Database Info

USCC V20 (US996) Bootloader Unlock/Root Discussion

Just a thread for the few USCC people here - I've tried to UL the bootloader using TMO instructions - no go. It will reboot into the bootloader but it asks for the unlock.bin key (fastboot oem unlock returns an unknown command error). So at least theirs that much
Phone will also boot into recovery, and I get the associated normal options there (clear, mount /system, wide device/cache, load update via ADB, load update via SD, view recovery logs, etc). Interesting thing happens when I select "run graphics test" from the recovery menu - it gives an error, then the "no command" icon, then multicolor circles rotating - but it says "erasing" then "installing system update" then goes back to the recovery menu. Not sure if it's normal, but it's interesting.
I'm not a dev or a software guy really, but would like to hear some thoughts on the USCC version...would love to have root like the TMO - especially since it will get into the fastboot menu. Wish I knew more so I could be more help.

Same I'd like to here more about this since the unlocked version comes with an unlocked bootloader. I think it's because the T-Mobile version got released first so they had the jump start, and the unlocked version took till the 11th to be released so it's like we're late.

Killah1994 said:
Same I'd like to here more about this since the unlocked version comes with an unlocked bootloader. I think it's because the T-Mobile version got released first so they had the jump start, and the unlocked version took till the 11th to be released so it's like we're late.
Click to expand...
Click to collapse
you are talking about three different devices lol.. apparently USCC v20 is locked like everyone else.. TMobile typically allows BL unlocks, not because it was out first? and the unlocked variant is obviously from LG and unlockable by default...

elliwigy said:
you are talking about three different devices lol.. apparently USCC v20 is locked like everyone else.. TMobile typically allows BL unlocks, not because it was out first? and the unlocked variant is obviously from LG and unlockable by default...
Click to expand...
Click to collapse
There you go, knew I was getting something mixed up.

us996 comes with an unlocked bootloader? what? I'm pretty sure mines locked like the rest...
Sent from my LG-US996 using Tapatalk

jayochs said:
us996 comes with an unlocked bootloader? what? I'm pretty sure mines locked like the rest...
Click to expand...
Click to collapse
if u read my previous post u can see i said the uscc BL is locked lol like everyone else

I seem to have a US996, but I got it early on. I believe it to be bootloader locked though, even though it's a developers device. I'm almost 100% sure it's the sim unlocked version as I tried a few sims and they worked. Anything I can do to help?

Abumarf said:
I seem to have a US996, but I got it early on. I believe it to be bootloader locked though, even though it's a developers device. I'm almost 100% sure it's the sim unlocked version as I tried a few sims and they worked. Anything I can do to help?
Click to expand...
Click to collapse
I recommended the officially unlocked variant of the V20 to @Abumarf believing he'd have no issues whatsoever in unlocking the bootloader. He purchased one off eBay before the phone was officially released and I believe it came with a user debug kernel. It seems similar to the engineering kernels for Samsung devices, as he has root access through the adb shell. Unlike the temporary root method that @me2151 had posted, it can survive reboots. Yet I'm surprised the fastboot command to unlock the bootloader returns with failure.

Ephemera said:
I recommended the officially unlocked variant of the V20 to @Abumarf believing he'd have no issues whatsoever in unlocking the bootloader. He purchased one off eBay before the phone was officially released and I believe it came with a user debug kernel. It seems similar to the engineering kernels for Samsung devices, as he has root access through the adb shell. Unlike the temporary root method that @me2151 had posted, it can survive reboots. Yet I'm surprised the fastboot command to unlock the bootloader returns with failure.
Click to expand...
Click to collapse
does he have a copy of the debug kernel? you can pm me a link if possible thatd be great so we can take a look at it.. if it is an eng kernel, it could potentially help to root other variants with locked BLs
---------- Post added at 02:41 AM ---------- Previous post was at 02:40 AM ----------
Ephemera said:
I recommended the officially unlocked variant of the V20 to @Abumarf believing he'd have no issues whatsoever in unlocking the bootloader. He purchased one off eBay before the phone was officially released and I believe it came with a user debug kernel. It seems similar to the engineering kernels for Samsung devices, as he has root access through the adb shell. Unlike the temporary root method that @me2151 had posted, it can survive reboots. Yet I'm surprised the fastboot command to unlock the bootloader returns with failure.
Click to expand...
Click to collapse
can you upload your aboot and kernel etc? if theyre eng or debug files im interested to check them out
---------- Post added at 02:41 AM ---------- Previous post was at 02:41 AM ----------
Abumarf said:
I seem to have a US996, but I got it early on. I believe it to be bootloader locked though, even though it's a developers device. I'm almost 100% sure it's the sim unlocked version as I tried a few sims and they worked. Anything I can do to help?
Click to expand...
Click to collapse
can you upload your aboot and kernel etc? if theyre eng or debug files im interested to check them out

