Hello everyone, I'm a total noob but I solved a problem which I couldn't find the answer to, so I thought I'd share. Please take care following my noob advice, I'm not responsible for anything which goes wrong with your phone (and if it gets complex, I probably don't have the skills to help)!!
What was my problem?
When I went from Nougat to Oreo, my radio broke (no cell reception). However I had the files from LGUP, so I could flash "fsg" "modem" "modemst1" and "modemst2" in fastboot (as explained here) which did indeed fix my modem problem, giving me back radio and data. However, this also made the fingerprint scanner disappear from my phone's settings menu. As far as I could tell, this wasn't a problem related to encryption (as discussed in AO ROM thread a lot, which is what I'm now running), rather 'twas a problem with the firmware! So I was loving Alpha Omega, but left without fingerprint scanner since radio isn't really optional on a phone.
Solution?
Please remember, I'm a noob and have only done this for my own phone, a h910, I don't know if i will work for you or on other models!!
Basically, I mish-mashed the two modem files from Oreo and Nougat, to get both things working!
Steps I took:
1) Use Linux - I couldn't get the files to open properly in windows, and didn't find a way to write to the image files.
2) Find a stock "modem.img" file from Oreo (i searched on google "stock oreo h910 modem and it came straight up) - I think I am too new on this forum to post outside links so you'll have to search for it.
3) Find a stock modem file from nougat (I used my original LGUP dump file from nougat, renamed to .img) I'm not sure if it is important that this came from your phone or not, if you followed all the instructions on the dirtysanta root guide, you'll have this as part of your LGUP backup.
NOTE: both of these files were 86 Mb (helped me feel confident I'd found the right thing on google)
4) Create backup copies of both, and append ".img" to your LGUP "modem" file. Call the backup of your OREO modem (the one you got off of google) "MyModem.img", just to keep it clear for later.
5) Mount the NOUGAT img first in a terminal (might have to make a mount point first), for me this was like this:
Code:
sudo mkdir /mnt/modemfiles
mount -o loop /path/to/your/nougat-modem-file.img /mnt/modemfiles
You obviously have to put the file path to where you saved your NOUGAT modem image - the one from LGUP!
6) You should now be able to see the nougat modem .img mounted as a disk in "places" on your file explorer. Go there, and copy the contents into a new folder somewhere easy to find (make a folder on your desktop called NougatModem.) There are two folders iniside, one called "image" and one called "verinfo".
7) Now you can un-mount, as we have what we need from it, easiest to do by just right-clicking it in file explorer and select unmount.
8) Next we will mount the image which will become your new (hopefully working!) modem, but it has to be writeable, so using the same mount point we would do
Code:
sudo mount -o loop,rw /path/to/MyModem.img /mnt/modemfiles
Remember that "MyModem.img" should be your backup OREO image - where all the firmware works but you don't get radio.
9) Now basically comes replacing a few files in the OREO modem (which we have mounted) with ones from your original NOUGAT backup (which are in that folder on your desktop). I couldn't remember if cp command replaced things with the same name, so I used rm to remove files, and then cp to replace them once they were gone.
a) first it is the folder called modem_pr, inside image
Code:
sudo rm -R /mnt/modemfiles/image/modem_pr/
b)next were all the files in the image directory which were modem.SOMETHING
Code:
sudo rm /mnt/modemfiles/image/modem.*
10) Finally we have to replace those files and the folder with the same things from our NOUGAT folder which is on our desktop, using the copy command. I will put the commands as if you did name that folder NougatModem
a) so first the folder which we removed
Code:
sudo cp -r ~/Desktop/NougatModem/image/modem_pr/ /mnt/modemfiles/image/
b) now all the files again, using the wildcard for the different extensions
Code:
sudo cp ~/Desktop/NougatModem/image/modem.* /mnt/modemfiles/image/
So if all went to plan, you now have an image (which you can unmount), called MyModem.img, which you can flash in fastboot to the modem parition (fastboot flash modem /path/to/MyModem.img) and if it works for you like it did for me, you have cell reception, data (after putting in APN if it's needed) and fingerprint scanner all working on OREO. Again, I'm on Alpha Omega, loving the rom and now going to go play a bit.
I've not been on the forum long, but have just gained a HUGE insight into how much time people put into making guides and helping others learn (this has taken me ages haha). Thanks to everyone for your hard work and community spirit, please let me know if this works for you or if it provides any interesting insight as I really did it blind (I had no idea if it would work, and was just making some slightly educated guesses - I got lucky!). Also, if the instructions are hard to follow and you have a hint, I'm happy to edit them to make them clearer.
ENJOY!!
PS - I know the linux commands could be better haha, using more than one mount point too might have been easier, but I figured that I'd just keep it exactly the same as how I did it since I'm a noob and would be more likely to screw something up in the instructions, if I changed it without trying at the same time!
EDIT: I could also upload my "patched" modem image, but not sure if it will work for other people's phones, or if it has "personal" or unique info in it (basically if it would be safe to do so) - If someone who knows tells me it'd be good to go, I'm happy to share it if it would save people from having to go through the whole process. I guess I hope posting all this will be a learning thing for others too Gotta have some justification haha!!
You are to be commended on your well presented write up. But I'm sure there is an easier way to get data and fingerprint working without going through all of that.
I don't have an original H910 device but I did flash H910 oreo kdz on my device and data did not work at all. Didn't test fingerprint. All I did was flash modem using lgup patched from another variant and that solved it.
ezzony said:
You are to be commended on your well presented write up. But I'm sure there is an easier way to get data and fingerprint working without going through all of that.
I don't have an original H910 device but I did flash H910 oreo kdz on my device and data did not work at all. Didn't test fingerprint. All I did was flash modem using lgup patched from another variant and that solved it.
Click to expand...
Click to collapse
Thank you for the commendation haha! What a mission!
So I'm guessing you flashed a different version's KDZ?? As far as I'm aware from lots of reading here on xda, there are no KDZ files for the h910. For me the kdz from h915 worked perfectly for example, apart from data. And that was the story with a few things I flashed, KDZ or ZIPs, they would break data, I'd flash the modem, and that would break the fingerprint scanner. Hence this long-winded solution lol.
If you have an original h910 kdz that people don't know about that'd be interesting in itself!!
No, I flashed a H910 ZIP that someone kindly uploaded here somewhere. Then I flashed back the modem from a Verizon kdz.
You are the best, I have been trying to solve this for a long time, I tried flashing many things it thanks to you I now have a working fingerprint and data. Although I am a complete noob for using linux I just used it for the first time using live boot. This is a challenge for noobs but worth it at the end and big thanks.
Why not just cross flash to us996 and walk away? 0_o You get a newer modem this way. I think you have to enable bands on some devices but on h910 I don't think even this matters. You are just downgrading the modem and keeping the new bootstrap. Still from what I read this is encryption issue. There was a supposedly a rsa key change during the update... without them matching the bootstrap will not will not load fingerprint software as it's not trusted unless it matches.
