following links. Currently v20 models available are:
F800K, F800L, F800S, H915, H918TN, H990, VS995, H990N and H990DS
http://lg-firmwares.com/category/lg-series/lg-v20-dual/
http://lg-firmwares.com/category/lg-series/lg-v20/
Click to expand...
Click to collapse
US996 (not us cellular) now available on lg-firmwares.com
,,.. Extract the .KDZ for your phone with 'WindowsLGFirmwareExtract-1.2.6.1-Release' and it will provide a LGUPc.dll, rename to LGUP_Common.dll and place in C:\Program Files (x86)\LG Electronics\LGUP\model\common\ ...,,
Question.
The expanded and moves,,,, LGUPc.dll to be renamed LGUP_Common.dll away? I understand it?
Sorry if this is exactly would you around. Because it is not clear to me. Thank you.
This saved me phone!!! A million thanks to the OP!
xbmoyx said:
This saved me phone!!! A million thanks to the OP!
Click to expand...
Click to collapse
No trouble, it's my thread as well.
KedarWolf said:
No trouble, it's my thread as well.
Click to expand...
Click to collapse
Out of curiousity I have a question. Since the Verizon model has a KDZ to revert back to stock is there literally no way to "brick" your device? If you root and flash a ROM and have to go into a Verizon store for insurance reasons can you simply use the method above to revert back to 100% stock unrooted?
This guide seriously saved my butt yesterday. Thank you!
hi guys
can anybody help me please, i was trying to do the same procedure but with my lg g4 h815 when LGUP showed the same message at 9% of the procedure. I have a question: what is the right firmware version to download? because i did download few so far but none of each worked. Now, when i procedeed the estraction of thet file LGUPc.dll none of the kdz files version i've downloaded gave me that file but another one with a different name but still .dll
I am still having issues trying to restore my V20 back to stock.
The phone is being picked up as an LG H918 which it is, but LG UP is still reading it as a Pixel XL while it is listed as a H918 in the device list. I have checked the build.prop and it is has no reference to being a Pixel XL
BrokenWall said:
I am still having issues trying to restore my V20 back to stock.
The phone is being picked up as an LG H918 which it is, but LG UP is still reading it as a Pixel XL while it is listed as a H918 in the device list. I have checked the build.prop and it is has no reference to being a Pixel XL
Click to expand...
Click to collapse
Resolved it by using Uppercut and starting it while the phone was booted into Android and USB Debugging was enabled. It detected the phone as a H918 and rebooted it into download mode and restored it.
I want to change my LG-H990DS from TWN(came with phone) to SEA. Do I have to put the LGUPc.dll from the TWN ROM in the common folder or do I have to put the SEA LGUPc.dll in the common folder?
Hope somebody can help me with this.
EDIT : When I compare them they look the same.
KedarWolf said:
Yes, I know there are other threads, but I've never found one with all this info right in the OP so I'm making one to make it simpler for peeps.
I added the extract KDZ info and rename the .dll file information.
Click to expand...
Click to collapse
I did all this, even changed the COM port and I'm getting that my LG V20 is a Pixel XL and that the KDZ is corrupt. Any help would be appreciated, Need to return this to stock so I can return it to Tmobile.
---------- Post added at 06:45 PM ---------- Previous post was at 06:43 PM ----------
BrokenWall said:
Resolved it by using Uppercut and starting it while the phone was booted into Android and USB Debugging was enabled. It detected the phone as a H918 and rebooted it into download mode and restored it.
Click to expand...
Click to collapse
Found uppercut and ran it and I'm still getting that the device is reading as a Pixel XL
help.
sanjsrik said:
I did all this, even changed the COM port and I'm getting that my LG V20 is a Pixel XL and that the KDZ is corrupt. Any help would be appreciated, Need to return this to stock so I can return it to Tmobile.
---------- Post added at 06:45 PM ---------- Previous post was at 06:43 PM ----------
Found uppercut and ran it and I'm still getting that the device is reading as a Pixel XL
help.
Click to expand...
Click to collapse
I'm having this exact same issue and i'm stressing out. If anyone could help us out, that'd be awesome!
I was just curious if this method is a valid way of simply resetting to factory settings? I'm losing patience with US996 ROM bugs, although I appreciate the efforts being made by the very few dev's making them.