@elliwigy I will most likely be selling the phone or handing it over to @Ephemera as I can't use it as a daily driver. We'll update you on what happens. If we do decide to sell, I'll see if we can extract and send them your way before we do.

Abumarf said:
@elliwigy I will most likely be selling the phone or handing it over to @Ephemera as I can't use it as a daily driver. We'll update you on what happens. If we do decide to sell, I'll see if we can extract and send them your way before we do.
Click to expand...
Click to collapse
hopefully you are able to as it shouldnt really take any time at all lol.. it would really help a lot of ppl out if it is in fact a debug kernel..
the root we have is a temp tcp root shell using a context we cant really do anything we need to do at all so it was pretty much a dead end so far

Abumarf said:
@elliwigy I will most likely be selling the phone or handing it over to @Ephemera as I can't use it as a daily driver. We'll update you on what happens. If we do decide to sell, I'll see if we can extract and send them your way before we do.
Click to expand...
Click to collapse
I will pay you for the debug files

I'm no developer or modder. I don't know too much about all that. I would rather not play with it, and that's the reason I'm selling it.

Abumarf said:
I'm no developer or modder. I don't know too much about all that. I would rather not play with it, and that's the reason I'm selling it.
Click to expand...
Click to collapse
you wont b doing anything to the phone.. if u have an adb root shell would just be copying a few files from the phone.. we can even tell you exactly what commands to use to make it easy.. we can invite you to a google hangout even so we can explain each step

Abumarf said:
I'm no developer or modder. I don't know too much about all that. I would rather not play with it, and that's the reason I'm selling it.
Click to expand...
Click to collapse
Whay are you asking for the phone?

I was looking to get what I spent for it, around $800

elliwigy said:
if u read my previous post u can see i said the uscc BL is locked lol like everyone else
Click to expand...
Click to collapse
yeah, the US cellular us996. it's different from the American unlocked us996. according to LG anyway, it lists it as two different phones.
I'm not on a US cellular one. I'm in an unlocked one with Verizon. the post above you said unlocked had unlocked bootloader. mines as unlocked as you get, and it doesn't have an unlocked bootloader.
Sent from my LG V20 US996

http://developer.lge.com/community/...nuId=38&contsTypeCode=QUE&prodTypeCode=MOBILE
Make yourselves heard. Let LG know we want the bootloader to be unlockable on the US996. I've talked to their live chat and they claim that they "didn't know people would want to unlock their bootloader". Show them we do.

Abumarf said:
I was looking to get what I spent for it, around $800
Click to expand...
Click to collapse
Ok if you download terminal emulator and type in get prop and send me the screen shots so i can verify it is indeed a debug kernel i will buy it from you but i would like to have proof of debug kernel

Sure, here it is: https://drive.google.com/file/d/0BwI6DTQJV37Ob1BwRkRab0xPRkk/view?usp=drivesdk
Also the phone is already up on Swappa
---------- Post added at 08:45 PM ---------- Previous post was at 08:36 PM ----------
@rickberg forgot to tag you

FRP is unlock?

I dont have open my bootloader but in bootloader i see FRP is Unlock. The other is locked but why is FRP Unlock?