Vortell said:
Why not just cross flash to us996 and walk away? 0_o You get a newer modem this way. I think you have to enable bands on some devices but on h910 I don't think even this matters. You are just downgrading the modem and keeping the new bootstrap. Still from what I read this is encryption issue. There was a supposedly a rsa key change during the update... without them matching the bootstrap will not will not load fingerprint software as it's not trusted unless it matches.
Click to expand...
Click to collapse
So should I flash the whole ROM or just the modem of us996 to have both working?
DesrtSailor said:
You are the best, I have been trying to solve this for a long time, I tried flashing many things it thanks to you I now have a working fingerprint and data. Although I am a complete noob for using linux I just used it for the first time using live boot. This is a challenge for noobs but worth it at the end and big thanks.
Click to expand...
Click to collapse
Just wanted to say that made my day when I read that the original post had helped you out Cheers for letting me know
Awesome!! Thanks for this. Where did you get the idea of what files to change? Just curious.
I am still tinkering. I have an LGUP dump from:
ATT Stock
A-O Nougat install
A-O Oreo install
I was mix and matching the modem files with various modemst1 and modemst2 files. I did this because it seemed that I got better signal strength with the A-O Nougat install... but I got the kernel panic/modem crash whenever I lost signal on the phone. But with this hand made modem file - no crash. But now I am going to continue mix/match and see what crashes and what gives the best signal strength.
Anyway thanks a bunch!!
Please give me the patched modem file, please send it to [email protected]
I would root then try activity launcher or some sort if hidden menu launcher to get band menu. Alternatively get Network signal guru and lock bands. That how i did it in los 17.1 not sure if it would work on stock. I went from hspa to lte doing it in h915(it's a Canadian h910). I even crossflashed to us996 and left it that way. Says it even says band 66 was unlocked in the app but it has not been tested yet. Either way I got band 4 and 12 once I did this.
Related
Before we begin. This solution is for people who have tried everything multiple times, and failed. If you haven't read and have not tried the following solutions yet, please do so first:
How to start over: From original stock to rooted latest OTA (WiMAX working!)
[GUIDE] Bad WiMax MAC? Broken 4G after update? Fix HERE!
The guide below is ONLY for people who did not have success with above methods (i.e. they are really really hosed). And there are limitations for now, until everything is confirmed and tested. The most important part you need access to a second, healthy and rooted EVO. As of yet, this is the only way to guarantee that one binary dump is not used a million times, negating the effect.
Please read the whole guide before starting the process, so that you know the risks, limitations, and potential issues with all this.
I am going to sign off for a few hours, and go enjoy my life for a brief time, before returning to answer any questions that may arise.
Ok, so for now, this is more of a proof of concept solution, since I understand not everyone has more than one EVO to do what I did.
My idea about partitions was correct, so without further ado, here is how to restore a botched wimax.
What you need.
2 Fully rooted EVOs (step 1 and step 2), one with working 4G (any version of all firmware on either, all we care for is working WiMax)
System which can do fastboot commands. That means you will have to have Android SDK installed. I also add path to /tools folder into my system PATH, so I don't have to type out the full path to adb or fastboot every time
Custom recovery. I use clockwork for this, since I am not sure all the files are signed, as required by Amon RA's recovery
Broken EVO backup
Backup your existing wimax partition on your broken EVO. We may need it some day.
Open command line window (cmd)
Make sure you have no PC36IMG.zip files in the root of your SD Card, or it will take a while to power your phone up
Power down your phone
Power it up while holding down the Volume Down key
HBOOT will attempt to scan for PC36IMG files. Let's hope you read carefully and don't have it on your SD Card root
Once HBOOT fails to find the file, use Vol Up/Down buttons to go into Fastboot mode
Connect the USB cable to your phone (and PC). You may have to install the USB drivers that come with Android SDK, but chances are if you are looking for this solution, you already have them installed and working
The FASTBOOT mode will switch to FASTBOOT USB (that's good)
Test your fastboot by typing "fastboot oem h" in command window you opened earlier (note, no adb, or adb shell anywhere, the command is "fastboot oem h". From here on all fastboot commands are issued in that window
If you see less than ~40 lines of output, you don't have a propertly rooted phone, and you need to do step 1 and step 2 (see above)
Dump your wimax data by issuing "fastboot oem saveprt2sd wimax -n wimax.bin" command (varies, anywhere between 7 to 8.5 MB, mine was 7MB)
Dump complete partition (~12MB) by issuing "fastboot oem saveprt2sd wimax -n wimax.bin -a" command
Reboot your phone
Pull the data files you dumped to a safe place ("adb pull /sdcard/WIMAX.BIN" and "adb pull /sdcard/WIMAXRAW.BIN"). Note the capitalization, it's important
We are done with your "bricked" phone.
Getting correct wimax image from a working phone
Now, repeat the same steps for your working phone (steps 1-14)
Pull the files to a different (safer) place, and cherish them like they are the only thing you care about in this world (which you do, right?)
Make a copy of your WIMAX.BIN file from the working phone (do NOT edit the actual file, just in case something breaks with your working phone at any time)
Use hex editor to update the working file in 2 places, and change the MAC address (which should be your working evo MAC - 1) to your broken evo MAC - 1 (remember, A becomes 9, F becomes E, etc). It's a big file, so search for "00:18" to find the 2 places. There will be exactly 2, not 3+ and not 1.
Rename the file you just edited to "wimax_25641R01.img"
Fixing your bricked phone
Push it to your sd card root: "adb push wimax_25641R01.img /sdcard"
Push the attached zip file to sdcard root: "adb push new_wimax.zip /sdcard"
Reboot your bricked phone into recovery
Flash new_wimax.zip. This will force write wimax_25641R01.img you pushed earlier, including the certificates in it
Reboot from recovery, let it finish, and boot up into Android
If not running the latest evo WiMax firmware yet, use the second attached zip to do so
Reboot your phone. Allow everything to complete and boot into Android
If needed, update PRL/Profile (I didn't need to, but I already updated it 50 times by now, so YMMV)
Now, I can not attach any of my dumps yet, before I test and make sure whether both phones can stay online on 4G without interruption, I will do some more testing later, since the Encryption keys are different (between 2 working evos I dumped binaries from). I still have 1 more phone to check when I get home. So if you have another evo (friend, family, etc) - you can do that already.
Otherwise, be patient, more testing is needed to make sure we are not going to steal anything from your friend, family, etc, since encryption keys are unique.
But the above solution works for completely restoring your 4G into working state.
I am currently running latest rooted OTA update, too, so it definitely works fine on latest and greatest.
Red,
Have you actually seen the encryption keys in plain text? How many bits are they?