My first time using LGUP, was easy following the OP.
I'm still on basically the same firmware but now have the more up-to-date (-ish) security patch.
Thanks to @KedarWolf for the simple instructions.
Also thanks to @Pierre118 for the headsup :good:
helped me achieve root on a Swappa purchase that had been upgraded to 10k
Thank you so much. Just wanted to report that this enabled the H918 I purchased on Swappa that had already been security-patched to 10k to downgrade to 10j and then be rooted using dirtycow method. As far as I can tell, the V20 I got had never been rooted.
DragonMama said:
Thank you so much. Just wanted to report that this enabled the H918 I purchased on Swappa that had already been security-patched to 10k to downgrade to 10j and then be rooted using dirtycow method. As far as I can tell, the V20 I got had never been rooted.
Click to expand...
Click to collapse
I saw two 10j's listed on the lgfirmware site. Did you use the Older or newer firmware?
I'm on 10i right now, but I can't flash recovery. I got SELinux set to Permissive, dirtycow runs fine, dd writes the recovery image to the recovery partition; or atleast it appears to be successful. But I can't get it to boot into recovery. adb reboot recovery doesn't seem to work. When I run it; it reboots the phone, the warning comes up about the unlocked bootloader, then the LG logo, then it reboots again and loads normally into the system.
I've been seeing posts that hint that I should probably try flashing the 10j (the older one from January) kdz and attempt to dirtycow that. I'm waiting to pick up a usb type c micro usb adapter as I heard the 3.1 cable that comes with the phone has issues with LG UP.
I've also tried booting the twrp image directly from fastboot as well with no luck.
You (OP) just saved my bacon, good sir.
Sorry to bump up an old thread, but I want to know if it's possible to upgrade to Oreo by following OP's post in the first page? Because I'm on FW 10k IDN and I'm sick and tired of waiting for the Oreo update via OTA. Planning to use the Singapore's Oreo KDZ to do the upgrade.
I want to preface this with the fact that I don't own the LS997 model, so I was not able to test any of this personally.
You guys can thank @loopytee for taking one for the team. Root for the LS997 can now be accomplished on firmware up to and including ZV7. He risked his phone since we couldn't find someone that had root already to help. Luckily it paid off. You guys need to hit his thanks button as much as possible. Takes some kahunas to blind flash another model's firmware.
ZV8 incremented the ARB version, so this will not work on ZV8 and up.
With that said...
Download patched LG UP: link
Download VS995 KDZ: link
Flash using partition DL (select ALL partitions)
Root using the VS995 root method: link
At this point you will have root, but you will still have the Verizon firmware.
Download this zip: link SHA1 hash: b5a383558561425a41439de1b764e286f963526a
and flash it in TWRP. This is the ZV7 firmware. It is everything except system. If someone can get me the stock ZV7 system, I will include it.
After flashing, you need to flash an LS997 ROM, and if you don't want static, flash one of the custom kernels that has the static issue fixed.
Also, before leaving TWRP, you need to FORMAT data. NOT wipe. You will be prompted to type YES if you have chose the correct option. If you skip this, you will be prompted to enter a code, and have 10 tries.
Feel free to flash any LOS based ROM, but know that they don't work well with ZV7 firmware. They make modifications to the writable parts of the modem firmware (modemst1, st2, or misc), and you can lose signal. So, you also might want to use LG UP to dump your entire phone so that you have those parts of the firmware that are unique to your phone, and can flash them back if you have problems. My recommendation, stay away from LOS based ROMs until someone steps up to be a full time dedicated dev for LOS on the V20.
-- Brian
You, good sir, are the man. Loopytree shares that distinction as well.
@runningnak3d
Thanks for your skillz in getting us root!!
The apk in the first post of the link below can get you into the hidden menu on ls997 to check ARB# if needed.
https://forum.xda-developers.com/v20/help/lg-v20-cdma-to-lte-gsm-switch-via-t3602409
Wow this is a game changer ... thank you @runningnak3d for an amazing job!! I can finally go back to this phone now. I really missed the quad DAC and wide angle cam.
Will wait til you fix this but what an accomplishment if this really works.
OK - first post updated.
@loopytee The zip problem has been fixed!