Rommco05 said:
If is locked bootloader you can make one test. Go to Developer section and check OEM. I think right now is enabled. So disable OEM and again check FRP in fastboot. Don't forget, before unlocking bootloader always enable OEM, becasue if you unlock bootloder with OEM disabled you can't anymore switch to enable
Click to expand...
Click to collapse
You're right, if FRP is unlocked = OEM enabled by the respective voice on developer options menu

I have unlocked boot loader but by accident must have left this Oem enabled because now I am getting error on fastboot screen about FRP enabled and I am not allowed to flash anything via fastboot
So do I need to relock the bootloader now in order to have the option inside of developers options to Oem enabled?
I have read that people that unlock and then relock the bootloader have run into many problems after doing so

Somebody help me, please. I am really depressed, I feel now that I will be stuck on build 360 for the rest of my life. And I cant even sell the phone used in this condition because i dont want the bad karma of selling a crippled phone to an innocent victim. It is against my religious beliefs to inflict harm purposefully onto another. So I am in bad shape PERMANENT if I cannot get this working. Also I am in bad financial condition also have lost alot of money on other tragedies recently in my personal life. Im really depressed about this =(

fc3211 said:
Somebody help me, please. (...)
Click to expand...
Click to collapse
Hey explain more, please; from which situation you stumbled here? Have you already tried dload method? You have custom recovery or not? Can't know what to do without an easy resume about how you came here

RedSkull23 said:
Hey explain more, please; from which situation you stumbled here? Have you already tried dload method? You have custom recovery or not? Can't know what to do without an easy resume about how you came here
Click to expand...
Click to collapse
I have rooted Honor 6x BLN-L24C567B630 with OpenKitin Twrp
I have tried dload method (But I can only get the 365 and 366 builds. Even though I am currently on Build 360 I am not able to obtain the dload files for 360 because on the website the files are not available to download.
So I have tried to unzip the build 365 files into the dload folder of my SDcard and then power off phone and held the 3 buttons to turn it on but the update always fails at 5%
I have FRP lock (that is my big problem) and I am no longer able to change it inside of developer options because the option is greyed out after i unlocked my bootloader. I have also tried to boot into fastboot to flash the stock boot.img and recovery.img but flashing fails because of the FRP lock.
The only other idea I can think is to relock the bootloader and hope that this will allow me to then go to developer options to turn off the FRP lock that is giving me so much trouble. But I want to confirm with you that this will be okay because I dont want to permanently brick my phone. I am afraid to relock the bootloader because I have read posts of others who did so and have catastrophic results.
So any advice? Else I am stuck on build 360 for the rest of my life. If I could relock the bootloader and loose root permanently and go back to stock I would be okay with that. I cant even sell the phone used because it has system notification about build 365 ota update available but when you try to install it the update fails (because of the FRP lock and the fact that I have TWRP). So eBay customer would immediately try to run the system update and it would fail and then they would complain to me and ask me to refund their money.
So unless I can fix this issue phone is not capable of being sold. How do you think I will feel when Oreo update is distributed and I will be the only one that cannot install it because of my FRP lock?
UPDATE: I think I see what I was doing wrong, I was tryinf to flash build 365 and build 366 even though I am currently on build 360. So I downloaded again the build 360 files and unzipped it into the dload folder.
THis time it went all the way to 100% and it says it was a success. But after that it restarted the phone and now I am at the blue HONOR splash screen and has been over 5 minutes stuck there so I am getting nervous again.

Uggggg.... Its been over 15 minutes now and its still stuck at the blue splash screen that says HONOR.
How long should I wait before I try to hold down the power button to restart the phone? Im planning to wait at least 1 hour. I have it with the charger plugged in.
Boy I hope I didnt brick the thing permanently. Thats the last thing I need this week with all my other problems that I am struggling with
---------- Post added at 07:35 PM ---------- Previous post was at 06:40 PM ----------
I finally got impatient and rebooted it by holding down the power button but it remained stuck on the splash screen. Then I tried holding down Volume up + Power and I was at black Emui recovery and there was option to do factory reset. I pressed FACTORY RESET and phone looks like it is okay now, I was able to get into the Emui white screen where it asks you what language and begins new phone setup. What a relief! I think I may be okay, will update this thread after completing setup procedure
---------- Post added at 07:48 PM ---------- Previous post was at 07:35 PM ----------
Booya, baby! I am back up and running. And I thank you kindly to all the gurus on this forum to help me save my phone from my own mistakes. I dont plan to root again, I am snake-bitten now after this scary experience. I am snake-bitten now and too afraid to root again
Huawei is just too dangerous with the FRP lock thing. If anyone is reading this old thread and having the same problem than feel free to PM me and I will be happy to help you step-by-step if you run into the same issue.
The main secret is that you have to flash the dload of the EXACT SAME BUILD that you had before trying to update. The mistake I made was the fact that I was rooted and I tried to use dload to upgrade up to build 365 but that is impossible. If you are rooted (and if you failed to turn off the FRP lock inside of developers options prior to unlocking your bootloader) than you can only use dload to restore to stock on the same build as you currently have. I am assuming that if you are not rooted than you can also utilize dload method to upgrade to a newer build BUT NOT IF YOU ARE ROOTED. That was the main lesson I learned