Also, when you restored the wimax part from the working phone to your non-wimax-working phone, did you keep the MAC the same between the two phones?
Red,
Now that you have 4g fixed, can you take a look at your *.tree.xml files? Look at the ones from when 4g was broke, and then look after. Everything from boot.bin gets written into that file, and I'm hoping the signature does as well. If so, we may be able to pull it out of an old xml file and somehow work it back into the wimax.img.
Thanks
EDIT: On second thought, I do recall there being a way to flash the signature via fastboot..
MAC addresses were kept different, exactly what they are on a label behind the battery. For each phone. Hence, the editing step for the wimax partition dump.
Tree.xml does not contain any signatures, I verified this some time ago before I even started playing with the wimax partition by taking one from a working evo.
The keys are in plain text, simple RSA keys, judging by the size looks like 1024 bit. both public and private key are stored. Who knows, maybe just faking one will do it but I am guessing they are signed by some sort of CA otherwise it would be too insecure of Sprint.
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
This may be worth a shot. I am not sure boot.bin has the signatures, but I will check later tonight. If it does, I am guessing we should be able to just do a drop in replacement of signatures in the image file and it should work.
Sent from my PC36100 using XDA App
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
mpa4712 said:
So if we had a Nandroid backup from when Wimax was working, the boot.bin in that backup would have the key in it right?
Let's pretend it does, it would get written over when you powered on the phone after flashing. What if we didn't reboot after the restore and went back to recovery? We would then be able to get the boot.bin via adb and get our respective signatures. If they are indeed 1024bit, I don't see us being able to regenerate them anytime soon.
Click to expand...
Click to collapse
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
redsolar said:
Also since nandroid is just a simple copy and I'd the keys are indeed preserved, I would think we can pull them from there.
Sent from my PC36100 using XDA App
Click to expand...
Click to collapse
Cordy said:
Does the Boot.bin actually store the keys? You are correct that once you restore a nandroid your working Boot.bin is replaced on boot of Android, in fact from what I saw it seemed it was replaced upon every boot but I could just be mistaken. With that said once you nandroid you can pull it by adb shell mount -a then adb pull /data/wimax/Boot.bin all from right within recovery without booting back into Android.
Click to expand...
Click to collapse
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
mpa4712 said:
My thoughts exactly gentleman.
The only problem I forsee is that when you restore a nandroid backup, doesn't the phone reboot automatically afterwards? I think it does.
Click to expand...
Click to collapse
ugh it shouldn't, not sure what recovery you're using but using toasts or Amon_Ra's recovery it just restores the nandroid and then you choose manually to reboot. In fact I've already pulled my Boot.bin from before I messed up my MAC this way already, I actually puled the whole wimax folder.
you can unyaff your data.img in your nandroid and dig thru watever you want.
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
*grumble* going to compile it now....*grumble*
david279 said:
you can unyaff your data.img in your nandroid and dig thru watever you want.
Click to expand...
Click to collapse
lol or do that so much easier huh!
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
mpa4712 said:
looking at my boot.bin from 6/20, I don't *think* the signature is in it. However, I will let Red confirm that since he knows exactly what to look for.
I've only dealt with rsa encryption using openssl, in a full screen terminal, not a tiny hex editor.
There are some fw files in the wimax directory that are worth a look too though.
Click to expand...
Click to collapse
That was the reason I asked, I as well as others have looked through the Boot.bin before. I also looked through all the firmware files. Interestingly there is a default firmware and that a manufacturer firmware I'm guessing one to fall back on the other. You're mac is in the Boot.bin as well as wimax_properties. If these files stored the keys great, but either way they'd have to be changed on the actual firmware.
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
mpa4712 said:
Interestingly enough, my boot.bin from my broken wimax is about 10kb smaller than my boot.bin from my nandroid backup that had working wimax.
Clearly there is something in that file that the other one does not have. I do think the rsa keys need to be stored somewhere though. I really do not believe the phone does on the fly encryption/decryption with them from the wimax partition.
If they come in an actual file, red will be able to extract the wimax.img he made and look.
Click to expand...
Click to collapse
you know for something that obvious I never noticed that. I never ran a diff on them. I just scanned through it to see if there was anything that struck out as being different and I stopped when I saw the different MAC's
I just went through the two boot.bin files and I'm pretty sure the keys are not in there. However, there are plenty of files that get overwritten on every boot, so I'm going to go through all of them. A 1024bit key should stick like a sore thumb if it's in plain text..
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Geniusdog254 said:
How can I tell if my keys were effed up? I'm currently out of 4G coverage and will be for the next week or so, but I'd like to get it fixed.
I know it was broken because my MAC was changed, I've fixed everything, my boot.bin is the same as pre-screwup as is wimax_properties, everything appears to be working fine, but I can't tell without coverage.
I just wanna know if I messed my keys up too, but I'm not sure whether I did or not?
Click to expand...
Click to collapse
From what we know, if you ever had a messed up MAC then your keys are also gone.
Dear Friends,
About to pull a trigger on an AT&T LG G4, can someone give me a short answer, ASAP?
Is it possible to have permanent Root and Xposed on the AT&T variant WITHOUT ridiculous bugs like a "green dot" in the camera of the phone? (what does the green dot even mean? It's on every picture? Is it a watermark? Just on the GUI?)
If possible, how? And should I buy the phone?
Appreciate any QUICK responses, about to buy now! Thanks so much in advance!
I just bought the G4 a couple of days ago. I was able to root, but there is no twrp or xposed as far as I know. I also don't have the green dot and everything is working fine!
Thanks for the quick response, my friend. Can you share the method/thread/image you used to Root?
I think you can install Xposed without TWRP via FireFlash? Can someone please confirm?
Thanks guys!
Just got my G4 two days ago. You can root and you can install Xposed with FireFlash. Root requires pushing a rooted version of whatever software version you are currently running. If you can't find one you can inject root into your own system.img using Ubuntu. After root get FireFlash and the right xposed zip and be patient, it can sit black screen, appearing dead for 20-30 minutes. Over all not too hard. Took me a couple hours from The un-boxing to Xposed. Definitely do it. The green dot on camera comes from the PR system.img. I'd stay clear of that. Everything is working great on mine!
@Nowak4G - Thanks bud, that's what I read too. Can you point me to the guide and img file you used that worked for you? I doubt I'd prefer the Ubuntu way...
One other question... Is there a way/app/Xposed module that's kind of like G3TweaksBox for us? Letting us change the Status bar icon colors and toggle colors?
I highly doubt themes work for us since we can't Flash them without custom recovery?
Thanks again!
GravityBox works for status bar stuff and yeah here are the threads I used. Good luck bud!
http://forum.xda-developers.com/showthread.php?p=62028519
http://forum.xda-developers.com/g4/general/lg-g4-100-root-success-directives-root-t3180586
http://forum.xda-developers.com/showthread.php?p=62664473
I'm not totally sure what stuff can and can't be flashed using FireFlash. But for applying icon themes with Xposed I use this module, Unicon:
https://drive.google.com/file/d/0B1nrydqmmOBUdFoyV0FBLUM1OVE/view?usp=docslist_api
I've had my LG G4 rooted and running Xposed with a lot of modules enabled.
If the phone you buy is on the 10G software version (and want to stay on that version), you should be able to root it following the method in the LG G4 Low Effort Root thread. Follow it to the dot and enjoy partial freedom.
If the phone you buy is on 10I, there is a rooted image floating around. So you could take the 10I update (or make sure your phone's on the 10I version), and root it using the Low Effort Root method.
I would also recommend the following:
1. keeping a copy of your untouched fresh system image in your internal memory (as early as possible after buying the phone). In case of a bad flash you have something to possibly go back to - otherwise you'll end up with the PR ROM and the green dot. The method and commands to extracting the system image is very similar to rooting, except instead of dd'ing into the system partition from SD, you do the opposite (from system partition to SD)
2. disabling system apps and system updates using the debloater tool and a tutorial here on the forums
Regarding flashing files via recovery, I usually extract the files and place them in the correct directory with the right permissions. Usually most files use 0644 permissions, but I would first check the existing permissions with ES File Explorer.
Hello @Nowak4G and @mu3g,
Guys thank you for your response. I can confirm that the seller I bought the phone from took the 10l upgrade. I have little to no experience rooting locked bootloader phones, and I have to be honest, I am more confused than I have the answers. Now that I have confirmed that I will end up with 10l update, can you guys give me a noob boost and give me step by step on how to root, Xposed, and possibly back up my stock image, since I do NOT want to end up with the PR build, with the green dot, in case things go wrong?
Am I correct that the right answer to my problem is, Low Effort Root with the floating 10l rooted img file, located here: https://drive.google.com/file/d/0B54ceS-n3ZAiaVAxMkJFLXNMYmM/view?pli=1
Please help me out guys, would even appreciate more if we can maybe connect on Google Hangouts for some dynamic help? Please let me know and thank you again for your wonderful so far !
Yes, exactly. Use the floating around 10I rootedsystem.img with the Low Effort Root instructions. But definitely keep a unrooted system.img on the internal storage as a backup. Instructions are in the LER thread. Just read carefully and follow the steps and you should be fine. All copy and pasting.
You have the correct 10I rooted system img file. I would recommend following the LER steps and backing up the system image for 10I (see post 2 of the LER thread). This would give you the stock image for later use. Then follow the LER steps to the dot using the rooted system image file you have from the google drive link. The LER thread has pretty clear instructions on backup and flashing system image files for the G4. Just make sure to rename your downloaded file as "system.rooted.h81010i.img" and use it in the command...the file name here is the most important!
Thank you guys, couple of follow up questions:
1. Do I run the backup command to copy my Non Rooted image, right after the step that gives us the DIAG Port Number? Or do I do it after the "id" step?
2. The generated back up, I assume will be done as an .img file in the root of my phone, correct? I assume I just back this up on my computer and/or External HD?
3. This is the scariest step. When I am running the step for flashing the rooted img, I need to rename the downloaded file to, "system.rooted.h81010i.img" as @mu3g recommended? Why not, "system.rooted.h81010m.img" for example?
4. I just use the exact file name we determined above for my downloaded rooted 10l image file, in the flash command when following the LER guide? Exactly that file name, correct?
Thank you again for all your help and excuse me for my continuous noobness!
Answers:
1. Run the backup command in Step 7 of the LER root ("Run the command specified in the section below titled 'Commands to Run' to flash the rooted system image.") <<---replace the commands to run with the command to backup your unrooted clean system image to your internal memory ---- if you compare the commands, it will become obvious on how the data is being moved (pushed or pulled from the phone).
2. The generated backup will be on the root of the internal memory of the phone. Yes, you can then move it to your computer or any other location for safekeeping AFTER you've booted your phone up properly - don't do any of this while you're still in the LER state.
3. I just gave you a recommendation on the name..you can name the rooted system image file whatever you want - you can even leave it as the way it is....just make sure to use the EXACT file name for the image in the commands to run (also 10I, 10M etc. are software version numbers..I'm not aware of a 10M version being released for AT&T. In any case, just use the EXACT file name for the rooted image.
Thank you @mu3g! I think I am now ready to go through the process myself with confidence.
I am, however, still a bit confused about the file name of the rooted image that I will be flashing. If the phone already has 10l installed, and I leave the name of the rooted image intact, that is, "system.rooted.h81010l" would the phone still accept/get tricked into, thinking that it's getting an "update"? Or did you mean that the file name could literally be anything like, "filename.img" and if the commands match it, all will be installed correctly? As in, when the system boots, it will have all the correct build and software information with it being a 10l update and etc?
Please forgive the annoying, detailed questions, but I want to not mess this up, since every guide triple emphasizes the importance of the command being absolutely right! Thank you!
You can literally name it blahblahblah.img as long as you use blahblahblah.img in the commands to run for the rooted system image. The file naming scheme has nothing to do with the acceptance or rejection of a system image. When you're in the bootloader mode ready to download files (which is the mode for LER), you can inject any file into any partition, anywhere on the phone...it's just whether the phone can use it or not properly and whether or not it ends up being a brick
Your file name for the system has nothing to do with the build number showing on the phone after booting up.
EDIT: The only reason I gave you that file naming scheme is because you don't seem to be too comfortable with the command line, thats all..that way you could copy paste the command from the LER guide and just replace "g" with "i" - that's all..if you're good with the command line and careful, you'll be fine..just make sure the file name is correct..you can't get much else wrong.
Understood brother, just needed that clarity. I am not an absolute noob with cmd line, but you know how it goes when you're rooting your phone, the perpetual fear of an expensive paperweight!
I cannot find the thanks button here, wish I could, so I could thank you over and over and @Nowak4G, but either way, thank you so so much @mu3g!!
good luck!
How did it go? Were you able to go through with it?
While the green dot does usually appear on 810 phones running the PR KDZ, I have heard reports of it on some 815 ...its pretty random. I just did a warranty exchange for my 810 so I will likely be staying on the ATT software.
Hi Guys, wanted to update this thread with my results...:
I successfully rooted on H810l (AT&T) with 0 issues, following the Low Effort Root. Per the recommendations of the process, I also backed up my Stock, Unrooted, .img file for restoration to Stock, if it were needed. Well, I might be moving on from this phone and need to return to stock. Can someone advise the exact steps/commands to return to stock using the unrooted .img file I backed up before pushing the rooted .img? And can you confirm that you did this successfully as well?
I would really appreciate it! Thank you!
I have not done it myself, but if you uninstall all your root apps completely, make sure to enable any and every disabled app you may have (like for example AT&T apps etc.) using the debloater software and then follow LER to install the stock image on it, it should come back to bone stock. Remember, the key here to to ensure that no root apps exist on the phone - I guess SU will get wiped out, but its better to do it clean. And secondly, any disabled apps need to be re-enabled for a smooth process. These are just my $0.02...so proceed with caution.
hey everyone,
I was looking around for a possible way to get around the root catchers, ie. android pay, snapchat, etc. and someone casually mentioned they use a clean partition to use those services and then boot their rooted partition for everything else. I've checked my secondary slot (_a) and it doesn't boot at all so im sure I've only got half some stuff flashed to it.
Is it as simple as switching to my secondary, booting into bootloader and simply flashing the required files like I did for my main partition? or do I need to just fastboot my system.img and boot.img? More importantly, does this actually work?
-I'm on 7.1.1 with TWRP alpha2 and SR5
Thank you thank you!
edit1: found this through some searching, my new question is assuming I use the "_a" prefix for the commands I should not touch my active slot correct?
edit2: It worked! For anyone wondering I just used the first set of commands from the thread linked in edit1. My custom kernel stayed on the system and I am able to use apps that normally lock out root!
I think it's important to flash both partitions and use the ignore secondary option and also make sure that the -w is not in the command line . Don't know the specifics, but a normal flash includes some files in the other partition, files it won't find if you only flash one slot. I could be wrong, but that's how I did it. Couldn't get it to run right when I only flashed one slot.ymmv.
dtrud0h said:
I think it's important to flash both partitions and use the ignore secondary option and also make sure that the -w is not in the command line . Don't know the specifics, but a normal flash includes some files in the other partition, files it won't find if you only flash one slot. I could be wrong, but that's how I did it. Couldn't get it to run right when I only flashed one slot.ymmv.
Click to expand...
Click to collapse
Alright so to confirm, since I seem to always confuse myself, as long as I remove the "-w" and use the command to not touch the other partition my data and what not should be fine? I haven't messed with the flash all in a while so I might just manually input those commands to make certain I don't mess up haha.
I'll tell you what happened with me.
I could run the altered.scripts/bat files, but the last segment wouldn't run.. . meaning the script would flash boot, and radio but wouldn't run the update command portion. I had to copy and paste into fastboot the last instruction anyway. I don't know why but that's what happened. One thing is to make sure image file message in the script matches what you have downloaded and extracted
. Either edit the bat or sh file accordingly.
Hey all
I have bricked my t-mobile V20 trying to network unlock it.
Anyway, I have been investigating solutions to this problem, and well, let's say there is no easy solution for most people.
The problem as I see it, is that this chipset (msm8996), while not exactly super new, is for all intents and purposes VERY new indeed. Because of the widespread use of UFS NAND introduced with this cpu. Almost all phones based on these newer qualcomm chips use this modern storage, which works as a multi-LUN device. Meaning it will show as several independent logical storage devices depending on configuration. V20 has 7, or at least the H918 does.
In short, it means the storage device is no longer mounted in mmcblk0, but on /dev/sda sdb sdc... etc depending on how many LUN's.
So the community has not catched up yet to this new development. (Well I guess hard-brick has always been a pain for many phones, but this makes it worse)
Now there are, I think, 5 ways to approach the 9008 mode in this instance.
*JTAG: Bypass all this QC hodge-podge and program the darn NAND directly.
*USB with Box: Some type of box with the capability to program your specific phone. Proprietary, closed source, have to pay.
*USB with firehose: Program yourself with programs like QFIL. Need device specific "prog_ufs_firehose_8996*.elf" file. LG has not released this. Can probably only be leaked, which happens on occasion.
*Enter DL or 9006 mode: It may be possible to short certain test points on the motherboard, which will put the phone into 9006 or Download Mode. Would require instructions, or the Service Manual.
*SD-Card Rescue: Make an sdcard with the required partitions. Some say this can't be done on newer QC chips with UFS because of the aforementioned multi-LUN situation.
I have been looking into this SDCARD method, and I found some info on the DragonBoard 820C (which uses msm8996, with UFS). This board has 6 LUN's, so it's multi-lun just like V20.
If you see here: DragonBoard, there is listed a method of SD CARD rescue. The tools can be found here: db-boot-tools
Unfortunately I don't have a full dump of my partitions, so I only have the ones included in the TOT, or KDZ files. I tried making a image using those files, it didn't work, but something interesting happened. With this sd card inserted the phone does not show the qdloader 9008 port on my pc, actually nothing shows. I did double check using a normal card inserted, and yes with normal storage card qdloader 9008 mode appears.
So this is interesting and makes me think I should try some more with this, but I need someone with a T-Mobile H918 to dump their partitions. EFS is not needed (where the imei is).
Update: I currently don't need a dump (Except for engineering firmware).
Update2: I could not make the SD-Card boot work, see here (with normal firmware).
List partitions
Command: ls -l /dev/block/platform/soc/624000.ufshc/by-name/
Or this: ls -al /dev/block/bootdevice/by-name/
Then dd the relevant partitions not listed above: dd if=/dev/sd*1/2/3/4... etc of=/sdcard/"filename".img
As an example, maybe you can do it other ways, perhaps with an app.
You can also use the patched LGUP to dump partitions. Should be the simpler method.
In any case I will be grateful for your assistance, as I'm sure many others will if this pans out.
Engineering Rom: I got an idea, if I can't get this to work then maybe it's because the support isn't compiled in the bootloader. If I could get the eng-firmware (for H918) to test that it would be great. So please if you have an eng device or a dump of that, I would be thrilled try it out.
Update: Below I've attached a zip with a limited partition layout, and the commands to dump from adb. Use the patched LGUP for Engineering firmware. (actually, with engineering formware I need all, or most of the partitions. PM me if you have such a device)
Support your work. Lg
China user
I would certainly go the QPST/QFIL/Firehose method & my strategy would be to restore Download mode.
I'm sure once that has happened you can restore full firmware with the patched LGUP method here
Prowler_gr said:
I would certainly go the QPST/QFIL/Firehose method & my strategy would be to restore Download mode.
I'm sure once that has happened you can restore full firmware with the patched LGUP method here
Click to expand...
Click to collapse
Yes, but how would you go about doing that without the required firehose file? LG apparently uses certificate or some signing, so you can't use just any file.
Although that patched LGup is nice. If I had known about that tool before I messed up, I probably would not have messed up. Because then I wouldn't be afraid of loosing root, and just flashed H910pr with LGup, then flash back with the patched one later.
Edit: As I have later found out ^^this would not be a good idea. The result would be the same - BRICK Hard. Just as a precaution for anyone contemplating doing so. The H918 can not be flashed with any other V20 firmware, neither can you flash H918 firmware on any other V20.
askermk2000 said:
Yes, but how would you go about doing that without the required firehose file? LG apparently uses certificate or some signing, so you can't use just any file.
Although that patched LGup is nice. If I had known about that tool before I messed up, I probably would not have messed up. Because then I wouldn't be afraid of loosing root, and just flashed H910pr with LGup, then flash back with the patched one later.
Click to expand...
Click to collapse
I don't pretend to know the answer, but I believe that the firehose file is not any type of signed LG file, but just a partition layout (mbn or elf) file that can be generated from a .kdz file...
Make sure you use QPST_2.7.460 or later which supports MSM8996...
Google is your friend but you can start reading from here & here
Prowler_gr said:
I don't pretend to know the answer, but I believe that the firehose file is not any type of signed LG file, but just a partition layout (mbn or elf) file that can be generated from a .kdz file...
Make sure you use QPST_2.7.460 or later which supports MSM8996...
Google is your friend but you can start reading from here & here
Click to expand...
Click to collapse
Well, there is a difference between an MPRG and MSIMAGE/Singleimage. I believe you are thinking about the latter here. Those can be generated, but are of little use without a programmer file (mprg/firehose).
askermk2000 said:
Well, there is a difference between an MPRG and MSIMAGE/Singleimage. I believe you are thinking about the latter here. Those can be generated, but are of little use without a programmer file (mprg/firehose).
Click to expand...
Click to collapse
Remember we only aim to get bootloader mode, not the full layout...
Btw I probably wouldn't mind wasting $5 on this
Prowler_gr said:
Remember we only aim to get bootloader mode, not the full layout...
Click to expand...
Click to collapse
Yes I know. But Qualcomm and LG has made that very difficult for us. All the common info on the web so far is outdated, or doesn't work because of missing firehose file.
Except for possibly SDcard method.
Having read your OP again, of how you SD card affects how windows detects your phone, I believe this may be a good step to our solution. of getting the phone recognised in download mode
Prowler_gr said:
Having read your OP again, of how you SD card affects how windows detects your phone, I believe this may be a good step to our solution. of getting the phone recognised in download mode
Click to expand...
Click to collapse
Do you have brick as well?
I looked at that page, and pretty sure I've looked at it before. There is nothing there that can be of use.
askermk2000 said:
Do you have brick as well?
I looked at that page, and pretty sure I've looked at it before. There is nothing there that can be of use.
Also I'm very suspicious of that Aryk site. They don't seem to know what their talking about many times, their downloads dubious with viruses and the like. On the page you linked they claim QHSUSB_BULK is the same as 9008, while it is actually 9006.
It almost seems like that site was set up solely for the purpose of spreading malware or something. Just cobble up something random and presenting it like information, like with algorithms and bots or whatever.
I think there a lot of that stuff going on in the "gms" business. Like for example, on gsmarena I found a sticky thread which supposedly had files to repair a LG V20 which has been stuck in bootloop because of "use of cheap chinese usb-c cable". Anyway, that archive had some files, including a *prog_ufs_firehose_8996_lite.elf*. That file did not work, and there was an instructions file there also, in XLS format which contained virus.
Come to think about it. This whole crap with qualcomm "security" stuff seems like just a way to create the sub-market of gsm repair boxes. Well, who knows, just a guess on my part. But there's something fishy about the whole thing.
Click to expand...
Click to collapse
I was, I'm now unbricked (I worked out the method with the LGUP patch).
What I'm suggesting (as the website describes) is to write the v20 boot image to an SD card using Win32DiskImager/, & see if your device will boot with it, & then upgrade with LGUP.
I've got the H990DS variant (I can send you my boot image to try)
Prowler_gr said:
I was, I'm now unbricked (I worked out the method with the LGUP patch).
What I'm suggesting (as the website describes) is to write the v20 boot image to an SD card using Win32DiskImager/, & see if your device will boot with it, & then upgrade with LGUP.
I've got the H990DS variant (I can send you my boot image to try)
Click to expand...
Click to collapse
I would welcome a boot image, or images of partitions. That's why I started this thread mostly.
askermk2000 said:
I would welcome a boot image, or images of partitions. That's why I started this thread mostly.
Click to expand...
Click to collapse
link removed
Prowler_gr said:
...removed
Click to expand...
Click to collapse
Ok, I got it. Thx
Will try with this. Did you get it with LGUP ?
I extracted it from my phone
Prowler_gr said:
I extracted it from my phone
Click to expand...
Click to collapse
Im in this to but i have a lg g5 msm8996 board
me and him have been trying to work very closely to get a fix for msm8996 in gen of coarse he is worried about v20 me g5 but common interests.
i dont wanna knock any v20 discussions off track so im here but im sitting in the corner most quietly
he is def on the right track i have dealt with many hardbricks in the past
and the no reconition on pc is most def a good step
my problem is being a new moderator plus my job plus after hours work i dont have time to test a lot of stuff any more he has bought a lot of info to my eyes and am trying to work on what i can.
look and 8994 g4 it took 2 years for a hardbrick fix to come about only from people doing the same as we are
TheMadScientist420 said:
Im in this to but i have a lg g5 msm8996 board
me and him have been trying to work very closely to get a fix for msm8996 in gen of coarse he is worried about v20 me g5 but common interests.
i dont wanna knock any v20 discussions off track so im here but im sitting in the corner most quietly
he is def on the right track i have dealt with many hardbricks in the past
and the no reconition on pc is most def a good step
my problem is being a new moderator plus my job plus after hours work i dont have time to test a lot of stuff any more he has bought a lot of info to my eyes and am trying to work on what i can.
look and 8994 g4 it took 2 years for a hardbrick fix to come about only from people doing the same as we are
Click to expand...
Click to collapse
We agree he's on the right path (about SD method), that's why I sent him my boot image & suggested he burns it into an sd card. I'm hoping he only needs to boot with it & everything else would be straight forward
I burned the *.img file directly onto a 64gb uSDXC card. It creates a single 63gb fat mbr partition on the card. So it seems you managed to make a single complete image of your entire UFS chip. Have no idea how though, but I've not exactly had the chance to look into that myself because of brick.
The image, burned this way did not work, it's not even recognized by the phone as a boot image. I will see if I can perhaps extract the file from within the img-file and split that somehow.
Because windows can't edit/remove partitions on external devices, I used linux, since ubuntu's standard tools there can simply burn the image directly onto the device, automatically removing any partition scheme in the process.
That win32diskimager program is strange because it can not target device directly, but only mountpoint, and because my card was already formatted with numerous partitions from before, I could not use that program.
Prowler_gr said:
We agree he's on the right path (about SD method), that's why I sent him my boot image & suggested he burns it into an sd card. I'm hoping he only needs to boot with it & everything else would be straight forward
Click to expand...
Click to collapse
That has always been the rite track just to get to download mode.
I thank you for providing the files. Its always stressful when dealing with owns hardbrick. ive spent hours of burning images to mine lol even fried a couple sd cards
but most def seems as if you are knowledgeable also in this area so id love to keep you in this loop
If we all can pull this off. We will be the next heros of the day lol also if u are interested in reading some suposedly the s8+ also has same boards so even may be able to piece stuff from there
and i know sammys have been booted of sd in the past.
the more people we can get the better
** USE THIS AT YOUR OWN RISK.
** READ THROUGH THE STEPS BEFORE ATTEMPTING. IF AT ANY POINT WHILE READING THESE STEPS YOU GET CONFUSED, YOU PROBABLY SHOULDN'T ATTEMPT THIS.
** BACKUP YOUR FILES AND APP DATA AS THIS WILL WIPE YOUR PHONE.
** BACKUP YOUR WORKING MODEMST1/2 AND PERSIST PARTITION IMAGES WITH BEFORE CONTINUING. THESE PARTITIONS ARE DEVICE UNIQUE, SO IF SOMETHING HAPPENS TO THESE PARTITIONS DURING THE CONVERSION, AND YOU DON'T HAVE A BACKUP, NOT EVEN MSM DOWNLOAD TOOL CAN SAVE YOU. YOU'LL HAVE TO SEND YOUR DEVICE BACK TO ONEPLUS FOR REPAIR. If YOUR PHONE IS ALREADY ROOTED, I RECOMMEND USING PARTITIONS BACKUP AND RESTORE TO DO THIS. JUST REMEMBER TO COPY YOUR BACKUPS OFF YOUR PHONE BEFORE YOU GET STARTED.
** BE SURE TO HAVE MSM DOWNLOAD TOOL AT THE READY FOR IF SOMETHING DOES HAPPEN. FOR THE T-MOBILE ONEPLUS 9, YOU CAN GET IT HERE: https://forum.xda-developers.com/t/oneplus-9-11-2-22-2-t-mobile-msm-download-tool.4276119/
THIS METHOD REQUIRES AN UNLOCKED SIM AND BOOTLOADER
If you don't wish to unlock either, craznazn has released a MSM conversion package you can use to acomplish the same thing without requiring ether to be unlocked. Just download the package from their post, and follow the steps on their 8T MSM Conversion guide, as the steps should mostly be identical.
* I've successfully done this ONCE on my own personal T-Mobile OnePlus 9
* The script used here is just the same one made by craznazn to convert the T-Mobile OnePlus 9 Pro to EU firmware. I just swapped EU OnePlus 9 Pro images for the Global OnePlus 9 images and wrote a bash script for non-Windows users to use. You can just download my conversion package and follow their steps if you want. Just for convenience I'll also be writing the steps on how to use it here as well.
* You can drag and drop my bash script into craznazn's conversion package to use their package on non-Windows systems. You can download the bash script by itself here: https://gist.github.com/Lomeli12/73825a287d3cf60414e244aece9b6bdf
* This package will install Global Firmware 11.2.2.2. You'll need to use Oxygen Updater to update it to the current version (or at least until System Update can do it for you).
* Use the latest platform tools, either from https://developer.android.com/studio/releases/platform-tools or through your package manager of choice (apt, brew, scoop, etc). DO NOT USE MINIMAL ADB, it has not been updated for years.
* If you're having issues with either adb or fastboot detecting your device, consider installing the Universal ADB Driver.
* Have any issues? Describe the steps you take, copy the script's output log, and take screenshots. Include the output of fastboot --version in your post.
Now with all that out of the way...
Steps to convert your T-Mobile OnePlus 9 to the Global (or other) firmware
Unlock your bootloader and SIM. See https://forum.xda-developers.com/t/how-to-unlock-the-t-mobile-bootloader.4256319/
Download and unzip the conversion package:
Global 11.2.2.2
MD5: 14e0c5e41df26bacbc11fe7e69a63c0e
SHA256: 10801f12c50e2d9a7e8085d113ac4a90ab312018beb84a10fa4c1a0f84fc95eb
Google Drive: https://drive.google.com/file/d/1h7Hpbde40wLYynUIo83TTIoERhA_04nS/view
AndroidFileHost: https://www.androidfilehost.com/?fid=2188818919693806454
Spoiler: If you want to use a newer or different region firmware, delete all the *.img files from my conversion package and do the following:
Download and unzip the firmware you want from the OxygenOS Repo thread. You'll specifically want to extract the payload.bin file.
Install Python 3 and Python Protobuf. Figure out how to do this on your own system.
Download cyxx's extract android ota payload script from GitHub: https://github.com/cyxx/extract_android_ota_payload/
Place the payload.bin you extracted earlier into the same directory as the extract_android_ota_payload.py script.
Run the extraction script and wait. This step usually takes a while to complete
Bash:
python3 extract_android_ota_payload.py payload.bin tmp/
Open up the tmp folder the script created and copy all the image files from there over to where flash_all scripts are located.
Boot to bootloader
From adb:
Bash:
adb reboot bootloader
From fastboot/bootloader:
Bash:
fastboot reboot bootloader
Execute either flash_all.bat or flash_all.sh from the unzipped conversion package.
Reboot into recovery and wipe everything
Once fully booted and setup, use Oxygen Updaterto update your phone to the latest version the app provides. Oxygen Updater will provide steps on how to use the full OTA zip.
After you've updated using Oxygen Updater, go into Settings -> System -> System Updates and check for new updates, as Oxygen Updater usually takes a few days to have the absolute latest OTA available. If there is another update available, go ahead and let the System Updater do its thing.
Do a regular system reboot, NOT into recovery, bootloader, or fastbootd.
NOTE: The following steps (8-10) may or may not be optional, we haven't 100% figured it out yet
Repeat step 3 to get back into the bootloader.
Flash the T-Mobile modem included in the conversion package
Bash:
fastboot flash modem NON-HLOS.bin
After each full OTA you take in the future, repeat steps 8 and 9 again.
Fixing SafetyNet by installing Magisk
When I first did this on my own phone, my phone would fail SafetyNet, specifically with a CTS Profile Mismatch. Once I installed Magisk and enabled MagiskHide, however, SafetyNet was passed once more. No MagiskHidePropConfig or UniversalSafetyNetFix required. Here are the steps I did.
Make sure you've updated your phone to the absolute latest version of OxygenOS you can. See step 6 of the conversion steps on how to do so.
Copy the boot.img from the conversion package onto your phone.
Install Magisk Manager onto your phone.
Open Magisk Manager and patch boot.img
Tap Install
Select Select and Patch a file and tap Let's Go
Choose the boot.img file we copied over and hit okay
Once the patch is finished, copy the patched boot.img back onto your PC. Magisk Manager usually puts it in your phone's downloads folder as magisk_patched-<current magisk version>_<random string of characters>.img. The logs in Magisk Manager will tell you exactly what it named the patch image as.
Boot to your bootloader. See step 3 of the conversion steps for this.
Boot your phone using the patched boot.img
Bash:
fastboot boot magisk_patched-<current magisk version>_<random string of characters>.img
Once your phone has booted up, open Magisk Manager once more
Go into Magisk Manager settings and enable MagiskHide.
Back out of the settings and install Magisk via Direct Install
Reboot your phone normally. You should now have Magisk and pass SafetyNet.
Issues so far:
Using EdXposed Hide on the Google Play Store or Google Play Services can cause a soft brick requiring resetting your device via recovery. No issues with LSPosed so far.
Google Phone dialer doesn't display option for Visual Voice Mail. The T-Mobile Visual Voicemail app can be used though.
What appears to work:
Everything else
Edit 1 (5/17/2021):
Fixed some wording that I felt was awkward after the fact.
Made a note that flashing the T-Mobile modem may be optional, still up in the air on that.
Included download mirror for AndroidFileHost.
Listed EdXposed softbrick reported by @Josh McGrath.
Edit 2 (5/19/2021):
Added note about VVM missing from Google Dialer, but T-Mobile VVM app being a good alternative.
Adjusted phrasing in modem flashing steps
Edit 3 (6/7/2021):
Added link to craznazn's MSM conversion tool, which is a good alternative for those who don't want to unlock their bootloader.
Excellent. I've been waiting for this. For partition backup, using the MSM readback functionality (password is usually oneplus) is also an option.
If the OP9 is anything like the OP8T, a direct Euro conversion would be better for quicker updates.
Getting to Euro from Global in a GUI-based approach is also possible. Just set the device ID to OnePlus 9 (EU) in Oxygen Updater and follow the rest of the main guide. You might need to enable advanced settings and ignore device mismatch warnings though. Assuming you are already rooted at this point, you can keep root after the local upgrade, but before rebooting, by flashing Magisk to the inactive slot. Modem still needs to be reflashed.
Modem in general is going to be a pain. Somebody will need to extract it from each T-Mobile OTA if you want fixes and new carrier aggregation combos.
Note: I have not tested this and this is not advice. Follow at your own risk.
He said the TMobile modem files were in the download. Are those 2 files not the correct ones or something?
Or are you just talking about updating the modem every time Tmo sends out an update. (which is usually every 3 months )
Talking about modems in OTAs.
That will be a pain to get any updated modem images, but 1) we just need one person who's willing to stay on the T-Mobile firmware and dump it. Just need to find this willing person and 2) like @Josh McGrath said, expecting T-Mobile OTAs to come frequently, especially those with substantially changes to the modem.img, might be giving T-Mobile too much credit.
Just wanted to say thank you to @Lomeli12 for this tutorial! Also..
After following this guide, and updated through oxygen updater to 11.2.4.4 then 11.2.5.5 from factory OTA . I have full 5g internet and phone signal, without ever flashing modem non-HLOS.bin.... has anyone else had this luck? or am I the only one???
Jg1234 said:
Just wanted to say thank you to @Lomeli12 for this tutorial! Also..
After following this guide, and updated through oxygen updater to 11.2.4.4 then 11.2.5.5 from factory OTA . I have full 5g internet and phone signal, without ever flashing modem non-HLOS.bin.... has anyone else had this luck? or am I the only one???
Click to expand...
Click to collapse
I also noticed this on my phone. I still flashed the T-Mobile modem.img just for network compatibility, but it is possible we don't even need the T-Mobile modem.img to begin with.
Lomeli12 said:
I also noticed this on my phone. I still flashed the T-Mobile modem.img just for network compatibility, but it is possible we don't even need the T-Mobile modem.img to begin with.
Click to expand...
Click to collapse
I know they have trouble with the pro version, so far I haven't had any issues. I will report back after the weekend and test it more while I travel, but don't think that will make a difference. Maybe others can test too!
I was about to do this but I've been using Minimal ADB of course but I downloaded platform tools from the link, unzipped it and ADB.exe won't work. It immediately closed.
Anyone had this issue?
And I didn't read that sentence correctly. Any specifics on what adb error ya got
No prob on the misreading my post bro.
There are no errors, it just simply will not stay open. It opens and immediately closed down. I've downloaded it twice already. Any idea? Win 10
Again, sorry. Completely misread the sentence. Without getting logs or anything more specific than "adb.exe isn't working", we can't really help you.
Not a problem. And yes I totally understand that. I was hoping it was a known easy fix that someone knew but I guess not. But thanks for your help anyhow and will ask again if I can't get it working and get the logs.
Just to test things out and see if adb is working, verify that you don't have minimal adb installed anymore and run
Bash:
adb devices > log.txt
and copy whatever got piped into log.txt.
Minimal ADB is too old. Follow directions.
You may need to set PATH for ADB or put everything in the same folder.
LLStarks, I said I was not using min adb. However, I was able to fix my issue by doing the exact rookie error you stated. :Facepalm.
But I got it all converted over now as of last night and everything is working great so thank you for this guide, Lomeli12.
The new edxposed has an Xposed hide option and I will say to NOT try to hide the play store or play services with this cause it soft bricked me and had to do a master reset via recovery. Just a fyi for anyone trying to hide for safety net. (I did use it for Snapchat and it works)
Josh McGrath said:
LLStarks, I said I was not using min adb. However, I was able to fix my issue by doing the exact rookie error you stated. :Facepalm.
But I got it all converted over now as of last night and everything is working great so thank you for this guide, Lomeli12.
The new edxposed has an Xposed hide option and I will say to NOT try to hide the play store or play services with this cause it soft bricked me and had to do a master reset via recovery. Just a fyi for anyone trying to hide for safety net. (I did use it for Snapchat and it works)
Click to expand...
Click to collapse
Good that you've resolved your issue. I've only tried with LSPosed without issue or triggering SafetyNet, but I'll make a note of it for EdXposed.
After replacing the flash, does the VVM voicemail in the dialer work?
After replacing the flash, does the VVM voicemail in the dialer work?
iSkyJIE said:
After replacing the flash, does the VVM voicemail in the dialer work?
Click to expand...
Click to collapse
Can confirm Visual Voicemail does work, so does the Dialer.. Although, i don't recognize the dialer as the oneplus stock one... someone else may be of better use for an answer for that, as I have never used the stock dialer. Although, one slight issue with the conversion.. And it doesn't seem as if anyone else is having this problem.. After I updated to 11.2.4.4 via oxygen updater, I can't get OTA to work.. It starts for two seconds and says Update Failed.. I'm not sure what I could have done wrong, I followed the steps 100% and the only thing I could think of that could have caused it is that when I rooted before this process (while still on the T-Mobile ROM), I accidentally flashed the boot.img from the EU version instead of boot it. I tried to flash the boot img that was in the ZIP package from the download above, and still didn't fix it. Hoping I or someone could figure this one out.