-- Brian
@runningnak3d
it's running great thanks for everything I can now use my v20 the way I want to. You're the best!
This is awesome!
Under the assumption I'll brick if on ZVA though or simply won't do anything...
If you are on ZVA (or any later version), LG UP (even the patched version) will halt when it does the anti-rollback check. So yea -- just won't work.
-- Brian
You guys rock ... I traded in my V20 for my S8, but I'm going to pick it up again as my alternate beater up phone. I just avoided this for the LG/Sprint bloatware and inability to use hotspot. Well, no more
---------- Post added at 01:39 PM ---------- Previous post was at 01:17 PM ----------
What is the latest current version? Still ZVA?
nimaim said:
You guys rock ... I traded in my V20 for my S8, but I'm going to pick it up again as my alternate beater up phone. I just avoided this for the LG/Sprint bloatware and inability to use hotspot. Well, no more
---------- Post added at 01:39 PM ---------- Previous post was at 01:17 PM ----------
What is the latest current version? Still ZVA?
Click to expand...
Click to collapse
Make sure when you get it to go into developer mode immediately and turn off auto update. If it updates you can't root...YET.
If I am wrong, someone with a Sprint phone can chime in, but I believe ZVA is the latest. I have a dump of ZVA, but since it is ARB 1, even though you would keep TWRP and root, you DO NOT want to upgrade to it.
As long as you are on a firmware that is ARB 0, then you can use the VS995 KDZ to fix your phone if you really get into a bind. If you flashed the ZVA firmware and got into a pickle, you would only be able to use a KDZ that was ARB 1, and NONE of them are rootable, so you would have a phone that would boot, but not be able to make phone calls, and no way to fix that.
-- Brian
Any chance of a roll back to zv9 from zva
Nope. It is my humble opinion that ARB is something that can not be defeated without a physical modification to the phone -- a piece of hardware between the NAND and the CPU that would intercept the boot process from the PBL and give it the return values that it is looking for.
Alternatively, if we could either burn a new RSA key into the CPU, or extract the existing one, and brute force the RSA cert, so that we could sign our own XBL...
-- Brian
So ZV9 was ARB 0, but ZVA included an update to the ARB version? I wish I knew what was up. Would of never updated. Just thought it was a monthly security patch from Google anyways
I'm getting the anti-rollback error when trying to flash the kdz with the patched LGUP. Can someone help me out and let me know what I'm doing wrong here. I'm on v8 firmware.
@shane2157 Use the hidden menu APK and check what ARB version your phone is on.
That is strange.
-- Brian
runningnak3d said:
@shane2157 Use the hidden menu APK and check what ARB version your phone is on.
That is strange.
-- Brian
Click to expand...
Click to collapse
Where do I find the ARB version once I'm in that hidden menu?
shane2157 said:
Where do I find the ARB version once I'm in that hidden menu?
Click to expand...
Click to collapse
3rd post in this thread
shane2157 said:
Where do I find the ARB version once I'm in that hidden menu?
Click to expand...
Click to collapse
Right. I'm in the hidden menu. I just can't find the ARB version in there.
shane2157 said:
Right. I'm in the hidden menu. I just can't find the ARB version in there.
Click to expand...
Click to collapse
Svc ->Version
At the bottom
Dear All,
2 days back I was trying to unlock my LG-V20 phone using DirtySanta Method on this thread
https://forum.xda-developers.com/v20/development/dirtysanta-h990-t3624296?nocache=1
For me it is not working & I want to return it to original LG ROM something goeas wrong & I was stuck on grey ribbon on screen (which I can't read anything) or I can boot it to fastboot command. I was trying to put phone on download mode to use it with LGUP but the program give me unknown device. When I check the forum they said I have to flash kernel. I was trying alot but nothing works with me. Suddenly LGUP define my device as US996 instead of H990DS. So I download the official ROM of US996 & flash it to my device it accept it & screen works normally but the device keeps restarting. It boots to welcome screen or even LG logo then restart. I can't even set it up. anyone can help on this problem??? How can I return it back to original H990DS ROM???:crying::crying::crying:
Another thing is that fastboot commands can't do anything like format & wipe it says device is locked
Hey, no worries. Your device can be saved. Dirty santa can be a bit** to get it to work. Took me like 2 days and several tries...