Root bounty for H918 10p/q

How about starting a bounty for root on H918 10p/q? Maybe if we can draw enough interest in this more developers would be willing to contribute to finding a root method? Thoughts?

that would be great if someone had the talent, T-mobile has it pretty locked down from what I read.

would love that as well.. I got excited when I saw the H910 was rooted up to 10q..
What is the current bounty at ?

If you are going to start a bounty thread, it will need to be about a grand. I figure it will take about 3 bricks to get it right.
I can now open and write to a protected block device (sde) using the LAF protocol. The problem is that you have to send the WHOLE block device, and it is excruciatingly slow. If it fails, you have a 9008 brick:
Code:
aboot -> /dev/block/sde6
boot -> /dev/block/sde1
recovery -> /dev/block/sde2
So, you image /dev/block/sde of a rooted device, and then write it back to the device you want to root. sde isn't very big, so that helps, but even so, it is SLOW I am talking days to READ, and writing is about 4 times slower. If it fails, and your phone loses power (it doesn't charge in download mode), you have a brick that only LG can fix because you have lost aboot. To get into download mode, you need 3 things: xbl, aboot, and laf. xbl and laf are on other block devices, but that doesn't matter if you lose aboot.
Because it is so slow, I don't even know if it works. I aborted and luckily my phone was still recognized by LG UP, so I flashed before my phone lost power.
Bottom line, I don't take money for my TIME on a hobby, but I am not about to brick my phones -- and like I said, I *KNOW* several bricks would happen in order to get it right.
-- Brian

a bit sketchy to try to root h918 10p and q because of anti rollback, i'm still on 10k and i could root back on 10j but i perfer not to, because custom rom's disable the second screen plus i heard it's a bit buggy, stock firmware isn't all that bad but if you truly are looking to get root on it you will need about a grand yeah cuz you will need to brick around 3-2-4 phones.

i know for me, i just prefer root so I can use XPOSED and also some root style apps that allow me to delete or disable stock apps that i do not use..

Does being on 10q block only root? Is it still possible to flash TWRP and Lineage just with no root? Could you manually set something like V4A from TWRP with adb root shell so it doesn't need su in the user space?

retro486 said:
Does being on 10q block only root? Is it still possible to flash TWRP and Lineage just with no root? Could you manually set something like V4A from TWRP with adb root shell so it doesn't need su in the user space?
Click to expand...
Click to collapse
The dirty cow exploit no longer works after 10j firmware and since you can't roll back from 10q, no TWRP.

Huh, I wasn't aware TWRP required exploits... I thought it was just the recovery partition flash...

retro486 said:
Huh, I wasn't aware TWRP required exploits... I thought it was just the recovery partition flash...
Click to expand...
Click to collapse
The whole point of dirty cow was to get TWRP on the phone. After that it could be rooted. It took an exploit to get TWRP on the phone.
Sorry for the bad news, but that's how it worked.

retro486 said:
Huh, I wasn't aware TWRP required exploits... I thought it was just the recovery partition flash...
Click to expand...
Click to collapse
The fastboot commands are missing. That's why you can't just send TWRP. If the fastboot commands was there, then you can send TWRP and root later.
Sent from my LG V20 using XDA Labs

The fact they went out of their way to remove fastboot commands blows my mind.

Wait till they figure out that an end user doesn't need download mode for anything. All carriers doing encrypted OTA updates like AT&T does. Then remove adb access, and viola.....
The V20 will be my last LG phone.

Yeah I think I'm going to get a dedicated hifi player, I'm tired of all these steep compromises to try and get an all-in-one device. The older Note 4's were great, just a bit slow and I hate the rear-firing speaker but honestly I might just go back to that or bite the bullet and go OnePlus. Oh well!

bigcletus said:
How about starting a bounty for root on H918 10p/q? Maybe if we can draw enough interest in this more developers would be willing to contribute to finding a root method? Thoughts?
Click to expand...
Click to collapse
I'm thinking about selling the T-mobile H918 (at a loss) to buy the ATT H910 or H996 (I forget which) so I can unlock both the sim card and the bootloader and attain root on the T-mobile LG V20. That would add up to a significant "bounty" if an exploit is actually possible. Somebody smarter than me would have to tell us if that can be done?
I would DEFINITELY pay someone to root my H918 that's already on "q." The LG v20 is much better than the Nexus devices I'm used too. Removable battery already lasts 3 times as long as a normal battery even without buying oversize batteries!

@bjveee If you are going to get another V20, get the unlocked US996. The bootloader can officially be unlocked, and you have full fastboot.
Right now, (now being the key word), the H910 can be rooted, but only because AT&T hasn't incremented the ARB version *yet*. Since they just released v10r and ARB still wasn't incremented, I am guessing they won't bother until Oreo (if we even get it) is released. In order to increment ARB, they have to compile ALL of the firmware with the new ARB version, and then send that OTA. Since the only way to get their updates is to have someone factory reset their phone, and then dump the latest update, I think AT&T is under the delusion that their phone is more secure than they think.....
-- Brian

I don't know if this is any easier, and it doesn't solve the problem for people who already are on p/q, but for us folks on the older firmware, it would be great if there was a way to upgrade the bootloader and radio without triggering the increment. That way we could always roll back to the older official firmware.

The bootloader IS what increments ARB, and if you have even ONE piece of firmware get loaded with a greater ARB, then it gets incremented. So, you can run the H918 10q modem with 10j bootloader. And if you try, you will then be stuck running the entire 10q bootstack.
There is no way around ARB. I am not one that will usually say something is impossible, but this is impossible.
-- Brian

retro486 said:
Yeah I think I'm going to get a dedicated hifi player, I'm tired of all these steep compromises to try and get an all-in-one device. The older Note 4's were great, just a bit slow and I hate the rear-firing speaker but honestly I might just go back to that or bite the bullet and go OnePlus. Oh well!
Click to expand...
Click to collapse
The new Razar phone is pretty sick.
Sent from my LG V20 using XDA Labs

runningnak3d said:
The bootloader IS what increments ARB, and if you have even ONE piece of firmware get loaded with a greater ARB, then it gets incremented. So, you can run the H918 10q modem with 10j bootloader. And if you try, you will then be stuck running the entire 10q bootstack.
There is no way around ARB. I am not one that will usually say something is impossible, but this is impossible.
-- Brian
Click to expand...
Click to collapse
So you are telling me with every confidence there will not be any future exploit to get around ARB. The only reasonable course of action is to buy the US version of the unlocked H966 and do it quickly!
~Bruce
---------- Post added at 06:53 PM ---------- Previous post was at 06:51 PM ----------
bjveee said:
So you are telling me with every confidence there will not be any future exploit to get around ARB. The only reasonable course of action is to buy the US version of the unlocked H966 and do it quickly!
~Bruce
Click to expand...
Click to collapse
US996....

Any chance for root (ever)?

I have an option to get new phone with contract reneval. I like devices with strange "additions", thats why I had Moto Z3 Play before. And now I'm thinking about Velvet coz of it's Dual Screen.
However I need root for few apps I use (some for my own usage, some work related).
Do You believe that there will be a way to root Velvet in the nearest feature? Or ever?
I'm more asking if You believe there will be a way to fash Magisk patched kernel.
I know that nonflagship LG device doesnt even have an option to unlock bootoloader nd even the flagships (V60?) have blocked fastboot command, so unlocking does nothing...

https://developer.lge.com/resource/mobile/RetrieveBootloader.dev?categoryId=CTULRS0703

Sad to see this after I chose something else...
Still, as I read about other LG devices it seems that unlockable bootloader doesn't have to mean that there is access to fastboot commands. An without that there is no reason to unlock it.

I thought about a new phone for a long time and I hope you are wrong. because I chose velvet. previously i had g6 and i already miss & root mods a lot. and what did you buy?

Realme X3 Superzoom. At least there is a root solution already
And they should share the sources like they did with older devices.
I'll miss the 2nd screen, but... Had a chance to play with it and my carrier gives it for free (screen or headphones) along with 3rd year of warranty.

I waiting for headphines ? they add choice (screen or it) after i buy phone :laugh: and i worry about lg is coming down with smartphone ... Have nice day and good luck with powerusing :victory:

Headphones? I'd choose the screen. F**k their DAC
Maybe one day I'll get LG with Dual Screen? Will see. As I signed the contract in the store I have no way to change it (not sure if I want to).
Anyway, nice day to You too. I miejmy nadzieje, ze znajdzie sie sposob na roota na Velveta

support unlocking the bootloader: • LG VELVET: LMG900EM/LMG
The following devices support unlocking the bootloader:
• LG VELVET: LMG900EM/LMG900EMW/LMG900EMX/LMG900D for the European market

dietoro said:
The following devices support unlocking the bootloader:
• LG VELVET: LMG900EM/LMG900EMW/LMG900EMX/LMG900D for the European market
Click to expand...
Click to collapse
I’ve been seeing the LMG900M a lot on ebay, wondering if this works too as i haven’t seen it on this list?

In the dark
Is there anyway us as a collective to unlock the bootloader ourselves. I literally don't know like I'm very new to this and want to try it out a rooted device

got a velvet.
unlock bootloader was no prob.
but stock roms are in kdz format. uncompressable since last dev of un-kdz un-dz seems to support just old and smaller formats.
tried several boot.img's and twrp's that seem to be same chipset.
nothing worked so far. hopin some of the rom-gurus gets hot on that dual-screen feature/case...which works really good.
i didnt get it to work with root, but i dont give up hope.
---------- Post added at 09:47 PM ---------- Previous post was at 09:30 PM ----------
Catrock31 said:
Is there anyway us as a collective to unlock the bootloader ourselves. I literally don't know like I'm very new to this and want to try it out a rooted device
Click to expand...
Click to collapse
just complete the process that wifredzik posted as link.
you ll get an unlock file from lg immediately.
enable developer options on your phone and in the following usb debugging.
boot into bootloader via adb and unlock as lg describes in the manual.
thats whats worked for me so far.

payed around with stock roms of other new mobile-phones that have the same chipset to extract the boot.img and modify it with magisk.
my strategy is to boot in with root, but without flashing partitions so that i can dump the original boot.img and modify with magisk just to flash it back.
but no other boot.img worked so far.
if there is somebody out there who can breakup the lg velvet stock rom (kdz-format) to intact img files please let me know.
BR
Mike

MikGx said:
got a velvet.
unlock bootloader was no prob.
but stock roms are in kdz format. uncompressable since last dev of un-kdz un-dz seems to support just old and smaller formats.
tried several boot.img's and twrp's that seem to be same chipset.
nothing worked so far. hopin some of the rom-gurus gets hot on that dual-screen feature/case...which works really good.
i didnt get it to work with root, but i dont give up hope.
---------- Post added at 09:47 PM ---------- Previous post was at 09:30 PM ----------
just complete the process that wifredzik posted as link.
you ll get an unlock file from lg immediately.
enable developer options on your phone and in the following usb debugging.
boot into bootloader via adb and unlock as lg describes in the manual.
thats whats worked for me so far.
Click to expand...
Click to collapse
Problem, i got the Canadian version witch is not one of the models listed on their site

Catrock31 said:
Problem, i got the Canadian version witch is not one of the models listed on their site
Click to expand...
Click to collapse
hm...i would try it anyways.
the worst that can happen is that lg dont sends back the unlock.bin.
iv`e taken a look inside the file.
its encrypted. so, no way to create it the easy way by yourself...
br
Mike

Lg Velvet Stock Ringtones
Anyone could please upload the stock ringtones? thanks

Root LG Velvet (LM-G900EM)
As i've found a way to root the Velvet i opended a new thread ind the Velvet section.
Have fun!
BR
Mike

Very close with a Sim Unlock for the T-Mobile version. need some help

I have been working on the sim unlock for the gm1915 for some time now. And could really use the help of our community. My Oneplus7 Pro is still financed, it was bought on ebay and can't be activated. So now I'm at the point that no messages pop up for the sim and I have some service but it won't register on the Network. Attached is the firehose I extracted from the .OPS Tmobile msmdownload on here. I don't think it's anywhere on line so enjoy my time well spent. The best way to use it is with QFIL then you can manage all the partitions as needed. I could really use a efs or qcn from a unlocked tmobile Op7P just make Sure u know how to clean out the imei. For your own benefits.
Update..
By digging into the unlock i found way more then i exspected . It seems there is a wrapper on the system. If anyone has noticed the Alarm or the Wake_lock .it all starts up after the very first boot ,with the gboard. Gboard and all the otheres are bonded together buy location services . This is all the gmscore .and when one is tripped by the alarm that is the wake_lock (clock) they all know. And the simlock is android auto that is part of the hidden apps. I found a whitelist.xml showing them all.when the wrong sim is entered the alarm is tripped and call is made to honk the horn,this is the simlock wallpaper that pops up.Also its swiches the sim id to emergency only.The carrier plmns used to lock are located and tyed to game mode,I have found a vulnerablity in the gmscore and have been able to pull it all. There is just way to much more to go into. All of these items have to be cleard to simunlock ,this is why the Tmobile rom is needed. If in the process somthing is done wrong and tripps the alarm the phone will reset the lock and sometimes reboot and not start back up.

heres the Firehose files

Update, by erasing the modemst1 and modemst2 it deleats the sim lock. And don't effect the IMEI at all. But by erasing them it clears all the uim configurations. Restoring efs with twrp goes back to locked. I'm in the process of rebuilding the missing NV- items one by one and should have a fully functional Sim Unlock for the T-Mobile OP7p. After doing all I have I might just have a working bypass for most T-Mobile locked qualcomm devices using the unlock app.

Nice work
Good luck, keep us posted on progress.

Good work friend.
Can this work also for the gm1925?

justencase6 said:
Update, by erasing the modemst1 and modemst2 it deleats the sim lock. And don't effect the IMEI at all. But by erasing them it clears all the uim configurations. Restoring efs with twrp goes back to locked. I'm in the process of rebuilding the missing NV- items one by one and should have a fully functional Sim Unlock for the T-Mobile OP7p. After doing all I have I might just have a working bypass for most T-Mobile locked qualcomm devices using the unlock app.
Click to expand...
Click to collapse
Thanks, please keep us posted!

elital said:
Good work friend.
Can this work also for the gm1925?
Click to expand...
Click to collapse
very well possible . if you would like to test out and help me out PM me. i need others that can help me out.

PM sent as I'm same situation as you.

Very interesting
How were you able to erase the modems? I get an error (Critical Partition is locked) when I try and do this on my 7T

droidout said:
How were you able to erase the modems? I get an error (Critical Partition is locked) when I try and do this on my 7T
Click to expand...
Click to collapse
You will need to unpack the firehose file from the.ops back up file in the msmdownload tool for your phone. The one I have won't work .Its a different SOC then you can use it with QFIL and manage the partitions.

Am in
All help needed please. We need to crack this thing.
Maybe a bounty for anyone that can crack it too will help

sbenjy said:
All help needed please. We need to crack this thing.
Maybe a bounty for anyone that can crack it too will help
Click to expand...
Click to collapse
Right now I don't have access to all the info. And money is limited. I'm waiting for a good deal from eBay for one that only has a working unlocked main board. Don't care about anything else on it as long as I can connect to it. Then things will move faster. It seems they added alot this time.to stop us all

Update . If anyone would like to know and is not with the telegram group. I have found all the reasons why the T-Mobile OnePlus 7 pro has not been unlocked yet. Qualcomm has changed alot of internals and has a new updated encryption with the sdm855 SOC. But I'm not going to let it stop me. I have found out that the sim lock is implimented in the stock modem. I'm about done fully unencrypting it and already have it half way unpacked. I have also learnd that there might be a EFUSE for the sim lock. something else quit new. Looks like they must have started paying the programmers at tmobile for a change also.

keep it up dear we are waiting your work
i have a 7T that is sim locked and cannot be unlocked waiting your work

justencase6 said:
Update . If anyone would like to know and is not with the telegram group. I have found all the reasons why the T-Mobile OnePlus 7 pro has not been unlocked yet. Qualcomm has changed alot of internals and has a new updated encryption with the sdm855 SOC. But I'm not going to let it stop me. I have found out that the sim lock is implimented in the stock modem. I'm about done fully unencrypting it and already have it half way unpacked. I have also learnd that there might be a EFUSE for the sim lock. something else quit new. Looks like they must have started paying the programmers at tmobile for a change also.
Click to expand...
Click to collapse
Hey mate send me the link for the group. I got a little info I found out along my ways too
---------- Post added at 04:27 PM ---------- Previous post was at 04:23 PM ----------
I have a unlocked modemst we can play with. We may be able to push this. As I saw you tried to zero modemst out just like I did. It does sim unlock the device for sure. But as stated it also won't properly read a sim as I believe nv is screwed up. If we can combine some of this I bet we do it. I gots a few ideas as well. If any one is willing to try stuff and such. Mines already unlocked. I got mine done directly from tmobile so I can't out right test my other ideas any more
---------- Post added at 04:28 PM ---------- Previous post was at 04:27 PM ----------
On a further note. I would prefer you be rooted with twrp already just so you have your own backups and such and not in the same boat I was for a bit

oneplus 7t T- mobile
please everybody lets work on this im ready i have a sim locked t mobile oneplus 7t and there is no wy to unlock i got it from ebay . im ready for any testing
---------- Post added at 07:43 PM ---------- Previous post was at 07:41 PM ----------
TheMadScientist said:
Hey mate send me the link for the group. I got a little info I found out along my ways too
---------- Post added at 04:27 PM ---------- Previous post was at 04:23 PM ----------
I have a unlocked modemst we can play with. We may be able to push this. As I saw you tried to zero modemst out just like I did. It does sim unlock the device for sure. But as stated it also won't properly read a sim as I believe nv is screwed up. If we can combine some of this I bet we do it. I gots a few ideas as well. If any one is willing to try stuff and such. Mines already unlocked. I got mine done directly from tmobile so I can't out right test my other ideas any more
---------- Post added at 04:28 PM ---------- Previous post was at 04:27 PM ----------
On a further note. I would prefer you be rooted with twrp already just so you have your own backups and such and not in the same boat I was for a bit
Click to expand...
Click to collapse
im ready for any testin i have locked and simlocked oneplus 7t just give me the ideas and i will implement

Hi Op, have you tried the method of the sprint HTC One M9 to make a back up of a T-mo unlocked phone and try to write it to a locked one?

come on! we're dying here. I bouhght the tmobile op 7 pro and converted it to international. i got rid of that and currently have 2 GM1917 (OP7 Pro Unlocked) also a GM1925 which is my main problem. Its the OP 7 Pro 5G Sprint version. I've been trying t

frostwildfire said:
Hi Op, have you tried the method of the sprint HTC One M9 to make a back up of a T-mo unlocked phone and try to write it to a locked one?
Click to expand...
Click to collapse
wont work, i have went as far as erasing the full ufs even the gpt tables, and then writing back , the problem is the device encrypts the modemst1 and 2 using the hardware id .and that ID is hardcoded to the SOC and cant be changed , so u cant write another modemst1 and 2 to another device. the lock flag is encrypted inside them. I have been able to unlock the gm1925 sprint model .have locked and unlocked the same device 3 times now with sprints server.and just have to write the efs back to lock. even have a full log of the process. its just that im out of my range of exspertease and im haveing to learn as i go.

justencase6 said:
wont work, i have went as far as erasing the full ufs even the gpt tables, and then writing back , the problem is the device encrypts the modemst1 and 2 using the hardware id .and that ID is hardcoded to the SOC and cant be changed , so u cant write another modemst1 and 2 to another device. the lock flag is encrypted inside them. I have been able to unlock the gm1925 sprint model .have locked and unlocked the same device 3 times now with sprints server.and just have to write the efs back to lock. even have a full log of the process. its just that im out of my range of exspertease and im haveing to learn as i go.
Click to expand...
Click to collapse
Hi, I have also the gm1925 sprint model. Can you help to unlock it?