I'm quite sure I came across this ribbon screen. For me it looked like grey static from a tv without signal, quite scary.
So, the only not good thing you did was to flash the US996 ROM. You have a H990DS, it will not work... But it can be fixed, don't panic.
It's normal that the H990 is seen as US996 by LGUP after flashing the engineering bootloader. Every rooted H990 runs on this one, because there is no unlocked BL available other then this. So that means you came quite far with dirty santa...
I believe the reason that you phone can't start is, LGUP changed your partition layout from H990 to US996 (which will not work)
I'm going from memory here, so I'm not sure about the details. There is a thread in the forum explaining well how to recover a V20 with LGUP / (Uppercut could be important to fix unknown device / allow to cross flash). Follow this one and use the right H990DS Rom to reflash everything and repartition your device correctly. Maybe you have to play with the options like upgrade or repartition. BUT DON'T DO ANYTHING THAT IS NOT MENTIONED AS SAFE TO DO. You could even erase you BL. Then you have a nice brick...
https://forum.xda-developers.com/v20/how-to/guide-patch-lgup-to-unlock-features-t3652222
You should be able to try with dirtysanta again, I promise it will work, and then you effort wasn't for nothing.
Here in the guide it even tells you that that phone will be detected as US996, the tipps here are good as well..
https://forum.xda-developers.com/v20/development/dirtysanta-h990-t3624296
Let me know how it went...
Best regards
Daniel
NoName! said:
Hey, no worries. Your device can be saved. Dirty santa can be a bit** to get it to work. Took me like 2 days and several tries...
I'm quite sure I came across this ribbon screen. For me it looked like grey static from a tv without signal, quite scary.
So, the only not good thing you did was to flash the US996 ROM. You have a H990DS, it will not work... But it can be fixed, don't panic.
It's normal that the H990 is seen as US996 by LGUP after flashing the engineering bootloader. Every rooted H990 runs on this one, because there is no unlocked BL available other then this. So that means you came quite far with dirty santa...
I believe the reason that you phone can't start is, LGUP changed your partition layout from H990 to US996 (which will not work)
I'm going from memory here, so I'm not sure about the details. There is a thread in the forum explaining well how to recover a V20 with LGUP / (Uppercut could be important to fix unknown device / allow to cross flash). Follow this one and use the right H990DS Rom to reflash everything and repartition your device correctly. Maybe you have to play with the options like upgrade or repartition. BUT DON'T DO ANYTHING THAT IS NOT MENTIONED AS SAFE TO DO. You could even erase you BL. Then you have a nice brick...
https://forum.xda-developers.com/v20/how-to/guide-patch-lgup-to-unlock-features-t3652222
You should be able to try with dirtysanta again, I promise it will work, and then you effort wasn't for nothing.
Here in the guide it even tells you that that phone will be detected as US996, the tipps here are good as well..
https://forum.xda-developers.com/v20/development/dirtysanta-h990-t3624296
Let me know how it went...
Best regards
Daniel
Click to expand...
Click to collapse
Thanks a looooooooooot Daniel. Finally my LG is back to normal. I don't want DirtySanta anymore. My device was out for more than 20 days because of this.
Im very glad, that I could help you. It's a nice device and even better when working correctly.
Thanks for letting me know that it worked.
All the best to you too
Philadelphia said:
Thanks a looooooooooot Daniel. Finally my LG is back to normal. I don't want DirtySanta anymore. My device was out for more than 20 days because of this.
Click to expand...
Click to collapse
Its a bit of an op for real, but worth it when done
dornz said:
Its a bit of an op for real, but worth it when done
Click to expand...
Click to collapse
Does it pass SafetyNet with edXoposed installed?
iTzFeRReTTi said:
Does it pass SafetyNet with edXoposed installed?
Click to expand...
Click to collapse
Nope,
iTzFeRReTTi said:
Does it pass SafetyNet with edXoposed installed?
Click to expand...
Click to collapse
Worth the root
dornz said:
Nope,
Click to expand...
Click to collapse
Are you using the edXposed canary?
iTzFeRReTTi said:
Does it pass SafetyNet with edXoposed installed?
Click to expand...
Click to collapse
Glad you mentioned that about safety net, flashed me the Oreo rooted to check that, :silly: